Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

When I open folders on an external harddrive, the folders open in a ne

Started by frozenthunder , Oct 16 2013 09:40 PM

Please log in to reply

#1
frozenthunder

Posted 16 October 2013 - 09:40 PM

Member

Member
140 posts

Hi!

Whenever I click on folders in external drives connected to this pc, the icons on my screen blink once and the folder opens in a new window. I inserted a thumbdrive into the pc and the files in the thumbdrive open in the same way.

This started happening when I connected a friend's thumbdrive to this pc. I already tried USBVaccine by panda security but it didnt seem to help. Any form of help is greatly appreciated!

here is the OTL.txt

OTL logfile created on: 10/17/2013 11:32:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 4.96 Gb Available Physical Memory | 62.15% Memory free
15.96 Gb Paging File | 12.93 Gb Available in Paging File | 81.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488.18 Gb Total Space | 15.67 Gb Free Space | 3.21% Space Free | Partition Type: NTFS
Drive D: | 443.23 Gb Total Space | 56.66 Gb Free Space | 12.78% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 121.60 Gb Free Space | 13.06% Space Free | Partition Type: FAT32
Drive G: | 7.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PRABHU | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\ProgramData\Application Data\wmimgmt.exe
PRC - [2013/10/17 11:32:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/10/11 22:11:06 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/11 00:10:18 | 029,768,376 | ---- | M] (Dropbox, Inc.) -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/09 10:19:14 | 000,565,672 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/10/09 10:19:12 | 001,813,928 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\steam\Steam.exe
PRC - [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/27 02:37:44 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/09/25 17:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/09/18 06:28:28 | 001,787,688 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
PRC - [2013/09/18 06:28:16 | 000,878,888 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
PRC - [2013/09/18 06:27:50 | 000,556,840 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013/08/28 05:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/08/28 05:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/08/06 19:00:59 | 009,739,056 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
PRC - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
PRC - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/08/02 15:38:20 | 002,248,704 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
PRC - [2011/07/06 13:15:26 | 002,656,536 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/07/06 13:15:20 | 000,326,424 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/04/15 17:26:36 | 000,980,280 | ---- | M] () -- C:\Program Files (x86)\VOX\JamVOX\JVExec.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/17 09:30:53 | 000,128,512 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\_elementtree.pyd
MOD - [2013/10/17 09:30:52 | 001,175,040 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\wx._core_.pyd
MOD - [2013/10/17 09:30:52 | 001,153,024 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\_ssl.pyd
MOD - [2013/10/17 09:30:52 | 001,062,400 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\wx._controls_.pyd
MOD - [2013/10/17 09:30:52 | 000,811,008 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\wx._windows_.pyd
MOD - [2013/10/17 09:30:52 | 000,805,888 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\wx._gdi_.pyd
MOD - [2013/10/17 09:30:52 | 000,735,232 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\wx._misc_.pyd
MOD - [2013/10/17 09:30:52 | 000,711,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\_hashlib.pyd
MOD - [2013/10/17 09:30:52 | 000,686,080 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\unicodedata.pyd
MOD - [2013/10/17 09:30:52 | 000,557,056 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\pysqlite2._sqlite.pyd
MOD - [2013/10/17 09:30:52 | 000,504,832 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\windows._cacheinvalidation.pyd
MOD - [2013/10/17 09:30:52 | 000,364,544 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\pythoncom27.dll
MOD - [2013/10/17 09:30:52 | 000,320,512 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\win32com.shell.shell.pyd
MOD - [2013/10/17 09:30:52 | 000,127,488 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\pyexpat.pyd
MOD - [2013/10/17 09:30:52 | 000,122,368 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\wx._wizard.pyd
MOD - [2013/10/17 09:30:52 | 000,119,808 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\win32file.pyd
MOD - [2013/10/17 09:30:52 | 000,110,080 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\PyWinTypes27.dll
MOD - [2013/10/17 09:30:52 | 000,108,544 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\win32security.pyd
MOD - [2013/10/17 09:30:52 | 000,098,816 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\win32api.pyd
MOD - [2013/10/17 09:30:52 | 000,087,040 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\_ctypes.pyd
MOD - [2013/10/17 09:30:52 | 000,070,656 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\wx._html2.pyd
MOD - [2013/10/17 09:30:52 | 000,044,032 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\_socket.pyd
MOD - [2013/10/17 09:30:52 | 000,038,912 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\win32inet.pyd
MOD - [2013/10/17 09:30:52 | 000,035,840 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\win32process.pyd
MOD - [2013/10/17 09:30:52 | 000,026,624 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\_multiprocessing.pyd
MOD - [2013/10/17 09:30:52 | 000,025,600 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\win32pdh.pyd
MOD - [2013/10/17 09:30:52 | 000,022,528 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\win32ts.pyd
MOD - [2013/10/17 09:30:52 | 000,018,432 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\win32event.pyd
MOD - [2013/10/17 09:30:52 | 000,017,408 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\win32profile.pyd
MOD - [2013/10/17 09:30:52 | 000,011,264 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\win32crypt.pyd
MOD - [2013/10/17 09:30:52 | 000,010,240 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31282\select.pyd
MOD - [2013/10/11 00:09:30 | 003,558,400 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/09 10:19:16 | 001,121,704 | ---- | M] () -- C:\Program Files (x86)\steam\bin\chromehtml.dll
MOD - [2013/10/09 07:58:04 | 013,584,776 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.9.900.117\pepflashplayer.dll
MOD - [2013/10/03 14:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 14:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 14:02:12 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 14:02:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 14:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/09/18 06:18:58 | 000,902,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
MOD - [2013/09/11 06:20:56 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\steam\bin\libcef.dll
MOD - [2013/08/22 06:18:28 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\steam\SDL2.dll
MOD - [2013/08/07 15:33:54 | 000,027,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\VersionModule.dll
MOD - [2013/08/06 19:01:20 | 000,864,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
MOD - [2013/08/06 19:00:59 | 009,739,056 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
MOD - [2013/07/26 14:18:31 | 000,957,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XLL.dll
MOD - [2013/07/18 22:09:40 | 000,529,200 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll
MOD - [2013/07/15 22:29:36 | 001,545,520 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
MOD - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
MOD - [2013/06/15 07:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avcodec-53.dll
MOD - [2013/06/15 07:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avformat-53.dll
MOD - [2013/06/15 07:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avutil-51.dll
MOD - [2013/04/10 17:23:12 | 000,170,800 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
MOD - [2013/04/10 17:22:55 | 000,155,440 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libmpg123.dll
MOD - [2013/03/14 04:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/03/13 18:05:59 | 000,374,064 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\Http.dll
MOD - [2013/03/07 10:10:42 | 000,106,288 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
MOD - [2013/03/07 10:10:39 | 000,224,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
MOD - [2013/03/07 10:10:22 | 000,487,216 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CxImage.dll
MOD - [2013/02/13 09:42:46 | 005,407,744 | ---- | M] () -- C:\Program Files (x86)\PlayClaw4\playclaw-vcam.dll
MOD - [2013/02/07 17:11:25 | 000,025,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginModule.dll
MOD - [2013/02/07 17:11:24 | 000,087,344 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginKernel.dll
MOD - [2013/02/07 17:11:22 | 000,192,816 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ImageModule.dll
MOD - [2013/02/07 17:11:17 | 000,051,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\FileLoader.dll
MOD - [2013/02/07 17:11:15 | 000,033,584 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\DibModule.dll
MOD - [2013/02/01 13:42:29 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libzmq.dll
MOD - [2013/01/30 16:26:41 | 002,941,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdownloader.dll
MOD - [2013/01/30 16:26:38 | 000,104,752 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CommonLib.dll
MOD - [2013/01/14 19:57:52 | 001,092,912 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
MOD - [2013/01/14 19:57:46 | 000,219,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
MOD - [2012/11/09 17:34:12 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
MOD - [2012/11/08 19:28:10 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
MOD - [2012/11/08 19:27:48 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
MOD - [2012/04/24 09:19:16 | 000,238,592 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
MOD - [2012/04/13 11:12:18 | 000,059,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
MOD - [2012/04/13 11:12:18 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
MOD - [2012/03/08 16:56:40 | 000,510,464 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lame_enc.dll
MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\sqlite3.dll
MOD - [2012/02/22 16:52:16 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/02 15:38:20 | 002,248,704 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/04/15 17:26:36 | 000,980,280 | ---- | M] () -- C:\Program Files (x86)\VOX\JamVOX\JVExec.exe
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBMANAGE.DLL

========== Services (SafeList) ==========

SRV:64bit: - [2013/08/28 05:17:13 | 014,997,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/18 09:47:16 | 008,518,008 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2012/04/18 09:47:16 | 000,567,672 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
SRV - [2013/10/09 23:17:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 10:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/27 02:37:44 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/18 06:28:16 | 000,878,888 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe -- (hshld)
SRV - [2013/09/18 06:27:50 | 000,556,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/09/18 04:35:24 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/08/28 05:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/08/27 03:15:40 | 000,032,960 | ---- | M] (Razer) [Auto | Running] -- C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe -- (RzOvlMon)
SRV - [2013/08/16 17:37:02 | 000,757,144 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/06/26 12:31:08 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/30 05:24:28 | 005,117,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/07/06 13:15:26 | 002,656,536 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/07/06 13:15:20 | 000,326,424 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/18 04:31:12 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/08/27 03:05:21 | 000,128,984 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzDxgk.sys -- (RzDxgk)
DRV:64bit: - [2013/08/27 03:05:21 | 000,074,456 | ---- | M] (Razer USA Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RzFilter.sys -- (RzFilter)
DRV:64bit: - [2013/08/20 21:33:40 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/06/16 20:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/04/25 03:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/29 19:21:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/29 14:04:36 | 000,065,912 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/03/29 14:04:36 | 000,013,688 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/03/29 14:04:32 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/06/10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/28 07:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/28 07:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/28 05:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/28 05:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/15 01:00:00 | 000,062,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\JamDRV.sys -- (JAMVOX_AA)
DRV:64bit: - [2009/04/15 01:00:00 | 000,031,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JamWdm.sys -- (JAMVOX_01)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?...&ocid=iehp&tc=2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C 74 DD 0E 46 12 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.24.0.9
FF - prefs.js..extensions.enabledAddons: %7Bf701c26a-479a-4724-b4f1-870db12f063c%7D:1.4.4
FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.8
FF - prefs.js..extensions.enabledAddons: %7BB042753D-F57E-4e8e-A01B-7379A6D4CEFB%7D:1.35
FF - prefs.js..extensions.enabledAddons: afext%40anchorfree.com:3.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.6: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/26 12:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/12 00:43:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/26 12:31:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/12 00:43:03 | 000,000,000 | ---D | M]

[2012/03/10 21:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/10/06 00:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions
[2013/05/02 23:38:11 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012/03/13 21:15:01 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\[email protected]
[2013/01/01 10:25:46 | 000,067,812 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
[2013/07/28 13:20:30 | 000,223,750 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/02/10 00:02:03 | 000,328,332 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013/10/06 00:17:59 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/04/07 11:53:55 | 000,043,307 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}.xpi
[2013/06/26 12:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/26 12:31:05 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/09/01 23:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/26 12:31:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/01 23:31:03 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]
[2012/01/12 16:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = https://www.google.c...q=t&channel=rcs
CHR - default_search_provider: suggest_url = https://www.google.c...q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: Dropdown List of Most Visited Links = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah\0.5_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [JamInit] C:\Windows\SysNative\InitJam.exe (Korg Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GarenaPlus] C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Razer Comms] C:\Program Files (x86)\Razer\Core\RazerCore.exe (Razer)
O4 - HKCU..\Run: [Steam] C:\program files (x86)\steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKCU..\Run: [wmi32] "C:\ProgramData\Application Data\wmimgmt.exe" File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yuuguu.lnk = C:\Users\Owner\AppData\Roaming\Yuuguu\yuuguu.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AE76720-B3CC-4EB0-B3AB-0845216492DE}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32BB1182-7706-4C35-9E35-39C64A3E8B9E}: DhcpNameServer = 202.65.247.32 202.65.244.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A05D824F-D3DF-47F2-B212-86EF81DD0CF3}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/03 22:04:42 | 000,001,770 | RHS- | M] () - F:\AUTORUN_.INF -- [ FAT32 ]
O32 - AutoRun File - [2013/09/29 21:54:54 | 000,001,770 | RHS- | M] () - F:\AuToRUn.iNf -- [ FAT32 ]
O32 - AutoRun File - [2013/08/23 22:28:53 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4d54b29f-69f0-11e2-8ad2-8c89a58433e4}\Shell - "" = AutoRun
O33 - MountPoints2\{4d54b29f-69f0-11e2-8ad2-8c89a58433e4}\Shell\AutoRun\command - "" = G:\setup.exe -- [2013/08/23 22:34:31 | 000,674,357 | R--- | M] ( )
O33 - MountPoints2\{d8b116b5-6ab3-11e1-9dd9-8c89a58433e4}\Shell - "" = AutoRun
O33 - MountPoints2\{d8b116b5-6ab3-11e1-9dd9-8c89a58433e4}\Shell\AutoRun\command - "" = G:\setup.exe -- [2013/08/23 22:34:31 | 000,674,357 | R--- | M] ( )
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/17 11:32:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/10/15 16:14:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yuuguu
[2013/10/15 16:14:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Yuuguu
[2013/10/13 08:20:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/08 08:49:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashDumps
[2013/09/29 21:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/09/29 21:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2013/09/29 21:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/09/29 21:44:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\usbvaccine
[2013/09/27 14:00:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Maintainability
[2013/09/27 13:32:15 | 000,258,048 | ---- | C] (Marvell Inc) -- C:\ProgramData\wmimgmt.exe
[2013/09/27 13:10:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\scheduling
[2013/09/24 22:13:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Razer
[2013/09/24 22:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Comms
[2013/09/24 22:04:50 | 000,074,456 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzFilter.sys
[2013/09/24 22:04:49 | 000,128,984 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzDxgk.sys
[2013/09/24 22:04:37 | 000,000,000 | ---D | C] -- C:\Windows\Razer Core
[2013/09/24 22:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2013/09/24 22:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2013/09/23 03:20:15 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/09/21 11:02:03 | 000,000,000 | R--D | C] -- C:\Users\Owner\Google Drive
[2013/09/21 11:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/17 11:32:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/10/17 11:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/17 11:16:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/17 10:16:46 | 001,198,941 | ---- | M] () -- C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
[2013/10/17 09:42:40 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/17 09:42:40 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/17 09:33:13 | 000,224,256 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
[2013/10/17 09:30:41 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/17 09:30:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/17 09:30:25 | 2132,406,271 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/15 21:53:31 | 000,454,227 | ---- | M] () -- C:\Users\Owner\Desktop\IMG_15102013_215300.png
[2013/10/15 16:14:31 | 000,000,897 | ---- | M] () -- C:\Users\Owner\Desktop\Yuuguu.lnk
[2013/10/15 16:14:31 | 000,000,877 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yuuguu.lnk
[2013/10/15 16:14:31 | 000,000,857 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yuuguu.lnk
[2013/10/14 22:36:43 | 000,000,220 | ---- | M] () -- C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
[2013/10/12 15:54:57 | 000,370,894 | ---- | M] () -- C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
[2013/10/12 15:38:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2013/10/12 12:43:08 | 000,001,011 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/10/12 12:42:58 | 000,000,979 | ---- | M] () -- C:\Users\Owner\Desktop\Dropbox.lnk
[2013/10/11 06:43:33 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/11 06:43:33 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/11 06:43:33 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/11 06:36:33 | 000,607,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 23:12:21 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/07 23:11:30 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/29 21:38:23 | 000,132,597 | ---- | M] () -- C:\Users\Owner\Desktop\Flash_Disinfector.exe
[2013/09/27 17:13:24 | 000,189,099 | ---- | M] () -- C:\Users\Owner\Desktop\Bharath Prabhu CV.pdf
[2013/09/27 16:57:55 | 000,023,307 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/09/27 13:32:15 | 000,258,048 | ---- | M] (Marvell Inc) -- C:\ProgramData\wmimgmt.exe
[2013/09/26 21:32:08 | 003,386,608 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/09/24 22:04:57 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\Razer Comms.lnk
[2013/09/24 22:04:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf
[2013/09/23 21:21:36 | 000,000,056 | ---- | M] () -- C:\Windows\kgt2k.INI
[2013/09/23 03:20:05 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/09/21 11:02:04 | 000,001,653 | ---- | M] () -- C:\Users\Owner\Desktop\Google Drive.lnk
[2013/09/21 11:01:21 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2013/09/21 11:01:21 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2013/09/21 11:01:21 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2013/09/18 04:31:12 | 000,046,792 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/09/17 19:23:31 | 002,298,982 | ---- | M] () -- C:\Users\Owner\Desktop\photo.JPG
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/17 10:16:48 | 001,198,941 | ---- | C] () -- C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
[2013/10/15 21:53:22 | 000,454,227 | ---- | C] () -- C:\Users\Owner\Desktop\IMG_15102013_215300.png
[2013/10/15 16:14:31 | 000,000,897 | ---- | C] () -- C:\Users\Owner\Desktop\Yuuguu.lnk
[2013/10/15 16:14:31 | 000,000,877 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yuuguu.lnk
[2013/10/15 16:14:31 | 000,000,857 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yuuguu.lnk
[2013/10/14 22:36:43 | 000,000,220 | ---- | C] () -- C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
[2013/10/12 15:55:03 | 000,370,894 | ---- | C] () -- C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
[2013/09/29 21:38:17 | 000,132,597 | ---- | C] () -- C:\Users\Owner\Desktop\Flash_Disinfector.exe
[2013/09/27 17:12:32 | 000,189,099 | ---- | C] () -- C:\Users\Owner\Desktop\Bharath Prabhu CV.pdf
[2013/09/24 22:15:42 | 000,224,256 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
[2013/09/24 22:04:57 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\Razer Comms.lnk
[2013/09/24 22:04:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf
[2013/09/23 21:22:22 | 000,000,639 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz.lnk
[2013/09/23 21:22:22 | 000,000,611 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz Uninstall.lnk
[2013/09/23 21:21:36 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2013/09/21 11:02:04 | 000,001,653 | ---- | C] () -- C:\Users\Owner\Desktop\Google Drive.lnk
[2013/09/21 11:01:21 | 000,002,044 | ---- | C] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2013/09/21 11:01:21 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2013/09/21 11:01:21 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2013/09/17 19:23:20 | 002,298,982 | ---- | C] () -- C:\Users\Owner\Desktop\photo.JPG
[2013/08/24 11:49:19 | 000,007,168 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/09 17:42:14 | 000,045,270 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\room_v3.dat
[2013/03/27 21:09:55 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/23 20:49:08 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\tmb1-v32.dll
[2012/09/23 18:55:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/15 11:50:56 | 000,007,597 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/05/29 16:16:39 | 000,001,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/05/29 16:11:56 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/04/24 22:16:19 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/06 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Atari
[2012/03/11 14:49:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2013/10/17 11:34:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2013/08/29 13:16:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2013/10/17 10:17:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2013/07/15 21:20:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GameRanger
[2013/08/04 21:12:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Garena
[2013/10/17 09:35:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GarenaPlus
[2012/04/26 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Guitar Pro 6
[2013/03/09 01:02:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hotspot Shield
[2012/09/18 16:29:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2012/12/24 12:10:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient
[2012/09/23 20:49:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayClaw3
[2013/03/22 14:54:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayClaw4
[2012/08/07 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Subversion
[2012/03/11 00:46:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
[2013/08/18 20:54:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tunngle
[2012/05/23 18:43:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VOX
[2013/01/10 01:30:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\xim
[2013/10/17 09:34:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Yuuguu

========== Purity Check ==========

< End of report >

#2
RKinner

Posted 17 October 2013 - 03:27 PM

Malware Expert

Expert
24,442 posts

Copy the text in the code box by highlighting and Ctrl + c

:OTL
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O4 - HKCU..\Run: [wmi32] "C:\ProgramData\Application Data\wmimgmt.exe" File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yuuguu.lnk = C:\Users\Owner\AppData\Roaming\Yuuguu\yuuguu.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O32 - AutoRun File - [2013/09/03 22:04:42 | 000,001,770 | RHS- | M] () - F:\AUTORUN_.INF -- [ FAT32 ]
O32 - AutoRun File - [2013/09/29 21:54:54 | 000,001,770 | RHS- | M] () - F:\AuToRUn.iNf -- [ FAT32 ]
O32 - AutoRun File - [2013/08/23 22:28:53 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4d54b29f-69f0-11e2-8ad2-8c89a58433e4}\Shell - "" = AutoRun
O33 - MountPoints2\{4d54b29f-69f0-11e2-8ad2-8c89a58433e4}\Shell\AutoRun\command - "" = G:\setup.exe -- [2013/08/23 22:34:31 | 000,674,357 | R--- | M] ( )
O33 - MountPoints2\{d8b116b5-6ab3-11e1-9dd9-8c89a58433e4}\Shell - "" = AutoRun
O33 - MountPoints2\{d8b116b5-6ab3-11e1-9dd9-8c89a58433e4}\Shell\AutoRun\command - "" = G:\setup.exe -- [2013/08/23 22:34:31 | 000,674,357 | R--- | M] ( )

:files
C:\Users\Owner\AppData\Roaming\Yuuguu

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\01162013-some number.log so look there if you don't see it.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron

#3
frozenthunder

Posted 18 October 2013 - 08:50 PM

Member

Topic Starter
Member
140 posts

Hi Ron! Thanks so much for replying!

Here are the requested logs.

Btw my external harddrive that i suspect may be infected is currently plugged in. However, I also have a thumbdrive which may be infected. But that is not plugged in at the moment. So, im not sure if that may be a problem.

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wmi32 deleted successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yuuguu.lnk moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\yuuguu.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3533916949-36865485-774322356-1002\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3533916949-36865485-774322356-1002\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3533916949-36865485-774322356-1002\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
F:\AUTORUN_.INF moved successfully.
F:\AuToRUn.iNf moved successfully.
File move failed. G:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d54b29f-69f0-11e2-8ad2-8c89a58433e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d54b29f-69f0-11e2-8ad2-8c89a58433e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d54b29f-69f0-11e2-8ad2-8c89a58433e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d54b29f-69f0-11e2-8ad2-8c89a58433e4}\ not found.
File move failed. G:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8b116b5-6ab3-11e1-9dd9-8c89a58433e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8b116b5-6ab3-11e1-9dd9-8c89a58433e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8b116b5-6ab3-11e1-9dd9-8c89a58433e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8b116b5-6ab3-11e1-9dd9-8c89a58433e4}\ not found.
File move failed. G:\setup.exe scheduled to be moved on reboot.
========== FILES ==========
C:\Users\Owner\AppData\Roaming\Yuuguu\native folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\libs folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\zi\SystemV folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\zi\Pacific folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\zi\Indian folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\zi\Europe folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\zi\Etc folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\zi\Australia folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\zi\Atlantic folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\zi\Asia folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\zi\Antarctica folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\zi\America\North_Dakota folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\zi\America\Kentucky folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\zi\America\Indiana folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\zi\America\Argentina folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\zi\America folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\zi\Africa folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\zi folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\security folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\management folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\images\cursors folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\images folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\im folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\i386 folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\fonts folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\ext folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\cmm folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\audio folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib\applet folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\lib folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\bin\client folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre\bin folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\jre folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\config folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\cache\avatars folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu\cache folder moved successfully.
C:\Users\Owner\AppData\Roaming\Yuuguu folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: fbwuser

User: Owner
->Flash cache emptied: 984 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: fbwuser

User: Owner
->Java cache emptied: 45946 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10192013_094418

