Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware/Spyware? :help: Can someone help me please


  • Please log in to reply

#1
thewookie

thewookie

    Member

  • Member
  • PipPip
  • 16 posts
I've gone through google and resolved a couple things that (i think) that i asked about; i'm sorry to start a new thread; but If someone could just look at my log and tell me if it looks ok or suspicious? I'd greatly appreciate it.. I seem to get redirects as well as update and i think some sfc got corrupted but said was fixed..i think mr fix it from M$. I'm currently debating and if no one can help me im gonna start scanning with these apps i downloaded and in safe mode as thats all i can assume to do. Again sorry for posting again i'm just trying to get peace of mind because im waiting to install the vbios for my gpu so i can re enable secureboot but wanted to wait and hear that im clean and i didnt know if there was infection if turning on secure boot would mess something up. :(
If any one can help that would be great and here is the link of the other thread..http://www.geekstogo.com/forum/topic/333687-possible-infectionhijacking-help-appreciated/page__p__2334860__fromsearch__1#entry2334860 (i either cant delete thread/posts or am not sure how)
Cheers


OTL logfile created on: 9/27/2013 9:38:40 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\A Wookie Sniper\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16688)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.96 Gb Total Physical Memory | 10.55 Gb Available Physical Memory | 88.26% Memory free
15.96 Gb Paging File | 14.53 Gb Available in Paging File | 91.07% Paging File free
Paging file location(s): c:\pagefile.sys 4096 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1843.66 Gb Total Space | 1799.15 Gb Free Space | 97.59% Space Free | Partition Type: NTFS
Drive D: | 17.88 Gb Total Space | 2.23 Gb Free Space | 12.48% Space Free | Partition Type: NTFS

Computer Name: ROOK | User Name: A Wookie Sniper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/25 21:16:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A Wookie Sniper\Desktop\OTL.exe
PRC - [2013/09/17 10:39:33 | 000,275,696 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe
PRC - [2013/09/05 10:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/01 15:53:22 | 000,664,344 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2013/03/26 14:50:24 | 001,619,704 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
PRC - [2013/01/30 20:14:02 | 000,364,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/01/30 20:13:56 | 000,129,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2013/01/30 20:13:46 | 000,167,736 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/16 01:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/01 20:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/24 18:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 05:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/25 14:53:04 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/05/04 02:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 02:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 00:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/29 03:52:10 | 000,332,800 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2013/03/01 22:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 22:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 19:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 19:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/12/10 17:31:44 | 000,803,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2012/12/10 17:31:28 | 000,732,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/10/11 22:06:29 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 23:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013/09/17 10:39:33 | 000,275,696 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe -- (NIS)
SRV - [2013/09/10 22:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/05 10:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/25 14:53:04 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/03/26 14:50:24 | 001,619,704 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2013/03/26 04:16:28 | 000,277,488 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/01/30 20:14:02 | 000,364,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/01/30 20:13:56 | 000,129,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2013/01/30 20:13:46 | 000,167,736 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/01/10 16:35:28 | 000,138,752 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe -- (BsHelpCS)
SRV - [2012/09/27 14:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/25 23:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 23:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/25 23:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/04/24 17:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/26 00:56:41 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/09/11 16:32:42 | 000,590,424 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1500020.001\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/08/16 01:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/04 21:33:19 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1500020.001\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/07/31 23:20:01 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1500020.001\SymELAM.sys -- (SymELAM)
DRV:64bit: - [2013/07/31 23:19:50 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1500020.001\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/07/31 00:13:30 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1500020.001\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/07/30 23:44:44 | 000,854,616 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1500020.001\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/07/30 23:44:44 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1500020.001\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/07/29 21:24:22 | 000,150,104 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1500020.001\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/07/09 04:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 20:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 18:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/29 02:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/16 08:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/06/10 17:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/06/01 07:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/06/01 07:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/05/31 23:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/30 11:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2013/05/25 14:55:36 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/05/25 14:54:53 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/05/25 14:53:04 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/05/25 14:49:36 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/05/25 14:43:27 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/05/04 03:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/04 03:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/15 10:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/03/29 03:52:10 | 000,544,768 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013/03/25 14:03:44 | 000,049,584 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IvtUrbBtFlt.sys -- (btUrbFilterDrv)
DRV:64bit: - [2013/03/09 09:53:10 | 001,149,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtbth.sys -- (rtbth)
DRV:64bit: - [2013/03/02 06:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 06:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 06:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/19 04:15:54 | 000,772,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/02/03 22:20:22 | 000,652,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/01/28 19:29:22 | 004,482,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/01/23 19:57:54 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/01/09 21:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/10/11 22:05:37 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/10/11 22:05:37 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 01:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 01:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 00:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 22:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 22:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 22:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 22:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 22:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 22:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 22:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 22:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 22:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/19 20:47:40 | 000,056,904 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BtL2caScoIf.sys -- (BthL2caScoIfSrv)
DRV:64bit: - [2012/06/15 14:22:02 | 000,023,136 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BtAudioBus.sys -- (BtAudioBusSrv)
DRV:64bit: - [2012/06/02 10:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/05/29 18:53:30 | 000,027,456 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\cpqdfw.sys -- (CpqDfw)
DRV:64bit: - [2009/11/23 20:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 20:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2013/09/25 18:54:36 | 000,520,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20130927.002\IDSviA64.sys -- (IDSVia64)
DRV - [2013/09/25 04:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20130927.018\ex64.sys -- (NAVEX15)
DRV - [2013/09/25 04:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/09/25 04:00:00 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/09/25 04:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20130927.018\eng64.sys -- (NAVENG)
DRV - [2013/09/24 00:37:14 | 001,525,848 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20130924.001\BHDrvx64.sys -- (BHDrvx64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/hpdsk13/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo"
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.1
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.6.3
FF - prefs.js..extensions.enabledAddons: %7B12A60D0F-0077-4F41-81B2-1286DDD278BB%7D:0.4.20130919
FF - prefs.js..extensions.enabledAddons: firegestures%40xuldev.org:1.7.12
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130924
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.0.380%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\ [2013/09/26 01:02:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFFPlgn\ [2013/09/26 01:02:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/09/25 22:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Extensions
[2013/09/26 23:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions
[2013/09/26 01:25:06 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/09/26 23:14:01 | 000,000,000 | ---D | M] (WOT) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/09/26 00:14:15 | 001,314,979 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\[email protected]
[2013/09/26 01:25:06 | 000,390,387 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\[email protected]
[2013/09/25 23:02:03 | 000,178,395 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\[email protected]
[2013/09/25 22:56:27 | 000,052,846 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\[email protected]
[2013/09/25 23:06:36 | 000,181,424 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\[email protected]
[2013/09/26 01:25:06 | 000,209,763 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\{12A60D0F-0077-4F41-81B2-1286DDD278BB}.xpi
[2013/09/26 01:25:06 | 000,096,207 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2013/09/26 01:25:06 | 000,534,729 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/09/25 23:48:14 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/09/25 22:56:28 | 000,010,310 | ---- | M] () -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\searchplugins\duckduckgo.xml
[2013/09/25 22:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/25 22:40:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/26 01:02:55 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFFPLGN

O1 HOSTS File: ([2012/07/26 01:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [StereoLinksInstall] "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A92134B-7A58-4088-B8BF-4FB435AAF0C2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/27 23:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013/09/27 23:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/09/27 23:17:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2013/09/27 22:08:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/09/27 21:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/09/27 21:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/09/27 21:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/09/27 20:56:19 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Logitech
[2013/09/27 20:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013/09/27 20:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013/09/27 20:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2013/09/27 20:54:51 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Logitech
[2013/09/27 20:54:51 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Logishrd
[2013/09/27 20:36:27 | 000,180,000 | ---- | C] (Kaspersky Lab) -- C:\Users\A Wookie Sniper\Desktop\enstsrssk.exe
[2013/09/27 20:30:40 | 037,672,592 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\A Wookie Sniper\Desktop\sndtry-2.1.21-SR2.exe
[2013/09/27 20:29:41 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\A Wookie Sniper\Desktop\maytcvkmb-setup-1.75.0.1300.exe
[2013/09/27 19:56:50 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\NVIDIA
[2013/09/27 19:56:18 | 007,539,624 | ---- | C] (Symantec Corporation) -- C:\Users\A Wookie Sniper\Desktop\NRnR.exe
[2013/09/27 11:21:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/09/26 23:03:31 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\HP Quick Start
[2013/09/26 23:00:59 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\WinBatch
[2013/09/26 08:20:38 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\IDT
[2013/09/26 04:45:32 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Diagnostics
[2013/09/26 04:43:12 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\ElevatedDiagnostics
[2013/09/26 03:34:31 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\NPE
[2013/09/26 00:56:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013/09/25 23:13:31 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Macromedia
[2013/09/25 22:41:05 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla
[2013/09/25 22:41:05 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Mozilla
[2013/09/25 22:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/09/25 22:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/09/25 22:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/25 22:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/09/25 22:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/09/25 22:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/09/25 22:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/09/25 22:36:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/09/25 22:24:01 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Adobe
[2013/09/25 21:16:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\A Wookie Sniper\Desktop\OTL.exe
[2013/09/25 19:42:04 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Opera Software
[2013/09/25 19:42:04 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Opera Software
[2013/09/25 19:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013/09/25 19:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/09/25 17:49:05 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Intel_Corporation
[2013/09/25 04:52:16 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Hewlett-Packard
[2013/09/25 04:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/09/25 04:28:41 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/09/25 04:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/09/25 04:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/09/25 04:25:19 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Hewlett-Packard
[2013/09/25 02:07:41 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2013/09/25 02:03:25 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Macromedia
[2013/09/25 01:48:53 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\Documents\Bluetooth
[2013/09/25 01:48:53 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\bluesoleil
[2013/09/25 01:48:40 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Power2Go8
[2013/09/25 01:48:30 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/09/25 01:48:30 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Searches
[2013/09/25 01:48:30 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Contacts
[2013/09/25 01:48:30 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/09/25 01:48:30 | 000,000,000 | -H-D | C] -- C:\Users\A Wookie Sniper\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/09/25 01:48:26 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Adobe
[2013/09/25 01:48:22 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2013/09/25 01:48:00 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\VirtualStore
[2013/09/25 01:47:57 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Packages
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\AppData\Local\Temporary Internet Files
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Templates
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Start Menu
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\SendTo
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Recent
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\PrintHood
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\NetHood
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Documents\My Videos
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Documents\My Pictures
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Documents\My Music
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\My Documents
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Local Settings
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\AppData\Local\History
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Cookies
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Application Data
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\AppData\Local\Application Data
[2013/09/25 01:47:55 | 000,000,000 | --SD | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Videos
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Saved Games
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Pictures
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Music
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Links
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Favorites
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Downloads
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Documents
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Desktop
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/09/25 01:47:55 | 000,000,000 | -H-D | C] -- C:\Users\A Wookie Sniper\Documents\hp.system.package.metadata
[2013/09/25 01:47:55 | 000,000,000 | -H-D | C] -- C:\Users\A Wookie Sniper\Documents\hp.applications.package.appdata
[2013/09/25 01:47:55 | 000,000,000 | -H-D | C] -- C:\Users\A Wookie Sniper\AppData
[2013/09/25 01:47:55 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Temp
[2013/09/25 01:47:55 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Microsoft
[2013/09/25 01:47:55 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/09/25 00:58:43 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/27 23:53:52 | 002,477,627 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1500020.001\Cat.DB
[2013/09/27 23:51:58 | 000,876,494 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/27 23:51:58 | 000,726,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/27 23:51:58 | 000,150,826 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/27 23:49:17 | 000,007,623 | ---- | M] () -- C:\Users\A Wookie Sniper\AppData\Local\Resmon.ResmonCfg
[2013/09/27 21:39:18 | 000,000,983 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2013/09/27 21:37:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/27 21:36:23 | 000,003,620 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013/09/27 21:36:16 | 000,000,088 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013/09/27 21:35:55 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/09/27 21:35:49 | 1679,695,870 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/27 21:06:14 | 000,291,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/27 20:36:03 | 000,180,000 | ---- | M] (Kaspersky Lab) -- C:\Users\A Wookie Sniper\Desktop\enstsrssk.exe
[2013/09/27 20:30:36 | 037,672,592 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\A Wookie Sniper\Desktop\sndtry-2.1.21-SR2.exe
[2013/09/27 20:29:12 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\A Wookie Sniper\Desktop\maytcvkmb-setup-1.75.0.1300.exe
[2013/09/27 19:56:10 | 007,539,624 | ---- | M] (Symantec Corporation) -- C:\Users\A Wookie Sniper\Desktop\NRnR.exe
[2013/09/27 18:03:08 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForA Wookie Sniper.job
[2013/09/26 06:51:35 | 000,168,625 | ---- | M] () -- C:\Users\A Wookie Sniper\AppData\Local\census.cache
[2013/09/26 06:51:34 | 000,062,122 | ---- | M] () -- C:\Users\A Wookie Sniper\AppData\Local\ars.cache
[2013/09/26 00:56:41 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/09/26 00:56:41 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/09/26 00:56:41 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/09/25 21:16:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A Wookie Sniper\Desktop\OTL.exe
[2013/09/25 02:06:49 | 000,000,036 | ---- | M] () -- C:\Users\A Wookie Sniper\AppData\Local\housecall.guid.cache
[2013/09/25 01:59:10 | 000,001,431 | ---- | M] () -- C:\Users\A Wookie Sniper\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/25 01:48:19 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_700-074_Y53316J_0U_Q4CE32308C6_E13AM2RR8606_4A_I2AF3_SHP_V1.0_B80.05_T130507_W8101-0_L409_M12243_J2000_7Intel_86C3_93.00_#130525_N10EC8168;18143290_Z_G10DE0FC1_Ohp CDDVDW SH-216BB_DACRAD46.MRK
[2013/09/25 01:48:19 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_700-074_Y53316J_0U_Q4CE32308C6_E13AM2RR8606_4A_I2AF3_SHP_V1.0_B80.05_T130507_W8101-0_L409_M12243_J2000_7Intel_86C3_93.00_#130525_N10EC8168;18143290_Z_G10DE0FC1_Ohp CDDVDW SH-216BB_DACRAD46.MRK
[2013/09/17 10:46:20 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1500020.001\isolate.ini
[2013/09/16 17:22:55 | 000,008,192 | R--- | M] () -- C:\Windows\SysNative\drivers\NISx64\1500020.001\symnet64.cat
[2013/09/12 04:58:10 | 000,022,814 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/09/11 18:06:31 | 003,361,114 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/09/11 16:32:42 | 000,590,424 | R--- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1500020.001\symnets.sys
[2013/09/11 14:35:35 | 000,001,440 | R--- | M] () -- C:\Windows\SysNative\drivers\NISx64\1500020.001\SymNet.inf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/27 23:54:15 | 003,361,114 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/09/27 23:53:27 | 000,022,814 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/09/27 23:15:51 | 000,386,923 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/09/27 21:06:09 | 000,291,288 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/27 18:12:29 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/09/26 22:55:02 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForA Wookie Sniper.job
[2013/09/25 22:40:57 | 000,001,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/09/25 22:37:34 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/09/25 04:52:12 | 000,007,623 | ---- | C] () -- C:\Users\A Wookie Sniper\AppData\Local\Resmon.ResmonCfg
[2013/09/25 02:14:36 | 000,168,625 | ---- | C] () -- C:\Users\A Wookie Sniper\AppData\Local\census.cache
[2013/09/25 02:14:35 | 000,062,122 | ---- | C] () -- C:\Users\A Wookie Sniper\AppData\Local\ars.cache
[2013/09/25 02:06:49 | 000,000,036 | ---- | C] () -- C:\Users\A Wookie Sniper\AppData\Local\housecall.guid.cache
[2013/09/25 01:59:10 | 000,001,431 | ---- | C] () -- C:\Users\A Wookie Sniper\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/25 01:48:26 | 000,001,437 | ---- | C] () -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/09/25 01:48:19 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_700-074_Y53316J_0U_Q4CE32308C6_E13AM2RR8606_4A_I2AF3_SHP_V1.0_B80.05_T130507_W8101-0_L409_M12243_J2000_7Intel_86C3_93.00_#130525_N10EC8168;18143290_Z_G10DE0FC1_Ohp CDDVDW SH-216BB_DACRAD46.MRK
[2013/09/25 01:48:19 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_700-074_Y53316J_0U_Q4CE32308C6_E13AM2RR8606_4A_I2AF3_SHP_V1.0_B80.05_T130507_W8101-0_L409_M12243_J2000_7Intel_86C3_93.00_#130525_N10EC8168;18143290_Z_G10DE0FC1_Ohp CDDVDW SH-216BB_DACRAD46.MRK
[2013/09/25 01:47:55 | 000,002,103 | ---- | C] () -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2013/09/25 01:47:55 | 000,000,352 | ---- | C] () -- C:\Users\A Wookie Sniper\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/09/25 01:47:55 | 000,000,334 | ---- | C] () -- C:\Users\A Wookie Sniper\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/09/25 01:00:20 | 1679,695,870 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/25 00:58:44 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013/05/25 14:29:12 | 000,003,620 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013/05/25 14:29:12 | 000,000,088 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013/05/25 14:08:00 | 000,367,348 | ---- | C] () -- C:\Windows\SysWow64\drivers\FW7650.bin
[2013/05/25 14:08:00 | 000,000,313 | ---- | C] () -- C:\Windows\SysWow64\RaCheckBTDev.ini
[2013/03/22 13:00:08 | 000,000,983 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2013/01/31 20:04:00 | 000,070,904 | ---- | C] () -- C:\Windows\SysWow64\BsProfileFunc.dll
[2013/01/28 19:31:48 | 019,577,344 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2013/01/28 19:29:58 | 000,104,448 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/01/28 19:29:12 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/01/10 15:59:24 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\BsTrace.dll
[2013/01/10 14:25:58 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\BsExtendFunc.dll
[2013/01/10 14:25:58 | 000,049,248 | ---- | C] () -- C:\Windows\SysWow64\BSSkypeAgent.dll
[2013/01/10 14:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2013/01/10 14:25:56 | 000,073,820 | ---- | C] () -- C:\Windows\SysWow64\BSVoIPComm.dll
[2013/01/10 14:25:56 | 000,049,664 | ---- | C] () -- C:\Windows\SysWow64\BSWMPPlugin.dll
[2013/01/10 14:25:56 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\SCChangeMonitor.dll
[2012/12/10 17:12:50 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/08/10 19:56:12 | 000,915,038 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 04:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 04:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 03:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 21:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 16:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 16:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 16:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 16:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 16:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/13 11:45:02 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\SROF.dll
[2012/06/05 00:31:00 | 000,000,417 | ---- | C] () -- C:\Windows\SysWow64\RaoBLE.ini
[2012/06/02 10:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/05/25 14:09:29 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 02:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 01:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/26 08:20:38 | 000,000,000 | ---D | M] -- C:\Users\A Wookie Sniper\AppData\Roaming\IDT
[2013/09/27 20:41:34 | 000,000,000 | ---D | M] -- C:\Users\A Wookie Sniper\AppData\Roaming\Opera Software
[2013/09/26 23:00:59 | 000,000,000 | ---D | M] -- C:\Users\A Wookie Sniper\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >

Edited by thewookie, 27 September 2013 - 07:59 PM.

  • 0

Advertisements


#2
thewookie

thewookie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Can Anyone help please? I'd appreciate anything even a point to another site or something i understand this is volunteer and anything would help, i've just been waiting for almost 6 days and haven't heard anything at all and two and a half days in the waiting room..

Thanks in advance.
  • 0

#3
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi thewookie

Welcome :) Apologies for the delay. I'm 23red, and it'll be my pleasure to assist you with your problem. :D I am currently reviewing your log. In the meantime, I'd be grateful if you would note the following:

• As I am currently in training, I will be helping you under the supervision of our Expert Teachers. As such, there will likely be a delay between posts.

• Please make sure to carefully read every post completely before doing anything.

If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!

Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

• Malware removal is not an instant process, logs take time to research.

• You may at some point no longer see any symptoms, it does not necessarily mean your system is clear of malware. Please stick with me until all malware is gone from your system and I remove my tools. Only then is the repair complete.

• Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

• Thanks for your understanding and patience. I'll be back with you as soon as possible!

Any chance you have the extras.txt log?
  • 0

#4
thewookie

thewookie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hey,
thanks for the answer and that's a negative. D:

I've ran a couple scans and removed a few things since these posts, as i wasn't sure if i was just over reacting thus getting no
help. :X I haven't Really seen much activity lately, of course there could be dormant problems still for sure, except there
seems to be high disk activity at times as well as memory. I usually see this mostly upon login and i answered some of my own
problems from my original post after a ton of looking around. I.E. traffic that was continuously being blocked turned out to be
the pc just attempting to talk to my network and every thing else on the network, and a couple other things.

Side note; slightly irrelevant, but, FWIW; i flashed an updated Bios to my GPU last night for UEFI support/ability to turn secure
boot back on (as i thought i got infected there as well with it being off). It enabled my display to show immediately as i power
on the pc but for some reason, i think PSU related, it won't go to the login screen. I got there one time, after i entered PW and
pressed enter it froze hard. Powered the monitor off for 10sec, turned backed on and it let me try again, then it hung up again
followed by restarting itself to the Bios/Splash screen. So, there's A Lot of admin error logs from my display and the pc improperly
being shut down. For now back on the iGfx and I'll be sending my card in for RMA, they said it could've been a bad file/bad flash.

a. At 5pm 9/30 yesterday the HP support Assistant found an update to the Rapid storage controller i think it was and i did the
flash at about 9pm so in a last hope i system restored to there, obviously didn't work, and i reinstalled that update today.
b. I've scoured WinUpdate/SprrtAssistant and hp's website checking alongside device manager and everything should be Up2Date.

Thanks for the reply, Jman. I appreciate any and all help you can provide and look forward to determining and fixing anything that may be present on this computer. Let me know what you would like me to do, Guru. :P

Cheers,
thewookie
  • 0

#5
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi thewookie

Please do not run any scans, updates or do any major changes while we're working on this.

In order to get a more clear look at the issue, I'd like a fresh OTL scan. Please do the following:

Fresh OTL Scan

• Please right click on Posted Image Run as Administrator, accept UAC prompts.

Make sure all other windows are closed and to let it run uninterrupted.

• Please check the box next to Scan All Users.

• Please also check the boxes next to Purity Check and Lop Check

• And under Extra Registry check also the radio dial by Use Safelist

• Under Posted Image in the textbox at the bottom, please paste in the following text:

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
[CREATERESTOREPOINT]



•Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.

•When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL ~ Desktop

•Please copy (Edit ~> Select All, Edit ~> Copy) the logs it produces in your next reply.


When you return, please post:

Fresh OTL log
Extras.txt

Thank you :)
  • 0

#6
thewookie

thewookie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hey, sorry for the inconvenience on your part sir, here's the logs.. :D
Thanks.

OTL logfile created on: 10/1/2013 11:21:02 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\A Wookie Sniper\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16688)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.92 Gb Total Physical Memory | 10.54 Gb Available Physical Memory | 88.37% Memory free
15.92 Gb Paging File | 14.37 Gb Available in Paging File | 90.25% Paging File free
Paging file location(s): c:\pagefile.sys 4096 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1843.66 Gb Total Space | 1752.25 Gb Free Space | 95.04% Space Free | Partition Type: NTFS
Drive D: | 17.88 Gb Total Space | 2.20 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Computer Name: ROOK | User Name: A Wookie Sniper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/01 23:17:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A Wookie Sniper\Desktop\OTL.exe
PRC - [2013/10/01 11:53:21 | 000,990,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
PRC - [2013/10/01 11:53:20 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
PRC - [2013/09/29 13:38:50 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/03/26 11:50:24 | 001,619,704 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
PRC - [2013/01/30 20:14:02 | 000,364,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/01/30 20:13:56 | 000,129,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2013/01/30 20:13:46 | 000,167,736 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/27 21:25:27 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\1f8e89f1344171031271d80ff21366ec\UIAutomationTypes.ni.dll
MOD - [2013/09/27 21:25:06 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\624ad6159b6e241ad6d28bf4dca9f14b\System.Xml.ni.dll
MOD - [2013/09/27 21:25:03 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\123cf617d7b6b31c44e39f8594f064c5\System.Xaml.ni.dll
MOD - [2013/09/27 21:24:55 | 019,537,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\ff5e9ab48d262357d4c44a6d5be4bced\System.ServiceModel.ni.dll
MOD - [2013/09/27 21:24:40 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\19ecec839509af76b1bc0ccbabd60acd\System.Configuration.ni.dll
MOD - [2013/09/27 21:24:39 | 018,545,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\972bf4ffab06e561447d12baf3b3dfa9\PresentationFramework.ni.dll
MOD - [2013/09/27 21:24:39 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\cb65dcc8c60f33d257283ef1416a2175\PresentationFramework.Aero2.ni.dll
MOD - [2013/09/27 21:24:31 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5b504b7cd800dcd6c06d841d94ca099a\PresentationCore.ni.dll
MOD - [2013/09/27 21:24:26 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8ff5be01c9600b28d3e41db3dbafc840\WindowsBase.ni.dll
MOD - [2013/09/27 21:24:23 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\acf905c62ab9c1b77ca69e8b745e3fdb\System.Core.ni.dll
MOD - [2013/09/27 21:24:20 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\375a937eec7d6faa53ac11ab2973eb76\System.ni.dll
MOD - [2013/09/27 18:44:09 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e3a9f3d64adfb3c69b49d37368bf454\mscorlib.ni.dll
MOD - [2013/06/17 12:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/16 01:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/01 20:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/24 18:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 05:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/25 14:53:04 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/05/04 02:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 02:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 00:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/29 03:52:10 | 000,332,800 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2013/03/01 22:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 22:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 19:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 19:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/12/10 17:31:44 | 000,803,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2012/12/10 17:31:28 | 000,732,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/10/11 22:06:29 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 23:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013/10/01 11:53:20 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP)
SRV - [2013/09/29 13:38:50 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/09/21 14:35:00 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/10 22:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/25 14:53:04 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/03/26 11:50:24 | 001,619,704 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2013/03/26 04:16:28 | 000,277,488 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/01/30 20:14:02 | 000,364,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/01/30 20:13:56 | 000,129,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2013/01/30 20:13:46 | 000,167,736 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/01/10 13:35:28 | 000,138,752 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe -- (BsHelpCS)
SRV - [2012/12/07 15:16:00 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012/09/27 14:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/25 23:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 23:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/25 23:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/04/24 17:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/01 11:54:20 | 000,624,224 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/10/01 11:54:20 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2013/10/01 11:54:20 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/10/01 11:54:20 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2013/10/01 11:54:18 | 007,717,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\kl1.sys -- (kl1)
DRV:64bit: - [2013/08/16 01:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/07/09 04:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 20:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 18:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/29 02:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/10 17:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/06/08 20:18:38 | 000,112,224 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\klflt.sys -- (klflt)
DRV:64bit: - [2013/06/06 17:38:20 | 000,178,784 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/06/01 07:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/06/01 07:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/05/31 23:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/30 11:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2013/05/25 14:55:36 | 000,029,952 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/05/25 14:54:53 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/05/25 14:53:04 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/05/25 14:49:36 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/05/25 14:43:27 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/05/07 17:56:36 | 000,064,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klwfp.sys -- (klwfp)
DRV:64bit: - [2013/05/04 03:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/04 03:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/30 12:25:00 | 000,677,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/04/15 10:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/04/12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klpd.sys -- (klpd)
DRV:64bit: - [2013/03/29 03:52:10 | 000,544,768 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013/03/25 11:03:44 | 000,049,584 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IvtUrbBtFlt.sys -- (btUrbFilterDrv)
DRV:64bit: - [2013/03/09 06:53:10 | 001,149,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtbth.sys -- (rtbth)
DRV:64bit: - [2013/03/02 06:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 06:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 06:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/19 04:15:54 | 000,772,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/01/28 19:40:20 | 000,442,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/01/28 19:29:22 | 004,482,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/01/23 19:57:54 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/01/09 21:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/10/11 22:05:37 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/10/11 22:05:37 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/27 18:38:24 | 000,029,616 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\klelam.sys -- (klelam)
DRV:64bit: - [2012/07/26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 01:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 01:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 00:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 22:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 22:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 22:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 22:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 22:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 22:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 22:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 22:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 22:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/19 17:47:40 | 000,056,904 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BtL2caScoIf.sys -- (BthL2caScoIfSrv)
DRV:64bit: - [2012/06/15 11:22:02 | 000,023,136 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BtAudioBus.sys -- (BtAudioBusSrv)
DRV:64bit: - [2012/06/02 10:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/05/29 18:53:30 | 000,027,456 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\cpqdfw.sys -- (CpqDfw)
DRV:64bit: - [2012/05/12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/12/07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/11/23 20:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 20:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LGBusEnum.sys -- (LGBusEnum)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.1
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.6.3
FF - prefs.js..extensions.enabledAddons: %7B12A60D0F-0077-4F41-81B2-1286DDD278BB%7D:0.4.20130919
FF - prefs.js..extensions.enabledAddons: firegestures%40xuldev.org:1.7.12
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130924
FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.28.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013/10/01 11:54:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013/10/01 11:54:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013/10/01 11:54:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013/10/01 11:54:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2013/10/01 11:54:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/09/25 22:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Extensions
[2013/09/28 00:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions
[2013/09/26 01:25:06 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/09/26 23:14:01 | 000,000,000 | ---D | M] (WOT) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/09/28 00:33:26 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2013/09/26 00:14:15 | 001,314,979 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\[email protected]
[2013/09/26 01:25:06 | 000,390,387 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\[email protected]
[2013/09/25 23:02:03 | 000,178,395 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\[email protected]
[2013/09/25 22:56:27 | 000,052,846 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\[email protected]
[2013/09/25 23:06:36 | 000,181,424 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\[email protected]
[2013/09/26 01:25:06 | 000,209,763 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\{12A60D0F-0077-4F41-81B2-1286DDD278BB}.xpi
[2013/09/26 01:25:06 | 000,096,207 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2013/09/26 01:25:06 | 000,534,729 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/09/25 23:48:14 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/09/25 22:56:28 | 000,010,310 | ---- | M] () -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla\Firefox\Profiles\11jbfjjo.default\searchplugins\duckduckgo.xml
[2013/09/25 22:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/25 22:40:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/09/27 23:29:49 | 000,449,403 | R--- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15428 more lines...
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [StereoLinksInstall] "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1 File not found
O4 - HKU\S-1-5-21-3940130177-4247360687-243470325-1001..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-3940130177-4247360687-243470325-1001..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-3940130177-4247360687-243470325-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A92134B-7A58-4088-B8BF-4FB435AAF0C2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/01 23:17:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\A Wookie Sniper\Desktop\OTL.exe
[2013/10/01 20:08:29 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\Documents\Battlefield 4
[2013/10/01 09:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/01 09:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/10/01 09:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/01 09:16:15 | 000,868,264 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/10/01 09:16:15 | 000,790,440 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/10/01 09:16:15 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/01 09:16:14 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/01 09:16:14 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/01 09:16:14 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/01 09:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/01 09:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/10/01 07:45:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/10/01 01:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2013/09/30 20:38:20 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\Intel
[2013/09/30 20:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2013/09/30 20:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2013/09/30 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\bluesoleil
[2013/09/30 16:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ralink Corporation
[2013/09/30 16:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Bluetooth Stack
[2013/09/28 23:11:51 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\MotioninJoy
[2013/09/28 23:10:45 | 000,328,712 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\MijFrc.dll
[2013/09/28 23:10:45 | 000,121,416 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys
[2013/09/28 23:10:45 | 000,074,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xusb21.sys
[2013/09/28 23:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2013/09/28 23:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2013/09/28 20:39:39 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\PunkBuster
[2013/09/28 20:39:37 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\Documents\Battlefield 3
[2013/09/28 20:38:51 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\ESN
[2013/09/28 20:38:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2013/09/28 20:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013/09/28 20:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013/09/28 19:47:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013/09/28 19:47:52 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
[2013/09/28 19:47:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner Statistics Server
[2013/09/28 19:37:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013/09/28 19:12:17 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2013/09/28 19:12:17 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2013/09/28 19:12:16 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2013/09/28 19:12:16 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2013/09/28 19:12:16 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2013/09/28 19:12:16 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2013/09/28 19:12:15 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2013/09/28 19:12:15 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2013/09/28 19:12:15 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2013/09/28 19:12:15 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2013/09/28 19:12:15 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2013/09/28 19:12:15 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2013/09/28 19:12:15 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2013/09/28 19:12:15 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2013/09/28 19:12:14 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2013/09/28 19:12:14 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2013/09/28 19:12:14 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2013/09/28 19:12:14 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2013/09/28 19:12:14 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2013/09/28 19:12:14 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2013/09/28 19:12:14 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2013/09/28 19:12:14 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2013/09/28 19:12:14 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2013/09/28 19:12:14 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2013/09/28 19:12:14 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2013/09/28 19:12:14 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2013/09/28 19:12:13 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2013/09/28 19:12:13 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2013/09/28 19:12:13 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2013/09/28 19:12:13 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2013/09/28 19:12:13 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2013/09/28 19:12:13 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2013/09/28 19:12:12 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2013/09/28 19:12:12 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2013/09/28 19:12:12 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2013/09/28 19:12:12 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2013/09/28 19:12:12 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2013/09/28 19:12:12 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2013/09/28 19:12:12 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2013/09/28 19:12:12 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2013/09/28 19:12:12 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2013/09/28 19:12:12 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2013/09/28 19:12:12 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2013/09/28 19:12:12 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2013/09/28 19:12:11 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2013/09/28 19:12:11 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2013/09/28 19:12:11 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2013/09/28 19:12:11 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2013/09/28 19:12:11 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2013/09/28 19:12:11 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2013/09/28 19:12:10 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2013/09/28 19:12:10 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2013/09/28 19:12:10 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2013/09/28 19:12:10 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2013/09/28 19:12:10 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2013/09/28 19:12:10 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2013/09/28 19:12:10 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2013/09/28 19:12:10 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2013/09/28 19:12:09 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2013/09/28 19:12:09 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013/09/28 19:12:09 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2013/09/28 19:12:09 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013/09/28 19:12:09 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2013/09/28 19:12:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013/09/28 19:12:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2013/09/28 19:12:09 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2013/09/28 19:12:08 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2013/09/28 19:12:08 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2013/09/28 19:12:08 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2013/09/28 19:12:08 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2013/09/28 19:12:08 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2013/09/28 19:12:08 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2013/09/28 19:12:08 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2013/09/28 19:12:08 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2013/09/28 19:12:08 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2013/09/28 19:12:08 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2013/09/28 19:12:08 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2013/09/28 19:12:08 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2013/09/28 19:12:07 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2013/09/28 19:12:07 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2013/09/28 19:12:07 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2013/09/28 19:12:07 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2013/09/28 19:12:07 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2013/09/28 19:12:07 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2013/09/28 19:12:07 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2013/09/28 19:12:07 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2013/09/28 19:12:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2013/09/28 19:12:07 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2013/09/28 19:12:07 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2013/09/28 19:12:07 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2013/09/28 19:12:06 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2013/09/28 19:12:06 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2013/09/28 19:12:06 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2013/09/28 19:12:06 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2013/09/28 19:12:06 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2013/09/28 19:12:06 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2013/09/28 19:12:06 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2013/09/28 19:12:06 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2013/09/28 19:12:06 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2013/09/28 19:12:06 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2013/09/28 19:12:06 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2013/09/28 19:12:06 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2013/09/28 19:12:05 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2013/09/28 19:12:05 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2013/09/28 19:12:05 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2013/09/28 19:12:05 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2013/09/28 19:12:05 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2013/09/28 19:12:05 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2013/09/28 19:12:05 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2013/09/28 19:12:05 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2013/09/28 19:12:05 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2013/09/28 19:12:05 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2013/09/28 19:12:05 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2013/09/28 19:12:05 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2013/09/28 19:12:05 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2013/09/28 19:12:05 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2013/09/28 19:12:05 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2013/09/28 19:12:05 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2013/09/28 19:12:05 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2013/09/28 19:12:05 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2013/09/28 19:12:04 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2013/09/28 19:12:04 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2013/09/28 19:12:04 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2013/09/28 19:12:04 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2013/09/28 19:12:04 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2013/09/28 19:12:04 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2013/09/28 19:12:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2013/09/28 19:12:04 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2013/09/28 19:12:04 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2013/09/28 19:12:04 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2013/09/28 19:12:04 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2013/09/28 19:12:04 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2013/09/28 19:12:04 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2013/09/28 19:12:04 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2013/09/28 19:12:03 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2013/09/28 19:12:03 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013/09/28 19:12:03 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2013/09/28 19:12:03 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2013/09/28 19:12:03 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2013/09/28 19:12:03 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2013/09/28 19:12:03 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2013/09/28 19:12:03 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2013/09/28 19:12:03 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2013/09/28 19:12:03 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2013/09/28 19:12:02 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2013/09/28 19:12:02 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2013/09/28 19:12:02 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2013/09/28 19:12:02 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2013/09/28 19:12:02 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2013/09/28 19:12:02 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2013/09/28 19:12:01 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2013/09/28 19:12:01 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2013/09/28 19:12:01 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013/09/28 19:12:01 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2013/09/28 19:12:01 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2013/09/28 19:12:01 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2013/09/28 19:12:01 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2013/09/28 19:12:01 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2013/09/28 19:12:00 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2013/09/28 19:12:00 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2013/09/28 19:12:00 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2013/09/28 19:12:00 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2013/09/28 19:12:00 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2013/09/28 19:12:00 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2013/09/28 19:12:00 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2013/09/28 19:12:00 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2013/09/28 19:11:59 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2013/09/28 19:11:59 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2013/09/28 18:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013/09/28 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Origin