Files\Folders moved on Reboot...
File\Folder G:\autorun.inf not found!
File\Folder G:\setup.exe not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Owner (administrator) on PRABHU on 19-10-2013 09:51:00
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Razer) C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Korg Inc.) C:\Windows\System32\InitJam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
() C:\Program Files (x86)\Vtune\TBPANEL.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\steam\Steam.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Razer) C:\Program Files (x86)\Razer\Core\RazerCore.exe
() C:\Program Files (x86)\VOX\JamVOX\JVExec.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Marvell Inc) C:\ProgramData\Application Data\wmimgmt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [JamInit] - C:\Windows\system32\InitJam.exe [253008 2009-04-15] (Korg Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-28] (NVIDIA Corporation)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-15] (Logitech Inc.)
HKCU\...\Run: [TBPanel] - C:\Program Files (x86)\Vtune\TBPanel.exe [2248704 2011-08-02] ()
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKCU\...\Run: [GarenaPlus] - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9739056 2013-08-06] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\program files (x86)\steam\Steam.exe [1813928 2013-10-09] (Valve Corporation)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKCU\...\Run: [Razer Comms] - C:\Program Files (x86)\Razer\Core\RazerCore.exe [1091264 2013-08-27] (Razer)
HKCU\...\Run: [wmi32] - C:\ProgramData\Application Data\wmimgmt.exe [0 ] (Marvell Inc)
MountPoints2: G - G:\Autorun.exe
MountPoints2: {4d54b29f-69f0-11e2-8ad2-8c89a58433e4} - G:\setup.exe
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?...&ocid=iehp&tc=2
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6C74DD0E4612CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.6 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: Виявлення пристроїв Logitech - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\[email protected]
FF Extension: BitComet 视频下载器 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{f701c26a-479a-4724-b4f1-870db12f063c}.xpi
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - https://www.google.c...q=t&channel=rcs
CHR DefaultSuggestURL: (Google) - https://www.google.c...q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (BitCometAgent) - C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll (BitComet)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (Dropdown List of Most Visited Links) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah\0.5_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [878888 2013-09-18] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-09-18] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [556840 2013-09-18] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5117384 2013-04-30] (INCA Internet Co., Ltd.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-28] (NVIDIA Corporation)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-08-27] (Razer)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [757144 2013-08-16] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-29] (DT Soft Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-09-18] (AnchorFree Inc.)
R3 JAMVOX_01; C:\Windows\System32\DRIVERS\JamWdm.sys [31824 2009-04-15] ()
R1 JAMVOX_AA; C:\Windows\System32\DRIVERS\JamDRV.sys [62544 2009-04-15] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [128984 2013-08-27] (Razer USA Ltd)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74456 2013-08-27] (Razer USA Ltd)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-25] (Anchorfree Inc.)
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S3 JamVOXUSBAudioSrv; system32\drivers\jamvox.sys [x]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x]
S3 TBPanel; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-19 09:50 - 2013-10-19 09:50 - 01954124 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-10-19 09:50 - 2013-10-19 09:50 - 01954124 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-10-19 09:50 - 2013-10-19 09:50 - 00000000 ____D C:\FRST
2013-10-19 09:48 - 2013-10-19 09:48 - 00017640 _____ C:\Users\Owner\Desktop\10192013_094418.log
2013-10-19 09:44 - 2013-10-19 09:44 - 00000000 ____D C:\_OTL
2013-10-17 22:53 - 2013-10-17 22:53 - 00104885 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.lets.come.together.paloma.and.klara.1080p.mp4.torrent
2013-10-17 22:52 - 2013-10-17 22:52 - 00011271 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.alyona.klara.paloma.strap.on.adventure.torrent
2013-10-17 22:52 - 2013-10-17 22:52 - 00011271 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.alyona.klara.paloma.strap.on.adventure (1).torrent
2013-10-17 22:49 - 2013-10-17 22:49 - 00034444 _____ C:\Users\Owner\Downloads\[kickass.to]younglegalporn.klara.take.me.right.here.torrent
2013-10-17 11:37 - 2013-10-17 11:37 - 00085800 _____ C:\Users\Owner\Desktop\Extras.Txt
2013-10-17 11:36 - 2013-10-17 11:36 - 00120468 _____ C:\Users\Owner\Desktop\OTL.Txt
2013-10-17 11:32 - 2013-10-17 11:32 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
2013-10-17 11:32 - 2013-10-17 11:32 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2013-10-17 10:16 - 2013-10-17 10:16 - 01198941 _____ C:\Users\Owner\Downloads\Folder_SLFiles (4).zip
2013-10-17 10:16 - 2013-10-17 10:16 - 01198941 _____ C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
2013-10-15 16:14 - 2013-10-15 16:14 - 00000897 _____ C:\Users\Owner\Desktop\Yuuguu.lnk
2013-10-15 16:14 - 2013-10-15 16:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yuuguu
2013-10-15 15:51 - 2013-10-15 15:52 - 13122144 _____ C:\Users\Owner\Downloads\yuuguu-PC-installer.exe
2013-10-15 11:02 - 2013-09-04 20:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-14 22:36 - 2013-10-18 23:11 - 00000220 _____ C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
2013-10-13 08:20 - 2013-10-13 08:20 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-10-13 08:20 - 2013-10-13 08:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-10-12 15:55 - 2013-10-12 15:54 - 00370894 _____ C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
2013-10-12 15:54 - 2013-10-12 15:54 - 00370894 _____ C:\Users\Owner\Downloads\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
2013-10-10 23:13 - 2013-09-23 07:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 23:13 - 2013-09-23 07:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 23:13 - 2013-09-23 06:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 23:13 - 2013-09-23 06:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 23:13 - 2013-09-23 06:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 23:13 - 2013-09-23 06:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 23:13 - 2013-09-21 11:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 23:13 - 2013-09-21 11:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 23:13 - 2013-09-21 10:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 23:13 - 2013-09-21 10:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 22:06 - 2013-07-04 20:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 22:06 - 2013-07-04 19:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 22:06 - 2013-06-06 13:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 22:06 - 2013-06-06 13:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 22:06 - 2013-06-06 13:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 22:06 - 2013-06-06 13:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 22:06 - 2013-06-06 12:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 22:06 - 2013-06-06 12:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 22:06 - 2013-06-06 12:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 22:06 - 2013-06-06 11:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 22:06 - 2013-06-06 11:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 22:06 - 2013-06-06 11:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 22:05 - 2013-09-14 09:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 22:05 - 2013-09-08 10:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 22:05 - 2013-09-08 10:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 22:05 - 2013-09-08 10:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 22:05 - 2013-07-12 18:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 22:05 - 2013-07-12 18:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 22:05 - 2013-07-04 20:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 22:05 - 2013-07-04 20:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 22:05 - 2013-07-04 19:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 22:05 - 2013-07-04 19:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 22:05 - 2013-07-04 18:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 22:05 - 2013-07-03 12:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 22:05 - 2013-07-03 12:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 22:05 - 2013-07-03 12:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 22:05 - 2013-06-26 06:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 22:04 - 2013-08-29 10:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 22:04 - 2013-08-29 10:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 22:04 - 2013-08-29 10:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 22:04 - 2013-08-29 10:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 22:04 - 2013-08-29 10:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 22:04 - 2013-08-29 09:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 22:04 - 2013-08-29 09:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 22:04 - 2013-08-29 09:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 22:04 - 2013-08-29 09:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 22:04 - 2013-08-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 22:04 - 2013-08-29 09:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 22:04 - 2013-08-29 08:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 22:04 - 2013-08-29 08:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 22:04 - 2013-08-29 08:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 22:04 - 2013-08-29 08:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 22:04 - 2013-08-28 09:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 22:04 - 2013-08-01 20:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 22:04 - 2013-07-20 18:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 22:04 - 2013-07-20 18:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 22:03 - 2013-08-28 09:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-08 08:49 - 2013-10-08 08:49 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2013-10-03 11:22 - 2013-10-03 11:22 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012 (2).ppt
2013-10-02 21:44 - 2013-10-02 21:44 - 01439232 _____ C:\Users\Owner\Downloads\PF3302 Lecture 2 LSE 2010.ppt
2013-10-02 21:43 - 2013-10-02 21:43 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012 (1).ppt
2013-10-02 21:41 - 2013-10-02 21:41 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012.ppt
2013-10-02 21:41 - 2013-10-02 21:41 - 06520832 _____ C:\Users\Owner\Downloads\Lecture - CS11 - 2013 updated (1).ppt
2013-10-02 21:40 - 2013-10-02 21:40 - 00474112 _____ C:\Users\Owner\Downloads\Lecture - CS9and10 - 2011 (3).ppt
2013-10-02 21:40 - 2013-10-02 21:40 - 00474112 _____ C:\Users\Owner\Downloads\Lecture - CS9and10 - 2011 (2).ppt
2013-10-02 07:18 - 2013-09-27 16:57 - 30334752 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 22925088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 18229224 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 15832920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 12528416 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-02 07:18 - 2013-09-27 16:57 - 11345168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 11292144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 09480840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 09436544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 03130144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 03121952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 02945312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 02745632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433140.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433140.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 01239304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 00654624 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 00559904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-10-01 23:27 - 2013-10-01 23:27 - 00065182 _____ C:\Users\Owner\Desktop\Prabhu-IT1004slides.pptx
2013-09-29 22:14 - 2013-10-19 09:46 - 00011500 _____ C:\Windows\setupact.log
2013-09-29 22:14 - 2013-09-29 22:14 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 21:45 - 2013-09-29 21:45 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2013-09-29 21:45 - 2013-09-29 21:45 - 00000000 ____D C:\ProgramData\Panda Security
2013-09-29 21:45 - 2013-09-29 21:45 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-09-29 21:44 - 2013-09-29 21:44 - 00823346 _____ C:\Users\Owner\Downloads\USBVaccine.zip
2013-09-29 21:44 - 2013-09-29 21:44 - 00000000 ____D C:\Users\Owner\Desktop\usbvaccine
2013-09-29 21:38 - 2013-09-29 21:38 - 00132597 _____ C:\Users\Owner\Desktop\Flash_Disinfector.exe
2013-09-29 21:12 - 2013-09-29 21:12 - 00000349 _____ C:\Users\Owner\Downloads\RegisterActxprxyAndIeproxy.zip
2013-09-29 21:03 - 2013-09-29 21:03 - 00000541 _____ C:\Users\Owner\Downloads\Elevated_Command_Prompt.zip
2013-09-29 20:48 - 2013-09-29 20:48 - 00003090 _____ C:\Windows\System32\Tasks\{B64D6685-769D-4AE9-AD29-55343D8256E9}
2013-09-27 23:50 - 2013-09-28 16:38 - 04860346 _____ C:\Users\Owner\Desktop\TP1_V12.pptx
2013-09-27 14:00 - 2013-09-27 14:10 - 00000000 ____D C:\Users\Owner\Desktop\Maintainability
2013-09-27 13:32 - 2013-09-27 13:32 - 00258048 ____N (Marvell Inc) C:\ProgramData\wmimgmt.exe
2013-09-27 13:10 - 2013-10-15 23:30 - 00000000 ____D C:\Users\Owner\Desktop\scheduling
2013-09-27 02:37 - 2013-09-27 02:37 - 00587040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-09-24 22:15 - 2013-10-19 09:48 - 00224256 _____ C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
2013-09-24 22:13 - 2013-09-24 22:13 - 00000000 ____D C:\Users\Owner\AppData\Local\Razer
2013-09-24 22:04 - 2013-09-24 22:04 - 00001242 _____ C:\Users\Public\Desktop\Razer Comms.lnk
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_RzFilter_01009.Wdf
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\Windows\Razer Core
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\ProgramData\Razer
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\Program Files (x86)\Razer
2013-09-24 22:04 - 2013-08-27 03:05 - 00128984 _____ (Razer USA Ltd) C:\Windows\system32\Drivers\RzDxgk.sys
2013-09-24 22:04 - 2013-08-27 03:05 - 00074456 _____ (Razer USA Ltd) C:\Windows\system32\Drivers\RzFilter.sys
2013-09-24 22:03 - 2013-09-24 22:04 - 39691960 _____ (Razer Inc.) C:\Users\Owner\Downloads\RazerComms1.60.26.exe
2013-09-23 21:22 - 2013-09-23 23:40 - 00000639 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz.lnk
2013-09-23 21:22 - 2013-09-23 23:40 - 00000611 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz Uninstall.lnk
2013-09-23 21:21 - 2013-09-23 21:21 - 00000056 _____ C:\Windows\kgt2k.INI
2013-09-23 03:20 - 2013-09-18 04:31 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2013-09-22 13:01 - 2013-09-22 13:01 - 00038748 _____ C:\Users\Owner\Downloads\[kickass.to]the.queen.of.fighters.hentai.mugen.fullgame.final.version.torrent
2013-09-21 20:22 - 2013-09-21 20:40 - 00155960 _____ C:\Users\Owner\Desktop\timelines.pptx
2013-09-21 11:02 - 2013-10-19 09:47 - 00000000 ___RD C:\Users\Owner\Google Drive
2013-09-21 11:02 - 2013-09-21 11:02 - 00001653 _____ C:\Users\Owner\Desktop\Google Drive.lnk
2013-09-21 11:01 - 2013-09-21 11:01 - 00002044 _____ C:\Users\Public\Desktop\Google Slides.lnk
2013-09-21 11:01 - 2013-09-21 11:01 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2013-09-21 11:01 - 2013-09-21 11:01 - 00002028 _____ C:\Users\Public\Desktop\Google Docs.lnk
2013-09-21 11:00 - 2013-09-21 11:00 - 00784832 _____ (Google Inc.) C:\Users\Owner\Downloads\googledrivesync.exe
2013-09-20 22:03 - 2013-09-12 16:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-20 22:03 - 2013-09-12 16:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-19 22:46 - 2013-09-19 22:46 - 06520832 _____ C:\Users\Owner\Downloads\Lecture - CS11 - 2013 updated.ppt
2013-09-19 22:45 - 2013-09-19 22:45 - 00474112 _____ C:\Users\Owner\Downloads\Lecture - CS9and10 - 2011 (1).ppt

==================== One Month Modified Files and Folders =======

2013-10-19 09:50 - 2013-10-19 09:50 - 01954124 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-10-19 09:50 - 2013-10-19 09:50 - 01954124 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-10-19 09:50 - 2013-10-19 09:50 - 00000000 ____D C:\FRST
2013-10-19 09:50 - 2012-12-24 12:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\GarenaPlus
2013-10-19 09:50 - 2012-12-24 12:05 - 00000000 ____D C:\ProgramData\GarenaMessenger
2013-10-19 09:49 - 2013-05-31 23:41 - 00000000 ____D C:\Program Files (x86)\steam
2013-10-19 09:49 - 2012-10-18 20:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-10-19 09:48 - 2013-10-19 09:48 - 00017640 _____ C:\Users\Owner\Desktop\10192013_094418.log
2013-10-19 09:48 - 2013-09-24 22:15 - 00224256 _____ C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
2013-10-19 09:47 - 2013-09-21 11:02 - 00000000 ___RD C:\Users\Owner\Google Drive
2013-10-19 09:47 - 2012-04-05 22:33 - 00000000 ___RD C:\Users\Owner\Dropbox
2013-10-19 09:47 - 2012-04-05 22:31 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox
2013-10-19 09:46 - 2013-09-29 22:14 - 00011500 _____ C:\Windows\setupact.log
2013-10-19 09:46 - 2013-05-02 20:52 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-19 09:46 - 2012-12-25 10:40 - 00003496 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Owner
2013-10-19 09:46 - 2012-03-10 20:00 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-19 09:46 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-19 09:44 - 2013-10-19 09:44 - 00000000 ____D C:\_OTL
2013-10-19 09:44 - 2012-03-10 19:36 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-19 09:44 - 2012-03-10 19:35 - 01656129 _____ C:\Windows\WindowsUpdate.log
2013-10-19 09:44 - 2009-07-14 12:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-19 09:44 - 2009-07-14 12:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-19 02:17 - 2012-04-26 06:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-19 02:16 - 2013-05-02 20:52 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-18 23:11 - 2013-10-14 22:36 - 00000220 _____ C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
2013-10-17 23:41 - 2012-03-11 14:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BitComet
2013-10-17 22:53 - 2013-10-17 22:53 - 00104885 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.lets.come.together.paloma.and.klara.1080p.mp4.torrent
2013-10-17 22:52 - 2013-10-17 22:52 - 00011271 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.alyona.klara.paloma.strap.on.adventure.torrent
2013-10-17 22:52 - 2013-10-17 22:52 - 00011271 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.alyona.klara.paloma.strap.on.adventure (1).torrent
2013-10-17 22:49 - 2013-10-17 22:49 - 00034444 _____ C:\Users\Owner\Downloads\[kickass.to]younglegalporn.klara.take.me.right.here.torrent
2013-10-17 11:37 - 2013-10-17 11:37 - 00085800 _____ C:\Users\Owner\Desktop\Extras.Txt
2013-10-17 11:36 - 2013-10-17 11:36 - 00120468 _____ C:\Users\Owner\Desktop\OTL.Txt
2013-10-17 11:32 - 2013-10-17 11:32 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
2013-10-17 11:32 - 2013-10-17 11:32 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2013-10-17 10:16 - 2013-10-17 10:16 - 01198941 _____ C:\Users\Owner\Downloads\Folder_SLFiles (4).zip
2013-10-17 10:16 - 2013-10-17 10:16 - 01198941 _____ C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
2013-10-15 23:30 - 2013-09-27 13:10 - 00000000 ____D C:\Users\Owner\Desktop\scheduling
2013-10-15 16:14 - 2013-10-15 16:14 - 00000897 _____ C:\Users\Owner\Desktop\Yuuguu.lnk
2013-10-15 16:14 - 2013-10-15 16:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yuuguu
2013-10-15 15:52 - 2013-10-15 15:51 - 13122144 _____ C:\Users\Owner\Downloads\yuuguu-PC-installer.exe
2013-10-14 22:36 - 2012-12-19 21:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-10-13 08:20 - 2013-10-13 08:20 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-10-13 08:20 - 2013-10-13 08:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-10-12 15:54 - 2013-10-12 15:55 - 00370894 _____ C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
2013-10-12 15:54 - 2013-10-12 15:54 - 00370894 _____ C:\Users\Owner\Downloads\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
2013-10-12 15:38 - 2012-09-23 18:55 - 00000000 _____ C:\Windows\SysWOW64\Access.dat
2013-10-12 12:42 - 2012-04-05 22:33 - 00000979 _____ C:\Users\Owner\Desktop\Dropbox.lnk
2013-10-12 12:42 - 2012-04-05 22:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-11 22:11 - 2013-05-02 20:52 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 22:11 - 2013-05-02 20:52 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-11 06:43 - 2009-07-14 13:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 06:36 - 2012-03-11 11:30 - 00000000 ____D C:\Windows\Panther
2013-10-11 06:36 - 2009-07-14 12:45 - 00607288 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 23:14 - 2012-03-14 20:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 23:12 - 2013-03-27 21:09 - 00773030 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-10 23:12 - 2012-05-18 11:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 23:12 - 2012-05-18 11:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 23:10 - 2013-07-30 00:05 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 23:09 - 2013-05-02 21:27 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 23:17 - 2012-04-26 06:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 23:17 - 2012-04-26 06:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 23:17 - 2012-03-10 22:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 15:29 - 2013-09-02 18:21 - 00000000 ____D C:\Users\Owner\Desktop\IT1004
2013-10-08 08:49 - 2013-10-08 08:49 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2013-10-07 23:11 - 2013-05-02 20:53 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-03 11:22 - 2013-10-03 11:22 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012 (2).ppt
2013-10-02 21:44 - 2013-10-02 21:44 - 01439232 _____ C:\Users\Owner\Downloads\PF3302 Lecture 2 LSE 2010.ppt
2013-10-02 21:43 - 2013-10-02 21:43 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012 (1).ppt
2013-10-02 21:41 - 2013-10-02 21:41 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012.ppt
2013-10-02 21:41 - 2013-10-02 21:41 - 06520832 _____ C:\Users\Owner\Downloads\Lecture - CS11 - 2013 updated (1).ppt
2013-10-02 21:40 - 2013-10-02 21:40 - 00474112 _____ C:\Users\Owner\Downloads\Lecture - CS9and10 - 2011 (3).ppt
2013-10-02 21:40 - 2013-10-02 21:40 - 00474112 _____ C:\Users\Owner\Downloads\Lecture - CS9and10 - 2011 (2).ppt
2013-10-02 07:20 - 2012-03-10 20:00 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-01 23:27 - 2013-10-01 23:27 - 00065182 _____ C:\Users\Owner\Desktop\Prabhu-IT1004slides.pptx
2013-10-01 17:46 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-29 22:14 - 2013-09-29 22:14 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 22:11 - 2012-03-11 14:51 - 00000000 ____D C:\Users\Owner\Documents\CCLEANER
2013-09-29 21:45 - 2013-09-29 21:45 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2013-09-29 21:45 - 2013-09-29 21:45 - 00000000 ____D C:\ProgramData\Panda Security
2013-09-29 21:45 - 2013-09-29 21:45 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-09-29 21:44 - 2013-09-29 21:44 - 00823346 _____ C:\Users\Owner\Downloads\USBVaccine.zip
2013-09-29 21:44 - 2013-09-29 21:44 - 00000000 ____D C:\Users\Owner\Desktop\usbvaccine
2013-09-29 21:38 - 2013-09-29 21:38 - 00132597 _____ C:\Users\Owner\Desktop\Flash_Disinfector.exe
2013-09-29 21:12 - 2013-09-29 21:12 - 00000349 _____ C:\Users\Owner\Downloads\RegisterActxprxyAndIeproxy.zip
2013-09-29 21:03 - 2013-09-29 21:03 - 00000541 _____ C:\Users\Owner\Downloads\Elevated_Command_Prompt.zip
2013-09-29 20:48 - 2013-09-29 20:48 - 00003090 _____ C:\Windows\System32\Tasks\{B64D6685-769D-4AE9-AD29-55343D8256E9}
2013-09-28 16:38 - 2013-09-27 23:50 - 04860346 _____ C:\Users\Owner\Desktop\TP1_V12.pptx
2013-09-28 00:27 - 2012-03-10 22:55 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2013-09-27 16:57 - 2013-10-02 07:18 - 30334752 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 22925088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 18229224 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 15832920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 12528416 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-27 16:57 - 2013-10-02 07:18 - 11345168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 11292144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 09480840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 09436544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 03130144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 03121952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 02945312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 02745632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433140.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433140.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 01239304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 00654624 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 00559904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-27 16:57 - 2012-10-12 00:34 - 15232424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-27 16:57 - 2012-03-10 21:42 - 18259624 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-27 16:57 - 2012-03-10 21:42 - 01432408 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-09-27 16:57 - 2012-03-10 20:00 - 03052616 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-27 16:57 - 2012-03-10 20:00 - 02682816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-27 16:57 - 2012-03-10 20:00 - 00023307 _____ C:\Windows\system32\nvinfo.pb
2013-09-27 15:45 - 2012-03-10 20:00 - 06641440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-27 15:45 - 2012-03-10 20:00 - 03483424 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-27 15:44 - 2012-03-10 20:00 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-27 15:44 - 2012-03-10 20:00 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-27 15:44 - 2012-03-10 20:00 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-27 14:10 - 2013-09-27 14:00 - 00000000 ____D C:\Users\Owner\Desktop\Maintainability
2013-09-27 13:32 - 2013-09-27 13:32 - 00258048 ____N (Marvell Inc) C:\ProgramData\wmimgmt.exe
2013-09-27 02:37 - 2013-09-27 02:37 - 00587040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-09-26 21:32 - 2012-03-10 21:42 - 03386608 _____ C:\Windows\system32\nvcoproc.bin
2013-09-24 22:13 - 2013-09-24 22:13 - 00000000 ____D C:\Users\Owner\AppData\Local\Razer
2013-09-24 22:13 - 2012-03-10 21:39 - 00127000 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-24 22:04 - 2013-09-24 22:04 - 00001242 _____ C:\Users\Public\Desktop\Razer Comms.lnk
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_RzFilter_01009.Wdf
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\Windows\Razer Core
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\ProgramData\Razer
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\Program Files (x86)\Razer
2013-09-24 22:04 - 2013-09-24 22:03 - 39691960 _____ (Razer Inc.) C:\Users\Owner\Downloads\RazerComms1.60.26.exe
2013-09-23 23:40 - 2013-09-23 21:22 - 00000639 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz.lnk
2013-09-23 23:40 - 2013-09-23 21:22 - 00000611 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz Uninstall.lnk
2013-09-23 21:21 - 2013-09-23 21:21 - 00000056 _____ C:\Windows\kgt2k.INI
2013-09-23 21:21 - 2012-03-10 19:36 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2013-09-23 07:28 - 2013-10-10 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 07:28 - 2013-10-10 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 06:55 - 2013-10-10 23:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 06:55 - 2013-10-10 23:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 06:55 - 2013-10-10 23:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 06:54 - 2013-10-10 23:13 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 03:20 - 2013-06-25 23:36 - 00001048 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-09-23 03:20 - 2013-03-09 01:02 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-09-22 23:23 - 2013-09-03 22:04 - 00000000 __SHD C:\Users\Public\Documents\Media
2013-09-22 13:01 - 2013-09-22 13:01 - 00038748 _____ C:\Users\Owner\Downloads\[kickass.to]the.queen.of.fighters.hentai.mugen.fullgame.final.version.torrent
2013-09-21 20:40 - 2013-09-21 20:22 - 00155960 _____ C:\Users\Owner\Desktop\timelines.pptx
2013-09-21 11:38 - 2013-10-10 23:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 11:30 - 2013-10-10 23:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 11:02 - 2013-09-21 11:02 - 00001653 _____ C:\Users\Owner\Desktop\Google Drive.lnk
2013-09-21 11:02 - 2012-03-10 19:35 - 00000000 ____D C:\Users\Owner
2013-09-21 11:01 - 2013-09-21 11:01 - 00002044 _____ C:\Users\Public\Desktop\Google Slides.lnk
2013-09-21 11:01 - 2013-09-21 11:01 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2013-09-21 11:01 - 2013-09-21 11:01 - 00002028 _____ C:\Users\Public\Desktop\Google Docs.lnk
2013-09-21 11:01 - 2013-05-02 20:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-09-21 11:01 - 2013-05-02 20:52 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-21 11:00 - 2013-09-21 11:00 - 00784832 _____ (Google Inc.) C:\Users\Owner\Downloads\googledrivesync.exe
2013-09-21 10:48 - 2013-10-10 23:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 10:39 - 2013-10-10 23:13 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-19 22:46 - 2013-09-19 22:46 - 06520832 _____ C:\Users\Owner\Downloads\Lecture - CS11 - 2013 updated.ppt
2013-09-19 22:45 - 2013-09-19 22:45 - 00474112 _____ C:\Users\Owner\Downloads\Lecture - CS9and10 - 2011 (1).ppt

Files to move or delete:
====================
C:\ProgramData\wmimgmt.exe

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\nircmd.exe
C:\Users\Owner\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Owner\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Owner\AppData\Local\Temp\nvStInst.exe
C:\Users\Owner\AppData\Local\Temp\pv.exe
C:\Users\Owner\AppData\Local\Temp\vfind.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2012-05-19 10:44

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Owner at 2013-10-19 09:53:49
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

3d Girlz (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Age of Empires II HD © Microsoft Studios version 1 (x32 Version: 1)
Alice: Madness Returns (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Auslogics Disk Defrag (x32 Version: version 3.3)
BioShock Infinite (x32)
BitComet 1.35 64-bit (x32 Version: 1.35)
Bonjour (Version: 3.0.0.10)
Call of Duty Black Ops II (x32)
Canon MP140 series
CCleaner (Version: 3.16)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.46.1.0328)
DarkSiders II version 5.1 (x32 Version: 5.1)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dishonored (x32)
DmC Devil may Cry version 5.1 (x32 Version: 5.1)
Dota 2 (x32)
Dropbox (HKCU Version: 2.4.2)
Far Cry 3 (x32 Version: 1.01)
FarCry 3 version 5.1 (x32 Version: 5.1)
FLAC 1.2.1b (remove only) (x32 Version: 1.2.1b)
Fraps (x32)
Frhed 1.6.0 (x32 Version: 1.6.0)
GameRanger (HKCU)
Garena - BlackShot (x32 Version: 2.172)
Garena - League of Legends (x32)
Garena Plus (x32 Version: 2011)
GeForce Experience NvStream Client Components (Version: 0.1.87)
Google Chrome (x32 Version: 30.0.1599.69)
Google Drive (x32 Version: 1.12.5329.1887)
Google Update Helper (x32 Version: 1.3.21.165)
Grand Theft Auto IV (x32 Version: 1.0.0013.131)
Grand Theft Auto IV (x32 Version: 1.00.0000)
Grid 2 version 5.1 (x32 Version: 5.1)
Guitar Pro 6 (x32)
Hitman Absolution (x32)
Hotspot Shield 3.17 (x32 Version: 3.17)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
iTunes (Version: 11.0.5.5)
JamVOX (x32 Version: 1.52.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java™ 6 Update 29 (x32 Version: 6.0.290)
Logitech Gaming Software 5.10 (Version: 5.10.127)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Age of Empires II (x32)
Microsoft Age of Empires II: The Conquerors Expansion (x32)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE (x32 Version: 3.3.24.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.2.3.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office SharePoint Designer 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32)
Microsoft Office SharePoint Designer MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 21.0 (x86 en-US) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MusicPod (x32 Version: 1.73)
Nexus Mod Manager (Version: 0.44.13)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19)
NVIDIA 3D Vision Controller Driver 331.40 (Version: 331.40)
NVIDIA 3D Vision Driver 331.40 (Version: 331.40)
NVIDIA Control Panel 331.40 (Version: 331.40)
NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1)
NVIDIA Graphics Driver 331.40 (Version: 331.40)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3140)
NVIDIA Update 8.3.14 (Version: 8.3.14)
NVIDIA Update Components (Version: 8.3.14)
NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5)
Panda USB Vaccine 1.0.1.4 (x32)
PAYDAY 2 (x32)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PixRecovery (x32)
PlayClaw 3 (x32 Version: 3)
PlayClaw 4 (x32 Version: 4)
Prototype 2 version 5.1 (x32 Version: 5.1)
Razer Comms (x32 Version: 1.60.26)
Razer Core (x32 Version: 1.0.1.29)
Realtek Ethernet Controller Driver (x32 Version: 7.46.610.2011)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
Resident Evil 6 version 5.1 (x32 Version: 5.1)
Saints Row IV (x32 Version: 1)
Saints Row The Third (x32)
SHIELD Streaming (Version: 1.05.28)
Sid Meier's Civilization V (x32)
Simple Port Forwarding (x32 Version: 3.8.1)
Skype™ 6.6 (x32 Version: 6.6.106)
Split/Second (x32 Version: 1.00.0000)
Steam (x32 Version: 1.0.0.0)
Super Street Fighter IV: Arcade Edition (x32 Version: 1.0.0000.129)
System Requirements Lab CYRI (x32 Version: 4.5.1.0)
Tunngle beta (x32)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675) (x32)
Vtune 7.21 (x32)
Wacom Tablet (Version: 6.3.1w3)
WebTablet FB Plugin (x32 Version: 2.0.0.6)
WebTablet IE Plugin (x32 Version: 1.1.0.12)
WebTablet Netscape Plugin (x32 Version: 1.1.0.10)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Movie Maker 2.6 (x32 Version: 2.6.4037.0)
WinRAR 4.11 (64-bit) (Version: 4.11.0)

==================== Restore Points =========================

08-10-2013 12:46:53 Windows Update
10-10-2013 15:06:26 Windows Update
15-10-2013 10:29:47 Windows Update
15-10-2013 15:49:18 Windows Update