[2013/09/28 18:32:07 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Origin
[2013/09/28 18:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013/09/28 18:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013/09/28 18:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013/09/28 18:31:13 | 016,954,472 | ---- | C] (Electronic Arts, Inc.) -- C:\Users\A Wookie Sniper\Desktop\OriginThinSetup.exe
[2013/09/28 17:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013/09/28 17:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/09/28 17:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/09/28 17:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision X
[2013/09/28 14:33:51 | 000,110,176 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\klfphc.dll
[2013/09/28 14:33:11 | 000,624,224 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/09/28 14:33:11 | 000,112,224 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/09/28 00:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013/09/27 23:38:58 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\CrashDumps
[2013/09/27 23:23:05 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\Documents\ProcAlyzer Dumps
[2013/09/27 23:17:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2013/09/27 23:15:53 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013/09/27 23:15:52 | 008,858,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013/09/27 23:15:52 | 001,125,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013/09/27 23:15:51 | 002,304,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/09/27 23:15:51 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/09/27 23:15:51 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2013/09/27 23:15:51 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2013/09/27 23:15:51 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll
[2013/09/27 23:15:51 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/09/27 23:15:51 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll
[2013/09/27 23:15:51 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll
[2013/09/27 23:15:46 | 001,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
[2013/09/27 23:15:45 | 001,245,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll
[2013/09/27 23:15:45 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wvc.dll
[2013/09/27 23:15:45 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx
[2013/09/27 23:15:45 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc.dll
[2013/09/27 23:15:45 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx
[2013/09/27 22:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/09/27 22:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/09/27 22:17:43 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Malwarebytes
[2013/09/27 22:17:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/27 22:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/27 22:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/27 22:16:51 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Programs
[2013/09/27 22:08:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/09/27 21:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/09/27 21:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/09/27 21:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/09/27 21:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/09/27 21:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/09/27 20:56:19 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Logitech
[2013/09/27 20:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013/09/27 20:55:51 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2013/09/27 20:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013/09/27 20:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2013/09/27 20:54:51 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Logitech
[2013/09/27 20:54:51 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Logishrd
[2013/09/27 20:54:26 | 056,514,904 | ---- | C] (Logitech Inc.) -- C:\Users\A Wookie Sniper\Desktop\LGS_8.50.281_x64_Logitech.exe
[2013/09/27 20:01:48 | 197,746,120 | ---- | C] (NVIDIA Corporation) -- C:\Users\A Wookie Sniper\Desktop\327.23-desktop-win8-win7-winvista-64bit-english-whql.exe
[2013/09/27 19:56:50 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\NVIDIA
[2013/09/27 18:15:31 | 002,219,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2013/09/27 18:15:30 | 006,987,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/27 18:15:30 | 002,391,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013/09/27 18:15:30 | 002,106,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2013/09/27 18:15:30 | 001,842,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2013/09/27 18:15:30 | 001,527,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2013/09/27 18:15:30 | 001,453,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2013/09/27 18:15:30 | 001,403,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013/09/27 18:15:30 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2013/09/27 18:15:30 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2013/09/27 18:15:30 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013/09/27 18:15:29 | 001,271,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013/09/27 18:15:29 | 001,217,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013/09/27 18:15:29 | 001,093,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013/09/27 18:15:29 | 000,583,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2013/09/27 18:15:29 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/09/27 18:15:29 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/09/27 18:15:29 | 000,337,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2013/09/27 18:15:29 | 000,213,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS
[2013/09/27 18:15:29 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceSetupManager.dll
[2013/09/27 18:15:29 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2013/09/27 18:15:29 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2013/09/27 18:15:29 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MbaeParserTask.exe
[2013/09/27 18:15:29 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013/09/27 18:14:09 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013/09/27 18:14:09 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013/09/27 18:14:09 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013/09/27 18:14:08 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013/09/27 18:14:03 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013/09/27 18:14:03 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013/09/27 18:14:03 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013/09/27 18:14:03 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013/09/27 18:14:02 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013/09/27 18:14:01 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013/09/27 18:14:01 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013/09/27 18:14:01 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013/09/27 18:14:00 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013/09/27 18:14:00 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013/09/27 18:14:00 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013/09/27 18:14:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013/09/27 18:14:00 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013/09/27 18:14:00 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013/09/27 18:14:00 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013/09/27 18:13:42 | 000,247,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2013/09/27 18:13:42 | 000,036,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2013/09/27 18:12:29 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013/09/27 18:12:29 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2013/09/27 18:12:29 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSClient.dll
[2013/09/27 18:12:29 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSSync.dll
[2013/09/27 18:12:29 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013/09/27 18:12:29 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013/09/27 18:12:29 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/09/27 18:12:29 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppc.dll
[2013/09/27 18:12:29 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013/09/27 18:12:29 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupcln.dll
[2013/09/27 18:12:29 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013/09/27 18:12:29 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2013/09/27 18:12:20 | 002,371,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSService.dll
[2013/09/27 18:12:20 | 001,621,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/09/27 18:12:20 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/09/27 18:12:20 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2013/09/27 18:12:20 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013/09/27 18:12:20 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSClient.dll
[2013/09/27 18:12:20 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll
[2013/09/27 18:12:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/09/27 18:12:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/09/27 18:12:20 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2013/09/27 18:12:20 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/09/27 18:12:20 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupcln.dll
[2013/09/27 18:12:20 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/09/27 18:12:20 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013/09/27 18:12:20 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013/09/27 18:12:20 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/09/27 18:12:19 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2013/09/27 18:12:19 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSSync.dll
[2013/09/27 18:12:19 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013/09/27 18:12:19 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppc.dll
[2013/09/27 18:12:18 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2013/09/27 18:12:18 | 000,209,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NotificationUI.exe
[2013/09/27 18:12:17 | 000,058,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dam.sys
[2013/09/27 18:12:13 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.dll
[2013/09/27 18:12:13 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.dll
[2013/09/27 18:12:13 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.exe
[2013/09/27 18:12:13 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ndadmin.exe
[2013/09/27 18:12:13 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.exe
[2013/09/27 18:12:13 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ndadmin.exe
[2013/09/27 18:11:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/27 18:11:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013/09/27 18:11:53 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/27 18:11:53 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/27 18:11:53 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/27 18:11:52 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/27 18:11:52 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/09/27 18:11:52 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/27 18:11:52 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013/09/27 18:11:51 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/27 18:11:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/27 18:11:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/27 18:11:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/27 18:11:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/27 18:10:36 | 002,839,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2013/09/27 18:10:36 | 002,273,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2013/09/27 18:10:36 | 001,300,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/09/27 18:10:36 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/09/27 18:10:36 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2013/09/27 18:10:36 | 000,327,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2013/09/27 18:10:35 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/09/27 18:10:35 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/09/27 18:10:35 | 000,543,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanmm.dll
[2013/09/27 18:10:35 | 000,439,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFault.exe
[2013/09/27 18:10:35 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll
[2013/09/27 18:10:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/09/27 18:10:35 | 000,385,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFault.exe
[2013/09/27 18:10:35 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/09/27 18:10:35 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wwanadvui.dll
[2013/09/27 18:10:35 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationApi.dll
[2013/09/27 18:10:35 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/09/27 18:10:35 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmsvc.dll
[2013/09/27 18:10:35 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LocationApi.dll
[2013/09/27 18:10:35 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/09/27 18:10:35 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2013/09/27 18:10:35 | 000,195,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013/09/27 18:10:35 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmmbase.dll
[2013/09/27 18:10:35 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmmbase.dll
[2013/09/27 18:10:35 | 000,125,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013/09/27 18:10:35 | 000,120,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys
[2013/09/27 18:10:35 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2013/09/27 18:10:35 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwfs.sys
[2013/09/27 18:10:35 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\openfiles.exe
[2013/09/27 18:10:35 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmcsp.dll
[2013/09/27 18:10:35 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/09/27 18:10:35 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\openfiles.exe
[2013/09/27 18:09:29 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/09/27 18:09:29 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2013/09/27 18:09:29 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2013/09/27 18:09:29 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2013/09/27 18:09:29 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll
[2013/09/27 18:09:28 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2013/09/27 18:09:28 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll
[2013/09/27 18:09:28 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013/09/27 18:09:28 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll
[2013/09/27 18:09:26 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2013/09/27 18:09:26 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2013/09/27 18:09:26 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys
[2013/09/27 18:09:25 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/09/27 18:09:25 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2013/09/27 18:09:23 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/09/27 18:09:23 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013/09/27 18:09:23 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013/09/27 18:09:23 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2013/09/27 18:09:23 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2013/09/27 18:09:22 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll
[2013/09/27 18:09:22 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2013/09/27 18:09:22 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2013/09/27 18:09:22 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2013/09/27 18:09:22 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2013/09/27 18:09:22 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll
[2013/09/27 18:09:22 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll
[2013/09/27 18:09:22 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL
[2013/09/27 18:09:22 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll
[2013/09/27 18:09:21 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2013/09/27 18:09:09 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/09/27 18:08:57 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/09/27 18:08:57 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/09/27 18:08:57 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/09/27 18:08:31 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/09/27 18:07:56 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/09/27 18:07:56 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/09/27 18:07:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgentc.exe
[2013/09/27 18:07:55 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe
[2013/09/27 18:07:54 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013/09/27 18:07:54 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2013/09/27 18:07:54 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013/09/27 18:07:40 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2013/09/27 18:07:40 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll
[2013/09/27 18:07:40 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe
[2013/09/27 18:07:40 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe
[2013/09/27 18:07:39 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2013/09/27 18:07:37 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2013/09/27 18:07:37 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2013/09/27 18:07:37 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll
[2013/09/27 18:07:36 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll
[2013/09/27 18:07:36 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/09/27 18:07:36 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2013/09/27 18:07:36 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll
[2013/09/27 18:07:36 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe
[2013/09/27 18:07:36 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe
[2013/09/27 18:07:36 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2013/09/27 18:07:34 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013/09/27 18:07:34 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/09/27 18:07:31 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/09/27 18:07:25 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/09/27 18:07:07 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/09/27 18:06:39 | 010,788,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013/09/27 18:06:39 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2013/09/27 18:06:39 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll
[2013/09/27 18:06:39 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2013/09/27 18:06:39 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll
[2013/09/27 18:06:39 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\biwinrt.dll
[2013/09/27 18:06:36 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe
[2013/09/27 18:06:36 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll
[2013/09/27 18:06:36 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
[2013/09/27 18:06:36 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll
[2013/09/27 18:06:36 | 000,014,848 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\rars.rs
[2013/09/27 18:06:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\muifontsetup.dll
[2013/09/27 18:06:36 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll
[2013/09/27 18:06:32 | 000,446,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013/09/27 18:06:32 | 000,284,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013/09/27 18:06:31 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2013/09/27 18:06:30 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013/09/27 18:06:30 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2013/09/27 18:06:30 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll
[2013/09/27 18:06:30 | 000,120,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuthHost.exe
[2013/09/27 18:06:30 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psmsrv.dll
[2013/09/27 18:06:30 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/09/27 18:06:30 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe
[2013/09/27 18:06:30 | 000,014,848 | ---- | C] (Microsoft) -- C:\Windows\SysNative\rars.rs
[2013/09/27 18:06:29 | 013,644,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013/09/27 18:06:29 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2013/09/27 18:06:29 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Magnify.exe
[2013/09/27 18:06:29 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll
[2013/09/27 18:06:29 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll
[2013/09/27 18:06:29 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2013/09/27 18:06:29 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
[2013/09/27 18:06:29 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll
[2013/09/27 18:06:29 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bisrv.dll
[2013/09/27 18:06:29 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\biwinrt.dll
[2013/09/27 18:06:29 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\muifontsetup.dll
[2013/09/27 18:06:25 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
[2013/09/27 18:06:25 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe
[2013/09/27 18:06:25 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll
[2013/09/27 18:06:25 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll
[2013/09/27 18:06:23 | 001,257,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/27 18:06:22 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/09/27 18:06:20 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/09/27 18:06:20 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/09/27 18:06:12 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepapi.dll
[2013/09/27 18:06:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepsync.dll
[2013/09/27 18:06:11 | 001,889,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/09/27 18:06:11 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/09/27 18:06:10 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apprepapi.dll
[2013/09/27 18:06:10 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apprepsync.dll
[2013/09/27 18:06:07 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013/09/27 18:06:07 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013/09/27 18:06:01 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/09/27 18:06:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/09/27 18:05:11 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe
[2013/09/27 18:05:10 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013/09/27 18:05:10 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013/09/27 18:05:10 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll
[2013/09/27 18:05:10 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013/09/27 18:05:10 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013/09/27 18:05:10 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013/09/27 18:05:10 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll
[2013/09/27 18:05:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2013/09/27 18:05:10 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll
[2013/09/27 18:05:09 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/09/27 18:05:09 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013/09/27 18:05:09 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2013/09/27 18:05:09 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2013/09/27 18:05:09 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2013/09/27 18:05:03 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013/09/27 18:05:03 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013/09/27 18:05:02 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013/09/27 18:05:02 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013/09/27 18:05:02 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013/09/27 18:05:02 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013/09/27 18:05:02 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2013/09/27 18:05:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013/09/27 18:05:02 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2013/09/27 18:05:01 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/27 18:05:01 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll
[2013/09/27 18:05:01 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe
[2013/09/27 18:05:01 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013/09/27 18:05:01 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll
[2013/09/27 18:05:01 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll
[2013/09/27 18:05:01 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2013/09/27 18:05:01 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2013/09/27 18:05:01 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe
[2013/09/27 18:05:01 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013/09/27 18:05:00 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/09/27 18:05:00 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013/09/27 18:05:00 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/09/27 18:05:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll
[2013/09/27 18:05:00 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll
[2013/09/27 18:05:00 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll
[2013/09/27 18:04:59 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2013/09/27 18:04:59 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/27 18:04:59 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2013/09/27 18:04:59 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll
[2013/09/27 18:04:59 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2013/09/27 18:04:58 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll
[2013/09/27 18:04:58 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll
[2013/09/27 18:04:58 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll
[2013/09/27 18:04:56 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013/09/27 18:04:56 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2013/09/27 18:04:56 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2013/09/27 18:04:56 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2013/09/27 18:04:56 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2013/09/27 18:04:52 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/09/27 11:21:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/09/26 23:49:57 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll
[2013/09/26 23:49:57 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appserverai.dll
[2013/09/26 23:49:57 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDWebAI.dll
[2013/09/26 23:49:57 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmHostAI.dll
[2013/09/26 23:49:56 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013/09/26 23:49:56 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013/09/26 23:03:31 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\HP Quick Start
[2013/09/26 23:00:59 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\WinBatch
[2013/09/26 08:20:38 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\IDT
[2013/09/26 04:45:32 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Diagnostics
[2013/09/26 04:43:12 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\ElevatedDiagnostics
[2013/09/26 03:34:31 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\NPE
[2013/09/25 23:13:31 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Macromedia
[2013/09/25 22:41:05 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Mozilla
[2013/09/25 22:41:05 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Mozilla
[2013/09/25 22:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/09/25 22:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/09/25 22:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/25 22:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/09/25 22:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/09/25 22:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/09/25 22:24:01 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Adobe
[2013/09/25 19:42:04 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Opera Software
[2013/09/25 19:42:04 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Opera Software
[2013/09/25 19:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013/09/25 17:49:05 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Intel_Corporation
[2013/09/25 04:52:16 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Hewlett-Packard
[2013/09/25 04:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/09/25 04:28:41 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/09/25 04:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/09/25 04:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/09/25 04:25:19 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Hewlett-Packard
[2013/09/25 02:07:41 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2013/09/25 02:03:25 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Macromedia
[2013/09/25 01:48:53 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\Documents\Bluetooth
[2013/09/25 01:48:40 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Power2Go8
[2013/09/25 01:48:30 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/09/25 01:48:30 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Searches
[2013/09/25 01:48:30 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Contacts
[2013/09/25 01:48:30 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/09/25 01:48:30 | 000,000,000 | -H-D | C] -- C:\Users\A Wookie Sniper\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/09/25 01:48:26 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Adobe
[2013/09/25 01:48:22 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2013/09/25 01:48:00 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\VirtualStore
[2013/09/25 01:47:57 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Packages
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\AppData\Local\Temporary Internet Files
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Templates
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Start Menu
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\SendTo
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Recent
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\PrintHood
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\NetHood
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Documents\My Videos
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Documents\My Pictures
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Documents\My Music
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\My Documents
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Local Settings
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\AppData\Local\History
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Cookies
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\Application Data
[2013/09/25 01:47:56 | 000,000,000 | -HSD | C] -- C:\Users\A Wookie Sniper\AppData\Local\Application Data
[2013/09/25 01:47:55 | 000,000,000 | --SD | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Videos
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Saved Games
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Pictures
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Music
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Links
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Favorites
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Downloads
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Documents
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\Desktop
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/09/25 01:47:55 | 000,000,000 | R--D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/09/25 01:47:55 | 000,000,000 | -H-D | C] -- C:\Users\A Wookie Sniper\Documents\hp.system.package.metadata
[2013/09/25 01:47:55 | 000,000,000 | -H-D | C] -- C:\Users\A Wookie Sniper\Documents\hp.applications.package.appdata
[2013/09/25 01:47:55 | 000,000,000 | -H-D | C] -- C:\Users\A Wookie Sniper\AppData
[2013/09/25 01:47:55 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Temp
[2013/09/25 01:47:55 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Local\Microsoft
[2013/09/25 01:47:55 | 000,000,000 | ---D | C] -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/09/25 00:58:43 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/01 23:17:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A Wookie Sniper\Desktop\OTL.exe
[2013/10/01 22:58:02 | 000,000,983 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2013/10/01 22:55:07 | 000,003,620 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013/10/01 22:55:00 | 000,000,043 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013/10/01 22:54:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/01 21:20:19 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/10/01 21:20:13 | 000,215,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/10/01 21:08:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForA Wookie Sniper.job
[2013/10/01 11:54:20 | 000,624,224 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/10/01 11:54:20 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys
[2013/10/01 11:54:20 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2013/10/01 11:54:20 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2013/10/01 11:54:18 | 007,717,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
[2013/10/01 10:56:43 | 000,876,494 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/01 10:56:43 | 000,726,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/01 10:56:43 | 000,150,826 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/01 10:49:30 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/10/01 10:49:29 | 1651,171,326 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/01 10:29:25 | 000,007,623 | ---- | M] () -- C:\Users\A Wookie Sniper\AppData\Local\Resmon.ResmonCfg
[2013/10/01 09:16:12 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/10/01 09:16:12 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/10/01 09:16:12 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/01 09:16:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/01 09:16:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/01 09:16:12 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/01 07:56:11 | 480,435,030 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/30 20:07:41 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2013/09/30 16:59:30 | 000,000,032 | ---- | M] () -- C:\Windows\0
[2013/09/30 13:50:20 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/09/29 13:39:13 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk
[2013/09/29 13:38:50 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/09/28 23:10:45 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2013/09/28 20:38:24 | 003,819,328 | ---- | M] () -- C:\Users\A Wookie Sniper\Desktop\battlelog-web-plugins_2.3.0_118.exe
[2013/09/28 20:03:47 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2013/09/28 18:31:05 | 016,954,472 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\A Wookie Sniper\Desktop\OriginThinSetup.exe
[2013/09/28 18:20:51 | 000,000,219 | ---- | M] () -- C:\Users\A Wookie Sniper\Desktop\Dota 2.url
[2013/09/28 17:31:56 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/09/28 17:24:29 | 000,001,055 | ---- | M] () -- C:\Users\A Wookie Sniper\Desktop\EVGA Precision X.lnk
[2013/09/28 14:33:51 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2013/09/27 23:53:52 | 002,477,627 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1500020.001\Cat.DB
[2013/09/27 23:52:25 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2013/09/27 23:29:49 | 000,449,403 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/27 22:45:52 | 000,449,438 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130927-232949.backup
[2013/09/27 22:17:32 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/27 21:57:26 | 000,001,044 | ---- | M] () -- C:\Users\A Wookie Sniper\Desktop\Kaspersky Security Scan.lnk
[2013/09/27 21:06:14 | 000,291,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/27 20:58:34 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2013/09/27 20:54:32 | 056,514,904 | ---- | M] (Logitech Inc.) -- C:\Users\A Wookie Sniper\Desktop\LGS_8.50.281_x64_Logitech.exe
[2013/09/27 20:02:27 | 197,746,120 | ---- | M] (NVIDIA Corporation) -- C:\Users\A Wookie Sniper\Desktop\327.23-desktop-win8-win7-winvista-64bit-english-whql.exe
[2013/09/26 23:01:10 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2013/09/26 06:51:35 | 000,168,625 | ---- | M] () -- C:\Users\A Wookie Sniper\AppData\Local\census.cache
[2013/09/26 06:51:34 | 000,062,122 | ---- | M] () -- C:\Users\A Wookie Sniper\AppData\Local\ars.cache
[2013/09/25 02:06:49 | 000,000,036 | ---- | M] () -- C:\Users\A Wookie Sniper\AppData\Local\housecall.guid.cache
[2013/09/25 01:59:10 | 000,001,431 | ---- | M] () -- C:\Users\A Wookie Sniper\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/25 01:48:19 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_700-074_Y53316J_0U_Q4CE32308C6_E13AM2RR8606_4A_I2AF3_SHP_V1.0_B80.05_T130507_W8101-0_L409_M12243_J2000_7Intel_86C3_93.00_#130525_N10EC8168;18143290_Z_G10DE0FC1_Ohp CDDVDW SH-216BB_DACRAD46.MRK
[2013/09/25 01:48:19 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_700-074_Y53316J_0U_Q4CE32308C6_E13AM2RR8606_4A_I2AF3_SHP_V1.0_B80.05_T130507_W8101-0_L409_M12243_J2000_7Intel_86C3_93.00_#130525_N10EC8168;18143290_Z_G10DE0FC1_Ohp CDDVDW SH-216BB_DACRAD46.MRK
[2013/09/18 19:26:35 | 000,694,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/18 19:26:35 | 000,078,296 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/01 07:44:58 | 480,435,030 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/09/30 20:07:41 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2013/09/30 17:35:32 | 000,003,620 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013/09/30 17:35:32 | 000,000,043 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013/09/29 13:39:13 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk
[2013/09/28 23:10:45 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2013/09/28 20:39:42 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/09/28 20:38:28 | 003,819,328 | ---- | C] () -- C:\Users\A Wookie Sniper\Desktop\battlelog-web-plugins_2.3.0_118.exe
[2013/09/28 19:37:24 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2013/09/28 19:37:06 | 000,215,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/09/28 19:37:06 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/09/28 19:37:04 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/09/28 18:20:51 | 000,000,219 | ---- | C] () -- C:\Users\A Wookie Sniper\Desktop\Dota 2.url
[2013/09/28 17:31:56 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/09/28 17:24:29 | 000,001,055 | ---- | C] () -- C:\Users\A Wookie Sniper\Desktop\EVGA Precision X.lnk
[2013/09/28 14:34:30 | 000,001,292 | ---- | C] () -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
[2013/09/28 14:34:02 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2013/09/27 23:52:23 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013/09/27 23:15:51 | 000,386,923 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/09/27 22:17:31 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/27 22:12:21 | 000,001,267 | ---- | C] () -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk
[2013/09/27 21:57:48 | 000,001,044 | ---- | C] () -- C:\Users\A Wookie Sniper\Desktop\Kaspersky Security Scan.lnk
[2013/09/27 21:06:09 | 000,291,288 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/27 18:12:29 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/09/26 22:55:02 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForA Wookie Sniper.job
[2013/09/25 22:40:57 | 000,001,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/09/25 04:52:12 | 000,007,623 | ---- | C] () -- C:\Users\A Wookie Sniper\AppData\Local\Resmon.ResmonCfg
[2013/09/25 02:14:36 | 000,168,625 | ---- | C] () -- C:\Users\A Wookie Sniper\AppData\Local\census.cache
[2013/09/25 02:14:35 | 000,062,122 | ---- | C] () -- C:\Users\A Wookie Sniper\AppData\Local\ars.cache
[2013/09/25 02:06:49 | 000,000,036 | ---- | C] () -- C:\Users\A Wookie Sniper\AppData\Local\housecall.guid.cache
[2013/09/25 01:59:10 | 000,001,431 | ---- | C] () -- C:\Users\A Wookie Sniper\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/25 01:48:26 | 000,001,437 | ---- | C] () -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/09/25 01:48:19 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_700-074_Y53316J_0U_Q4CE32308C6_E13AM2RR8606_4A_I2AF3_SHP_V1.0_B80.05_T130507_W8101-0_L409_M12243_J2000_7Intel_86C3_93.00_#130525_N10EC8168;18143290_Z_G10DE0FC1_Ohp CDDVDW SH-216BB_DACRAD46.MRK
[2013/09/25 01:48:19 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_700-074_Y53316J_0U_Q4CE32308C6_E13AM2RR8606_4A_I2AF3_SHP_V1.0_B80.05_T130507_W8101-0_L409_M12243_J2000_7Intel_86C3_93.00_#130525_N10EC8168;18143290_Z_G10DE0FC1_Ohp CDDVDW SH-216BB_DACRAD46.MRK
[2013/09/25 01:47:55 | 000,002,103 | ---- | C] () -- C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2013/09/25 01:47:55 | 000,000,352 | ---- | C] () -- C:\Users\A Wookie Sniper\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/09/25 01:47:55 | 000,000,334 | ---- | C] () -- C:\Users\A Wookie Sniper\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/09/25 01:00:20 | 1651,171,326 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/25 00:58:44 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013/05/25 14:08:00 | 000,367,348 | ---- | C] () -- C:\Windows\SysWow64\drivers\FW7650.bin
[2013/05/25 14:08:00 | 000,000,313 | ---- | C] () -- C:\Windows\SysWow64\RaCheckBTDev.ini
[2013/03/22 10:00:08 | 000,000,983 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2013/01/31 17:04:00 | 000,070,904 | ---- | C] () -- C:\Windows\SysWow64\BsProfileFunc.dll
[2013/01/28 19:31:48 | 019,577,344 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2013/01/28 19:29:58 | 000,104,448 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/01/28 19:29:12 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/01/10 12:59:24 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\BsTrace.dll
[2013/01/10 11:25:58 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\BsExtendFunc.dll
[2013/01/10 11:25:58 | 000,049,248 | ---- | C] () -- C:\Windows\SysWow64\BSSkypeAgent.dll
[2013/01/10 11:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2013/01/10 11:25:56 | 000,073,820 | ---- | C] () -- C:\Windows\SysWow64\BSVoIPComm.dll
[2013/01/10 11:25:56 | 000,049,664 | ---- | C] () -- C:\Windows\SysWow64\BSWMPPlugin.dll
[2013/01/10 11:25:56 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\SCChangeMonitor.dll
[2012/12/10 17:12:50 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/09/28 15:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/08/10 19:56:12 | 000,915,038 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 04:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 04:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 03:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 21:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 16:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 16:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 16:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 16:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 16:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/13 08:45:02 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\SROF.dll
[2012/06/04 21:31:00 | 000,000,417 | ---- | C] () -- C:\Windows\SysWow64\RaoBLE.ini
[2012/06/02 10:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/05/25 14:09:29 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 02:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 01:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/26 08:20:38 | 000,000,000 | ---D | M] -- C:\Users\A Wookie Sniper\AppData\Roaming\IDT
[2013/09/28 23:11:51 | 000,000,000 | ---D | M] -- C:\Users\A Wookie Sniper\AppData\Roaming\MotioninJoy
[2013/09/27 20:41:34 | 000,000,000 | ---D | M] -- C:\Users\A Wookie Sniper\AppData\Roaming\Opera Software
[2013/09/28 20:07:09 | 000,000,000 | ---D | M] -- C:\Users\A Wookie Sniper\AppData\Roaming\Origin
[2013/09/26 23:00:59 | 000,000,000 | ---D | M] -- C:\Users\A Wookie Sniper\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2012/10/11 22:06:15 | 000,190,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/03/06 02:29:15 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2012/07/25 23:08:16 | 000,094,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2012/07/25 23:07:01 | 000,826,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2013/06/10 15:15:25 | 000,723,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2012/07/25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2012/07/25 23:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 23:05:36 | 000,507,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2012/07/25 23:18:26 | 000,394,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/25 23:05:12 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/13 02:16:06 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2012/07/25 23:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2013/05/25 14:49:36 | 000,331,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2013/05/25 14:49:39 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012/10/11 22:05:39 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2012/07/25 23:05:34 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:64bit: - [2012/07/25 23:05:46 | 000,036,352 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2012/07/25 23:18:34 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2012/07/25 23:05:51 | 000,438,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2012/07/25 23:05:51 | 000,474,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2012/07/25 23:07:25 | 000,502,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2012/10/11 22:06:29 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2012/07/25 23:06:34 | 000,255,488 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2013/05/04 02:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/10/11 22:06:17 | 000,356,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2012/07/26 01:26:47 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012/10/11 22:06:15 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/07/25 23:08:47 | 000,769,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:64bit: - [2012/07/25 23:07:03 | 000,099,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2012/07/25 23:07:03 | 000,358,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2012/07/25 23:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2012/07/25 23:07:09 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2012/10/11 22:05:38 | 000,035,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2013/04/09 00:51:41 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2012/07/25 23:07:23 | 000,309,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2012/07/25 23:07:16 | 000,565,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2012/07/25 23:19:59 | 000,506,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2013/04/09 00:50:39 | 001,285,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2012/07/25 23:07:28 | 000,305,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2012/07/25 23:20:06 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2012/07/25 23:07:30 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/07/25 23:07:00 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2013/05/04 02:59:51 | 001,483,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2013/06/01 05:19:42 | 000,785,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:64bit: - [2013/04/09 00:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/07/25 23:07:08 | 000,148,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/07/01 20:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 23:07:47 | 001,731,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:64bit: - [2013/05/25 14:49:40 | 000,904,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2012/07/25 23:07:47 | 000,570,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2012/07/25 23:08:34 | 000,124,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2012/07/25 23:20:50 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2012/07/25 23:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2013/08/16 01:21:55 | 003,275,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2012/07/25 23:05:31 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2013/05/25 14:53:04 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:64bit: - [2012/07/25 23:08:02 | 000,191,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2013/05/25 14:49:44 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2013/05/25 14:49:44 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2013/06/01 07:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013/06/01 07:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe
[2013/06/01 06:17:57 | 002,116,520 | ---- | M] (Microsoft Corporation) MD5=15C505AD0118275E7363A539009EF3AF -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe
[2012/07/25 23:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2012/07/26 00:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2013/05/25 14:49:44 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2013/06/01 08:41:08 | 002,380,968 | ---- | M] (Microsoft Corporation) MD5=D1FF6792A3B0FBD2F2F17DC936AF6177 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe
[2013/05/25 14:49:44 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2013/06/01 06:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013/06/01 06:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe

< MD5 for: SERVICES >
[2012/07/26 01:26:47 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services

< MD5 for: SERVICES.EXE >
[2012/10/11 22:05:38 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=581190907DA1CF8CB7B87B35FFE64A07 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2012/07/26 01:26:45 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=754A2CC1F32107EA87CBD305ABE3E618 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2012/10/11 22:05:38 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2012/10/11 22:05:38 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2012/07/26 03:48:33 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\SysNative\en-US\services.exe.mui
[2012/07/26 03:48:33 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=8BCB19134E995FA62587DCE26E13B36C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_en-us_c2c6ee7bafb963b8\services.exe.mui

< MD5 for: SERVICES.JS >
[2013/09/26 02:22:41 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_2.0.0.308_x64__8wekyb3d8bbwe\common\js\services.js
[2013/09/26 02:22:12 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingNews_2.0.0.308_x64__8wekyb3d8bbwe\common\js\services.js
[2013/09/26 02:23:37 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingSports_2.0.0.309_x64__8wekyb3d8bbwe\common\js\services.js
[2013/09/26 02:19:00 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_2.0.0.308_x64__8wekyb3d8bbwe\common\js\services.js
[2013/09/26 02:24:08 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe\common\js\services.js
[2012/07/26 03:54:02 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 03:53:53 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 03:53:50 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 03:54:33 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 03:53:57 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js

< MD5 for: SERVICES.LNK >
[2012/07/25 16:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 16:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/25 16:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk

< MD5 for: SERVICES.MOF >
[2012/06/02 10:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2012/06/02 10:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof

< MD5 for: SERVICES.MSC >
[2012/07/26 03:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\en-US\services.msc
[2012/06/02 10:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\services.msc
[2012/07/26 03:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2012/06/02 10:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2012/07/26 03:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_fd08be678622fdab\services.msc
[2012/06/02 10:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012/06/02 10:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012/07/26 03:48:57 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_a0ea22e3cdc58c75\services.msc

< MD5 for: SERVICES.PTXML >
[2012/07/25 16:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2012/07/25 16:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2012/07/25 23:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2012/07/25 23:08:47 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
[2012/10/11 22:05:39 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=607F7CB143783A8F9BA058D2FC4F2D36 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
[2012/10/11 22:05:52 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
[2012/10/11 22:05:52 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2012/10/11 22:05:39 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\SysNative\svchost.exe
[2012/10/11 22:05:39 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe
[2012/10/11 22:05:52 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=EEF5E64822C3E21B186EA53463BE92DA -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe

< MD5 for: USERINIT.EXE >
[2012/07/25 23:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012/07/25 23:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012/07/25 23:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012/07/25 23:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/10/11 22:05:39 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2012/10/11 22:05:39 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2012/07/25 23:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2013/05/25 14:49:36 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
[2013/05/25 14:49:36 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2013/05/25 14:49:36 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is Windows
Volume Serial Number is 3CC0-2013
Directory of C:\
07/26/2012 03:22 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/26/2012 03:22 AM <JUNCTION> Application Data [C:\ProgramData]
07/26/2012 03:22 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/26/2012 03:22 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/26/2012 03:22 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/26/2012 03:22 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\system.sav\logs\SymLogs
05/25/2013 02:26 PM <SYMLINKD> cclog [C:\Users\Public\Symantec\SymSilent\cclog]
0 File(s) 0 bytes
Directory of C:\Users
07/26/2012 03:22 AM <SYMLINKD> All Users [C:\ProgramData]
07/26/2012 03:22 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\A Wookie Sniper
09/25/2013 01:47 AM <JUNCTION> Application Data [C:\Users\A Wookie Sniper\AppData\Roaming]
09/25/2013 01:47 AM <JUNCTION> Cookies [C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Cookies]
09/25/2013 01:47 AM <JUNCTION> Local Settings [C:\Users\A Wookie Sniper\AppData\Local]
09/25/2013 01:47 AM <JUNCTION> My Documents [C:\Users\A Wookie Sniper\Documents]
09/25/2013 01:47 AM <JUNCTION> NetHood [C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/25/2013 01:47 AM <JUNCTION> PrintHood [C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/25/2013 01:47 AM <JUNCTION> Recent [C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Recent]
09/25/2013 01:47 AM <JUNCTION> SendTo [C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\SendTo]
09/25/2013 01:47 AM <JUNCTION> Start Menu [C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Start Menu]
09/25/2013 01:47 AM <JUNCTION> Templates [C:\Users\A Wookie Sniper\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\A Wookie Sniper\AppData\Local
09/25/2013 01:47 AM <JUNCTION> Application Data [C:\Users\A Wookie Sniper\AppData\Local]
09/25/2013 01:47 AM <JUNCTION> History [C:\Users\A Wookie Sniper\AppData\Local\Microsoft\Windows\History]
09/25/2013 01:47 AM <JUNCTION> Temporary Internet Files [C:\Users\A Wookie Sniper\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\A Wookie Sniper\Documents
09/25/2013 01:47 AM <JUNCTION> My Music [C:\Users\A Wookie Sniper\Music]
09/25/2013 01:47 AM <JUNCTION> My Pictures [C:\Users\A Wookie Sniper\Pictures]
09/25/2013 01:47 AM <JUNCTION> My Videos [C:\Users\A Wookie Sniper\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/26/2012 03:22 AM <JUNCTION> Application Data [C:\ProgramData]
07/26/2012 03:22 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/26/2012 03:22 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/26/2012 03:22 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/26/2012 03:22 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/26/2012 03:22 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/26/2012 03:22 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/26/2012 03:22 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/26/2012 03:22 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/26/2012 03:22 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/26/2012 03:22 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/26/2012 03:22 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/26/2012 03:22 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/26/2012 03:22 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/26/2012 03:22 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/26/2012 03:22 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/26/2012 03:22 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/26/2012 03:22 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/26/2012 03:22 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/26/2012 03:22 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/26/2012 03:22 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/26/2012 03:22 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/26/2012 03:22 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/26/2012 03:22 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
49 Dir(s) 1,881,291,804,672 bytes free

< End of report >
  • 0

#7
thewookie

thewookie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL Extras logfile created on: 10/1/2013 11:21:02 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\A Wookie Sniper\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16688)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.92 Gb Total Physical Memory | 10.54 Gb Available Physical Memory | 88.37% Memory free
15.92 Gb Paging File | 14.37 Gb Available in Paging File | 90.25% Paging File free
Paging file location(s): c:\pagefile.sys 4096 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1843.66 Gb Total Space | 1752.25 Gb Free Space | 95.04% Space Free | Partition Type: NTFS
Drive D: | 17.88 Gb Total Space | 2.20 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Computer Name: ROOK | User Name: A Wookie Sniper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3940130177-4247360687-243470325-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078A5C88-CA95-4A89-82C2-5244416A94E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0F90864A-4A3F-406B-891F-0E3922DFA248}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{12A73909-59FA-4202-8321-BB27874AAB84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1DD99AF3-A69C-49E4-BE35-B7B0DB3A2392}" = lport=137 | protocol=17 | dir=in | app=system |
"{2613938C-98A0-49A3-9F68-BAFD56C57A97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{41A02D7E-4A1C-4099-B53E-0CB1BF554DE0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6069B034-A92D-48F9-B01C-0AD5240CCD7E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe |
"{60D89197-074E-431E-8A26-5FD097D0C967}" = lport=139 | protocol=6 | dir=in | app=system |
"{6A666CB2-3BF9-4E61-9F01-22E1426BA79E}" = rport=445 | protocol=6 | dir=out | app=system |
"{6D5164D2-F8A7-4E80-B319-38C3A7768D80}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7E4D3B27-1AE4-44C9-ABEC-25FE2F90C4F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8A97E19E-8655-4E35-9383-3B79E29B0C87}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8F0AEB2E-0AED-4BA7-BBBA-406C8125B89F}" = lport=445 | protocol=6 | dir=in | app=system |
"{9AD800A0-B085-454F-993F-DFCB6DA7D0AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9D9B4DEE-43E5-492D-BFD4-704978341FA3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A75FD1F3-7759-4D58-B298-00852286F11C}" = rport=137 | protocol=17 | dir=out | app=system |
"{A87A25FB-1BCD-4942-841F-2B40AFDFC223}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC444A89-C070-4FCA-B1C8-B446D3C0475B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CFEED27D-C12E-4ECB-832D-C2249989E296}" = rport=138 | protocol=17 | dir=out | app=system |
"{DD814B1A-339C-4F71-82FA-D2563A24B7E7}" = rport=139 | protocol=6 | dir=out | app=system |
"{EE3A6C6B-2992-4AF2-9773-DB3BDC633BA2}" = lport=138 | protocol=17 | dir=in | app=system |
"{F35514EA-2520-4669-A474-D78C48DD0EA7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F4AAA775-3B19-4799-9715-7B4FBDD5B388}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FE2F55C9-E7CF-46FA-9242-F03994DDBB35}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0018D4E5-FDCA-40AA-8D2E-DA1ADD553F40}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4 beta\bf4.exe |
"{0230C595-E37C-4E85-A797-B390FA567AE2}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{037A4440-9397-4F0F-9519-C99E6300DAB0}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{04081C6C-BD8C-4776-8AE2-BC6371601BCD}" = dir=out | name=getting started with windows 8 |
"{0A4E0117-CC92-4925-BC7C-AAD277EC4CD6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{0E9C4A75-8C91-4882-871C-C9EB370E895D}" = dir=out | name=microsoft mahjong |
"{0F76E097-42BC-4881-BB83-CFD372B0EA99}" = dir=out | name=hp+ |
"{1107FA9C-3508-44F4-BA89-19D0270E35CB}" = dir=out | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{11C9D9B8-FD77-4BE9-AA7E-D959BAF9B391}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{17A759E6-BFFA-4AA6-998C-E507C78E25CD}" = dir=in | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{1EA36E6E-A81A-4B53-9CAC-B0F90DAA19EC}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{2BC56D6F-41E7-4A0D-BF72-D96E90947705}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{3017B6BA-8B3B-4EC6-8894-7885B8DA2931}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{321C2486-156D-4B95-85DD-E92257A52A29}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{3AD947D4-9F08-4649-B67E-66B784D31B04}" = dir=out | name=kindle |
"{4275293F-EB4C-43ED-9696-F0A296E88B10}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{44B98734-E038-4E01-B113-FDF96326253D}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |
"{44FB48DC-8B3D-4C5A-B430-2EF23B3DFA6D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{458DC8FC-B10A-4115-ACBA-D6AA130483A3}" = protocol=17 | dir=in | app=c:\users\a wookie sniper\appdata\local\temp\7zs8e03.tmp\symnrt.exe |
"{4688D1D2-80D0-422B-A392-EE9996C8FB99}" = dir=in | name=box |
"{4A31FBC6-D58F-467C-8FDC-E7E7B9E77F41}" = dir=out | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |
"{4ABB37AC-E001-4A33-B566-91866CDD2CD1}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{4E35E29B-73E9-4014-B91A-DF57F201CD15}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5109BC12-5927-452A-AD04-1C1086642967}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{54EBD111-5B65-4636-842E-4A9803AA2A02}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{5A9EDFDD-27C7-426F-9B4D-123BFDD13C97}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{5BBA452F-3C64-42E5-9A6E-80C507629EC6}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{5D82EC96-4B66-41F6-A1EA-85462C01F670}" = protocol=1 | dir=out | [email protected],-28544 |
"{5E28AC6C-64C9-4A89-8107-E88264628E90}" = protocol=1 | dir=in | [email protected],-28543 |
"{5F394EA3-3364-41C1-AE52-5A42C93ED154}" = protocol=58 | dir=out | [email protected],-28546 |
"{65382A21-B234-4CA2-986E-21CF0F80CCDE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6A641EBA-A2C4-4339-89F4-3F47695C2262}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |
"{6B71B255-80E2-4663-8297-619D19085C32}" = dir=out | name=microsoft solitaire collection |
"{6C94F91D-78CB-4670-BB3C-6D0A965FEC04}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E958DF8-9EC1-4FD8-B0EE-96506BC33527}" = dir=out | name=hp registration |
"{6F2A83AD-EC71-4F51-B90D-FAA5DD8CF54F}" = dir=out | name=netflix |
"{74DFEC74-72B2-428F-BF52-51A9317BB39D}" = dir=out | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |
"{7896A3BD-755A-4FC9-ABB0-DA1245B64CA7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{82A10697-C7F2-4142-B644-FCDDC75C74EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{8931975A-71DD-4449-9578-5016A4C63520}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{8A03AA06-D926-4ED8-980C-CCDA095A5157}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{8B0D7978-9EED-447D-9849-807F065813E0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{909B8B2B-A47B-40BC-AB91-FF0F604A02B8}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4 beta\bf4.exe |
"{91C2127A-F206-4EA5-AD32-61993D69FFA8}" = protocol=58 | dir=in | [email protected],-28545 |
"{97925655-9C92-4498-80DE-5DEE1E46FC83}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{99D8F136-2C2A-4BF4-A86A-A4C8E87A03A4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A4A57BED-4826-4353-84A8-4F1BF9C6CC94}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B09BFDD8-A9C0-4E71-A1D5-62FF8BA1EC1F}" = dir=out | name=hp games |
"{B09C47B8-EB01-4F61-9C23-27F316BB97A5}" = dir=out | name=norton studio |
"{B20BBBB7-20D5-4DF6-BECE-8205AFF3FD2E}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe |
"{B5B9EF65-003C-4AA5-A17B-DF67DB6A896A}" = dir=in | name=hp connected photo powered by snapfish |
"{BBEDEEB7-9911-409C-90D2-95284C1B7E0A}" = dir=out | name=ebay |
"{C193DE5F-5AF5-4AB3-AE36-8BBC1203F5ED}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{C21AEBC8-462D-400E-A75A-78F6DFD1514E}" = dir=in | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |
"{C32DD6DD-990F-43EE-9186-E3FF8A582614}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{C63352A9-5BF8-440D-AC72-2D447CEBA183}" = dir=in | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |
"{C8D2EDB7-CC57-48C0-BFAC-0A33C498DFA6}" = dir=out | name=hp connected photo powered by snapfish |
"{CB67AE2E-C378-46EB-9CF6-AE86FAF4A79B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CFB24C31-10C5-429F-BA31-8DBDDAB2BC94}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{CFC9A49E-714B-41A1-9FB9-8B3B0240C243}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D012F5D7-AB8D-4DA5-A73D-A7F7ABCEAB67}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{D2A59625-A63C-4FF4-ADD0-355957227ABD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D5C757BE-57C9-42FC-B93A-DDC373F20FC6}" = dir=out | name=windows_ie_ac_001 |
"{D7751128-DAD7-4C80-95F3-3D4B8E48429F}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{DBBEC71B-18C0-4CD9-A447-605169DCBC75}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{E5053281-83A9-4A8F-B85C-6281830E46A4}" = protocol=6 | dir=in | app=c:\users\a wookie sniper\appdata\local\temp\7zs8e03.tmp\symnrt.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7BBC138-49FE-4525-9FC1-4C5382AC155B}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{F39C7D7B-2E6C-42E0-8434-58EC18469085}" = dir=out | name=box |
"{F4821064-90A8-404E-A6C5-8A46AC14371F}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{F80A1283-7455-467B-A52F-0B5D13E62A0B}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{F9918CEA-3AFE-4D9D-A585-C590DB81CAA0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{FC2E8C5C-B469-45B6-886C-35847FF1AC10}" = dir=in | name=ebay |
"{FE21DE64-C6DB-4EEA-B12F-7E00B6D0E1A6}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{307AA214-8490-9119-DA81-C8E875AD1C94}" = Ralink Bluetooth Stack64
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
"{E83FDB2A-C81C-403D-8FD3-A816A89AF80C}" = Intel® Rapid Storage Technology
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{FA00A3CC-7440-4938-A271-F186F50DD40D}" = Intel® Trusted Connect Service Client
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.66.1
"Logitech Gaming Software" = Logitech Gaming Software 8.50