==================== Hosts content: ==========================

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {40EF3E66-C1F0-428B-BC4A-AB685213B6EF} - System32\Tasks\{78F1AFD8-EDB4-4C8E-A2B8-D30C6B647D31} => C:\Program Files (x86)\VOX\JamVOX\JamVox.exe [2009-10-08] (Korg Inc.)
Task: {4BC5591C-3E70-4547-9F67-AEECE9481B00} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {85233DE6-CEE0-4A40-8B06-0243A5FE7485} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-02] (Google Inc.)
Task: {898F653F-958E-4FAA-B8F3-F95E14553493} - System32\Tasks\{FB840E68-C47B-44B8-963B-21CDD4943AE7} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {91A52AA3-38FB-4FF2-9D79-496F5775BDA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {A4F9537A-D4BF-4BDB-AA0B-41C5FC9B81DF} - System32\Tasks\gg_uac_daemon_Owner => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-07-10] ()
Task: {AF81FCDC-4B9A-4142-8F4F-D816A427865A} - System32\Tasks\{E6C1C498-8B79-46EE-9CCA-EC9233DBF8A1} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {D0A77AC5-8F91-4F16-B0D0-37BCD0B6AD85} - System32\Tasks\{014410D8-C95E-419D-B3CE-B5E9B8522788} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {E2545116-E7EC-4489-848A-ED1051D7382E} - System32\Tasks\{A71ED85F-3B97-4FB1-A53E-811DFFC77E94} => Firefox.exe http://www.skype.com...LastError=12002
Task: {F4FB1C01-A971-47E9-BB11-FA832B73A3F6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F8D86314-58AD-4577-8C5B-D15CAB62BF17} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {FC4F8DE8-D63F-420E-9C8F-9E2F0C52B868} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-02] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-04-26 20:27 - 2012-04-18 09:47 - 01184632 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-03-14 21:12 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-18 06:18 - 2013-09-18 06:18 - 00902440 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2012-11-08 19:28 - 2013-07-18 22:09 - 00529200 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2012-03-10 19:47 - 1998-10-31 04:55 - 00005120 _____ () C:\Program Files (x86)\Vtune\TBManage.dll
2012-02-22 16:52 - 2013-01-30 16:26 - 00104752 _____ () C:\Program Files (x86)\Garena Plus\CommonLib.dll
2012-11-08 19:28 - 2013-02-07 17:11 - 00033584 _____ () C:\Program Files (x86)\Garena Plus\DibModule.dll
2012-11-30 19:53 - 2013-08-07 15:33 - 00027952 _____ () C:\Program Files (x86)\Garena Plus\VersionModule.dll
2012-11-08 19:28 - 2013-02-07 17:11 - 00051504 _____ () C:\Program Files (x86)\Garena Plus\FileLoader.dll
2012-11-08 19:27 - 2013-02-07 17:11 - 00087344 _____ () C:\Program Files (x86)\Garena Plus\PluginKernel.dll
2012-11-30 19:40 - 2013-03-07 10:10 - 00487216 _____ () C:\Program Files (x86)\Garena Plus\CxImage.dll
2012-11-08 19:27 - 2013-02-07 17:11 - 00025392 _____ () C:\Program Files (x86)\Garena Plus\PluginModule.dll
2012-11-08 19:27 - 2013-04-10 17:23 - 00170800 _____ () C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
2012-11-29 19:42 - 2013-03-13 18:05 - 00374064 _____ () C:\Program Files (x86)\Garena Plus\lib\Http.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00178176 _____ () C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files (x86)\Garena Plus\lame_enc.DLL
2012-02-22 16:52 - 2013-01-14 19:57 - 00219952 _____ () C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
2012-11-09 17:34 - 2013-03-07 10:10 - 00106288 _____ () C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
2012-11-28 19:13 - 2013-07-26 14:18 - 00957232 _____ () C:\Program Files (x86)\Garena Plus\lib\XLL.dll
2012-11-09 17:34 - 2012-11-09 17:34 - 00048640 _____ () C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files (x86)\Garena Plus\sqlite3.dll
2012-11-28 19:00 - 2013-03-07 10:10 - 00224560 _____ () C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
2012-11-28 19:03 - 2013-08-06 19:01 - 00864560 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
2012-11-15 19:19 - 2013-02-07 17:11 - 00192816 _____ () C:\Program Files (x86)\Garena Plus\ImageModule.dll
2013-05-10 17:47 - 2013-04-10 17:22 - 00155440 _____ () C:\Program Files (x86)\Garena Plus\libmpg123.dll
2012-08-30 21:43 - 2013-01-30 16:26 - 02941232 _____ () C:\Program Files (x86)\Garena Plus\ggdownloader.dll
2012-04-13 11:12 - 2012-04-13 11:12 - 00059392 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
2012-11-08 19:28 - 2012-11-08 19:28 - 00010240 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
2012-11-23 17:02 - 2013-07-15 22:29 - 01545520 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
2012-07-31 18:38 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files (x86)\Garena Plus\libzmq.dll
2012-11-19 12:25 - 2013-01-14 19:57 - 01092912 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
2012-04-24 09:19 - 2012-04-24 09:19 - 00238592 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
2012-04-13 11:12 - 2012-04-13 11:12 - 00019968 _____ () C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
2012-03-08 16:56 - 2012-03-08 16:56 - 00510464 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
2012-11-08 19:27 - 2012-11-08 19:27 - 00061952 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-03-22 14:01 - 2013-02-13 09:42 - 05407744 _____ () C:\Program Files (x86)\PlayClaw4\playclaw-vcam.dll
2013-04-23 18:30 - 2013-08-22 06:18 - 00687104 _____ () C:\Program Files (x86)\steam\SDL2.dll
2013-05-03 15:35 - 2013-10-09 10:19 - 01121704 _____ () C:\Program Files (x86)\steam\bin\chromehtml.DLL
2013-03-26 16:16 - 2013-09-11 06:20 - 20625832 _____ () C:\Program Files (x86)\steam\bin\libcef.dll
2012-12-11 09:51 - 2013-06-15 07:49 - 01100800 _____ () C:\Program Files (x86)\steam\bin\avcodec-53.dll
2012-12-11 09:51 - 2013-06-15 07:49 - 00124416 _____ () C:\Program Files (x86)\steam\bin\avutil-51.dll
2012-12-11 09:51 - 2013-06-15 07:49 - 00192000 _____ () C:\Program Files (x86)\steam\bin\avformat-53.dll
2013-05-03 15:35 - 2013-10-09 10:19 - 00120744 _____ () C:\Program Files (x86)\steam\bin\audio.dll
2012-09-07 15:37 - 2013-06-15 07:49 - 00071680 _____ () C:\Program Files (x86)\steam\bin\mssmp3.asi
2013-07-10 21:11 - 2013-06-15 07:49 - 00153088 _____ () C:\Program Files (x86)\steam\bin\mssvoice.asi
2012-03-23 18:15 - 2012-03-23 18:15 - 00988160 _____ () C:\Program Files (x86)\Razer\Core\Plugins\ChatApplet\libssh2.dll
2012-03-02 16:23 - 2012-03-02 16:23 - 00577621 _____ () C:\Program Files (x86)\Razer\Core\Plugins\ChatApplet\sqlite3.dll
2013-03-14 04:48 - 2013-03-14 04:48 - 24978944 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll
2013-10-19 09:47 - 2013-10-19 09:47 - 00098816 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\win32api.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00110080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\pywintypes27.dll
2013-10-19 09:47 - 2013-10-19 09:47 - 00364544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\pythoncom27.dll
2013-10-19 09:47 - 2013-10-19 09:47 - 00044032 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\_socket.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 01153024 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\_ssl.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00320512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\win32com.shell.shell.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00711680 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\_hashlib.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 01175040 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\wx._core_.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00805888 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\wx._gdi_.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00811008 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\wx._windows_.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 01062400 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\wx._controls_.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00735232 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\wx._misc_.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00128512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\_elementtree.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00127488 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\pyexpat.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00557056 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\pysqlite2._sqlite.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00087040 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\_ctypes.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00119808 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\win32file.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00108544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\win32security.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00018432 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\win32event.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00038912 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\win32inet.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00122368 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\wx._wizard.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00686080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\unicodedata.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00026624 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\_multiprocessing.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00070656 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\wx._html2.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00010240 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\select.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00025600 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\win32pdh.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00504832 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\windows._cacheinvalidation.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00011264 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\win32crypt.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00035840 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\win32process.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00017408 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\win32profile.pyd
2013-10-19 09:47 - 2013-10-19 09:47 - 00022528 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37202\win32ts.pyd
2013-10-07 23:11 - 2013-10-03 14:02 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
2013-10-07 23:11 - 2013-10-03 14:02 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
2013-10-07 23:11 - 2013-10-03 14:03 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
2013-10-07 23:11 - 2013-10-03 14:03 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
2013-10-07 23:11 - 2013-10-03 14:02 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2013 09:48:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 09:39:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2013 10:59:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2013 06:32:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2013 08:29:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2013 09:32:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2013 05:28:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2013 08:06:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2013 09:48:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2013 03:14:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (10/19/2013 09:53:37 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (10/19/2013 09:44:56 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application User Notification Service service failed to start due to the following error:
%%109

Error: (10/18/2013 10:59:04 PM) (Source: Service Control Manager) (User: )
Description: The Razer Overlay Subsystem Emergency Service service failed to start due to the following error:
%%1053

Error: (10/18/2013 10:59:04 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Razer Overlay Subsystem Emergency Service service to connect.

Error: (10/18/2013 06:38:12 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (10/17/2013 08:34:18 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (10/17/2013 09:37:40 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (10/17/2013 09:31:21 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (10/16/2013 05:35:19 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (10/16/2013 08:15:07 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application User Notification Service service hung on starting.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 8172.83 MB
Available physical RAM: 5657.16 MB
Total Pagefile: 16343.84 MB
Available Pagefile: 13506.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:488.18 GB) (Free:20.73 GB) NTFS
Drive d: () (Fixed) (Total:443.23 GB) (Free:56.66 GB) NTFS
Drive f: (ACER) (Fixed) (Total:931.28 GB) (Free:121.6 GB) FAT32
Drive g: (SAINTSROW4) (CDROM) (Total:7.86 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0B1A8F22)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 24D7DB2A)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================

ComboFix 13-10-16.02 - Owner 10/19/2013 9:59.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.5845 [GMT 8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\wmimgmt.exe
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp~ghi.log
c:\users\Owner\AppData\Local\Temp\_MEI37202\_ctypes.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\_elementtree.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\_hashlib.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\_multiprocessing.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\_socket.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\_ssl.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\msvcp100.dll
c:\users\Owner\AppData\Local\Temp\_MEI37202\msvcr100.dll
c:\users\Owner\AppData\Local\Temp\_MEI37202\pyexpat.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\pysqlite2._sqlite.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\python27.dll
c:\users\Owner\AppData\Local\Temp\_MEI37202\pythoncom27.dll
c:\users\Owner\AppData\Local\Temp\_MEI37202\PyWinTypes27.dll
c:\users\Owner\AppData\Local\Temp\_MEI37202\select.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\unicodedata.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\win32api.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\win32com.shell.shell.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\win32crypt.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\win32event.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\win32file.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\win32inet.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\win32pdh.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\win32process.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\win32profile.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\win32security.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\win32ts.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\windows._cacheinvalidation.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\wx._controls_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\wx._core_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\wx._gdi_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\wx._html2.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\wx._misc_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\wx._windows_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\wx._wizard.pyd
c:\users\Owner\AppData\Local\Temp\_MEI37202\wxbase294u_net_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI37202\wxbase294u_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI37202\wxmsw294u_adv_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI37202\wxmsw294u_core_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI37202\wxmsw294u_html_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI37202\wxmsw294u_webview_vc90.dll
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\g
F:\$AVG.exe
F:\$RECYCLE.BIN.exe
F:\031787ae8e4990d58c3eead7.exe
F:\1101 project.exe
F:\1102 project.exe
F:\1e47a7d5502eef6a279564c4752c06.exe
F:\27e86901d3d7868815e1bd02c5252a32.exe
F:\3c946a3a5ee6892a650c43daa4.exe
F:\7589d30e928a547cc2c6e46e0f8f.exe
F:\AuToRUn.iNf
F:\Backup D drive.exe
F:\backup Prabhu folder.exe
F:\Bioshock2.exe
F:\CDtools.exe
F:\CE.exe
F:\codecs.exe
F:\ConverterOutput.exe
F:\db37c78e88b1216de9b5cca8.exe
F:\declub posters.exe
F:\desktop folders.exe
F:\economics.exe
F:\English Songs.exe
F:\FOUND.000.exe
F:\FOUND.001.exe
F:\FOUND.002.exe
F:\FOUND.003.exe
F:\FOUND.004.exe
F:\Games.exe
F:\Movies.exe
F:\msdownld.tmp.exe
F:\Music.exe
F:\NUS MATTERS.exe
F:\photos.exe
F:\Photoshop CS5.exe
F:\Photoshop.exe
F:\pics.exe
F:\PSP Games.exe
F:\PSP Updates.exe
F:\school.exe
F:\Sketch PS.exe
F:\Sociology tutorial 2.exe
F:\toshiba.exe
F:\Total Video Converter.exe
F:\TV Shows.exe
F:\TVC.exe
F:\Z.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-09-19 to 2013-10-19 )))))))))))))))))))))))))))))))
.
.
2013-10-19 02:05 . 2013-10-19 02:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-19 02:05 . 2013-10-19 02:05 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2013-10-19 01:50 . 2013-10-19 01:50 -------- d-----w- C:\FRST
2013-10-19 01:44 . 2013-10-19 01:44 -------- d-----w- C:\_OTL
2013-10-15 10:30 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABDFC8B4-B744-484D-901F-776A0CCCB0AC}\mpengine.dll
2013-10-15 03:02 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-15 03:02 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-15 03:02 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-15 03:02 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-15 03:02 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-15 03:02 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-15 03:02 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-13 00:20 . 2013-10-13 00:20 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-10-10 14:06 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 14:06 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2013-10-10 14:06 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll
2013-10-10 14:06 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll
2013-10-10 14:06 . 2013-06-06 05:49 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-10-10 14:06 . 2013-06-06 05:49 14336 ----a-w- c:\windows\system32\dciman32.dll
2013-10-10 14:06 . 2013-06-06 05:47 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-10-10 14:06 . 2013-06-06 04:57 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2013-10-10 14:06 . 2013-06-06 04:51 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-10-10 14:06 . 2013-06-06 04:50 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2013-10-10 14:06 . 2013-06-06 03:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-10-10 14:06 . 2013-06-06 03:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-10-10 14:04 . 2013-08-28 01:21 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-10 14:03 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-08 00:49 . 2013-10-08 00:49 -------- d-----w- c:\users\Owner\AppData\Local\CrashDumps
2013-09-29 13:45 . 2013-09-29 13:45 -------- d-----w- c:\programdata\Panda Security
2013-09-29 13:45 . 2013-09-29 13:45 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2013-09-26 18:37 . 2013-09-26 18:37 587040 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-09-24 14:13 . 2013-09-24 14:13 -------- d-----w- c:\users\Owner\AppData\Local\Razer
2013-09-24 14:04 . 2013-08-26 19:05 74456 ----a-w- c:\windows\system32\drivers\RzFilter.sys
2013-09-24 14:04 . 2013-08-26 19:05 128984 ----a-w- c:\windows\system32\drivers\RzDxgk.sys
2013-09-24 14:04 . 2013-09-24 14:04 -------- d-----w- c:\programdata\Razer
2013-09-24 14:04 . 2013-09-24 14:04 -------- d-----w- c:\windows\Razer Core
2013-09-24 14:04 . 2013-09-24 14:04 -------- d-----w- c:\program files (x86)\Razer
2013-09-22 19:20 . 2013-09-17 20:31 46792 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-09-21 03:02 . 2013-10-19 01:47 -------- d-----r- c:\users\Owner\Google Drive
2013-09-20 14:03 . 2013-09-12 08:58 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll
2013-09-20 14:03 . 2013-09-12 08:58 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 15:09 . 2013-05-02 13:27 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-09 15:17 . 2012-04-25 22:05 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 15:17 . 2012-03-10 14:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-27 08:57 . 2012-10-11 16:34 15232424 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-09-27 08:57 . 2012-03-10 13:42 18259624 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-09-27 08:57 . 2012-03-10 13:42 1432408 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-09-27 08:57 . 2012-03-10 12:00 3052616 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-27 08:57 . 2012-03-10 12:00 2682816 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-09-27 07:45 . 2012-03-10 12:00 6641440 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-27 07:45 . 2012-03-10 12:00 3483424 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-27 07:44 . 2012-03-10 12:00 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-27 07:44 . 2012-03-10 12:00 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-27 07:44 . 2012-03-10 12:00 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-26 13:32 . 2012-03-10 13:42 3386608 ----a-w- c:\windows\system32\nvcoproc.bin
2013-08-29 05:23 . 2013-08-29 05:23 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-29 05:23 . 2012-12-04 11:51 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-29 05:23 . 2012-03-10 16:45 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-29 01:48 . 2013-10-10 14:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-24 02:50 . 2013-08-24 02:50 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-08-20 13:33 . 2013-08-29 05:20 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-08-20 13:32 . 2013-08-29 05:20 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-08-20 13:32 . 2013-08-29 05:20 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-08-18 21:02 . 2013-08-29 05:32 1884448 ----a-w- c:\windows\system32\nvdispco6432680.dll
2013-08-18 21:02 . 2013-08-29 05:32 1511712 ----a-w- c:\windows\system32\nvdispgenco6432680.dll
2013-08-06 20:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-05 02:25 . 2013-09-11 16:53 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-11 16:53 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-11 16:53 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-11 16:53 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-11 16:53 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-11 16:53 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-11 16:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-11 16:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-11 16:53 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-11 16:53 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-11 16:53 338432 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-11 16:53 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-11 16:53 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 16:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-26 02:24 . 2013-09-11 16:51 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-07-26 02:24 . 2013-09-11 16:51 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-07-25 09:25 . 2013-08-14 14:47 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 14:47 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2011-08-02 2248704]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2013-08-06 9739056]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Steam"="c:\program files (x86)\steam\Steam.exe" [2013-10-09 1813928]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]
"Razer Comms"="c:\program files (x86)\Razer\Core\RazerCore.exe" [2013-08-26 1091264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-10-11 29768376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
JVExec.lnk - c:\program files (x86)\VOX\JamVOX\JVExec.exe [2009-4-15 980280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 JamVOXUSBAudioSrv;CEntrance USB Audio Driver Service for JamVOX;c:\windows\system32\drivers\jamvox.sys;c:\windows\SYSNATIVE\drivers\jamvox.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;e:\ntiolib_x64.sys;e:\NTIOLib_X64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 JAMVOX_AA;Service for JamVOX Controller driver;c:\windows\system32\DRIVERS\JamDRV.sys;c:\windows\SYSNATIVE\DRIVERS\JamDRV.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 JAMVOX_01;Service for JamVOX Audio driver;c:\windows\system32\DRIVERS\JamWdm.sys;c:\windows\SYSNATIVE\DRIVERS\JamWdm.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-07 15:10 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 15:17]
.
2013-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-02 12:52]
.
2013-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-02 12:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JamInit"="InitJam.exe" [2009-04-14 253008]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\
FF - ExtSQL: 2013-09-01 23:36; [email protected]; c:\program files (x86)\Mozilla Firefox\browser\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-wmi32 - c:\programdata\Application Data\wmimgmt.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3533916949-36865485-774322356-1000\¬ ë*W*]
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\program files (x86)\Garena Plus\ggdllhost.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-10-19 10:11:03 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-19 02:11
.
Pre-Run: 23,148,347,392 bytes free
Post-Run: 23,045,144,576 bytes free
.
- - End Of File - - 6A760F46DAC44A1010F5C2FC1B9C991A
A36C5E4F47E84449FF07ED3517B43A31

10:13:34.0189 4508 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:13:35.0298 4508 ============================================================
10:13:35.0298 4508 Current date / time: 2013/10/19 10:13:35.0298
10:13:35.0298 4508 SystemInfo:
10:13:35.0298 4508
10:13:35.0298 4508 OS Version: 6.1.7601 ServicePack: 1.0
10:13:35.0298 4508 Product type: Workstation
10:13:35.0298 4508 ComputerName: PRABHU
10:13:35.0298 4508 UserName: Owner
10:13:35.0298 4508 Windows directory: C:\Windows
10:13:35.0298 4508 System windows directory: C:\Windows
10:13:35.0298 4508 Running under WOW64
10:13:35.0298 4508 Processor architecture: Intel x64
10:13:35.0298 4508 Number of processors: 4
10:13:35.0298 4508 Page size: 0x1000
10:13:35.0298 4508 Boot type: Normal boot
10:13:35.0298 4508 ============================================================
10:13:36.0660 4508 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:13:36.0670 4508 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:13:36.0671 4508 ============================================================
10:13:36.0671 4508 \Device\Harddisk0\DR0:
10:13:36.0671 4508 MBR partitions:
10:13:36.0671 4508 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:13:36.0671 4508 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3D05D800
10:13:36.0671 4508 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3D090000, BlocksNum 0x37676000
10:13:36.0671 4508 \Device\Harddisk1\DR1:
10:13:36.0672 4508 MBR partitions:
10:13:36.0672 4508 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
10:13:36.0672 4508 ============================================================
10:13:36.0715 4508 C: <-> \Device\Harddisk0\DR0\Partition2
10:13:37.0386 4508 D: <-> \Device\Harddisk0\DR0\Partition3
10:13:37.0397 4508 F: <-> \Device\Harddisk1\DR1\Partition1
10:13:37.0397 4508 ============================================================
10:13:37.0397 4508 Initialize success
10:13:37.0398 4508 ============================================================
10:14:31.0513 4616 ============================================================
10:14:31.0513 4616 Scan started
10:14:31.0513 4616 Mode: Manual; SigCheck; TDLFS;
10:14:31.0513 4616 ============================================================
10:14:32.0160 4616 ================ Scan system memory ========================
10:14:32.0161 4616 System memory - ok
10:14:32.0161 4616 ================ Scan services =============================
10:14:33.0417 4616 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:14:33.0502 4616 1394ohci - ok
10:14:33.0535 4616 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:14:33.0554 4616 ACPI - ok
10:14:33.0571 4616 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:14:33.0616 4616 AcpiPmi - ok
10:14:33.0752 4616 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:14:33.0765 4616 AdobeARMservice - ok
10:14:33.0931 4616 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:14:33.0976 4616 AdobeFlashPlayerUpdateSvc - ok
10:14:34.0020 4616 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:14:34.0042 4616 adp94xx - ok
10:14:34.0055 4616 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:14:34.0065 4616 adpahci - ok
10:14:34.0081 4616 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:14:34.0089 4616 adpu320 - ok
10:14:34.0113 4616 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:14:34.0147 4616 AeLookupSvc - ok
10:14:34.0198 4616 [ 314C17917AC8523EC77A710215012A65 ] AFD C:\Windows\system32\drivers\afd.sys
10:14:34.0227 4616 AFD - ok
10:14:34.0247 4616 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:14:34.0258 4616 agp440 - ok
10:14:34.0289 4616 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:14:34.0317 4616 ALG - ok
10:14:34.0356 4616 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:14:34.0366 4616 aliide - ok
10:14:34.0390 4616 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:14:34.0400 4616 amdide - ok
10:14:34.0415 4616 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:14:34.0428 4616 AmdK8 - ok
10:14:34.0432 4616 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:14:34.0460 4616 AmdPPM - ok
10:14:34.0491 4616 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:14:34.0505 4616 amdsata - ok
10:14:34.0518 4616 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:14:34.0534 4616 amdsbs - ok
10:14:34.0544 4616 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:14:34.0554 4616 amdxata - ok
10:14:34.0587 4616 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:14:34.0656 4616 AppID - ok
10:14:34.0667 4616 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:14:34.0694 4616 AppIDSvc - ok
10:14:34.0741 4616 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
10:14:34.0769 4616 Appinfo - ok
10:14:34.0818 4616 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:14:34.0831 4616 Apple Mobile Device - ok
10:14:34.0878 4616 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
10:14:34.0892 4616 arc - ok
10:14:34.0902 4616 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:14:34.0914 4616 arcsas - ok
10:14:35.0058 4616 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:14:35.0070 4616 aspnet_state - ok
10:14:35.0131 4616 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:14:35.0164 4616 AsyncMac - ok
10:14:35.0192 4616 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:14:35.0199 4616 atapi - ok
10:14:35.0240 4616 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:14:35.0281 4616 AudioEndpointBuilder - ok
10:14:35.0286 4616 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:14:35.0309 4616 AudioSrv - ok
10:14:35.0358 4616 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:14:35.0418 4616 AxInstSV - ok
10:14:35.0436 4616 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:14:35.0478 4616 b06bdrv - ok
10:14:35.0555 4616 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:14:35.0573 4616 b57nd60a - ok
10:14:35.0622 4616 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:14:35.0662 4616 BDESVC - ok
10:14:35.0698 4616 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:14:35.0751 4616 Beep - ok
10:14:35.0831 4616 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:14:35.0902 4616 BFE - ok
10:14:35.0937 4616 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
10:14:35.0975 4616 BITS - ok
10:14:35.0978 4616 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:14:35.0985 4616 blbdrive - ok
10:14:36.0059 4616 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:14:36.0077 4616 Bonjour Service - ok
10:14:36.0122 4616 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:14:36.0167 4616 bowser - ok
10:14:36.0171 4616 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:14:36.0187 4616 BrFiltLo - ok
10:14:36.0190 4616 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:14:36.0204 4616 BrFiltUp - ok
10:14:36.0251 4616 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:14:36.0288 4616 BridgeMP - ok
10:14:36.0334 4616 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:14:36.0349 4616 Browser - ok
10:14:36.0362 4616 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:14:36.0414 4616 Brserid - ok
10:14:36.0417 4616 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:14:36.0432 4616 BrSerWdm - ok
10:14:36.0435 4616 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:14:36.0446 4616 BrUsbMdm - ok
10:14:36.0448 4616 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:14:36.0454 4616 BrUsbSer - ok
10:14:36.0456 4616 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:14:36.0464 4616 BTHMODEM - ok
10:14:36.0479 4616 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:14:36.0535 4616 bthserv - ok
10:14:36.0578 4616 catchme - ok
10:14:36.0603 4616 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:14:36.0649 4616 cdfs - ok
10:14:36.0659 4616 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:14:36.0681 4616 cdrom - ok
10:14:36.0708 4616 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:14:36.0750 4616 CertPropSvc - ok
10:14:36.0763 4616 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
10:14:36.0781 4616 circlass - ok
10:14:36.0806 4616 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:14:36.0815 4616 CLFS - ok
10:14:36.0992 4616 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:14:37.0005 4616 clr_optimization_v2.0.50727_32 - ok
10:14:37.0136 4616 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:14:37.0149 4616 clr_optimization_v2.0.50727_64 - ok
10:14:37.0234 4616 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:14:37.0246 4616 clr_optimization_v4.0.30319_32 - ok
10:14:37.0305 4616 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:14:37.0317 4616 clr_optimization_v4.0.30319_64 - ok
10:14:37.0321 4616 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
10:14:37.0334 4616 CmBatt - ok
10:14:37.0365 4616 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:14:37.0372 4616 cmdide - ok
10:14:37.0419 4616 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:14:37.0464 4616 CNG - ok
10:14:37.0484 4616 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:14:37.0496 4616 Compbatt - ok
10:14:37.0527 4616 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:14:37.0545 4616 CompositeBus - ok
10:14:37.0558 4616 COMSysApp - ok
10:14:37.0572 4616 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:14:37.0583 4616 crcdisk - ok
10:14:37.0619 4616 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:14:37.0633 4616 CryptSvc - ok
10:14:37.0690 4616 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:14:37.0735 4616 DcomLaunch - ok
10:14:37.0744 4616 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:14:37.0767 4616 defragsvc - ok
10:14:37.0797 4616 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:14:37.0833 4616 DfsC - ok
10:14:37.0861 4616 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:14:37.0902 4616 Dhcp - ok
10:14:37.0915 4616 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:14:37.0968 4616 discache - ok
10:14:37.0989 4616 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
10:14:37.0995 4616 Disk - ok
10:14:38.0015 4616 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:14:38.0041 4616 Dnscache - ok
10:14:38.0055 4616 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:14:38.0107 4616 dot3svc - ok
10:14:38.0112 4616 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:14:38.0138 4616 DPS - ok
10:14:38.0168 4616 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:14:38.0196 4616 drmkaud - ok
10:14:38.0280 4616 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:14:38.0303 4616 dtsoftbus01 - ok
10:14:38.0335 4616 [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:14:38.0364 4616 DXGKrnl - ok
10:14:38.0386 4616 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:14:38.0424 4616 EapHost - ok
10:14:38.0482 4616 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
10:14:38.0558 4616 ebdrv - ok
10:14:38.0592 4616 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:14:38.0599 4616 EFS - ok
10:14:38.0671 4616 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:14:38.0708 4616 ehRecvr - ok
10:14:38.0742 4616 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:14:38.0757 4616 ehSched - ok
10:14:38.0776 4616 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:14:38.0792 4616 elxstor - ok
10:14:38.0805 4616 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:14:38.0830 4616 ErrDev - ok
10:14:38.0858 4616 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:14:38.0890 4616 EventSystem - ok
10:14:38.0918 4616 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:14:38.0940 4616 exfat - ok
10:14:38.0954 4616 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:14:38.0977 4616 fastfat - ok
10:14:39.0014 4616 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:14:39.0055 4616 Fax - ok
10:14:39.0060 4616 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
10:14:39.0091 4616 fdc - ok
10:14:39.0118 4616 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:14:39.0152 4616 fdPHost - ok
10:14:39.0159 4616 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:14:39.0181 4616 FDResPub - ok
10:14:39.0209 4616 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:14:39.0216 4616 FileInfo - ok
10:14:39.0220 4616 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:14:39.0257 4616 Filetrace - ok
10:14:39.0259 4616 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:14:39.0266 4616 flpydisk - ok
10:14:39.0287 4616 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:14:39.0296 4616 FltMgr - ok
10:14:39.0326 4616 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
10:14:39.0369 4616 FontCache - ok
10:14:39.0391 4616 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:14:39.0402 4616 FontCache3.0.0.0 - ok
10:14:39.0406 4616 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:14:39.0417 4616 FsDepends - ok
10:14:39.0428 4616 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:14:39.0436 4616 Fs_Rec - ok
10:14:39.0493 4616 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:14:39.0512 4616 fvevol - ok
10:14:39.0527 4616 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:14:39.0540 4616 gagp30kx - ok
10:14:39.0587 4616 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:14:39.0596 4616 GEARAspiWDM - ok
10:14:39.0685 4616 GGSAFERDriver - ok
10:14:39.0704 4616 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:14:39.0749 4616 gpsvc - ok
10:14:39.0821 4616 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:14:39.0828 4616 gupdate - ok
10:14:39.0858 4616 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:14:39.0866 4616 gupdatem - ok
10:14:39.0879 4616 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:14:39.0918 4616 hcw85cir - ok
10:14:39.0955 4616 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:14:39.0989 4616 HdAudAddService - ok
10:14:40.0022 4616 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:14:40.0053 4616 HDAudBus - ok
10:14:40.0057 4616 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:14:40.0073 4616 HidBatt - ok
10:14:40.0077 4616 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:14:40.0088 4616 HidBth - ok
10:14:40.0101 4616 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
10:14:40.0111 4616 HidIr - ok
10:14:40.0134 4616 [ 3CC53BC405F609F61D4A879F3E7EBC4A ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys
10:14:40.0140 4616 hidkmdf - ok
10:14:40.0150 4616 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:14:40.0187 4616 hidserv - ok
10:14:40.0221 4616 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
10:14:40.0253 4616 HidUsb - ok
10:14:40.0278 4616 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:14:40.0314 4616 hkmsvc - ok
10:14:40.0329 4616 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:14:40.0350 4616 HomeGroupListener - ok
10:14:40.0368 4616 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:14:40.0392 4616 HomeGroupProvider - ok
10:14:40.0404 4616 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:14:40.0411 4616 HpSAMD - ok
10:14:40.0687 4616 [ 44A86ACCA8530CC6002F83F701BA7484 ] hshld C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
10:14:40.0737 4616 hshld - ok
10:14:40.0781 4616 [ 9C21C4CDA3564AD2EFC312459746229B ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys
10:14:40.0790 4616 HssDRV6 - ok
10:14:40.0851 4616 [ 8EA9CE2B1AC604A8995834E9B8F1E0DD ] HssTrayService C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
10:14:40.0863 4616 HssTrayService - ok
10:14:40.0999 4616 [ 67A2B219D8D91C1BC66A6A5EF507CE6C ] HssWd C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
10:14:41.0020 4616 HssWd - ok
10:14:41.0058 4616 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:14:41.0117 4616 HTTP - ok
10:14:41.0133 4616 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:14:41.0138 4616 hwpolicy - ok
10:14:41.0149 4616 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:14:41.0157 4616 i8042prt - ok
10:14:41.0172 4616 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:14:41.0182 4616 iaStorV - ok
10:14:41.0224 4616 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:14:41.0246 4616 idsvc - ok
10:14:41.0249 4616 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:14:41.0256 4616 iirsp - ok
10:14:41.0283 4616 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:14:41.0325 4616 IKEEXT - ok
10:14:41.0363 4616 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:14:41.0375 4616 intelide - ok
10:14:41.0400 4616 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:14:41.0432 4616 intelppm - ok
10:14:41.0469 4616 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:14:41.0518 4616 IPBusEnum - ok
10:14:41.0536 4616 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:14:41.0558 4616 IpFilterDriver - ok
10:14:41.0625 4616 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:14:41.0674 4616 iphlpsvc - ok
10:14:41.0688 4616 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:14:41.0716 4616 IPMIDRV - ok
10:14:41.0720 4616 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:14:41.0775 4616 IPNAT - ok
10:14:41.0861 4616 [ 78486992AC657AE5065C4A2135838570 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:14:41.0882 4616 iPod Service - ok
10:14:41.0904 4616 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:14:41.0922 4616 IRENUM - ok
10:14:41.0955 4616 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:14:41.0967 4616 isapnp - ok
10:14:41.0995 4616 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:14:42.0013 4616 iScsiPrt - ok
10:14:42.0036 4616 JamVOXUSBAudioSrv - ok
10:14:42.0062 4616 [ F315BA6BC1DF8AD5711423618A823CF2 ] JAMVOX_01 C:\Windows\system32\DRIVERS\JamWdm.sys
10:14:42.0073 4616 JAMVOX_01 - ok
10:14:42.0093 4616 [ 193F0D20865291C22305901F671A170C ] JAMVOX_AA C:\Windows\system32\DRIVERS\JamDRV.sys
10:14:42.0104 4616 JAMVOX_AA - ok
10:14:42.0133 4616 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:14:42.0145 4616 kbdclass - ok
10:14:42.0159 4616 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:14:42.0172 4616 kbdhid - ok
10:14:42.0209 4616 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:14:42.0222 4616 KeyIso - ok
10:14:42.0238 4616 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:14:42.0251 4616 KSecDD - ok
10:14:42.0273 4616 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:14:42.0287 4616 KSecPkg - ok
10:14:42.0312 4616 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:14:42.0353 4616 ksthunk - ok
10:14:42.0459 4616 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:14:42.0542 4616 KtmRm - ok
10:14:42.0604 4616 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:14:42.0658 4616 LanmanServer - ok
10:14:42.0687 4616 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:14:42.0708 4616 LanmanWorkstation - ok
10:14:42.0740 4616 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:14:42.0779 4616 lltdio - ok
10:14:42.0788 4616 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:14:42.0816 4616 lltdsvc - ok
10:14:42.0850 4616 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:14:42.0875 4616 lmhosts - ok
10:14:42.0945 4616 [ DF86570FFC4F8A7E38595CC072B19A5B ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:14:42.0961 4616 LMS - ok
10:14:42.0976 4616 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:14:42.0988 4616 LSI_FC - ok
10:14:43.0001 4616 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:14:43.0012 4616 LSI_SAS - ok
10:14:43.0014 4616 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:14:43.0021 4616 LSI_SAS2 - ok
10:14:43.0034 4616 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:14:43.0042 4616 LSI_SCSI - ok
10:14:43.0052 4616 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:14:43.0089 4616 luafv - ok
10:14:43.0145 4616 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:14:43.0158 4616 MBAMProtector - ok
10:14:43.0212 4616 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:14:43.0230 4616 MBAMScheduler - ok
10:14:43.0271 4616 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:14:43.0294 4616 MBAMService - ok
10:14:43.0340 4616 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:14:43.0356 4616 Mcx2Svc - ok
10:14:43.0365 4616 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
10:14:43.0375 4616 megasas - ok
10:14:43.0400 4616 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:14:43.0411 4616 MegaSR - ok
10:14:43.0433 4616 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:14:43.0440 4616 MEIx64 - ok
10:14:43.0486 4616 Microsoft SharePoint Workspace Audit Service - ok
10:14:43.0526 4616 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:14:43.0575 4616 MMCSS - ok
10:14:43.0588 4616 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:14:43.0642 4616 Modem - ok
10:14:43.0661 4616 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:14:43.0693 4616 monitor - ok
10:14:43.0713 4616 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:14:43.0725 4616 mouclass - ok
10:14:43.0736 4616 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:14:43.0751 4616 mouhid - ok
10:14:43.0790 4616 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:14:43.0797 4616 mountmgr - ok
10:14:43.0860 4616 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:14:43.0867 4616 MozillaMaintenance - ok
10:14:43.0870 4616 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:14:43.0877 4616 mpio - ok
10:14:43.0894 4616 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:14:43.0921 4616 mpsdrv - ok
10:14:43.0933 4616 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:14:43.0961 4616 MpsSvc - ok
10:14:43.0990 4616 [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:14:44.0013 4616 MRxDAV - ok
10:14:44.0035 4616 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:14:44.0059 4616 mrxsmb - ok
10:14:44.0071 4616 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:14:44.0088 4616 mrxsmb10 - ok
10:14:44.0098 4616 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:14:44.0108 4616 mrxsmb20 - ok
10:14:44.0138 4616 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:14:44.0145 4616 msahci - ok
10:14:44.0149 4616 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:14:44.0161 4616 msdsm - ok
10:14:44.0172 4616 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:14:44.0185 4616 MSDTC - ok
10:14:44.0213 4616 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:14:44.0243 4616 Msfs - ok
10:14:44.0267 4616 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:14:44.0306 4616 mshidkmdf - ok
10:14:44.0308 4616 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:14:44.0315 4616 msisadrv - ok
10:14:44.0352 4616 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:14:44.0400 4616 MSiSCSI - ok
10:14:44.0402 4616 msiserver - ok
10:14:44.0435 4616 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:14:44.0459 4616 MSKSSRV - ok
10:14:44.0473 4616 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:14:44.0495 4616 MSPCLOCK - ok
10:14:44.0498 4616 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:14:44.0521 4616 MSPQM - ok
10:14:44.0540 4616 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:14:44.0551 4616 MsRPC - ok
10:14:44.0557 4616 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:14:44.0564 4616 mssmbios - ok
10:14:44.0573 4616 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:14:44.0613 4616 MSTEE - ok
10:14:44.0615 4616 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:14:44.0623 4616 MTConfig - ok
10:14:44.0638 4616 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:14:44.0644 4616 Mup - ok
10:14:44.0669 4616 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:14:44.0707 4616 napagent - ok
10:14:44.0727 4616 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:14:44.0757 4616 NativeWifiP - ok
10:14:44.0786 4616 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:14:44.0813 4616 NDIS - ok
10:14:44.0842 4616 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:14:44.0879 4616 NdisCap - ok
10:14:44.0906 4616 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:14:44.0928 4616 NdisTapi - ok
10:14:44.0945 4616 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:14:44.0965 4616 Ndisuio - ok
10:14:44.0993 4616 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:14:45.0032 4616 NdisWan - ok
10:14:45.0050 4616 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:14:45.0070 4616 NDProxy - ok
10:14:45.0105 4616 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
10:14:45.0146 4616 Netaapl - ok
10:14:45.0169 4616 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:14:45.0219 4616 NetBIOS - ok
10:14:45.0250 4616 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:14:45.0299 4616 NetBT - ok
10:14:45.0325 4616 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:14:45.0331 4616 Netlogon - ok
10:14:45.0378 4616 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:14:45.0417 4616 Netman - ok
10:14:45.0468 4616 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:14:45.0478 4616 NetMsmqActivator - ok
10:14:45.0503 4616 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:14:45.0515 4616 NetPipeActivator - ok
10:14:45.0534 4616 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:14:45.0580 4616 netprofm - ok
10:14:45.0596 4616 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:14:45.0601 4616 NetTcpActivator - ok
10:14:45.0603 4616 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:14:45.0609 4616 NetTcpPortSharing - ok
10:14:45.0627 4616 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:14:45.0637 4616 nfrd960 - ok
10:14:45.0707 4616 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:14:45.0729 4616 NlaSvc - ok
10:14:45.0748 4616 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:14:45.0782 4616 Npfs - ok
10:14:45.0807 4616 npggsvc - ok
10:14:45.0825 4616 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:14:45.0848 4616 nsi - ok
10:14:45.0852 4616 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:14:45.0874 4616 nsiproxy - ok
10:14:45.0915 4616 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:14:45.0935 4616 Ntfs - ok
10:14:45.0937 4616 NTIOLib_1_0_C - ok
10:14:45.0952 4616 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:14:45.0972 4616 Null - ok
10:14:46.0022 4616 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
10:14:46.0041 4616 nusb3hub - ok
10:14:46.0058 4616 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:14:46.0078 4616 nusb3xhc - ok
10:14:46.0136 4616 [ 554964B900AE2954B8B589B6287034AC ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
10:14:46.0151 4616 NVHDA - ok
10:14:47.0843 4616 [ E873E4986FC3BC32EFCAE9B289373BBC ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:14:47.0962 4616 nvlddmkm - ok
10:14:48.0005 4616 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:14:48.0020 4616 nvraid - ok
10:14:48.0046 4616 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:14:48.0059 4616 nvstor - ok
10:14:49.0003 4616 [ 63B5DCF3A9EEA1C418468A312B54E612 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
10:14:49.0277 4616 NvStreamSvc - ok
10:14:49.0407 4616 [ 9E9E75C74A715B6AD71C2009C8F9F2F8 ] nvsvc C:\Windows\system32\nvvsvc.exe
10:14:49.0436 4616 nvsvc - ok
10:14:49.0717 4616 [ 005E474630A7AA05A617C574B702FEED ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:14:49.0790 4616 nvUpdatusService - ok
10:14:49.0902 4616 [ 220B120EF4C36B4A3E23FAEC91E2FCE3 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
10:14:49.0914 4616 nvvad_WaveExtensible - ok
10:14:49.0941 4616 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:14:49.0955 4616 nv_agp - ok
10:14:50.0182 4616 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:14:50.0230 4616 odserv - ok
10:14:50.0260 4616 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:14:50.0269 4616 ohci1394 - ok
10:14:50.0335 4616 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:14:50.0348 4616 ose - ok
10:14:50.0439 4616 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:14:50.0546 4616 osppsvc - ok
10:14:50.0563 4616 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:14:50.0599 4616 p2pimsvc - ok
10:14:50.0627 4616 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:14:50.0642 4616 p2psvc - ok
10:14:50.0651 4616 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:14:50.0661 4616 Parport - ok
10:14:50.0691 4616 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:14:50.0704 4616 partmgr - ok
10:14:50.0725 4616 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:14:50.0763 4616 PcaSvc - ok
10:14:50.0807 4616 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:14:50.0822 4616 pci - ok
10:14:50.0855 4616 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:14:50.0867 4616 pciide - ok
10:14:50.0877 4616 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:14:50.0893 4616 pcmcia - ok
10:14:50.0903 4616 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:14:50.0911 4616 pcw - ok
10:14:51.0022 4616 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:14:51.0108 4616 PEAUTH - ok
10:14:51.0170 4616 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:14:51.0196 4616 PerfHost - ok
10:14:51.0363 4616 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:14:51.0431 4616 pla - ok
10:14:51.0482 4616 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:14:51.0534 4616 PlugPlay - ok
10:14:51.0548 4616 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:14:51.0575 4616 PNRPAutoReg - ok
10:14:51.0581 4616 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:14:51.0599 4616 PNRPsvc - ok
10:14:51.0627 4616 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:14:51.0685 4616 PolicyAgent - ok
10:14:51.0729 4616 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:14:51.0775 4616 Power - ok
10:14:51.0814 4616 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:14:51.0865 4616 PptpMiniport - ok
10:14:51.0868 4616 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
10:14:51.0897 4616 Processor - ok
10:14:51.0931 4616 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:14:51.0972 4616 ProfSvc - ok
10:14:51.0982 4616 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:14:51.0995 4616 ProtectedStorage - ok
10:14:52.0035 4616 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:14:52.0072 4616 Psched - ok
10:14:52.0113 4616 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:14:52.0159 4616 ql2300 - ok
10:14:52.0186 4616 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:14:52.0197 4616 ql40xx - ok
10:14:52.0213 4616 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:14:52.0238 4616 QWAVE - ok
10:14:52.0246 4616 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:14:52.0260 4616 QWAVEdrv - ok
10:14:52.0272 4616 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:14:52.0298 4616 RasAcd - ok
10:14:52.0340 4616 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:14:52.0377 4616 RasAgileVpn - ok
10:14:52.0385 4616 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:14:52.0407 4616 RasAuto - ok
10:14:52.0432 4616 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:14:52.0463 4616 Rasl2tp - ok
10:14:52.0484 4616 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:14:52.0507 4616 RasMan - ok
10:14:52.0535 4616 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:14:52.0557 4616 RasPppoe - ok
10:14:52.0585 4616 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:14:52.0605 4616 RasSstp - ok
10:14:52.0616 4616 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:14:52.0637 4616 rdbss - ok
10:14:52.0646 4616 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
10:14:52.0655 4616 rdpbus - ok
10:14:52.0696 4616 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:14:52.0734 4616 RDPCDD - ok
10:14:52.0747 4616 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:14:52.0771 4616 RDPENCDD - ok
10:14:52.0802 4616 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:14:52.0822 4616 RDPREFMP - ok
10:14:52.0839 4616 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:14:52.0865 4616 RDPWD - ok
10:14:52.0894 4616 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:14:52.0910 4616 rdyboost - ok
10:14:52.0927 4616 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:14:52.0996 4616 RemoteAccess - ok
10:14:53.0062 4616 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:14:53.0099 4616 RemoteRegistry - ok
10:14:53.0132 4616 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:14:53.0154 4616 RpcEptMapper - ok
10:14:53.0161 4616 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:14:53.0168 4616 RpcLocator - ok
10:14:53.0178 4616 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
10:14:53.0201 4616 RpcSs - ok
10:14:53.0231 4616 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:14:53.0251 4616 rspndr - ok
10:14:53.0306 4616 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:14:53.0326 4616 RTL8167 - ok
10:14:53.0400 4616 [ 444CBF28D86C2CD47A6A3B1FC9B591DD ] RzDxgk C:\Windows\system32\drivers\RzDxgk.sys
10:14:53.0413 4616 RzDxgk - ok
10:14:53.0464 4616 [ A565A5C81047658FCB06804F085396D4 ] RzFilter C:\Windows\system32\drivers\RzFilter.sys
10:14:53.0477 4616 RzFilter - ok
10:14:53.0634 4616 [ 44E7610BCCE8C7AD9E0610D0F4F1AA6F ] RzOvlMon C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
10:14:53.0646 4616 RzOvlMon - ok
10:14:53.0666 4616 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:14:53.0680 4616 SamSs - ok
10:14:53.0708 4616 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:14:53.0722 4616 sbp2port - ok
10:14:53.0742 4616 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:14:53.0786 4616 SCardSvr - ok
10:14:53.0794 4616 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:14:53.0833 4616 scfilter - ok
10:14:53.0860 4616 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:14:53.0888 4616 Schedule - ok
10:14:53.0914 4616 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:14:53.0933 4616 SCPolicySvc - ok
10:14:53.0976 4616 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:14:54.0020 4616 SDRSVC - ok
10:14:54.0031 4616 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:14:54.0087 4616 secdrv - ok
10:14:54.0105 4616 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:14:54.0126 4616 seclogon - ok
10:14:54.0151 4616 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:14:54.0173 4616 SENS - ok
10:14:54.0203 4616 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:14:54.0253 4616 SensrSvc - ok
10:14:54.0266 4616 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:14:54.0296 4616 Serenum - ok
10:14:54.0322 4616 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:14:54.0355 4616 Serial - ok
10:14:54.0390 4616 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:14:54.0415 4616 sermouse - ok
10:14:54.0441 4616 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:14:54.0505 4616 SessionEnv - ok
10:14:54.0507 4616 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:14:54.0516 4616 sffdisk - ok
10:14:54.0518 4616 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:14:54.0526 4616 sffp_mmc - ok
10:14:54.0528 4616 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:14:54.0552 4616 sffp_sd - ok
10:14:54.0554 4616 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:14:54.0561 4616 sfloppy - ok
10:14:54.0582 4616 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:14:54.0605 4616 SharedAccess - ok
10:14:54.0618 4616 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:14:54.0640 4616 ShellHWDetection - ok
10:14:54.0667 4616 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:14:54.0674 4616 SiSRaid2 - ok
10:14:54.0679 4616 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:14:54.0685 4616 SiSRaid4 - ok
10:14:54.0743 4616 [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:14:54.0756 4616 SkypeUpdate - ok
10:14:54.0785 4616 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:14:54.0822 4616 Smb - ok
10:14:54.0847 4616 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:14:54.0878 4616 SNMPTRAP - ok
10:14:54.0897 4616 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:14:54.0908 4616 spldr - ok
10:14:54.0944 4616 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:14:54.0963 4616 Spooler - ok
10:14:55.0370 4616 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:14:55.0438 4616 sppsvc - ok
10:14:55.0458 4616 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:14:55.0481 4616 sppuinotify - ok
10:14:55.0724 4616 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:14:55.0801 4616 srv - ok
10:14:55.0824 4616 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:14:55.0852 4616 srv2 - ok
10:14:55.0879 4616 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:14:55.0894 4616 srvnet - ok
10:14:55.0925 4616 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:14:55.0972 4616 SSDPSRV - ok
10:14:56.0019 4616 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:14:56.0059 4616 SstpSvc - ok
10:14:56.0141 4616 [ BC76D75A372BC02831A6A6AEA66510F8 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
10:14:56.0162 4616 Steam Client Service - ok
10:14:56.0246 4616 [ 8E7F555E134B59146D795BC3B5428875 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:14:56.0266 4616 Stereo Service - ok
10:14:56.0306 4616 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:14:56.0318 4616 stexstor - ok
10:14:56.0355 4616 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:14:56.0395 4616 stisvc - ok
10:14:56.0412 4616 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:14:56.0423 4616 swenum - ok
10:14:56.0453 4616 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:14:56.0517 4616 swprv - ok
10:14:57.0017 4616 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:14:57.0100 4616 SysMain - ok
10:14:57.0126 4616 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:14:57.0138 4616 TabletInputService - ok
10:14:58.0641 4616 [ 17A341D41F30FEA2EFF7223148899FEC ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
10:14:58.0782 4616 TabletServiceWacom - ok
10:14:58.0825 4616 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
10:14:58.0853 4616 tap0901t ( UnsignedFile.Multi.Generic ) - warning
10:14:58.0853 4616 tap0901t - detected UnsignedFile.Multi.Generic (1)
10:14:58.0912 4616 [ 83C57F165F0216E5CE40D7E4E00DC76D ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
10:14:58.0918 4616 taphss6 - ok
10:14:58.0952 4616 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:14:58.0975 4616 TapiSrv - ok
10:14:58.0989 4616 TBPanel - ok
10:14:59.0012 4616 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:14:59.0034 4616 TBS - ok
10:14:59.0075 4616 [ 40AF23633D197905F03AB5628C558C51 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:14:59.0098 4616 Tcpip - ok
10:14:59.0150 4616 [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:14:59.0173 4616 TCPIP6 - ok
10:14:59.0216 4616 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:14:59.0224 4616 tcpipreg - ok
10:14:59.0241 4616 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:14:59.0271 4616 TDPIPE - ok
10:14:59.0296 4616 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:14:59.0315 4616 TDTCP - ok
10:14:59.0343 4616 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:14:59.0364 4616 tdx - ok
10:14:59.0397 4616 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:14:59.0403 4616 TermDD - ok
10:14:59.0439 4616 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:14:59.0464 4616 TermService - ok
10:14:59.0480 4616 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:14:59.0492 4616 Themes - ok
10:14:59.0508 4616 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:14:59.0529 4616 THREADORDER - ok
10:14:59.0563 4616 [ A15A789141C74AAD7971FBCB4847A593 ] TouchServiceWacom C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
10:14:59.0574 4616 TouchServiceWacom - ok
10:14:59.0600 4616 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:14:59.0656 4616 TrkWks - ok
10:14:59.0712 4616 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:14:59.0753 4616 TrustedInstaller - ok
10:14:59.0784 4616 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:14:59.0832 4616 tssecsrv - ok
10:14:59.0844 4616 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:14:59.0864 4616 TsUsbFlt - ok
10:14:59.0868 4616 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:14:59.0880 4616 TsUsbGD - ok
10:14:59.0885 4616 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:14:59.0917 4616 tunnel - ok
10:14:59.0997 4616 [ 57D1025FD44FA47BAE92EDF4D7645BD5 ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
10:15:00.0021 4616 TunngleService - ok
10:15:00.0024 4616 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:15:00.0030 4616 uagp35 - ok
10:15:00.0050 4616 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:15:00.0090 4616 udfs - ok
10:15:00.0116 4616 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:15:00.0137 4616 UI0Detect - ok
10:15:00.0167 4616 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:15:00.0177 4616 uliagpkx - ok
10:15:00.0210 4616 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:15:00.0241 4616 umbus - ok
10:15:00.0252 4616 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:15:00.0280 4616 UmPass - ok
10:15:00.0459 4616 [ 1D2596FE2D7CF36C6F5F0D6B71E90E1E ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:15:00.0531 4616 UNS - ok
10:15:00.0549 4616 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:15:00.0598 4616 upnphost - ok
10:15:00.0636 4616 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:15:00.0673 4616 USBAAPL64 - ok
10:15:00.0716 4616 [ B0435098C81D04CAFFF80DDB746CD3A2 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:15:00.0752 4616 usbaudio - ok
10:15:00.0795 4616 [ ACCEA6BC68D0C9A78EB97EE159028B4E ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:15:00.0821 4616 usbccgp - ok
10:15:00.0844 4616 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:15:00.0884 4616 usbcir - ok
10:15:00.0927 4616 [ 311C1DD1088E55BEAE15954D17F50646 ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:15:00.0955 4616 usbehci - ok
10:15:00.0977 4616 [ 280E90CBF4B2DDD169F0728CB44D726F ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:15:00.0995 4616 usbhub - ok
10:15:01.0022 4616 [ 9406D801042FAF859CF81B2C886413DC ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:15:01.0035 4616 usbohci - ok
10:15:01.0063 4616 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:15:01.0101 4616 usbprint - ok
10:15:01.0115 4616 [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan C:\Windows\system32\drivers\usbscan.sys
10:15:01.0151 4616 usbscan - ok
10:15:01.0183 4616 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:15:01.0221 4616 USBSTOR - ok
10:15:01.0262 4616 [ A83D0EC9AE4C31704442099D40BA2471 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:15:01.0275 4616 usbuhci - ok
10:15:01.0297 4616 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:15:01.0347 4616 UxSms - ok
10:15:01.0365 4616 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:15:01.0371 4616 VaultSvc - ok
10:15:01.0401 4616 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:15:01.0413 4616 vdrvroot - ok
10:15:01.0442 4616 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:15:01.0502 4616 vds - ok
10:15:01.0520 4616 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:15:01.0531 4616 vga - ok
10:15:01.0547 4616 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:15:01.0590 4616 VgaSave - ok
10:15:01.0594 4616 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:15:01.0604 4616 vhdmp - ok
10:15:01.0628 4616 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:15:01.0634 4616 viaide - ok
10:15:01.0647 4616 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:15:01.0654 4616 volmgr - ok
10:15:01.0668 4616 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:15:01.0677 4616 volmgrx - ok
10:15:01.0691 4616 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:15:01.0699 4616 volsnap - ok
10:15:01.0714 4616 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:15:01.0721 4616 vsmraid - ok
10:15:01.0750 4616 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:15:01.0804 4616 VSS - ok
10:15:01.0820 4616 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:15:01.0844 4616 vwifibus - ok
10:15:01.0872 4616 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:15:01.0896 4616 W32Time - ok
10:15:01.0915 4616 [ 7CB1898A29188FB8DB102406EF0D8D9E ] WacHidRouter C:\Windows\system32\DRIVERS\wachidrouter.sys
10:15:01.0921 4616 WacHidRouter - ok
10:15:01.0937 4616 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:15:01.0958 4616 WacomPen - ok
10:15:01.0985 4616 [ B59EC4DD1026F059CD95C1627562F3F3 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
10:15:01.0994 4616 wacomrouterfilter - ok
10:15:02.0030 4616 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:15:02.0071 4616 WANARP - ok
10:15:02.0085 4616 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:15:02.0105 4616 Wanarpv6 - ok
10:15:02.0331 4616 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:15:02.0370 4616 WatAdminSvc - ok
10:15:02.0466 4616 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:15:02.0520 4616 wbengine - ok
10:15:02.0543 4616 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:15:02.0567 4616 WbioSrvc - ok
10:15:02.0579 4616 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:15:02.0606 4616 wcncsvc - ok
10:15:02.0631 4616 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:15:02.0643 4616 WcsPlugInService - ok
10:15:02.0658 4616 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
10:15:02.0664 4616 Wd - ok
10:15:02.0683 4616 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
10:15:02.0694 4616 WDC_SAM - ok
10:15:02.0733 4616 [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:15:02.0756 4616 Wdf01000 - ok
10:15:02.0821 4616 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:15:02.0883 4616 WdiServiceHost - ok
10:15:02.0886 4616 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:15:02.0904 4616 WdiSystemHost - ok
10:15:02.0929 4616 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient C:\Windows\System32\webclnt.dll
10:15:02.0938 4616 WebClient - ok
10:15:02.0966 4616 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:15:02.0989 4616 Wecsvc - ok
10:15:03.0009 4616 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:15:03.0030 4616 wercplsupport - ok
10:15:03.0048 4616 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:15:03.0071 4616 WerSvc - ok
10:15:03.0107 4616 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:15:03.0144 4616 WfpLwf - ok
10:15:03.0151 4616 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:15:03.0157 4616 WIMMount - ok
10:15:03.0168 4616 WinDefend - ok
10:15:03.0186 4616 WinHttpAutoProxySvc - ok
10:15:03.0226 4616 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:15:03.0262 4616 Winmgmt - ok
10:15:03.0621 4616 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:15:03.0721 4616 WinRM - ok
10:15:03.0750 4616 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:15:03.0759 4616 WinUsb - ok
10:15:03.0779 4616 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:15:03.0808 4616 Wlansvc - ok
10:15:03.0901 4616 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:15:03.0960 4616 wlidsvc - ok
10:15:03.0999 4616 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
10:15:04.0004 4616 WmBEnum - ok
10:15:04.0059 4616 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
10:15:04.0070 4616 WmFilter - ok
10:15:04.0074 4616 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:15:04.0103 4616 WmiAcpi - ok
10:15:04.0122 4616 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:15:04.0138 4616 wmiApSrv - ok
10:15:04.0152 4616 WMPNetworkSvc - ok
10:15:04.0168 4616 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
10:15:04.0178 4616 WmVirHid - ok
10:15:04.0191 4616 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
10:15:04.0200 4616 WmXlCore - ok
10:15:04.0219 4616 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:15:04.0243 4616 WPCSvc - ok
10:15:04.0256 4616 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:15:04.0272 4616 WPDBusEnum - ok
10:15:04.0275 4616 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:15:04.0299 4616 ws2ifsl - ok
10:15:04.0307 4616 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:15:04.0330 4616 wscsvc - ok
10:15:04.0332 4616 WSearch - ok
10:15:04.0372 4616 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:15:04.0416 4616 wuauserv - ok
10:15:04.0454 4616 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:15:04.0498 4616 WudfPf - ok
10:15:04.0528 4616 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:15:04.0561 4616 WUDFRd - ok
10:15:04.0649 4616 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:15:04.0680 4616 wudfsvc - ok
10:15:04.0798 4616 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
10:15:04.0829 4616 WwanSvc - ok
10:15:05.0015 4616 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
10:15:05.0089 4616 xusb21 - ok
10:15:05.0097 4616 ================ Scan global ===============================
10:15:05.0122 4616 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:15:05.0153 4616 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
10:15:05.0161 4616 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
10:15:05.0185 4616 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:15:05.0208 4616 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:15:05.0212 4616 [Global] - ok
10:15:05.0213 4616 ================ Scan MBR ==================================
10:15:05.0217 4616 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:15:07.0834 4616 \Device\Harddisk0\DR0 - ok
10:15:07.0838 4616 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
10:15:07.0934 4616 \Device\Harddisk1\DR1 - ok
10:15:07.0934 4616 ================ Scan VBR ==================================
10:15:07.0964 4616 [ E6272A58A52B118754530EC7BCF56BEE ] \Device\Harddisk0\DR0\Partition1
10:15:07.0972 4616 \Device\Harddisk0\DR0\Partition1 - ok
10:15:07.0995 4616 [ D9011594000D182B5C695827E87B2D36 ] \Device\Harddisk0\DR0\Partition2
10:15:07.0997 4616 \Device\Harddisk0\DR0\Partition2 - ok
10:15:08.0020 4616 [ A5E5CA06E3349E8A384F3AE26877BC03 ] \Device\Harddisk0\DR0\Partition3
10:15:08.0023 4616 \Device\Harddisk0\DR0\Partition3 - ok
10:15:08.0026 4616 [ 9919D6CB7DCDBC349E82A6D96B9ECC25 ] \Device\Harddisk1\DR1\Partition1
10:15:08.0028 4616 \Device\Harddisk1\DR1\Partition1 - ok
10:15:08.0028 4616 ============================================================
10:15:08.0028 4616 Scan finished
10:15:08.0028 4616 ============================================================
10:15:08.0038 4608 Detected object count: 1
10:15:08.0038 4608 Actual detected object count: 1
10:15:34.0581 4608 tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
10:15:34.0581 4608 tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:15:41.0189 3184 Deinitialize success

#4
frozenthunder

Posted 18 October 2013 - 08:51 PM

Member

Topic Starter
Member
140 posts

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.18.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Owner :: PRABHU [administrator]

10/19/2013 10:25:39 AM
mbam-log-2013-10-19 (10-25-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 286766
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL logfile created on: 10/19/2013 10:31:54 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.45 Gb Available Physical Memory | 68.32% Memory free
15.96 Gb Paging File | 13.01 Gb Available in Paging File | 81.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488.18 Gb Total Space | 22.76 Gb Free Space | 4.66% Space Free | Partition Type: NTFS
Drive D: | 443.23 Gb Total Space | 56.66 Gb Free Space | 12.78% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 121.62 Gb Free Space | 13.06% Space Free | Partition Type: FAT32
Drive G: | 7.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PRABHU | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/17 11:32:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/10/11 22:11:06 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/11 00:10:18 | 029,768,376 | ---- | M] (Dropbox, Inc.) -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/09 10:19:14 | 000,565,672 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/10/09 10:19:12 | 001,813,928 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\steam\Steam.exe
PRC - [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/27 02:37:44 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/09/25 17:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/09/18 06:28:28 | 001,787,688 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
PRC - [2013/09/18 06:28:16 | 000,878,888 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
PRC - [2013/09/18 06:27:50 | 000,556,840 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013/08/28 05:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/08/28 05:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/08/27 03:15:34 | 001,091,264 | ---- | M] (Razer) -- C:\Program Files (x86)\Razer\Core\RazerCore.exe
PRC - [2013/08/06 19:00:59 | 009,739,056 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
PRC - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
PRC - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/12 07:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/08/02 15:38:20 | 002,248,704 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
PRC - [2011/07/06 13:15:26 | 002,656,536 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/07/06 13:15:20 | 000,326,424 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/04/15 17:26:36 | 000,980,280 | ---- | M] () -- C:\Program Files (x86)\VOX\JamVOX\JVExec.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/19 10:18:30 | 000,805,888 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\wx._gdi_.pyd
MOD - [2013/10/19 10:18:30 | 000,735,232 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\wx._misc_.pyd
MOD - [2013/10/19 10:18:30 | 000,557,056 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\pysqlite2._sqlite.pyd
MOD - [2013/10/19 10:18:30 | 000,504,832 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\windows._cacheinvalidation.pyd
MOD - [2013/10/19 10:18:30 | 000,364,544 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\pythoncom27.dll
MOD - [2013/10/19 10:18:30 | 000,320,512 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\win32com.shell.shell.pyd
MOD - [2013/10/19 10:18:30 | 000,128,512 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\_elementtree.pyd
MOD - [2013/10/19 10:18:30 | 000,110,080 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\PyWinTypes27.dll
MOD - [2013/10/19 10:18:30 | 000,108,544 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\win32security.pyd
MOD - [2013/10/19 10:18:30 | 000,098,816 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\win32api.pyd
MOD - [2013/10/19 10:18:30 | 000,087,040 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\_ctypes.pyd
MOD - [2013/10/19 10:18:30 | 000,070,656 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\wx._html2.pyd
MOD - [2013/10/19 10:18:30 | 000,044,032 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\_socket.pyd
MOD - [2013/10/19 10:18:30 | 000,026,624 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\_multiprocessing.pyd
MOD - [2013/10/19 10:18:30 | 000,022,528 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\win32ts.pyd
MOD - [2013/10/19 10:18:30 | 000,017,408 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\win32profile.pyd
MOD - [2013/10/19 10:18:30 | 000,011,264 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\win32crypt.pyd
MOD - [2013/10/19 10:18:29 | 001,175,040 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\wx._core_.pyd
MOD - [2013/10/19 10:18:29 | 001,153,024 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\_ssl.pyd
MOD - [2013/10/19 10:18:29 | 001,062,400 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\wx._controls_.pyd
MOD - [2013/10/19 10:18:29 | 000,811,008 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\wx._windows_.pyd
MOD - [2013/10/19 10:18:29 | 000,711,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\_hashlib.pyd
MOD - [2013/10/19 10:18:29 | 000,686,080 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\unicodedata.pyd
MOD - [2013/10/19 10:18:29 | 000,127,488 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\pyexpat.pyd
MOD - [2013/10/19 10:18:29 | 000,122,368 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\wx._wizard.pyd
MOD - [2013/10/19 10:18:29 | 000,119,808 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\win32file.pyd
MOD - [2013/10/19 10:18:29 | 000,038,912 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\win32inet.pyd
MOD - [2013/10/19 10:18:29 | 000,035,840 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\win32process.pyd
MOD - [2013/10/19 10:18:29 | 000,025,600 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\win32pdh.pyd
MOD - [2013/10/19 10:18:29 | 000,018,432 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\win32event.pyd
MOD - [2013/10/19 10:18:29 | 000,010,240 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI32402\select.pyd
MOD - [2013/10/11 00:09:30 | 003,558,400 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/10 23:11:56 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll
MOD - [2013/10/10 23:11:48 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
MOD - [2013/10/10 23:11:47 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\de9e77138e17f0188104c9ec32d375da\System.Data.ni.dll
MOD - [2013/10/10 23:11:45 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/10 23:11:45 | 000,693,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\7dd3be81af8b03416ad0109af26997b9\System.ComponentModel.Composition.ni.dll
MOD - [2013/10/10 23:11:44 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/10 23:11:42 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
MOD - [2013/10/10 23:11:41 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 10:19:16 | 001,121,704 | ---- | M] () -- C:\Program Files (x86)\steam\bin\chromehtml.dll
MOD - [2013/10/09 10:19:16 | 000,120,744 | ---- | M] () -- C:\Program Files (x86)\steam\bin\audio.dll
MOD - [2013/10/03 14:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 14:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 14:02:12 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 14:02:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 14:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/09/18 06:18:58 | 000,902,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
MOD - [2013/09/11 06:20:56 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\steam\bin\libcef.dll
MOD - [2013/08/29 13:21:34 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
MOD - [2013/08/29 13:21:24 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\b1560845b641faac0ca607b2dce8389a\Microsoft.VisualC.ni.dll
MOD - [2013/08/29 13:21:23 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/08/29 13:21:23 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/29 13:21:22 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/29 13:21:22 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/22 06:18:28 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\steam\SDL2.dll
MOD - [2013/08/15 03:04:27 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/15 03:04:26 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/15 03:04:25 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/07 15:33:54 | 000,027,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\VersionModule.dll
MOD - [2013/08/06 19:01:20 | 000,864,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
MOD - [2013/08/06 19:00:59 | 009,739,056 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
MOD - [2013/07/26 14:18:31 | 000,957,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XLL.dll
MOD - [2013/07/18 22:09:40 | 000,529,200 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll
MOD - [2013/07/15 22:29:36 | 001,545,520 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
MOD - [2013/07/11 23:44:22 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/11 23:44:22 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dll
MOD - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
MOD - [2013/06/15 07:49:16 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\steam\bin\mssvoice.asi
MOD - [2013/06/15 07:49:16 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\steam\bin\mssmp3.asi
MOD - [2013/06/15 07:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avcodec-53.dll
MOD - [2013/06/15 07:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avformat-53.dll
MOD - [2013/06/15 07:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avutil-51.dll
MOD - [2013/04/10 17:23:12 | 000,170,800 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
MOD - [2013/04/10 17:22:55 | 000,155,440 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libmpg123.dll
MOD - [2013/03/14 04:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/03/13 18:05:59 | 000,374,064 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\Http.dll
MOD - [2013/03/07 10:10:42 | 000,106,288 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
MOD - [2013/03/07 10:10:39 | 000,224,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
MOD - [2013/03/07 10:10:22 | 000,487,216 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CxImage.dll
MOD - [2013/02/13 09:42:46 | 005,407,744 | ---- | M] () -- C:\Program Files (x86)\PlayClaw4\playclaw-vcam.dll
MOD - [2013/02/07 17:11:25 | 000,025,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginModule.dll
MOD - [2013/02/07 17:11:24 | 000,087,344 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginKernel.dll
MOD - [2013/02/07 17:11:22 | 000,192,816 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ImageModule.dll
MOD - [2013/02/07 17:11:17 | 000,051,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\FileLoader.dll
MOD - [2013/02/07 17:11:15 | 000,033,584 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\DibModule.dll
MOD - [2013/02/01 13:42:29 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libzmq.dll
MOD - [2013/01/30 16:26:41 | 002,941,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdownloader.dll
MOD - [2013/01/30 16:26:38 | 000,104,752 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CommonLib.dll
MOD - [2013/01/14 19:57:52 | 001,092,912 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
MOD - [2013/01/14 19:57:46 | 000,219,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
MOD - [2012/11/09 17:34:12 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
MOD - [2012/11/08 19:28:10 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
MOD - [2012/11/08 19:27:48 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
MOD - [2012/04/24 09:19:16 | 000,238,592 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
MOD - [2012/04/13 11:12:18 | 000,059,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
MOD - [2012/04/13 11:12:18 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
MOD - [2012/03/23 18:15:58 | 000,988,160 | ---- | M] () -- C:\Program Files (x86)\Razer\Core\Plugins\ChatApplet\libssh2.dll
MOD - [2012/03/08 16:56:40 | 000,510,464 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
MOD - [2012/03/02 16:23:26 | 000,577,621 | ---- | M] () -- C:\Program Files (x86)\Razer\Core\Plugins\ChatApplet\sqlite3.dll
MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lame_enc.dll
MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\sqlite3.dll
MOD - [2012/02/22 16:52:16 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/02 15:38:20 | 002,248,704 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/04/15 17:26:36 | 000,980,280 | ---- | M] () -- C:\Program Files (x86)\VOX\JamVOX\JVExec.exe
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBMANAGE.DLL

========== Services (SafeList) ==========

SRV:64bit: - [2013/08/28 05:17:13 | 014,997,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/18 09:47:16 | 008,518,008 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2012/04/18 09:47:16 | 000,567,672 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
SRV - [2013/10/09 23:17:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 10:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/27 02:37:44 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/18 06:28:16 | 000,878,888 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe -- (hshld)
SRV - [2013/09/18 06:27:50 | 000,556,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/09/18 04:35:24 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/08/28 05:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/08/27 03:15:40 | 000,032,960 | ---- | M] (Razer) [Auto | Running] -- C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe -- (RzOvlMon)
SRV - [2013/08/16 17:37:02 | 000,757,144 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/06/26 12:31:08 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/30 05:24:28 | 005,117,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/07/06 13:15:26 | 002,656,536 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/07/06 13:15:20 | 000,326,424 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/18 04:31:12 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/08/27 03:05:21 | 000,128,984 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzDxgk.sys -- (RzDxgk)
DRV:64bit: - [2013/08/27 03:05:21 | 000,074,456 | ---- | M] (Razer USA Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RzFilter.sys -- (RzFilter)
DRV:64bit: - [2013/08/20 21:33:40 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/06/16 20:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/04/25 03:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/01/29 19:21:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/29 14:04:36 | 000,065,912 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/03/29 14:04:36 | 000,013,688 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/03/29 14:04:32 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/06/10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/28 07:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/28 07:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/28 05:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/28 05:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/15 01:00:00 | 000,062,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\JamDRV.sys -- (JAMVOX_AA)
DRV:64bit: - [2009/04/15 01:00:00 | 000,031,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JamWdm.sys -- (JAMVOX_01)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C 74 DD 0E 46 12 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.24.0.9
FF - prefs.js..extensions.enabledAddons: %7Bf701c26a-479a-4724-b4f1-870db12f063c%7D:1.4.4
FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.8
FF - prefs.js..extensions.enabledAddons: %7BB042753D-F57E-4e8e-A01B-7379A6D4CEFB%7D:1.35
FF - prefs.js..extensions.enabledAddons: afext%40anchorfree.com:3.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.6: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/26 12:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/12 00:43:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/26 12:31:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/12 00:43:03 | 000,000,000 | ---D | M]

[2012/03/10 21:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/10/06 00:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions
[2013/05/02 23:38:11 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012/03/13 21:15:01 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\[email protected]
[2013/01/01 10:25:46 | 000,067,812 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
[2013/07/28 13:20:30 | 000,223,750 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/02/10 00:02:03 | 000,328,332 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013/10/06 00:17:59 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/04/07 11:53:55 | 000,043,307 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}.xpi
[2013/06/26 12:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/26 12:31:05 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/09/01 23:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/26 12:31:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/01 23:31:03 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]
[2012/01/12 16:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = https://www.google.c...q=t&channel=rcs
CHR - default_search_provider: suggest_url = https://www.google.c...q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: Dropdown List of Most Visited Links = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah\0.5_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/10/19 10:07:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [JamInit] C:\Windows\SysNative\InitJam.exe (Korg Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GarenaPlus] C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Razer Comms] C:\Program Files (x86)\Razer\Core\RazerCore.exe (Razer)
O4 - HKCU..\Run: [Steam] C:\program files (x86)\steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AE76720-B3CC-4EB0-B3AB-0845216492DE}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32BB1182-7706-4C35-9E35-39C64A3E8B9E}: DhcpNameServer = 202.65.247.32 202.65.244.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A05D824F-D3DF-47F2-B212-86EF81DD0CF3}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/08/23 22:28:53 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.TMB1 - tmb1-v64.dll ()
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - frapsvid.dll File not found
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.TMB1 - C:\Windows\SysWow64\tmb1-v32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/19 10:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/19 10:24:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/19 10:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/19 10:13:29 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2013/10/19 10:07:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/10/19 10:05:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/19 09:56:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/19 09:56:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/19 09:56:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/19 09:56:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/19 09:56:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/19 09:55:50 | 005,134,711 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/10/19 09:50:47 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/19 09:50:19 | 001,954,124 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/10/19 09:44:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/17 11:32:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/10/15 16:14:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yuuguu
[2013/10/15 11:02:28 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/15 11:02:28 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/13 08:20:04 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/10/10 23:13:35 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/10 23:13:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/10 23:13:34 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/10/10 23:13:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/10/10 23:13:34 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/10/10 23:13:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/10 23:13:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/10/10 23:13:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/10/10 23:13:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/10/10 23:13:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/10/10 23:13:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/10/10 23:13:33 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/10 23:13:33 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/10 23:13:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/10 23:13:33 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/10 22:06:27 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/10 22:06:20 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/10 22:06:19 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/10 22:06:19 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/10 22:06:19 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/10 22:06:19 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/10 22:06:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/10 22:06:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/10 22:06:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/10 22:05:14 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/10 22:05:14 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/10 22:05:08 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/10 22:04:16 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/10 22:04:16 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/10 22:04:16 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/10 22:04:15 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/10 22:04:15 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/10 22:04:15 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/10 22:04:15 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/10 22:04:15 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/10 22:04:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/10 22:04:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/10 22:04:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/10 22:04:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/10 22:04:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/10 22:04:03 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 22:04:03 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 22:03:58 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/08 08:49:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashDumps
[2013/10/02 07:18:43 | 030,334,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/10/02 07:18:43 | 015,832,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/10/02 07:18:43 | 011,345,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/10/02 07:18:43 | 003,130,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/10/02 07:18:43 | 001,239,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/10/02 07:18:43 | 000,654,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013/10/02 07:18:43 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013/10/02 07:18:43 | 000,317,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013/10/02 07:18:43 | 000,266,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013/10/02 07:18:43 | 000,168,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/10/02 07:18:42 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/10/02 07:18:42 | 022,925,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/10/02 07:18:42 | 018,229,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/10/02 07:18:42 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/10/02 07:18:42 | 011,292,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/10/02 07:18:42 | 009,480,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/10/02 07:18:42 | 009,436,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/10/02 07:18:42 | 003,121,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/10/02 07:18:42 | 002,945,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/10/02 07:18:42 | 002,745,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/10/02 07:18:42 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433140.dll
[2013/10/02 07:18:42 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433140.dll
[2013/10/02 07:18:42 | 000,696,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013/10/02 07:18:42 | 000,559,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013/10/02 07:18:42 | 000,141,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/09/29 21:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/09/29 21:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2013/09/29 21:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/09/29 21:44:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\usbvaccine
[2013/09/27 14:00:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Maintainability
[2013/09/27 13:10:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\scheduling
[2013/09/27 02:37:50 | 000,587,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013/09/24 22:13:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Razer
[2013/09/24 22:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Comms
[2013/09/24 22:04:50 | 000,074,456 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzFilter.sys
[2013/09/24 22:04:49 | 000,128,984 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzDxgk.sys
[2013/09/24 22:04:37 | 000,000,000 | ---D | C] -- C:\Windows\Razer Core
[2013/09/24 22:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2013/09/24 22:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2013/09/23 03:20:15 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/09/21 11:02:03 | 000,000,000 | R--D | C] -- C:\Users\Owner\Google Drive
[2013/09/21 11:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/09/20 22:03:47 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432723.dll
[2013/09/20 22:03:47 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432723.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/19 10:27:02 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/19 10:27:02 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/19 10:24:41 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/19 10:20:10 | 000,224,256 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
[2013/10/19 10:18:17 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/19 10:18:09 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/19 10:18:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/19 10:17:58 | 2132,406,271 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/19 10:13:14 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2013/10/19 10:07:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/19 09:55:21 | 005,134,711 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/10/19 09:50:16 | 001,954,124 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/10/19 02:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/18 23:11:00 | 000,000,220 | ---- | M] () -- C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
[2013/10/17 11:32:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/10/17 10:16:46 | 001,198,941 | ---- | M] () -- C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
[2013/10/15 21:53:31 | 000,454,227 | ---- | M] () -- C:\Users\Owner\Desktop\IMG_15102013_215300.png
[2013/10/15 16:14:31 | 000,000,897 | ---- | M] () -- C:\Users\Owner\Desktop\Yuuguu.lnk
[2013/10/15 16:14:31 | 000,000,877 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yuuguu.lnk
[2013/10/12 15:54:57 | 000,370,894 | ---- | M] () -- C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
[2013/10/12 15:38:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2013/10/12 12:43:08 | 000,001,011 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/10/12 12:42:58 | 000,000,979 | ---- | M] () -- C:\Users\Owner\Desktop\Dropbox.lnk
[2013/10/11 06:43:33 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/11 06:43:33 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/11 06:43:33 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/11 06:36:33 | 000,607,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 23:12:21 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 23:17:27 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/09 23:17:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/07 23:11:30 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/29 21:38:23 | 000,132,597 | ---- | M] () -- C:\Users\Owner\Desktop\Flash_Disinfector.exe
[2013/09/27 17:13:24 | 000,189,099 | ---- | M] () -- C:\Users\Owner\Desktop\Bharath Prabhu CV.pdf
[2013/09/27 16:57:55 | 030,334,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/09/27 16:57:55 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/09/27 16:57:55 | 022,925,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/09/27 16:57:55 | 018,259,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013/09/27 16:57:55 | 018,229,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/09/27 16:57:55 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/09/27 16:57:55 | 015,832,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/09/27 16:57:55 | 015,232,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013/09/27 16:57:55 | 011,345,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/09/27 16:57:55 | 011,292,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/09/27 16:57:55 | 009,480,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/09/27 16:57:55 | 009,436,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/09/27 16:57:55 | 003,130,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/09/27 16:57:55 | 003,121,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/09/27 16:57:55 | 003,052,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013/09/27 16:57:55 | 002,945,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/09/27 16:57:55 | 002,745,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/09/27 16:57:55 | 002,682,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/09/27 16:57:55 | 001,884,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433140.dll
[2013/09/27 16:57:55 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433140.dll
[2013/09/27 16:57:55 | 001,432,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013/09/27 16:57:55 | 001,239,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/09/27 16:57:55 | 000,696,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013/09/27 16:57:55 | 000,654,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013/09/27 16:57:55 | 000,599,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013/09/27 16:57:55 | 000,559,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013/09/27 16:57:55 | 000,317,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013/09/27 16:57:55 | 000,266,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013/09/27 16:57:55 | 000,168,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/09/27 16:57:55 | 000,141,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/09/27 16:57:55 | 000,023,307 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/09/27 15:45:00 | 006,641,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013/09/27 15:45:00 | 003,483,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013/09/27 15:44:57 | 000,219,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013/09/27 15:44:57 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013/09/27 02:37:50 | 000,587,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013/09/26 21:32:08 | 003,386,608 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/09/24 22:04:57 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\Razer Comms.lnk
[2013/09/24 22:04:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf
[2013/09/23 21:21:36 | 000,000,056 | ---- | M] () -- C:\Windows\kgt2k.INI
[2013/09/23 07:27:49 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/23 07:27:48 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/23 07:27:48 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/23 07:27:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/23 07:27:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/23 06:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/23 06:54:55 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/23 06:54:51 | 003,959,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/23 06:54:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/23 06:54:50 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/23 06:54:50 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/23 06:54:50 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/23 06:54:50 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/23 03:20:05 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/09/21 11:02:04 | 000,001,653 | ---- | M] () -- C:\Users\Owner\Desktop\Google Drive.lnk
[2013/09/21 11:01:21 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2013/09/21 11:01:21 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2013/09/21 11:01:21 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2013/09/21 10:48:36 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/21 10:39:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/19 10:24:41 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/19 09:56:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/19 09:56:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/19 09:56:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/19 09:56:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/19 09:56:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/17 10:16:48 | 001,198,941 | ---- | C] () -- C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
[2013/10/15 21:53:22 | 000,454,227 | ---- | C] () -- C:\Users\Owner\Desktop\IMG_15102013_215300.png
[2013/10/15 16:14:31 | 000,000,897 | ---- | C] () -- C:\Users\Owner\Desktop\Yuuguu.lnk
[2013/10/15 16:14:31 | 000,000,877 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yuuguu.lnk
[2013/10/14 22:36:43 | 000,000,220 | ---- | C] () -- C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
[2013/10/12 15:55:03 | 000,370,894 | ---- | C] () -- C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
[2013/09/29 21:38:17 | 000,132,597 | ---- | C] () -- C:\Users\Owner\Desktop\Flash_Disinfector.exe
[2013/09/27 17:12:32 | 000,189,099 | ---- | C] () -- C:\Users\Owner\Desktop\Bharath Prabhu CV.pdf
[2013/09/24 22:15:42 | 000,224,256 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
[2013/09/24 22:04:57 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\Razer Comms.lnk
[2013/09/24 22:04:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf
[2013/09/23 21:22:22 | 000,000,639 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz.lnk
[2013/09/23 21:22:22 | 000,000,611 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz Uninstall.lnk
[2013/09/23 21:21:36 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2013/09/21 11:02:04 | 000,001,653 | ---- | C] () -- C:\Users\Owner\Desktop\Google Drive.lnk
[2013/09/21 11:01:21 | 000,002,044 | ---- | C] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2013/09/21 11:01:21 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2013/09/21 11:01:21 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2013/08/24 11:49:19 | 000,007,168 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/09 17:42:14 | 000,045,270 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\room_v3.dat
[2013/03/27 21:09:55 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/23 20:49:08 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\tmb1-v32.dll
[2012/09/23 18:55:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/15 11:50:56 | 000,007,597 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/05/29 16:16:39 | 000,001,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/05/29 16:11:56 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/04/24 22:16:19 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST1000DM003-9YN162 ATA Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: Acer D110 USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 488.00GB
Starting Offset: 105906176
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 443.00GB
Starting Offset: 524288000000
Hidden sectors: 0

DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 32256
Hidden sectors: 0

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/03/21 18:04:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Adobe
[2012/03/21 12:36:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2013/04/06 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Atari
[2012/03/11 14:49:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2013/10/17 23:41:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2013/08/29 13:16:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2013/10/19 10:19:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2013/07/15 21:20:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GameRanger
[2013/08/04 21:12:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Garena
[2013/10/19 10:21:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GarenaPlus
[2012/04/26 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Guitar Pro 6
[2013/03/09 01:02:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hotspot Shield
[2012/03/10 19:36:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Identities
[2012/09/18 16:29:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2012/12/24 12:10:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient
[2012/03/10 22:01:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Macromedia
[2012/03/11 09:52:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2011/04/12 16:28:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Media Center Programs
[2013/07/10 21:54:42 | 000,000,000 | --SD | M] -- C:\Users\Owner\AppData\Roaming\Microsoft
[2012/03/10 21:34:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla
[2012/03/17 20:17:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NVIDIA
[2012/09/23 20:49:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayClaw3
[2013/03/22 14:54:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayClaw4
[2013/10/19 10:22:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Skype
[2012/08/07 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Subversion
[2012/03/11 00:46:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
[2013/08/18 20:54:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tunngle
[2013/09/28 00:27:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\vlc
[2012/05/23 18:43:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VOX
[2012/03/14 21:27:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinRAR
[2012/04/26 20:28:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WTablet
[2013/01/10 01:30:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\xim

< MD5 for: ATAPI.SYS >
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/14 09:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/14 09:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 13:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 14:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 11:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 11:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2010/11/21 11:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2013/09/07 10:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[2010/11/21 11:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2013/09/08 10:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\erdnt\cache64\mswsock.dll
[2013/09/08 10:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll
[2013/09/08 10:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
[2013/09/07 10:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
[2013/09/08 10:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\erdnt\cache86\mswsock.dll
[2013/09/08 10:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
[2013/09/08 10:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/14 09:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/14 09:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/14 09:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/14 09:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2012/01/13 15:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 15:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/21 11:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/04 00:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/21 11:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/04 01:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/04 01:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2012/10/04 01:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/14 09:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/14 09:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/14 09:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/14 09:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/14 09:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/14 09:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 11:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/21 11:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 11:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 11:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/21 11:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 11:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 11:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/21 11:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 11:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/14 09:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/14 09:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/14 09:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/14 09:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/14 09:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/14 09:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/14 09:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/14 09:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/06/26 12:31:07 | 000,865,968 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/06/26 12:31:07 | 000,865,968 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/06/26 12:31:07 | 000,865,968 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013/06/26 12:31:08 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/06/26 12:31:08 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/06/26 12:31:08 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/09/23 09:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2013/09/23 07:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/06/26 12:31:07 | 000,865,968 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/06/26 12:31:07 | 000,865,968 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/06/26 12:31:07 | 000,865,968 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2013/06/26 12:31:08 | 000,920,472 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/06/26 12:31:08 | 000,920,472 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/06/26 12:31:08 | 000,920,472 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/09/23 06:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/09/23 06:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/09/23 06:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/09/23 09:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2013/09/23 07:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

OTL Extras logfile created on: 10/19/2013 10:31:54 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.45 Gb Available Physical Memory | 68.32% Memory free
15.96 Gb Paging File | 13.01 Gb Available in Paging File | 81.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488.18 Gb Total Space | 22.76 Gb Free Space | 4.66% Space Free | Partition Type: NTFS
Drive D: | 443.23 Gb Total Space | 56.66 Gb Free Space | 12.78% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 121.62 Gb Free Space | 13.06% Space Free | Partition Type: FAT32
Drive G: | 7.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PRABHU | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D8EB13-1A59-4AD1-9B63-CCAC98DF0A43}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{334A799A-B972-439B-95B0-63A77E219630}" = lport=6976 | protocol=17 | dir=in | name=league of legends launcher |
"{4C415ACF-9B3C-42A5-AC1B-4C65BB10703D}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{5AE88C1C-28E7-47F9-9FFA-B5BBBAC6C19B}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{7D32C572-03AB-439A-AF37-C83CCCB6E48B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{9B797924-83A2-43D8-AAE8-0B4E0F00A0A6}" = lport=55555 | protocol=6 | dir=in | name=bitcomet 55555 tcp |
"{B5808460-B3AF-493A-BA62-0B203E4EEA1B}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{BE756067-FF34-4373-8590-132A9543A89D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C56C4FB8-E6FE-4434-B474-F10F6F9678BD}" = lport=6976 | protocol=6 | dir=in | name=league of legends launcher |
"{CE561786-70BC-472B-AABF-B7EE3DDD1EC9}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{D27D5043-5B3B-409F-90E9-7570C5AE2BF6}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{E672C1FE-A10E-41DC-93EB-F18C4B214834}" = lport=55555 | protocol=17 | dir=in | name=bitcomet 55555 udp |
"{FCA107D8-37B1-41B4-8D5B-AC309DDC7CBE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D1546B-91BB-4BD9-9F3D-3F645694158B}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{04F1A8C7-6B39-4614-9A52-9AB2F338434D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0F3A1A18-2709-4056-AA96-967B37E6D6DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{177D1E83-C8F5-4B4C-953F-51399CB3E155}" = protocol=6 | dir=in | app=c:\garenadownload\games\blackshot\blackshot_garenaplus_installer.exe |
"{21A9F5F1-1401-4571-AC78-75162A76E710}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{243FA1C8-0B5F-4956-A93B-56E74DFDBD65}" = protocol=17 | dir=in | app=c:\users\owner\downloads\lolinstaller.exe |
"{272A33C4-1CBF-4EBC-9F82-AA5331ECC64D}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{28BE6C2C-1B21-4840-A5DC-E05E1732FE55}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{297BB662-F613-4605-96D1-E227D73EE4C3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3376F5C1-9CBE-45CB-84CD-2F81EC2F238B}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{365E0F56-47E4-4FCA-801A-D605FC04866D}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{36736D1C-7BE1-41DB-B0F8-08693D1DA6D8}" = dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe |
"{36BD9ACA-6DF0-41F1-9B0A-0B35BD1A0B5F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{38A487B3-F12B-4D10-A792-2199C6D5093B}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"{42948856-0B40-4A79-8717-64D989072294}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{49DF12DB-B1C5-42FD-A25F-1612F4EBF0FF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4CE46A99-EDA1-4A41-8DC3-213EACF61EC8}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |
"{51753E25-4D57-4362-A4D8-0034A591A837}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"{54E7276C-4AC8-4921-B28A-64E808FA70A8}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{54FB6DB7-8B07-4F04-B54C-358E588BFB02}" = protocol=6 | dir=in | app=c:\users\owner\downloads\lolinstaller.exe |
"{55231A5D-081C-4469-9FB9-DCEF34132179}" = protocol=17 | dir=in | app=c:\garenadownload\games\blackshot\blackshot_garenaplus_installer.exe |
"{6006DD8C-7022-490D-8053-2EC4B5B948AC}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalol\gamedata\apps\lol\game\league of legends.exe |
"{635C52B1-FB1A-4242-9DEA-87575300F7AE}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |
"{6BC08D1D-DF65-46DB-BE12-B640A0475C69}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\super street fighter iv\ssfiv.exe |
"{6C2F5A9F-A293-4752-81A2-44CC63DD3A61}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{6E47A0C3-7874-4655-9DFA-0D8FB51C5AC5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{795479A0-A66D-4568-B55C-56F3578EC438}" = dir=in | app=c:\program files (x86)\garena plus\ggdllhost.exe |
"{7EF19D3A-A08F-43C7-9DA0-BFB3B6AE748D}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalol\gamedata\apps\lol\game\league of legends.exe |
"{8B9658D3-C069-4F85-B022-5A19A0DB9C12}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{91779E98-3287-4A6F-B0A0-AB3CB9E20971}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |
"{94399714-D320-4759-8CD2-787BB05C4945}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{9919C639-B0C2-499A-A548-95D4CEDACB5A}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{A196EA25-3F61-4F23-B80E-9A8E350705D5}" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\apps\blackshot\blackshot\system\blackshot.exe |
"{A753B4C5-6339-424D-AE7E-FBF76C2DDC2B}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{A9AC3FB3-73AD-4566-8F9D-014ABA457317}" = protocol=17 | dir=in | app=c:\program files (x86)\garenalol\gamedata\apps\lol\air\lolclient.exe |
"{B02EB666-0F8A-437E-A2E1-082D08BC63BA}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{B5F93A3B-0E6D-455C-8371-3F99AAF8ACFA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C547C7CC-DA46-4D78-9824-E3CF1D604872}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{C8D5F7D2-5C98-4AD7-B4FA-8B52F2E3A71E}" = protocol=17 | dir=in | app=c:\program files (x86)\disney interactive studios\split second\splitsecond.exe |
"{CA10EE60-AF1A-4CDA-AACC-D58B27D3B96A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CDC54F43-382B-4E00-BA74-850A6488CC5A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{CEC809C2-8C0F-4D91-8E8B-D6C4358D8BC3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D3371847-81DB-48BA-9B1D-5E5E742FBF86}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe |
"{D782F462-6C44-494C-877D-F5C564B2A6D5}" = protocol=6 | dir=in | app=c:\program files (x86)\disney interactive studios\split second\splitsecond.exe |
"{D9E3C5BB-2C15-45A2-BE47-BE4D396E9B3A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{EAB5230D-806F-4AEB-9A57-D90E7791DB47}" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\apps\blackshot\blackshot\system\blackshot.exe |
"{EC3920EB-15E1-4283-ADA8-C300A55394B5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EF3227F4-1F18-4E87-A482-2A2CE149C58A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F305184B-052C-4F22-BB3A-9A6A6F08B912}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F5024119-CAB5-404C-BD8D-640AA4955BB6}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\super street fighter iv\ssfiv.exe |
"{F6C44CBF-F2A2-4FF2-972D-505E24BC1F94}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F6C473EA-BC83-485F-B744-163568BEFADA}" = protocol=6 | dir=in | app=c:\program files (x86)\garenalol\gamedata\apps\lol\air\lolclient.exe |
"{FB35CFB2-F484-4B35-94F6-C880482F8DE4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{FB75C30C-5F61-4817-8CFF-33B95A88E868}" = dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{134341BF-2B57-4D90-BC57-6E2A29DA55EB}C:\program files (x86)\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty- modern warfare 3\iw5mp_server.exe |
"TCP Query User{35B26551-8130-41E2-80D5-ED7076C77208}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"TCP Query User{47E7D5EE-5817-40F6-AB4A-0B88C6B62CEB}C:\program files (x86)\call of duty- modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty- modern warfare 3\iw5mp.exe |
"TCP Query User{4F677C7E-189F-4FA0-919D-3A8763A51FF2}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe |
"TCP Query User{5C021090-5536-456E-8E5C-6E791A6D9C5F}D:\age of empires ii+age of empires 2 - the conquerors expansion+stuff with online play\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\age of empires ii+age of empires 2 - the conquerors expansion+stuff with online play\age2_x1\age2_x1.exe |
"TCP Query User{5C8AAB98-8000-4646-B9FC-C8B786E13071}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{5EC56224-C77A-4E9F-B891-4CD409D04FC3}C:\users\owner\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{6332ECAE-A4A4-4FEC-8371-94C53A7D75D8}C:\program files (x86)\prototype 2\prototype2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\prototype 2\prototype2.exe |
"TCP Query User{6716ED11-697F-4B6A-9CFF-18FDD6AB6335}C:\program files (x86)\activision\call of duty black ops ii\t6sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty black ops ii\t6sp.exe |
"TCP Query User{738B08C5-6145-4857-A4C3-687648CCB872}D:\dolphin emu\dolphin.exe" = protocol=6 | dir=in | app=d:\dolphin emu\dolphin.exe |
"TCP Query User{8495F005-1AB9-405D-BD38-3E1583DA33BB}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{854CB686-A369-4E99-AF62-AD2D12EDBAC1}D:\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\vlc\vlc.exe |
"TCP Query User{97C7D8D5-44B6-4911-8461-B4F2CAE2725A}C:\program files (x86)\ea games\alice madness returns\alice1\bin\alice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\alice madness returns\alice1\bin\alice.exe |
"TCP Query User{98E09817-F9FE-4120-B88C-C3410D172871}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{9ACF4816-8564-438B-AC2D-286C6A343963}C:\program files (x86)\garena plus\garenamessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\garenamessenger.exe |
"TCP Query User{9E3FA4B4-584E-414F-803B-8FDD9D85EFE4}C:\program files (x86)\ea games\alice madness returns\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\alice madness returns\alice2\binaries\win32\alicemadnessreturns.exe |
"TCP Query User{F004DE66-B70C-4B0A-84EA-3C50BF5891B5}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{F5C62117-C79F-41BF-9FC0-3D1FFF44FDDD}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe |
"TCP Query User{F8D14BAB-BDF0-4A55-B7BC-C61EB6F8A400}C:\program files (x86)\resident evil 6\bh6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\resident evil 6\bh6.exe |
"TCP Query User{FC8445A7-9E72-422B-A7D3-15CE4438A411}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird.exe |
"TCP Query User{FDA77FD8-1BAC-4A87-9C18-491CCC7662B6}C:\program files (x86)\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"UDP Query User{0500E99C-D2FA-4816-B6B8-B508CEEC9E25}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{07BFE6EF-0FD6-4430-8258-FC471DEDD43F}C:\program files (x86)\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"UDP Query User{26EC4009-6C43-40C3-A0DB-374BF44009BC}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird.exe |
"UDP Query User{3665C082-2A28-4CDB-BA0E-397480E08499}D:\age of empires ii+age of empires 2 - the conquerors expansion+stuff with online play\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\age of empires ii+age of empires 2 - the conquerors expansion+stuff with online play\age2_x1\age2_x1.exe |
"UDP Query User{50593770-D614-4080-9D0E-B2770039BB1F}D:\dolphin emu\dolphin.exe" = protocol=17 | dir=in | app=d:\dolphin emu\dolphin.exe |
"UDP Query User{595C6150-11E8-4EFA-8758-72167950CEC1}C:\program files (x86)\call of duty- modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty- modern warfare 3\iw5mp.exe |
"UDP Query User{5B66FCB9-05A7-4604-B7E6-F01D97A59CE1}C:\program files (x86)\call of duty- modern warfare 3\iw5mp_server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty- modern warfare 3\iw5mp_server.exe |
"UDP Query User{69754063-593B-48DB-BEA4-CAB239D7C912}C:\program files (x86)\garena plus\garenamessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\garenamessenger.exe |
"UDP Query User{8B360B50-7702-407D-9A94-0023788F1658}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe |
"UDP Query User{9A12C482-CD3B-46BB-99D9-92C73BDCBF1E}C:\users\owner\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{A60FCBE0-CCBC-4C87-90A8-969073275021}C:\program files (x86)\resident evil 6\bh6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\resident evil 6\bh6.exe |
"UDP Query User{A8B26335-8F4A-424D-99E4-E4FA48846B89}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe |
"UDP Query User{AD9C2194-9B02-4165-994B-6F20F4946473}C:\program files (x86)\ea games\alice madness returns\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\alice madness returns\alice2\binaries\win32\alicemadnessreturns.exe |
"UDP Query User{B4D3A689-6F49-4888-B640-A727C75982D7}C:\program files (x86)\ea games\alice madness returns\alice1\bin\alice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\alice madness returns\alice1\bin\alice.exe |
"UDP Query User{B71EEA88-15BF-4C37-92B4-8AE1FF0E318B}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{B9946A23-9509-483F-B5B8-E19A8F59CAEA}C:\program files (x86)\prototype 2\prototype2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\prototype 2\prototype2.exe |
"UDP Query User{BB72825E-6368-45B1-B7FB-0F989014A839}C:\program files (x86)\activision\call of duty black ops ii\t6sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty black ops ii\t6sp.exe |
"UDP Query User{BD11D42D-7DE3-4C14-86BF-956D0870F79F}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe |
"UDP Query User{C3367017-5276-45A5-B07B-322FEB012405}D:\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\vlc\vlc.exe |
"UDP Query User{D682FBE3-B8FE-4CB0-8854-49E9BBBC4526}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{DC1AF856-BFA4-4444-B28B-218C6A2015F6}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.40
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.40
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.40
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.40
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 8.3.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.5
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Wacom Tablet Driver" = Wacom Tablet
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0BC95CC8-CFE7-4C60-9DBF-258443C3C6C6}_is1" = Resident Evil 6 version 5.1
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{10640F6D-6AB0-401E-9FC6-A94D19C580BC}" = Windows Live UX Platform Language Pack
"{147FBA18-A6BB-4AD5-8F0A-37380AAABD76}" = Photo Common
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{2020C08E-74F5-4E9F-BD2A-41F8CB6EBA10}" = Photo Gallery
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2793DCD8-0960-4D37-86B2-85BFFA10D59C}" = JamVOX
"{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{3C5F91EF-5C0B-4D13-BCBE-0FC6FC3ED7F9}" = Movie Maker
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{432CF492-2A3C-4F96-821A-E102B6F18F07}_is1" = Grid 2 version 5.1
"{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesigner_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesigner_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesigner_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_SharePointDesigner_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91D59688-8209-4569-B581-B870BDC74EAB}" = Windows Live Messenger
"{936D4074-6A57-45ED-AF5A-F7CF5A56DE6F}" = Windows Live Essentials
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B810D852-DFD6-DARKSIII-89A5-CC4D47756DAF}_is1" = DarkSiders II version 5.1
"{B810D852-DFD6-DMC-89A5-CC4D47756DAF}_is1" = DmC Devil may Cry version 5.1
"{B810D852-DFD6-FC3-89A5-CC4D47756DAF}_is1" = FarCry 3 version 5.1
"{B810D852-DFD6-PROT2L-89A5-CC4D47756DAF}_is1" = Prototype 2 version 5.1
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Alice: Madness Returns_is1" = Alice: Madness Returns
"BioShock Infinite_is1" = BioShock Infinite
"BitComet_x64" = BitComet 1.35 64-bit
"BlackShot" = Garena - BlackShot
"Call of Duty Black Ops II_is1" = Call of Duty Black Ops II
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dishonored_is1" = Dishonored
"FLAC" = FLAC 1.2.1b (remove only)
"Fraps" = Fraps
"Frhed" = Frhed 1.6.0
"GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"Google Chrome" = Google Chrome
"Hitman Absolution_is1" = Hitman Absolution
"HotspotShield" = Hotspot Shield 3.17
"im" = Garena Plus
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LoL" = Garena - League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicPod" = MusicPod
"MySSID_is1" = Vtune 7.21
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PAYDAY 2_is1" = PAYDAY 2
"PixRecovery" = PixRecovery
"PlayClaw 4_is1" = PlayClaw 4
"PlayClaw_is1" = PlayClaw 3
"Quest3D3d Girlz" = 3d Girlz
"QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1" = Age of Empires II HD © Microsoft Studios version 1
"Razer Comms" = Razer Comms
"Razer Core" = Razer Core
"Saints Row The Third_is1" = Saints Row The Third
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"Simple Port Forwarding" = Simple Port Forwarding
"Steam App 570" = Dota 2
"Steam App 8930" = Sid Meier's Civilization V
"Tunngle beta_is1" = Tunngle beta
"U2FpbnRzUm93SVY=_is1" = Saints Row IV
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GameRanger" = GameRanger

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2013 8:06:48 PM | Computer Name = Prabhu | Source = WinMgmt | ID = 10
Description =

Error - 10/16/2013 5:28:38 AM | Computer Name = Prabhu | Source = WinMgmt | ID = 10
Description =

Error - 10/16/2013 9:32:16 PM | Computer Name = Prabhu | Source = WinMgmt | ID = 10
Description =

Error - 10/17/2013 8:29:03 AM | Computer Name = Prabhu | Source = WinMgmt | ID = 10
Description =

Error - 10/17/2013 6:32:59 PM | Computer Name = Prabhu | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2013 10:59:09 AM | Computer Name = Prabhu | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2013 9:39:45 PM | Computer Name = Prabhu | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2013 9:48:12 PM | Computer Name = Prabhu | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2013 10:08:30 PM | Computer Name = Prabhu | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2013 10:19:50 PM | Computer Name = Prabhu | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10/17/2013 8:34:18 AM | Computer Name = Prabhu | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 10/17/2013 6:38:12 PM | Computer Name = Prabhu | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 10/18/2013 10:59:04 AM | Computer Name = Prabhu | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Razer
Overlay Subsystem Emergency Service service to connect.

Error - 10/18/2013 10:59:04 AM | Computer Name = Prabhu | Source = Service Control Manager | ID = 7000
Description = The Razer Overlay Subsystem Emergency Service service failed to start
due to the following error: %%1053

Error - 10/18/2013 9:44:56 PM | Computer Name = Prabhu | Source = Service Control Manager | ID = 7000
Description = The Intel® Management and Security Application User Notification
Service service failed to start due to the following error: %%109

Error - 10/18/2013 9:53:37 PM | Computer Name = Prabhu | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 10/18/2013 10:02:31 PM | Computer Name = Prabhu | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/18/2013 10:04:42 PM | Computer Name = Prabhu | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 10/18/2013 10:05:14 PM | Computer Name = Prabhu | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/18/2013 10:19:06 PM | Computer Name = Prabhu | Source = DCOM | ID = 10010
Description =

< End of report >

Farbar Service Scanner Version: 13-09-2013
Ran by Owner (administrator) on 19-10-2013 at 10:42:40
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-10-10 22:05] - [2013-09-14 09:10] - 0497152 ____A (Microsoft Corporation) 314C17917AC8523EC77A710215012A65

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-10 22:05] - [2013-09-08 10:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Thank you so much for your help!

#5
RKinner

Posted 18 October 2013 - 09:04 PM

Malware Expert

Expert
24,442 posts

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 7 Update 25 (x32 Version: 7.0.250)
Java™ 6 Update 29 (x32 Version: 6.0.290)

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that then run FRST again and do a scan and copy and post that too.

How is it running now?

#6
frozenthunder

Posted 18 October 2013 - 09:24 PM

Member

Topic Starter
Member
140 posts

Hi Ron! That seems to have fixed it!! Thanks so much!!!

However, is it safe for me to plug in my thumbdrive? The same problem occurred in my thumbdrive the last time i plugged it in. But my harddrive seems to be ok now!

Thanks alot for all your help! Its greatly appreciated!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Owner at 2013-10-19 11:19:55 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [wmi32] - C:\ProgramData\Application Data\wmimgmt.exe [0 ] (Marvell Inc)
BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x]
S3 TBPanel; No ImagePath
C:\Users\Owner\Desktop\Yuuguu.lnk
C:\Users\Owner\Downloads\yuuguu-PC-installer.exe
C:\Users\Owner\Desktop\Yuuguu.lnk
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yuuguu
C:\Users\Owner\Downloads\yuuguu-PC-installer.exe
C:\ProgramData\wmimgmt.exe
C:\Users\Owner\AppData\Local\Temp\vfind.exe

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\wmi32 => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} => Key deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.
TBPanel => Service deleted successfully.
C:\Users\Owner\Desktop\Yuuguu.lnk => Moved successfully.
C:\Users\Owner\Downloads\yuuguu-PC-installer.exe => Moved successfully.
"C:\Users\Owner\Desktop\Yuuguu.lnk" => File/Directory not found.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yuuguu => Moved successfully.
"C:\Users\Owner\Downloads\yuuguu-PC-installer.exe" => File/Directory not found.
"C:\ProgramData\wmimgmt.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\vfind.exe" => File/Directory not found.

==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Owner (administrator) on PRABHU on 19-10-2013 11:20:29
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Razer) C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Korg Inc.) C:\Windows\System32\InitJam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
() C:\Program Files (x86)\Vtune\TBPANEL.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\steam\Steam.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Razer) C:\Program Files (x86)\Razer\Core\RazerCore.exe
() C:\Program Files (x86)\VOX\JamVOX\JVExec.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [JamInit] - C:\Windows\system32\InitJam.exe [253008 2009-04-15] (Korg Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-28] (NVIDIA Corporation)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-15] (Logitech Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [TBPanel] - C:\Program Files (x86)\Vtune\TBPanel.exe [2248704 2011-08-02] ()
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKCU\...\Run: [GarenaPlus] - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9739056 2013-08-06] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\program files (x86)\steam\Steam.exe [1813928 2013-10-09] (Valve Corporation)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKCU\...\Run: [Razer Comms] - C:\Program Files (x86)\Razer\Core\RazerCore.exe [1091264 2013-08-27] (Razer)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6C74DD0E4612CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.6 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: Виявлення пристроїв Logitech - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\[email protected]
FF Extension: BitComet 视频下载器 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{f701c26a-479a-4724-b4f1-870db12f063c}.xpi
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - https://www.google.c...q=t&channel=rcs
CHR DefaultSuggestURL: (Google) - https://www.google.c...q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (BitCometAgent) - C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll (BitComet)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (Dropdown List of Most Visited Links) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah\0.5_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [878888 2013-09-18] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-09-18] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [556840 2013-09-18] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5117384 2013-04-30] (INCA Internet Co., Ltd.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-28] (NVIDIA Corporation)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-08-27] (Razer)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [757144 2013-08-16] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-29] (DT Soft Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-09-18] (AnchorFree Inc.)
R3 JAMVOX_01; C:\Windows\System32\DRIVERS\JamWdm.sys [31824 2009-04-15] ()
R1 JAMVOX_AA; C:\Windows\System32\DRIVERS\JamDRV.sys [62544 2009-04-15] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [128984 2013-08-27] (Razer USA Ltd)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74456 2013-08-27] (Razer USA Ltd)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-25] (Anchorfree Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S3 JamVOXUSBAudioSrv; system32\drivers\jamvox.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-19 11:19 - 2013-10-19 11:19 - 00000625 _____ C:\Users\Owner\Downloads\fixlist.txt
2013-10-19 11:18 - 2013-10-19 11:18 - 00000000 ____D C:\ProgramData\Oracle
2013-10-19 11:18 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-19 11:18 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-19 11:18 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-19 11:18 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-19 11:17 - 2013-10-19 11:18 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-19 11:16 - 2013-10-19 11:16 - 00915368 _____ (Oracle Corporation) C:\Users\Owner\Downloads\chromeinstall-7u45.exe
2013-10-19 10:42 - 2013-10-19 10:42 - 00002419 _____ C:\Users\Owner\Desktop\FSS.txt
2013-10-19 10:41 - 2013-10-19 10:41 - 00358923 _____ (Farbar) C:\Users\Owner\Desktop\FSS.exe
2013-10-19 10:41 - 2013-10-19 10:41 - 00232802 _____ C:\Users\Owner\Desktop\OTL2.Txt
2013-10-19 10:41 - 2013-10-19 10:41 - 00106310 _____ C:\Users\Owner\Desktop\Extras2.Txt
2013-10-19 10:24 - 2013-10-19 10:24 - 00001105 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-19 10:24 - 2013-10-19 10:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-19 10:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-19 10:22 - 2013-10-19 10:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-19 10:13 - 2013-10-19 10:13 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2013-10-19 10:12 - 2013-10-19 10:13 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2013-10-19 10:11 - 2013-10-19 10:11 - 00037914 _____ C:\Users\Owner\Desktop\ComboFix.txt
2013-10-19 10:06 - 2013-10-19 10:17 - 00001458 _____ C:\Windows\PFRO.log
2013-10-19 09:56 - 2013-10-19 10:11 - 00000000 ____D C:\Qoobox
2013-10-19 09:56 - 2013-10-19 10:10 - 00000000 ____D C:\Windows\erdnt
2013-10-19 09:56 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-19 09:56 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-19 09:56 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-19 09:56 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-19 09:56 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-19 09:56 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-19 09:56 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-19 09:56 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-19 09:55 - 2013-10-19 09:55 - 05134711 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2013-10-19 09:55 - 2013-10-19 09:55 - 05134711 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2013-10-19 09:53 - 2013-10-19 09:54 - 00030263 _____ C:\Users\Owner\Desktop\Addition.txt
2013-10-19 09:50 - 2013-10-19 09:50 - 01954124 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-10-19 09:50 - 2013-10-19 09:50 - 01954124 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-10-19 09:50 - 2013-10-19 09:50 - 00000000 ____D C:\FRST
2013-10-19 09:48 - 2013-10-19 09:48 - 00017640 _____ C:\Users\Owner\Desktop\10192013_094418.log
2013-10-19 09:44 - 2013-10-19 09:44 - 00000000 ____D C:\_OTL
2013-10-17 22:53 - 2013-10-17 22:53 - 00104885 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.lets.come.together.paloma.and.klara.1080p.mp4.torrent
2013-10-17 22:52 - 2013-10-17 22:52 - 00011271 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.alyona.klara.paloma.strap.on.adventure.torrent
2013-10-17 22:52 - 2013-10-17 22:52 - 00011271 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.alyona.klara.paloma.strap.on.adventure (1).torrent
2013-10-17 22:49 - 2013-10-17 22:49 - 00034444 _____ C:\Users\Owner\Downloads\[kickass.to]younglegalporn.klara.take.me.right.here.torrent
2013-10-17 11:37 - 2013-10-19 10:40 - 00106310 _____ C:\Users\Owner\Desktop\Extras.Txt
2013-10-17 11:36 - 2013-10-19 10:39 - 00232802 _____ C:\Users\Owner\Desktop\OTL.Txt
2013-10-17 11:32 - 2013-10-17 11:32 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
2013-10-17 11:32 - 2013-10-17 11:32 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2013-10-17 10:16 - 2013-10-17 10:16 - 01198941 _____ C:\Users\Owner\Downloads\Folder_SLFiles (4).zip
2013-10-17 10:16 - 2013-10-17 10:16 - 01198941 _____ C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
2013-10-15 11:02 - 2013-09-04 20:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-14 22:36 - 2013-10-18 23:11 - 00000220 _____ C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
2013-10-13 08:20 - 2013-10-13 08:20 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-10-13 08:20 - 2013-10-13 08:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-10-12 15:55 - 2013-10-12 15:54 - 00370894 _____ C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
2013-10-12 15:54 - 2013-10-12 15:54 - 00370894 _____ C:\Users\Owner\Downloads\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
2013-10-10 23:13 - 2013-09-23 07:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 23:13 - 2013-09-23 07:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 23:13 - 2013-09-23 06:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 23:13 - 2013-09-23 06:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 23:13 - 2013-09-23 06:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 23:13 - 2013-09-23 06:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 23:13 - 2013-09-21 11:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 23:13 - 2013-09-21 11:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 23:13 - 2013-09-21 10:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 23:13 - 2013-09-21 10:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 22:06 - 2013-07-04 20:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 22:06 - 2013-07-04 19:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 22:06 - 2013-06-06 13:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 22:06 - 2013-06-06 13:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 22:06 - 2013-06-06 13:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 22:06 - 2013-06-06 13:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 22:06 - 2013-06-06 12:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 22:06 - 2013-06-06 12:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 22:06 - 2013-06-06 12:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 22:06 - 2013-06-06 11:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 22:06 - 2013-06-06 11:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 22:06 - 2013-06-06 11:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 22:05 - 2013-09-14 09:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 22:05 - 2013-09-08 10:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 22:05 - 2013-09-08 10:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 22:05 - 2013-09-08 10:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 22:05 - 2013-07-12 18:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 22:05 - 2013-07-12 18:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 22:05 - 2013-07-04 20:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 22:05 - 2013-07-04 20:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 22:05 - 2013-07-04 19:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 22:05 - 2013-07-04 19:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 22:05 - 2013-07-04 18:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 22:05 - 2013-07-03 12:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 22:05 - 2013-07-03 12:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 22:05 - 2013-07-03 12:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 22:05 - 2013-06-26 06:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 22:04 - 2013-08-29 10:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 22:04 - 2013-08-29 10:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 22:04 - 2013-08-29 10:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 22:04 - 2013-08-29 10:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 22:04 - 2013-08-29 10:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 22:04 - 2013-08-29 09:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 22:04 - 2013-08-29 09:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 22:04 - 2013-08-29 09:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 22:04 - 2013-08-29 09:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 22:04 - 2013-08-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 22:04 - 2013-08-29 09:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 22:04 - 2013-08-29 08:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 22:04 - 2013-08-29 08:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 22:04 - 2013-08-29 08:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 22:04 - 2013-08-29 08:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 22:04 - 2013-08-28 09:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 22:04 - 2013-08-01 20:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 22:04 - 2013-07-20 18:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 22:04 - 2013-07-20 18:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 22:03 - 2013-08-28 09:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-08 08:49 - 2013-10-08 08:49 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2013-10-03 11:22 - 2013-10-03 11:22 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012 (2).ppt
2013-10-02 21:44 - 2013-10-02 21:44 - 01439232 _____ C:\Users\Owner\Downloads\PF3302 Lecture 2 LSE 2010.ppt
2013-10-02 21:43 - 2013-10-02 21:43 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012 (1).ppt
2013-10-02 21:41 - 2013-10-02 21:41 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012.ppt
2013-10-02 21:41 - 2013-10-02 21:41 - 06520832 _____ C:\Users\Owner\Downloads\Lecture - CS11 - 2013 updated (1).ppt
2013-10-02 21:40 - 2013-10-02 21:40 - 00474112 _____ C:\Users\Owner\Downloads\Lecture - CS9and10 - 2011 (3).ppt
2013-10-02 21:40 - 2013-10-02 21:40 - 00474112 _____ C:\Users\Owner\Downloads\Lecture - CS9and10 - 2011 (2).ppt
2013-10-02 07:18 - 2013-09-27 16:57 - 30334752 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 22925088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 18229224 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 15832920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 12528416 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-02 07:18 - 2013-09-27 16:57 - 11345168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 11292144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 09480840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 09436544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 03130144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 03121952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 02945312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 02745632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433140.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433140.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 01239304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 00654624 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 00559904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-10-01 23:27 - 2013-10-01 23:27 - 00065182 _____ C:\Users\Owner\Desktop\Prabhu-IT1004slides.pptx
2013-09-29 22:14 - 2013-10-19 10:18 - 00011836 _____ C:\Windows\setupact.log
2013-09-29 22:14 - 2013-09-29 22:14 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 21:45 - 2013-09-29 21:45 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2013-09-29 21:45 - 2013-09-29 21:45 - 00000000 ____D C:\ProgramData\Panda Security
2013-09-29 21:45 - 2013-09-29 21:45 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-09-29 21:44 - 2013-09-29 21:44 - 00823346 _____ C:\Users\Owner\Downloads\USBVaccine.zip
2013-09-29 21:44 - 2013-09-29 21:44 - 00000000 ____D C:\Users\Owner\Desktop\usbvaccine
2013-09-29 21:38 - 2013-09-29 21:38 - 00132597 _____ C:\Users\Owner\Desktop\Flash_Disinfector.exe
2013-09-29 21:12 - 2013-09-29 21:12 - 00000349 _____ C:\Users\Owner\Downloads\RegisterActxprxyAndIeproxy.zip
2013-09-29 21:03 - 2013-09-29 21:03 - 00000541 _____ C:\Users\Owner\Downloads\Elevated_Command_Prompt.zip
2013-09-29 20:48 - 2013-09-29 20:48 - 00003090 _____ C:\Windows\System32\Tasks\{B64D6685-769D-4AE9-AD29-55343D8256E9}
2013-09-27 23:50 - 2013-09-28 16:38 - 04860346 _____ C:\Users\Owner\Desktop\TP1_V12.pptx
2013-09-27 14:00 - 2013-09-27 14:10 - 00000000 ____D C:\Users\Owner\Desktop\Maintainability
2013-09-27 13:10 - 2013-10-15 23:30 - 00000000 ____D C:\Users\Owner\Desktop\scheduling
2013-09-27 02:37 - 2013-09-27 02:37 - 00587040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-09-24 22:15 - 2013-10-19 10:20 - 00224256 _____ C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
2013-09-24 22:13 - 2013-09-24 22:13 - 00000000 ____D C:\Users\Owner\AppData\Local\Razer
2013-09-24 22:04 - 2013-09-24 22:04 - 00001242 _____ C:\Users\Public\Desktop\Razer Comms.lnk
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_RzFilter_01009.Wdf
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\Windows\Razer Core
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\ProgramData\Razer
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\Program Files (x86)\Razer
2013-09-24 22:04 - 2013-08-27 03:05 - 00128984 _____ (Razer USA Ltd) C:\Windows\system32\Drivers\RzDxgk.sys
2013-09-24 22:04 - 2013-08-27 03:05 - 00074456 _____ (Razer USA Ltd) C:\Windows\system32\Drivers\RzFilter.sys
2013-09-24 22:03 - 2013-09-24 22:04 - 39691960 _____ (Razer Inc.) C:\Users\Owner\Downloads\RazerComms1.60.26.exe
2013-09-23 21:22 - 2013-09-23 23:40 - 00000639 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz.lnk
2013-09-23 21:22 - 2013-09-23 23:40 - 00000611 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz Uninstall.lnk
2013-09-23 21:21 - 2013-09-23 21:21 - 00000056 _____ C:\Windows\kgt2k.INI
2013-09-23 03:20 - 2013-09-18 04:31 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2013-09-22 13:01 - 2013-09-22 13:01 - 00038748 _____ C:\Users\Owner\Downloads\[kickass.to]the.queen.of.fighters.hentai.mugen.fullgame.final.version.torrent
2013-09-21 20:22 - 2013-09-21 20:40 - 00155960 _____ C:\Users\Owner\Desktop\timelines.pptx
2013-09-21 11:02 - 2013-10-19 10:18 - 00000000 ___RD C:\Users\Owner\Google Drive
2013-09-21 11:02 - 2013-09-21 11:02 - 00001653 _____ C:\Users\Owner\Desktop\Google Drive.lnk
2013-09-21 11:01 - 2013-09-21 11:01 - 00002044 _____ C:\Users\Public\Desktop\Google Slides.lnk
2013-09-21 11:01 - 2013-09-21 11:01 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2013-09-21 11:01 - 2013-09-21 11:01 - 00002028 _____ C:\Users\Public\Desktop\Google Docs.lnk
2013-09-21 11:00 - 2013-09-21 11:00 - 00784832 _____ (Google Inc.) C:\Users\Owner\Downloads\googledrivesync.exe
2013-09-20 22:03 - 2013-09-12 16:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-20 22:03 - 2013-09-12 16:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-19 22:46 - 2013-09-19 22:46 - 06520832 _____ C:\Users\Owner\Downloads\Lecture - CS11 - 2013 updated.ppt
2013-09-19 22:45 - 2013-09-19 22:45 - 00474112 _____ C:\Users\Owner\Downloads\Lecture - CS9and10 - 2011 (1).ppt

==================== One Month Modified Files and Folders =======

2013-10-19 11:19 - 2013-10-19 11:19 - 00000625 _____ C:\Users\Owner\Downloads\fixlist.txt
2013-10-19 11:18 - 2013-10-19 11:18 - 00000000 ____D C:\ProgramData\Oracle
2013-10-19 11:18 - 2013-10-19 11:17 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-19 11:18 - 2012-10-18 20:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-10-19 11:18 - 2012-03-11 00:45 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-19 11:17 - 2012-04-26 06:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-19 11:16 - 2013-10-19 11:16 - 00915368 _____ (Oracle Corporation) C:\Users\Owner\Downloads\chromeinstall-7u45.exe
2013-10-19 11:16 - 2013-05-02 20:52 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-19 10:42 - 2013-10-19 10:42 - 00002419 _____ C:\Users\Owner\Desktop\FSS.txt
2013-10-19 10:41 - 2013-10-19 10:41 - 00358923 _____ (Farbar) C:\Users\Owner\Desktop\FSS.exe
2013-10-19 10:41 - 2013-10-19 10:41 - 00232802 _____ C:\Users\Owner\Desktop\OTL2.Txt
2013-10-19 10:41 - 2013-10-19 10:41 - 00106310 _____ C:\Users\Owner\Desktop\Extras2.Txt
2013-10-19 10:40 - 2013-10-17 11:37 - 00106310 _____ C:\Users\Owner\Desktop\Extras.Txt
2013-10-19 10:39 - 2013-10-17 11:36 - 00232802 _____ C:\Users\Owner\Desktop\OTL.Txt
2013-10-19 10:27 - 2009-07-14 12:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-19 10:27 - 2009-07-14 12:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-19 10:24 - 2013-10-19 10:24 - 00001105 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-19 10:24 - 2013-10-19 10:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-19 10:24 - 2013-10-19 10:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-19 10:23 - 2012-03-10 19:35 - 01700218 _____ C:\Windows\WindowsUpdate.log
2013-10-19 10:21 - 2012-12-24 12:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\GarenaPlus
2013-10-19 10:21 - 2012-12-24 12:05 - 00000000 ____D C:\ProgramData\GarenaMessenger
2013-10-19 10:20 - 2013-09-24 22:15 - 00224256 _____ C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
2013-10-19 10:20 - 2013-05-31 23:41 - 00000000 ____D C:\Program Files (x86)\steam
2013-10-19 10:19 - 2012-04-05 22:33 - 00000000 ___RD C:\Users\Owner\Dropbox
2013-10-19 10:19 - 2012-04-05 22:31 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox
2013-10-19 10:18 - 2013-09-29 22:14 - 00011836 _____ C:\Windows\setupact.log
2013-10-19 10:18 - 2013-09-21 11:02 - 00000000 ___RD C:\Users\Owner\Google Drive
2013-10-19 10:18 - 2013-05-02 20:52 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-19 10:18 - 2012-12-25 10:40 - 00003496 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Owner
2013-10-19 10:18 - 2012-03-10 20:00 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-19 10:18 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-19 10:17 - 2013-10-19 10:06 - 00001458 _____ C:\Windows\PFRO.log
2013-10-19 10:13 - 2013-10-19 10:13 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2013-10-19 10:13 - 2013-10-19 10:12 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2013-10-19 10:11 - 2013-10-19 10:11 - 00037914 _____ C:\Users\Owner\Desktop\ComboFix.txt
2013-10-19 10:11 - 2013-10-19 09:56 - 00000000 ____D C:\Qoobox
2013-10-19 10:11 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Default
2013-10-19 10:10 - 2013-10-19 09:56 - 00000000 ____D C:\Windows\erdnt
2013-10-19 10:07 - 2009-07-14 10:34 - 00000215 _____ C:\Windows\system.ini
2013-10-19 09:55 - 2013-10-19 09:55 - 05134711 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2013-10-19 09:55 - 2013-10-19 09:55 - 05134711 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2013-10-19 09:54 - 2013-10-19 09:53 - 00030263 _____ C:\Users\Owner\Desktop\Addition.txt
2013-10-19 09:50 - 2013-10-19 09:50 - 01954124 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-10-19 09:50 - 2013-10-19 09:50 - 01954124 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-10-19 09:50 - 2013-10-19 09:50 - 00000000 ____D C:\FRST
2013-10-19 09:48 - 2013-10-19 09:48 - 00017640 _____ C:\Users\Owner\Desktop\10192013_094418.log
2013-10-19 09:44 - 2013-10-19 09:44 - 00000000 ____D C:\_OTL
2013-10-19 09:44 - 2012-03-10 19:36 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-18 23:11 - 2013-10-14 22:36 - 00000220 _____ C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
2013-10-17 23:41 - 2012-03-11 14:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BitComet
2013-10-17 22:53 - 2013-10-17 22:53 - 00104885 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.lets.come.together.paloma.and.klara.1080p.mp4.torrent
2013-10-17 22:52 - 2013-10-17 22:52 - 00011271 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.alyona.klara.paloma.strap.on.adventure.torrent
2013-10-17 22:52 - 2013-10-17 22:52 - 00011271 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.alyona.klara.paloma.strap.on.adventure (1).torrent
2013-10-17 22:49 - 2013-10-17 22:49 - 00034444 _____ C:\Users\Owner\Downloads\[kickass.to]younglegalporn.klara.take.me.right.here.torrent
2013-10-17 11:32 - 2013-10-17 11:32 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
2013-10-17 11:32 - 2013-10-17 11:32 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2013-10-17 10:16 - 2013-10-17 10:16 - 01198941 _____ C:\Users\Owner\Downloads\Folder_SLFiles (4).zip
2013-10-17 10:16 - 2013-10-17 10:16 - 01198941 _____ C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
2013-10-15 23:30 - 2013-09-27 13:10 - 00000000 ____D C:\Users\Owner\Desktop\scheduling
2013-10-14 22:36 - 2012-12-19 21:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-10-13 08:20 - 2013-10-13 08:20 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-10-13 08:20 - 2013-10-13 08:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-10-12 15:54 - 2013-10-12 15:55 - 00370894 _____ C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
2013-10-12 15:54 - 2013-10-12 15:54 - 00370894 _____ C:\Users\Owner\Downloads\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
2013-10-12 15:38 - 2012-09-23 18:55 - 00000000 _____ C:\Windows\SysWOW64\Access.dat
2013-10-12 12:42 - 2012-04-05 22:33 - 00000979 _____ C:\Users\Owner\Desktop\Dropbox.lnk
2013-10-12 12:42 - 2012-04-05 22:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-11 22:11 - 2013-05-02 20:52 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 22:11 - 2013-05-02 20:52 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-11 06:43 - 2009-07-14 13:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 06:36 - 2012-03-11 11:30 - 00000000 ____D C:\Windows\Panther
2013-10-11 06:36 - 2009-07-14 12:45 - 00607288 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 23:14 - 2012-03-14 20:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 23:12 - 2013-03-27 21:09 - 00773030 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-10 23:12 - 2012-05-18 11:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 23:12 - 2012-05-18 11:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 23:10 - 2013-07-30 00:05 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 23:09 - 2013-05-02 21:27 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 23:17 - 2012-04-26 06:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 23:17 - 2012-04-26 06:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 23:17 - 2012-03-10 22:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 15:29 - 2013-09-02 18:21 - 00000000 ____D C:\Users\Owner\Desktop\IT1004
2013-10-08 08:49 - 2013-10-08 08:49 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2013-10-08 07:50 - 2013-10-19 11:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 07:46 - 2013-10-19 11:18 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-08 07:46 - 2013-10-19 11:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-08 07:46 - 2013-10-19 11:18 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-07 23:11 - 2013-05-02 20:53 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-03 11:22 - 2013-10-03 11:22 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012 (2).ppt
2013-10-02 21:44 - 2013-10-02 21:44 - 01439232 _____ C:\Users\Owner\Downloads\PF3302 Lecture 2 LSE 2010.ppt
2013-10-02 21:43 - 2013-10-02 21:43 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012 (1).ppt
2013-10-02 21:41 - 2013-10-02 21:41 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012.ppt
2013-10-02 21:41 - 2013-10-02 21:41 - 06520832 _____ C:\Users\Owner\Downloads\Lecture - CS11 - 2013 updated (1).ppt
2013-10-02 21:40 - 2013-10-02 21:40 - 00474112 _____ C:\Users\Owner\Downloads\Lecture - CS9and10 - 2011 (3).ppt
2013-10-02 21:40 - 2013-10-02 21:40 - 00474112 _____ C:\Users\Owner\Downloads\Lecture - CS9and10 - 2011 (2).ppt
2013-10-02 07:20 - 2012-03-10 20:00 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-01 23:27 - 2013-10-01 23:27 - 00065182 _____ C:\Users\Owner\Desktop\Prabhu-IT1004slides.pptx
2013-10-01 17:46 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-29 22:14 - 2013-09-29 22:14 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 22:11 - 2012-03-11 14:51 - 00000000 ____D C:\Users\Owner\Documents\CCLEANER
2013-09-29 21:45 - 2013-09-29 21:45 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2013-09-29 21:45 - 2013-09-29 21:45 - 00000000 ____D C:\ProgramData\Panda Security
2013-09-29 21:45 - 2013-09-29 21:45 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-09-29 21:44 - 2013-09-29 21:44 - 00823346 _____ C:\Users\Owner\Downloads\USBVaccine.zip
2013-09-29 21:44 - 2013-09-29 21:44 - 00000000 ____D C:\Users\Owner\Desktop\usbvaccine
2013-09-29 21:38 - 2013-09-29 21:38 - 00132597 _____ C:\Users\Owner\Desktop\Flash_Disinfector.exe
2013-09-29 21:12 - 2013-09-29 21:12 - 00000349 _____ C:\Users\Owner\Downloads\RegisterActxprxyAndIeproxy.zip
2013-09-29 21:03 - 2013-09-29 21:03 - 00000541 _____ C:\Users\Owner\Downloads\Elevated_Command_Prompt.zip
2013-09-29 20:48 - 2013-09-29 20:48 - 00003090 _____ C:\Windows\System32\Tasks\{B64D6685-769D-4AE9-AD29-55343D8256E9}
2013-09-28 16:38 - 2013-09-27 23:50 - 04860346 _____ C:\Users\Owner\Desktop\TP1_V12.pptx
2013-09-28 00:27 - 2012-03-10 22:55 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2013-09-27 16:57 - 2013-10-02 07:18 - 30334752 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 22925088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 18229224 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 15832920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 12528416 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-27 16:57 - 2013-10-02 07:18 - 11345168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 11292144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 09480840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 09436544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 03130144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 03121952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 02945312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 02745632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433140.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433140.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 01239304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 00654624 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 00559904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-27 16:57 - 2012-10-12 00:34 - 15232424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-27 16:57 - 2012-03-10 21:42 - 18259624 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-27 16:57 - 2012-03-10 21:42 - 01432408 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-09-27 16:57 - 2012-03-10 20:00 - 03052616 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-27 16:57 - 2012-03-10 20:00 - 02682816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-27 16:57 - 2012-03-10 20:00 - 00023307 _____ C:\Windows\system32\nvinfo.pb
2013-09-27 15:45 - 2012-03-10 20:00 - 06641440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-27 15:45 - 2012-03-10 20:00 - 03483424 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-27 15:44 - 2012-03-10 20:00 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-27 15:44 - 2012-03-10 20:00 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-27 15:44 - 2012-03-10 20:00 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-27 14:10 - 2013-09-27 14:00 - 00000000 ____D C:\Users\Owner\Desktop\Maintainability
2013-09-27 02:37 - 2013-09-27 02:37 - 00587040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-09-26 21:32 - 2012-03-10 21:42 - 03386608 _____ C:\Windows\system32\nvcoproc.bin
2013-09-24 22:13 - 2013-09-24 22:13 - 00000000 ____D C:\Users\Owner\AppData\Local\Razer
2013-09-24 22:13 - 2012-03-10 21:39 - 00127000 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-24 22:04 - 2013-09-24 22:04 - 00001242 _____ C:\Users\Public\Desktop\Razer Comms.lnk
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_RzFilter_01009.Wdf
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\Windows\Razer Core
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\ProgramData\Razer
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\Program Files (x86)\Razer
2013-09-24 22:04 - 2013-09-24 22:03 - 39691960 _____ (Razer Inc.) C:\Users\Owner\Downloads\RazerComms1.60.26.exe
2013-09-23 23:40 - 2013-09-23 21:22 - 00000639 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz.lnk
2013-09-23 23:40 - 2013-09-23 21:22 - 00000611 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz Uninstall.lnk
2013-09-23 21:21 - 2013-09-23 21:21 - 00000056 _____ C:\Windows\kgt2k.INI
2013-09-23 21:21 - 2012-03-10 19:36 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2013-09-23 07:28 - 2013-10-10 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 07:28 - 2013-10-10 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 06:55 - 2013-10-10 23:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 06:55 - 2013-10-10 23:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 06:55 - 2013-10-10 23:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 06:54 - 2013-10-10 23:13 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 03:20 - 2013-06-25 23:36 - 00001048 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-09-23 03:20 - 2013-03-09 01:02 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-09-22 23:23 - 2013-09-03 22:04 - 00000000 __SHD C:\Users\Public\Documents\Media
2013-09-22 13:01 - 2013-09-22 13:01 - 00038748 _____ C:\Users\Owner\Downloads\[kickass.to]the.queen.of.fighters.hentai.mugen.fullgame.final.version.torrent
2013-09-21 20:40 - 2013-09-21 20:22 - 00155960 _____ C:\Users\Owner\Desktop\timelines.pptx
2013-09-21 11:38 - 2013-10-10 23:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 11:30 - 2013-10-10 23:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 11:02 - 2013-09-21 11:02 - 00001653 _____ C:\Users\Owner\Desktop\Google Drive.lnk
2013-09-21 11:02 - 2012-03-10 19:35 - 00000000 ____D C:\Users\Owner
2013-09-21 11:01 - 2013-09-21 11:01 - 00002044 _____ C:\Users\Public\Desktop\Google Slides.lnk
2013-09-21 11:01 - 2013-09-21 11:01 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2013-09-21 11:01 - 2013-09-21 11:01 - 00002028 _____ C:\Users\Public\Desktop\Google Docs.lnk
2013-09-21 11:01 - 2013-05-02 20:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-09-21 11:01 - 2013-05-02 20:52 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-21 11:00 - 2013-09-21 11:00 - 00784832 _____ (Google Inc.) C:\Users\Owner\Downloads\googledrivesync.exe
2013-09-21 10:48 - 2013-10-10 23:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 10:39 - 2013-10-10 23:13 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-19 22:46 - 2013-09-19 22:46 - 06520832 _____ C:\Users\Owner\Downloads\Lecture - CS11 - 2013 updated.ppt
2013-09-19 22:45 - 2013-09-19 22:45 - 00474112 _____ C:\Users\Owner\Downloads\Lecture - CS9and10 - 2011 (1).ppt

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dxtmsft.dll
C:\Users\Owner\AppData\Local\Temp\dxtrans.dll
C:\Users\Owner\AppData\Local\Temp\FirewallAPI.dll
C:\Users\Owner\AppData\Local\Temp\ieframe.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2012-05-19 10:44

==================== End Of Log ============================

#7
RKinner

Posted 19 October 2013 - 12:12 AM

Malware Expert

Expert
24,442 posts

Try AutoRun Eater v2.6
http://download.cnet...4-10752777.html
It will stay resident and prevent USB drives from infecting your PC. It should be safe to plug in the USB drive then. It also has a malware scan and removal option if you right click on its systray icon (it will be hidden by Windows unless you tell Windows not to hide it. Look for an up arrow or triangle shape to the left of the clock. When you click on it it will show you your hidden icons. If you click on Customize then you can change it to show icon and notifications.)

Before you try to look at the USB drive with Explorer, I like to check it with a Command Window as there is one infection that uses the file desktop.ini to infect your PC when you look at it with Explorer.
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

f:
(This is the drive letter for your USB drive. It may vary so make sure you use the right letter)

mkdir autorun.inf
(if this fails then the file autorun.inf exists on the drive. To remove it:

attrib -h -s -r autorun.inf
del autorun.inf
mkdir autorun.inf
)

mkdir desktop.ini
(if this fails then the file desktop.ini exists on the drive. To remove it:

attrib -h -s -r desktop.ini
del desktop.ini
mkdir desktop.ini
)

I do not see an anti-virus on your PC. I'd install the free version of Avast
http://www.avast.com/index
Click on Download then choose the free version. They have started pushing Chrome and the Google Toolbar as part of the download. Just uncheck them before you
Download, Save, and right click and Run As Administrator. You will need to register but it's pretty simple, just a name and email address. The registration will be good for 12-14 months then you need to do it again. (The free version is always an option but it won't be the default.)

#8
frozenthunder

Posted 19 October 2013 - 08:48 PM

Member

Topic Starter
Member
140 posts

When i plug my usb in, what appears to be autorun eater pops up.The following text is created under 'suspicious autorun.inf content

; for 16-bit app support
[extensions]
[fonts]
[mci extensions]
[Mail]
[files]
mpeg=MPEGVideo
snd=atl.dll
wm=mcd32.dll
wma=MP4
wmp=MP3MAPI=1
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
CMCDLLNAME32=mapi32.dll
CMC=1
[MCI Extensions]
aif=loghours.dll
aiff=ole2.dll
asf=d3dramp.dll
aifc=psnppagn.dll
asx=MPEGVideo2
mpe=usrdtea.dll
mpg=MPEGVideo
mpv2=idq.dll
wmv=MPEG
wmx=MPEGVideo32
251846kfi56s
;cc30qiLas JdZ3adCjPadf823423423
[Kasasf0q]iLasdfKD28Ls33wDmrq6Jl1EdAf8
;K0qi asfLasmet Ca19lhs ipconfidfjKD28 mpeg Ls33
;8sdaA89K3J0DSKJLG8P4Ld0laH saG
[shellas]dBop1caomasdnhsdf=fdsjsdf.exenghasadnetstad.
as=asdfash0ffsad asd1safsdf9safdasf
;ff0qiLasfJdKPEGVi2412344
oaeFK1Kajkw6DdD3L2f3a31zazi8a135Lwra
Ls33wDm2rqJl31EdAf8soae FK1KajkwDdDLKAl6sdcO7K
asdfs3adfLafdsfadsdm FKaj3kw6Al6sdcO7K
;K0qi65aa3sJZ3adCsa1sdfjKD32asddfasdf
;K0qiLa1Kajkw845rthgK2f33a21zazi8a35Lwra
[ autorun
K0qi3a3dCa19lsdfjKD2asfd323asdfsdfa
PRINT=PRINT.EXE ASDd938daf897asdj
;[asfd3]2KdafjKD2
Play= Copy pictures to a foler on my computer
shEllEXEcuTe = RECyCLER\wmimgmt.com
;8sdaA38G8P343LklJ8ASD FL3333sd0laHsa3G12fgsdsaKd
sheLL\oPeN\coMManD =RECYCLER\wmimgmt.com
;343P5gd2fKgCOMNANDASDF=REC R5gf56sd315eK592AdsSD
;89234SAKDJWKsatyh3adaflk7yas
;343P5F 25F5gf56sd315eK56fs43d4asd56KdaDfs1
shELl\ExpLore\ComMand= RECYCLER\wmimgmt.com
s=asfdsa5dfafdAf8soaeFExpLoreqiLasJ8Z3adC
;89234AKfdk28ASDFsaaty7ysK6DRg if5S3jsHks
Action=Open folder to view files
;8k3kKsafG ASDFdlsflK3a23F4jksfa5F3J90s
;f0PEG3ideoqiLasJd9Z3adCa319lhsdfjKD3223adfasfd
Spell=Take no action then print the picture

[mci]
woafont=app936.FON
EGA40WOA.FON=EGA40WOA.FON
[386enh]
EGA51WOA.FON=KBDDSP.FON
[drivers]
wave=mmdrv.dll
[driver32]
timer=timer.drv

It prompts me to remove the autorun by using the program itself. Do i still run the cmd or just click the remove autorun.info. Screen shot attached for reerence

Attached Thumbnails

#9
RKinner

Posted 19 October 2013 - 09:46 PM

Malware Expert

Expert
24,442 posts

You can let Autorun eater remove the file.

The autorun.inf file is referring to another file: RECYCLER\wmimgmt.com After you remove autorun.inf you might look and see if that file is on the USB drive and delete it. It won't be active without the autorun.inf file so it's not really necessary to remove it but I don't like to leave virus files lying around.

#10
frozenthunder

Posted 19 October 2013 - 09:59 PM

Member

Topic Starter
Member
140 posts

oh no..after I let autorun eater remove the file. I opened the drive and the problem seems to have come back. With the folders opening in new windows again.

#11
RKinner

Posted 19 October 2013 - 11:58 PM

Malware Expert

Expert
24,442 posts

Put the drive back in and run OTL, Quickscan and post the log.

#12
frozenthunder

Posted 20 October 2013 - 07:48 AM

Member

Topic Starter
Member
140 posts

Here's the log!

OTL logfile created on: 10/20/2013 9:43:40 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.23 Gb Available Physical Memory | 65.57% Memory free
15.96 Gb Paging File | 12.92 Gb Available in Paging File | 80.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488.18 Gb Total Space | 21.09 Gb Free Space | 4.32% Space Free | Partition Type: NTFS
Drive D: | 443.23 Gb Total Space | 56.66 Gb Free Space | 12.78% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 121.61 Gb Free Space | 13.06% Space Free | Partition Type: FAT32
Drive G: | 7.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: PRABHU | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\ProgramData\Application Data\wmimgmt.exe
PRC - [2013/10/17 11:32:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/10/11 22:11:06 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/11 00:10:18 | 029,768,376 | ---- | M] (Dropbox, Inc.) -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/09 10:19:14 | 000,565,672 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/10/09 10:19:12 | 001,813,928 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\steam\Steam.exe
PRC - [2013/10/09 08:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/27 02:37:44 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/09/25 17:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/09/18 06:28:28 | 001,787,688 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
PRC - [2013/09/18 06:28:16 | 000,878,888 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
PRC - [2013/09/18 06:27:50 | 000,556,840 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013/08/28 05:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/08/28 05:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/08/27 03:15:34 | 001,091,264 | ---- | M] (Razer) -- C:\Program Files (x86)\Razer\Core\RazerCore.exe
PRC - [2013/08/06 19:00:59 | 009,739,056 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
PRC - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
PRC - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/02/17 18:53:28 | 000,522,720 | ---- | M] (Old McDonald's Farm) -- C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
PRC - [2012/02/17 17:52:52 | 000,425,250 | ---- | M] (Old McDonald's Farm) -- C:\Program Files (x86)\Autorun Eater\billy.exe
PRC - [2011/08/02 15:38:20 | 002,248,704 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
PRC - [2011/07/06 13:15:26 | 002,656,536 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/07/06 13:15:20 | 000,326,424 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/04/15 17:26:36 | 000,980,280 | ---- | M] () -- C:\Program Files (x86)\VOX\JamVOX\JVExec.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/20 21:28:05 | 000,805,888 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\wx._gdi_.pyd
MOD - [2013/10/20 21:28:05 | 000,557,056 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\pysqlite2._sqlite.pyd
MOD - [2013/10/20 21:28:05 | 000,320,512 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\win32com.shell.shell.pyd
MOD - [2013/10/20 21:28:05 | 000,128,512 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\_elementtree.pyd
MOD - [2013/10/20 21:28:05 | 000,098,816 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\win32api.pyd
MOD - [2013/10/20 21:28:05 | 000,070,656 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\wx._html2.pyd
MOD - [2013/10/20 21:28:05 | 000,044,032 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\_socket.pyd
MOD - [2013/10/20 21:28:05 | 000,026,624 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\_multiprocessing.pyd
MOD - [2013/10/20 21:28:05 | 000,022,528 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\win32ts.pyd
MOD - [2013/10/20 21:28:05 | 000,011,264 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\win32crypt.pyd
MOD - [2013/10/20 21:28:04 | 001,175,040 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\wx._core_.pyd
MOD - [2013/10/20 21:28:04 | 001,153,024 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\_ssl.pyd
MOD - [2013/10/20 21:28:04 | 000,811,008 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\wx._windows_.pyd
MOD - [2013/10/20 21:28:04 | 000,735,232 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\wx._misc_.pyd
MOD - [2013/10/20 21:28:04 | 000,711,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\_hashlib.pyd
MOD - [2013/10/20 21:28:04 | 000,504,832 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\windows._cacheinvalidation.pyd
MOD - [2013/10/20 21:28:04 | 000,364,544 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\pythoncom27.dll
MOD - [2013/10/20 21:28:04 | 000,122,368 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\wx._wizard.pyd
MOD - [2013/10/20 21:28:04 | 000,119,808 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\win32file.pyd
MOD - [2013/10/20 21:28:04 | 000,110,080 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\PyWinTypes27.dll
MOD - [2013/10/20 21:28:04 | 000,108,544 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\win32security.pyd
MOD - [2013/10/20 21:28:04 | 000,087,040 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\_ctypes.pyd
MOD - [2013/10/20 21:28:04 | 000,038,912 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\win32inet.pyd
MOD - [2013/10/20 21:28:04 | 000,035,840 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\win32process.pyd
MOD - [2013/10/20 21:28:04 | 000,025,600 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\win32pdh.pyd
MOD - [2013/10/20 21:28:04 | 000,017,408 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\win32profile.pyd
MOD - [2013/10/20 21:28:02 | 001,062,400 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\wx._controls_.pyd
MOD - [2013/10/20 21:28:02 | 000,686,080 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\unicodedata.pyd
MOD - [2013/10/20 21:28:02 | 000,127,488 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\pyexpat.pyd
MOD - [2013/10/20 21:28:02 | 000,018,432 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\win32event.pyd
MOD - [2013/10/20 21:28:02 | 000,010,240 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI31122\select.pyd
MOD - [2013/10/11 00:09:30 | 003,558,400 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/10 23:11:56 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll
MOD - [2013/10/10 23:11:48 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
MOD - [2013/10/10 23:11:47 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\de9e77138e17f0188104c9ec32d375da\System.Data.ni.dll
MOD - [2013/10/10 23:11:45 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/10 23:11:45 | 000,693,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\7dd3be81af8b03416ad0109af26997b9\System.ComponentModel.Composition.ni.dll
MOD - [2013/10/10 23:11:44 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/10 23:11:42 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
MOD - [2013/10/10 23:11:41 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 10:19:16 | 001,121,704 | ---- | M] () -- C:\Program Files (x86)\steam\bin\chromehtml.dll
MOD - [2013/10/09 08:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/09 08:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/09 08:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/09 08:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/09 08:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/09 08:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/09/18 06:18:58 | 000,902,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
MOD - [2013/09/11 06:20:56 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\steam\bin\libcef.dll
MOD - [2013/08/29 13:21:34 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
MOD - [2013/08/29 13:21:24 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\b1560845b641faac0ca607b2dce8389a\Microsoft.VisualC.ni.dll
MOD - [2013/08/29 13:21:23 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/08/29 13:21:23 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/29 13:21:22 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/29 13:21:22 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/22 06:18:28 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\steam\SDL2.dll
MOD - [2013/08/15 03:04:27 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/15 03:04:26 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/15 03:04:25 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/07 15:33:54 | 000,027,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\VersionModule.dll
MOD - [2013/08/06 19:01:20 | 000,864,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
MOD - [2013/08/06 19:00:59 | 009,739,056 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
MOD - [2013/07/26 14:18:31 | 000,957,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XLL.dll
MOD - [2013/07/18 22:09:40 | 000,529,200 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll
MOD - [2013/07/15 22:29:36 | 001,545,520 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
MOD - [2013/07/11 23:44:22 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/11 23:44:22 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dll
MOD - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
MOD - [2013/06/15 07:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avcodec-53.dll
MOD - [2013/06/15 07:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avformat-53.dll
MOD - [2013/06/15 07:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avutil-51.dll
MOD - [2013/04/10 17:23:12 | 000,170,800 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
MOD - [2013/04/10 17:22:55 | 000,155,440 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libmpg123.dll
MOD - [2013/03/14 04:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/03/13 18:05:59 | 000,374,064 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\Http.dll
MOD - [2013/03/07 10:10:42 | 000,106,288 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
MOD - [2013/03/07 10:10:39 | 000,224,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
MOD - [2013/03/07 10:10:22 | 000,487,216 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CxImage.dll
MOD - [2013/02/13 09:42:46 | 005,407,744 | ---- | M] () -- C:\Program Files (x86)\PlayClaw4\playclaw-vcam.dll
MOD - [2013/02/07 17:11:25 | 000,025,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginModule.dll
MOD - [2013/02/07 17:11:24 | 000,087,344 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginKernel.dll
MOD - [2013/02/07 17:11:22 | 000,192,816 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ImageModule.dll
MOD - [2013/02/07 17:11:17 | 000,051,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\FileLoader.dll
MOD - [2013/02/07 17:11:15 | 000,033,584 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\DibModule.dll
MOD - [2013/02/01 13:42:29 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libzmq.dll
MOD - [2013/01/30 16:26:41 | 002,941,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdownloader.dll
MOD - [2013/01/30 16:26:38 | 000,104,752 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CommonLib.dll
MOD - [2013/01/14 19:57:52 | 001,092,912 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
MOD - [2013/01/14 19:57:46 | 000,219,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
MOD - [2012/11/09 17:34:12 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
MOD - [2012/11/08 19:28:10 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
MOD - [2012/11/08 19:27:48 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
MOD - [2012/04/24 09:19:16 | 000,238,592 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
MOD - [2012/04/13 11:12:18 | 000,059,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
MOD - [2012/04/13 11:12:18 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
MOD - [2012/03/23 18:15:58 | 000,988,160 | ---- | M] () -- C:\Program Files (x86)\Razer\Core\Plugins\ChatApplet\libssh2.dll
MOD - [2012/03/08 16:56:40 | 000,510,464 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
MOD - [2012/03/02 16:23:26 | 000,577,621 | ---- | M] () -- C:\Program Files (x86)\Razer\Core\Plugins\ChatApplet\sqlite3.dll
MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lame_enc.dll
MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\sqlite3.dll
MOD - [2012/02/22 16:52:16 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/02 15:38:20 | 002,248,704 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/04/15 17:26:36 | 000,980,280 | ---- | M] () -- C:\Program Files (x86)\VOX\JamVOX\JVExec.exe
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBMANAGE.DLL

========== Services (SafeList) ==========

SRV:64bit: - [2013/08/28 05:17:13 | 014,997,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/18 09:47:16 | 008,518,008 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2012/04/18 09:47:16 | 000,567,672 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
SRV - [2013/10/09 23:17:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 10:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/27 02:37:44 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/18 06:28:16 | 000,878,888 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe -- (hshld)
SRV - [2013/09/18 06:27:50 | 000,556,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/09/18 04:35:24 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/08/28 05:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/08/27 03:15:40 | 000,032,960 | ---- | M] (Razer) [Auto | Running] -- C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe -- (RzOvlMon)
SRV - [2013/08/16 17:37:02 | 000,757,144 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/06/26 12:31:08 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/30 05:24:28 | 005,117,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/07/06 13:15:26 | 002,656,536 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/07/06 13:15:20 | 000,326,424 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/18 04:31:12 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/08/27 03:05:21 | 000,128,984 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzDxgk.sys -- (RzDxgk)
DRV:64bit: - [2013/08/27 03:05:21 | 000,074,456 | ---- | M] (Razer USA Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RzFilter.sys -- (RzFilter)
DRV:64bit: - [2013/08/20 21:33:40 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/06/16 20:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/04/25 03:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/29 19:21:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/29 14:04:36 | 000,065,912 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/03/29 14:04:36 | 000,013,688 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/03/29 14:04:32 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/06/10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/28 07:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/28 07:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/28 05:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/28 05:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/15 01:00:00 | 000,062,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\JamDRV.sys -- (JAMVOX_AA)
DRV:64bit: - [2009/04/15 01:00:00 | 000,031,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JamWdm.sys -- (JAMVOX_01)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C 74 DD 0E 46 12 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.24.0.9
FF - prefs.js..extensions.enabledAddons: %7Bf701c26a-479a-4724-b4f1-870db12f063c%7D:1.4.4
FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.8
FF - prefs.js..extensions.enabledAddons: %7BB042753D-F57E-4e8e-A01B-7379A6D4CEFB%7D:1.35
FF - prefs.js..extensions.enabledAddons: afext%40anchorfree.com:3.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.6: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/26 12:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/12 00:43:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/26 12:31:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/12 00:43:03 | 000,000,000 | ---D | M]

[2012/03/10 21:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/10/06 00:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions
[2013/05/02 23:38:11 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012/03/13 21:15:01 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\[email protected]
[2013/01/01 10:25:46 | 000,067,812 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
[2013/07/28 13:20:30 | 000,223,750 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/02/10 00:02:03 | 000,328,332 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013/10/06 00:17:59 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/04/07 11:53:55 | 000,043,307 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}.xpi
[2013/06/26 12:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/26 12:31:05 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/09/01 23:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/26 12:31:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/01 23:31:03 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]
[2012/01/12 16:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = https://www.google.c...q=t&channel=rcs
CHR - default_search_provider: suggest_url = https://www.google.c...q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: Dropdown List of Most Visited Links = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah\0.5_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/10/19 10:07:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [JamInit] C:\Windows\SysNative\InitJam.exe (Korg Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GarenaPlus] C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Razer Comms] C:\Program Files (x86)\Razer\Core\RazerCore.exe (Razer)
O4 - HKCU..\Run: [Steam] C:\program files (x86)\steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKCU..\Run: [wmi32] "C:\ProgramData\Application Data\wmimgmt.exe" File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AE76720-B3CC-4EB0-B3AB-0845216492DE}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32BB1182-7706-4C35-9E35-39C64A3E8B9E}: DhcpNameServer = 202.65.247.32 202.65.244.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A05D824F-D3DF-47F2-B212-86EF81DD0CF3}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/20 10:35:04 | 000,000,000 | -HSD | M] - F:\autorun .inf -- [ FAT32 ]
O32 - AutoRun File - [2013/10/20 11:56:52 | 000,258,048 | ---- | M] (Marvell Inc) - F:\autorun .inf.exe -- [ FAT32 ]
O32 - AutoRun File - [2013/08/23 22:28:53 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2013/09/29 21:20:50 | 000,001,770 | RHS- | M] () - H:\AUTORUN_.INF -- [ FAT32 ]
O32 - AutoRun File - [2013/10/20 21:42:14 | 000,001,770 | RHS- | M] () - H:\AuToRUn.iNf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/20 11:56:50 | 000,258,048 | ---- | C] (Marvell Inc) -- C:\ProgramData\wmimgmt.exe
[2013/10/20 10:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Autorun Eater
[2013/10/20 10:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autorun Eater
[2013/10/20 10:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autorun Eater
[2013/10/20 10:32:35 | 001,458,415 | ---- | C] (Old McDonald's Farm) -- C:\Users\Owner\Desktop\aesetup2.6.exe
[2013/10/20 10:32:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\geekstogologs
[2013/10/19 11:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/19 11:18:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/19 11:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/19 10:41:43 | 000,358,923 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FSS.exe
[2013/10/19 10:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/19 10:24:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/19 10:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/19 10:13:29 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2013/10/19 10:07:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/10/19 10:05:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/19 09:56:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/19 09:56:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/19 09:56:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/19 09:56:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/19 09:56:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/19 09:55:50 | 005,134,711 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/10/19 09:50:47 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/19 09:50:19 | 001,954,124 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/10/19 09:44:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/17 11:32:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/10/08 08:49:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashDumps
[2013/09/29 21:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/09/29 21:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2013/09/29 21:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/09/29 21:44:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\usbvaccine
[2013/09/27 14:00:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Maintainability
[2013/09/27 13:10:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\scheduling
[2013/09/24 22:13:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Razer
[2013/09/24 22:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Comms
[2013/09/24 22:04:50 | 000,074,456 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzFilter.sys
[2013/09/24 22:04:49 | 000,128,984 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzDxgk.sys
[2013/09/24 22:04:37 | 000,000,000 | ---D | C] -- C:\Windows\Razer Core
[2013/09/24 22:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2013/09/24 22:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2013/09/23 03:20:15 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/09/21 11:02:03 | 000,000,000 | R--D | C] -- C:\Users\Owner\Google Drive
[2013/09/21 11:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/20 21:41:03 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/20 21:41:03 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/20 21:30:17 | 000,224,256 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
[2013/10/20 21:27:58 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/20 21:27:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/20 21:27:31 | 2132,406,271 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/20 12:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/20 12:16:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/20 11:56:50 | 000,258,048 | ---- | M] (Marvell Inc) -- C:\ProgramData\wmimgmt.exe
[2013/10/20 10:46:58 | 000,421,831 | ---- | M] () -- C:\Users\Owner\Desktop\autorunpic.jpg
[2013/10/20 10:45:07 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/20 10:45:07 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/20 10:45:07 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/20 10:40:43 | 000,048,573 | ---- | M] () -- C:\Users\Owner\Desktop\cmdpromptpic.jpg
[2013/10/20 10:33:04 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2013/10/19 23:20:40 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/19 10:41:53 | 000,358,923 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FSS.exe
[2013/10/19 10:24:41 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/19 10:13:14 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2013/10/19 10:07:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/19 09:55:21 | 005,134,711 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/10/19 09:50:16 | 001,954,124 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/10/18 23:11:00 | 000,000,220 | ---- | M] () -- C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
[2013/10/17 11:32:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/10/17 10:16:46 | 001,198,941 | ---- | M] () -- C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
[2013/10/15 21:53:31 | 000,454,227 | ---- | M] () -- C:\Users\Owner\Desktop\IMG_15102013_215300.png
[2013/10/15 16:14:31 | 000,000,877 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yuuguu.lnk
[2013/10/12 15:54:57 | 000,370,894 | ---- | M] () -- C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
[2013/10/12 15:38:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2013/10/12 12:43:08 | 000,001,011 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/10/12 12:42:58 | 000,000,979 | ---- | M] () -- C:\Users\Owner\Desktop\Dropbox.lnk
[2013/10/11 06:36:33 | 000,607,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 23:12:21 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/29 21:38:23 | 000,132,597 | ---- | M] () -- C:\Users\Owner\Desktop\Flash_Disinfector.exe
[2013/09/27 17:13:24 | 000,189,099 | ---- | M] () -- C:\Users\Owner\Desktop\Bharath Prabhu CV.pdf
[2013/09/27 16:57:55 | 000,023,307 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/09/26 21:32:08 | 003,386,608 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/09/24 22:04:57 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\Razer Comms.lnk
[2013/09/24 22:04:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf
[2013/09/23 21:21:36 | 000,000,056 | ---- | M] () -- C:\Windows\kgt2k.INI
[2013/09/23 03:20:05 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/09/21 11:02:04 | 000,001,653 | ---- | M] () -- C:\Users\Owner\Desktop\Google Drive.lnk
[2013/09/21 11:01:21 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2013/09/21 11:01:21 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2013/09/21 11:01:21 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/20 10:46:58 | 000,421,831 | ---- | C] () -- C:\Users\Owner\Desktop\autorunpic.jpg
[2013/10/20 10:40:43 | 000,048,573 | ---- | C] () -- C:\Users\Owner\Desktop\cmdpromptpic.jpg
[2013/10/20 10:33:04 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2013/10/19 10:24:41 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/19 09:56:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/19 09:56:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/19 09:56:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/19 09:56:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/19 09:56:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/17 10:16:48 | 001,198,941 | ---- | C] () -- C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
[2013/10/15 21:53:22 | 000,454,227 | ---- | C] () -- C:\Users\Owner\Desktop\IMG_15102013_215300.png
[2013/10/15 16:14:31 | 000,000,877 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yuuguu.lnk
[2013/10/14 22:36:43 | 000,000,220 | ---- | C] () -- C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
[2013/10/12 15:55:03 | 000,370,894 | ---- | C] () -- C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
[2013/09/29 21:38:17 | 000,132,597 | ---- | C] () -- C:\Users\Owner\Desktop\Flash_Disinfector.exe
[2013/09/27 17:12:32 | 000,189,099 | ---- | C] () -- C:\Users\Owner\Desktop\Bharath Prabhu CV.pdf
[2013/09/24 22:15:42 | 000,224,256 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
[2013/09/24 22:04:57 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\Razer Comms.lnk
[2013/09/24 22:04:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf
[2013/09/23 21:22:22 | 000,000,639 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz.lnk
[2013/09/23 21:22:22 | 000,000,611 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz Uninstall.lnk
[2013/09/23 21:21:36 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2013/09/21 11:02:04 | 000,001,653 | ---- | C] () -- C:\Users\Owner\Desktop\Google Drive.lnk
[2013/09/21 11:01:21 | 000,002,044 | ---- | C] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2013/09/21 11:01:21 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2013/09/21 11:01:21 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2013/08/24 11:49:19 | 000,007,168 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/09 17:42:14 | 000,045,270 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\room_v3.dat
[2013/03/27 21:09:55 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/23 20:49:08 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\tmb1-v32.dll
[2012/09/23 18:55:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/15 11:50:56 | 000,007,597 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/05/29 16:16:39 | 000,001,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/05/29 16:11:56 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/04/24 22:16:19 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/06 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Atari
[2012/03/11 14:49:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2013/10/17 23:41:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2013/08/29 13:16:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2013/10/20 21:29:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2013/07/15 21:20:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GameRanger
[2013/08/04 21:12:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Garena
[2013/10/20 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GarenaPlus
[2012/04/26 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Guitar Pro 6
[2013/03/09 01:02:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hotspot Shield
[2012/09/18 16:29:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2012/12/24 12:10:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient
[2012/09/23 20:49:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayClaw3
[2013/03/22 14:54:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayClaw4
[2012/08/07 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Subversion
[2012/03/11 00:46:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
[2013/08/18 20:54:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tunngle
[2012/05/23 18:43:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VOX
[2013/01/10 01:30:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\xim

========== Purity Check ==========

< End of report >

#13
RKinner

Posted 20 October 2013 - 02:49 PM

Malware Expert

Expert
24,442 posts

I'm seeing signs of a different infection so let's try:

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

You should get a log file when it finishes and reboots. If not run it one more time. I'll need to see the log in your reply.

#14
frozenthunder

Posted 20 October 2013 - 09:25 PM

Member

Topic Starter
Member
140 posts

Here's the log. When i was running combofix, I was unable to close the autorun eater infection pop-up though.

ComboFix 13-10-19.02 - Owner 10/21/2013 11:08:37.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.5898 [GMT 8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\wmimgmt.exe
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp~ghi.log
c:\users\Owner\AppData\Local\Temp\_MEI7322\_ctypes.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\_elementtree.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\_hashlib.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\_multiprocessing.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\_socket.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\_ssl.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\msvcp100.dll
c:\users\Owner\AppData\Local\Temp\_MEI7322\msvcr100.dll
c:\users\Owner\AppData\Local\Temp\_MEI7322\pyexpat.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\pysqlite2._sqlite.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\python27.dll
c:\users\Owner\AppData\Local\Temp\_MEI7322\pythoncom27.dll
c:\users\Owner\AppData\Local\Temp\_MEI7322\PyWinTypes27.dll
c:\users\Owner\AppData\Local\Temp\_MEI7322\select.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\unicodedata.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\win32api.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\win32com.shell.shell.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\win32crypt.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\win32event.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\win32file.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\win32inet.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\win32pdh.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\win32process.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\win32profile.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\win32security.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\win32ts.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\windows._cacheinvalidation.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\wx._controls_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\wx._core_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\wx._gdi_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\wx._html2.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\wx._misc_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\wx._windows_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\wx._wizard.pyd
c:\users\Owner\AppData\Local\Temp\_MEI7322\wxbase294u_net_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI7322\wxbase294u_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI7322\wxmsw294u_adv_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI7322\wxmsw294u_core_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI7322\wxmsw294u_html_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI7322\wxmsw294u_webview_vc90.dll
F:\$AVG.exe
F:\$RECYCLE.BIN.exe
F:\1101 project.exe
F:\1102 project.exe
F:\3c946a3a5ee6892a650c43daa4.exe
F:\autorun .inf.exe
F:\Autorun.inf
F:\Backup D drive.exe
F:\backup Prabhu folder.exe
F:\Bioshock2.exe
F:\CDtools.exe
F:\CE.exe
F:\codecs.exe
F:\ConverterOutput.exe
F:\db37c78e88b1216de9b5cca8.exe
F:\declub posters.exe
F:\desktop folders.exe
F:\economics.exe
F:\English Songs.exe
F:\FOUND.000.exe
F:\FOUND.001.exe
F:\FOUND.002.exe
F:\FOUND.003.exe
F:\FOUND.004.exe
F:\Games.exe
F:\Movies.exe
F:\msdownld.tmp.exe
F:\Music.exe
F:\NUS MATTERS.exe
F:\photos.exe
F:\Photoshop CS5.exe
F:\Photoshop.exe
F:\pics.exe
F:\PSP Games.exe
F:\PSP Updates.exe
F:\school.exe
F:\Sketch PS.exe
F:\Sociology tutorial 2.exe
F:\toshiba.exe
F:\Total Video Converter.exe
F:\TV Shows.exe
F:\TVC.exe
F:\Z.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-09-21 to 2013-10-21 )))))))))))))))))))))))))))))))
.
.
2013-10-21 03:16 . 2013-10-21 03:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-21 03:16 . 2013-10-21 03:16 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2013-10-21 03:16 . 2013-10-21 03:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-20 02:33 . 2013-10-20 03:56 -------- d-----w- c:\programdata\Autorun Eater
2013-10-20 02:33 . 2013-10-20 02:33 -------- d-----w- c:\program files (x86)\Autorun Eater
2013-10-19 03:18 . 2013-10-19 03:18 -------- d-----w- c:\programdata\Oracle
2013-10-19 03:18 . 2013-10-19 03:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-10-19 03:18 . 2013-10-07 23:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-19 02:24 . 2013-10-19 02:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-19 02:24 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-19 02:12 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A67ABD64-A703-4D61-AC86-0B39E57A7EAD}\mpengine.dll
2013-10-19 01:50 . 2013-10-19 01:50 -------- d-----w- C:\FRST
2013-10-19 01:44 . 2013-10-19 01:44 -------- d-----w- C:\_OTL
2013-10-15 03:02 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-15 03:02 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-15 03:02 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-15 03:02 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-15 03:02 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-15 03:02 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-15 03:02 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-13 00:20 . 2013-10-13 00:20 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-10-10 14:06 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 14:06 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2013-10-10 14:06 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll
2013-10-10 14:06 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll
2013-10-10 14:06 . 2013-06-06 05:49 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-10-10 14:06 . 2013-06-06 05:49 14336 ----a-w- c:\windows\system32\dciman32.dll
2013-10-10 14:06 . 2013-06-06 05:47 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-10-10 14:06 . 2013-06-06 04:57 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2013-10-10 14:06 . 2013-06-06 04:51 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-10-10 14:06 . 2013-06-06 04:50 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2013-10-10 14:06 . 2013-06-06 03:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-10-10 14:06 . 2013-06-06 03:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-10-10 14:04 . 2013-08-28 01:21 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-10 14:03 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-08 00:49 . 2013-10-19 14:46 -------- d-----w- c:\users\Owner\AppData\Local\CrashDumps
2013-09-29 13:45 . 2013-09-29 13:45 -------- d-----w- c:\programdata\Panda Security
2013-09-29 13:45 . 2013-09-29 13:45 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2013-09-26 18:37 . 2013-09-26 18:37 587040 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-09-24 14:13 . 2013-09-24 14:13 -------- d-----w- c:\users\Owner\AppData\Local\Razer
2013-09-24 14:04 . 2013-08-26 19:05 74456 ----a-w- c:\windows\system32\drivers\RzFilter.sys
2013-09-24 14:04 . 2013-08-26 19:05 128984 ----a-w- c:\windows\system32\drivers\RzDxgk.sys
2013-09-24 14:04 . 2013-09-24 14:04 -------- d-----w- c:\programdata\Razer
2013-09-24 14:04 . 2013-09-24 14:04 -------- d-----w- c:\windows\