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{574F0207-8E98-46CD-8F79-318348C98C46}" = HP Quick Start
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8A9FC225-75F6-4B5D-911C-0ED230565643}" = HP Product Detection
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT3290 802.11bgn Wi-Fi Adapter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CFAB3721-549D-4827-A4E8-7F90192114AB}" = Battlefield 4™ Beta
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.4" = ESN Sonar
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PrecisionX" = EVGA Precision X 4.2.1
"PunkBusterSvc" = PunkBuster Services
"RTSS" = RivaTuner Statistics Server 5.3.2
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"Steam App 570" = Dota 2
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2013 2:01:16 PM | Computer Name = ROOK | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "c:\program files (x86)\ralink
corporation\ralink bluetooth stack\BsSMSEditor.exe".Error in manifest or policy
file "" on line . A component version required by the application conflicts with
another component version already active. Conflicting components are:. Component
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error - 9/28/2013 2:34:03 PM | Computer Name = ROOK | Source = Application Error | ID = 1000
Description = Faulting application name: kss.exe, version: 12.0.1.340, time stamp:
0x50c1c75f Faulting module name: W8Toaster.dll, version: 12.0.1.335, time stamp:
0x50ae0cd9 Exception code: 0xc0000005 Fault offset: 0x000022d2 Faulting process id:
0xd8c Faulting application start time: 0x01cebc77093d4caa Faulting application path:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe Faulting
module path: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\W8Toaster.dll
Report
Id: 8c0c7da9-286c-11e3-be81-1c3e84b627aa Faulting package full name: Faulting package-relative
application ID:

Error - 9/28/2013 8:38:31 PM | Computer Name = ROOK | Source = Application Error | ID = 1000
Description = Faulting application name: Origin.exe, version: 9.3.6.4643, time stamp:
0x5231ef96 Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp:
0x515fac6e Exception code: 0xc0000374 Fault offset: 0x000daa3c Faulting process id:
0x1120 Faulting application start time: 0x01cebca7c713ba81 Faulting application path:
C:\Program Files (x86)\Origin\Origin.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 764052eb-289f-11e3-be83-1c3e84b627aa Faulting package full name: Faulting package-relative
application ID:

Error - 9/28/2013 8:42:31 PM | Computer Name = ROOK | Source = Application Error | ID = 1000
Description = Faulting application name: Origin.exe, version: 9.3.6.4643, time stamp:
0x5231ef96 Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp:
0x515fac6e Exception code: 0xc0000374 Fault offset: 0x000daa3c Faulting process id:
0x13e8 Faulting application start time: 0x01cebcac9c268621 Faulting application path:
C:\Program Files (x86)\Origin\Origin.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 055450bd-28a0-11e3-be83-1c3e84b627aa Faulting package full name: Faulting package-relative
application ID:

Error - 9/28/2013 9:50:58 PM | Computer Name = ROOK | Source = Application Error | ID = 1000
Description = Faulting application name: Origin.exe, version: 9.3.6.4643, time stamp:
0x5231ef96 Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp:
0x515fac6e Exception code: 0xc0000374 Fault offset: 0x000daa3c Faulting process id:
0xb7c Faulting application start time: 0x01cebcacff1393bf Faulting application path:
C:\Program Files (x86)\Origin\Origin.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 95b03351-28a9-11e3-be84-1c3e84b627aa Faulting package full name: Faulting package-relative
application ID:

Error - 9/29/2013 2:32:40 PM | Computer Name = ROOK | Source = Application Error | ID = 1000
Description = Faulting application name: Origin.exe, version: 9.3.6.4643, time stamp:
0x5231ef96 Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp:
0x515fac6e Exception code: 0xc0000374 Fault offset: 0x000daa3c Faulting process id:
0x1094 Faulting application start time: 0x01cebd38303e0a07 Faulting application path:
C:\Program Files (x86)\Origin\Origin.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 84e3b401-2935-11e3-be87-1c3e84b627aa Faulting package full name: Faulting package-relative
application ID:

Error - 9/29/2013 3:02:54 PM | Computer Name = ROOK | Source = Application Error | ID = 1000
Description = Faulting application name: Origin.exe, version: 9.3.6.4643, time stamp:
0x5231ef96 Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp:
0x515fac6e Exception code: 0xc0000374 Fault offset: 0x000daa3c Faulting process id:
0x860 Faulting application start time: 0x01cebd45c2ec355b Faulting application path:
C:\Program Files (x86)\Origin\Origin.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: be8fafc4-2939-11e3-be87-1c3e84b627aa Faulting package full name: Faulting package-relative
application ID:

Error - 9/29/2013 3:33:28 PM | Computer Name = ROOK | Source = Application Error | ID = 1000
Description = Faulting application name: Origin.exe, version: 9.3.6.4643, time stamp:
0x5231ef96 Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp:
0x515fac6e Exception code: 0xc0000374 Fault offset: 0x000daa3c Faulting process id:
0x758 Faulting application start time: 0x01cebd49e7541ef6 Faulting application path:
C:\Program Files (x86)\Origin\Origin.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 034bf90a-293e-11e3-be87-1c3e84b627aa Faulting package full name: Faulting package-relative
application ID:

Error - 9/29/2013 8:26:37 PM | Computer Name = ROOK | Source = Application Error | ID = 1000
Description = Faulting application name: Origin.exe, version: 9.3.6.4643, time stamp:
0x5231ef96 Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp:
0x515fac6e Exception code: 0xc0000374 Fault offset: 0x000daa3c Faulting process id:
0xbf8 Faulting application start time: 0x01cebd6c8c6dd72c Faulting application path:
C:\Program Files (x86)\Origin\Origin.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: f746e77f-2966-11e3-be87-1c3e84b627aa Faulting package full name: Faulting package-relative
application ID:

Error - 9/29/2013 8:39:13 PM | Computer Name = ROOK | Source = Application Error | ID = 1000
Description = Faulting application name: Origin.exe, version: 9.3.6.4643, time stamp:
0x5231ef96 Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp:
0x515fac6e Exception code: 0xc0000374 Fault offset: 0x000daa3c Faulting process id:
0x328 Faulting application start time: 0x01cebd740d300ed9 Faulting application path:
C:\Program Files (x86)\Origin\Origin.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: ba2d64cf-2968-11e3-be87-1c3e84b627aa Faulting package full name: Faulting package-relative
application ID:

[ System Events ]
Error - 10/1/2013 2:43:18 AM | Computer Name = ROOK | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/1/2013 2:43:18 AM | Computer Name = ROOK | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/1/2013 2:43:18 AM | Computer Name = ROOK | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/1/2013 2:44:42 AM | Computer Name = ROOK | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/1/2013 2:44:42 AM | Computer Name = ROOK | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/1/2013 2:44:42 AM | Computer Name = ROOK | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/1/2013 2:46:51 AM | Computer Name = ROOK | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/1/2013 2:46:51 AM | Computer Name = ROOK | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/1/2013 2:46:51 AM | Computer Name = ROOK | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/1/2013 2:48:18 AM | Computer Name = ROOK | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >
  • 0

#8
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hello thewookie :)

Hey, sorry for the inconvenience on your part sir, here's the logs.. :D
Thanks.


No inconvience at all! I need a fresh look at what's going on ~ please don't make any major changes while I look at this, ok :)
I am not a sir ;) And you are very welcome. What sort of issues are you having?
  • 0

#9
thewookie

thewookie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ahh, well my apologies, madame!

Well, i haven't noticed much lately, just high resource usage here and there when i'm not doing anything, like today. A little after i turned on my pc, i was afk for a little while with the DS3 tool running
firefox with the battlelog webpage open to play the Battlefield4 beta, i walked away and came back three times every 10 -15minutes probably and my keyboard was showing 50% cpu usage and 15-30% ram; i don't recall. So
i opened up task manager and resource manager and it showed Tiworker.ex_e using 52% cpu, also to note that the first two times as soon as started using the computer resources dropped back to 0-8% and the third time
i quickly opened the task and resource monitor and only saw it for a second before it dropped to 0% again. Normal? Well i looked online and it said there's an update from like december 2012 that fixes tiworker to
not use up your resources and to fix windows update to work properly and install all updates. I've also had trouble with windows update and there were quite a few times where updates kept failing and all. I searched my installed updates, i don't have this update installed, i was almost going to install it but i put it off so it didn't mess you up. Windows update and HP Support assistant both say everything is up to date as well.

Other than that i haven't really seem anything strange going on.... Kinda weird, but i'll take it i suppose. :P


I had a question about the computer, though. In the log up there it shows updates and what have you from like earlier 2012 and all but i was under the impression this was like a pretty new pc and the side
panel shows the quality control check at 5/2013 as well as hp saying this is the build date.? Also curious about a couple parts that say vista, is this an upgraded pc or..?


So, yeah. I don't know if there's really anything else at this point and everything seems to be working normally.

Thanks for your help thusfar, i appreciate it. :)
  • 0

#10
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi thewookie

Ahh, well my apologies, madame!


No apology necessary. :lol:

Good thing I asked for fresh logs! This is completely different from the previously posted log.
Let me investigate the Tiworker.ex_e issue a bit, consult with my Teacher, and I'll post back soon as I can.
Thank you for your patience. :)
  • 0

Advertisements


#11
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hello thewookie :)

Install the update, let me know how it goes, please. :thumbsup:
  • 0

#12
thewookie

thewookie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Alright, will do.....
;)

Edit: It said the update is not applicable for this system. D:
This is from Micros website,
Version:

Date Published:

2771431


12/4/2012
File name:

File size:

Windows8-RT-KB2771431-x64.msu


9.6 MB
KB Articles: KB2771431

And here is the knowledge base page for it,
http://support.micro...en-us#appliesto

Edited by thewookie, 03 October 2013 - 12:33 PM.

  • 0

#13
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi thewookie :)

This issue with Tiworker.exe is one of those 'things' with Windows 8 they tried to fix (with the update) and have not as yet. The Windows Update you mentioned and tried was one way that did fix some computers' issue with it.
These scans are the other, some did it after the update had made it actually worse and it was better after these scans.
Built into Windows 8:
Try this and see if it helps.


Scan and Restore Computers' Health

1. Press Windows + x

2. Right Click Command Prompt choose Run as Administrator, and click Yes to continue
.
3. Type DISM.exe /Online /Cleanup-image /Scanhealth, press Enter.

4. Type DISM.exe /Online /Cleanup-image /Restorehealth, press Enter.

Please let me know how it goes. :)
  • 0

#14
thewookie

thewookie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ahh, very well.
Puts a little ease on the mind, it also makes sense. Computer was beautiful 'til around doing this i could almost definitely say.

Scan and Restore Computers' Health

I will do this now and thank you for your help thus far. :)



On a side note; I actually like W8, there are a couple things that are irritating such as this but, it's usually pretty smooth and snappy. (Thanks to a good processor as well as other specs for sure)
Looking forward to full stability to come, though.



I'll update asap, I'm in the middle of a few things right now.

Cheers.
  • 0

#15
thewookie

thewookie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
So....,

I'm attaching a jpeg of the task you have asked.





Couple Questions for you:
Is it just default of Dism* to say "The component store corruption was repaired." ?
a. If not, why did the scan check say "No component store corruption detected." ?
b. If that is default response to receive; What do i do next/Is there anything else to be attempted at this point?
c. Is this just "one of those things" I'm unfortunately stuck with until the "true" update is released for this problem?

2. I assume that the computer looked alright since you had me work on this problem, currently, Would i be correct?

2a. If not, as i assume you are done lending me your help as there's nothing further you can do if the above is correct,
can i install a few manual updates i found independently?

2b. If i remember correctly.. , they are updates for: IDT HD Audio, Ethernet Driver, UEFI update, igfx and Bluetooth.


Thanks in advance, red


EDIT: After posting this i was just idling with nothing else running or anything just G2G forums in FF and that's it and i look down to see CPU flux between 17%-25% and RAM holding at 22-23%
i quickly opened task manager, or attempted to anyway; the last few days if not a week or even better maybe when i cntrl shift esc it takes an extrordinarily long time like over 5 secs maybe even
10 or 12 seconds before the uac prompt appears i think it doesn't register and hit it again and when finally comes up i click yes and get hit by another after that for the second time i keyed it in,
anyways; when it opened for some reason FF was/is using 450-600mb of my ram consistently, which i've never noticed before. Contentiously anyways, i opened three more windows and was google-ing and am
currently on G2G with youtube running on a separate window in my 2nd screen and it's sitting right at about 450mb ram like it was just sitting on my "my content" page on this site and that's it.
Also to note bluetooth is using 20mb although i use bluetooth for nothing; could have auto allow device connect tho. Also Kaspersky Anti virus was using like 70mb when i first noticed and upped to like 99mb
when i started working; it is now at 32mb (kasper). When i caught this a little while ago >30min or so i right clicked FF and created dump file. Also, when i first got task manager open and was observing this,
cpu usage dropped down to 0-4% fluxuating.. Dunno if this is normal but just to note.

Attached Thumbnails

  • Sys64_DiSM_rslts.jpg

Edited by thewookie, 05 October 2013 - 02:54 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP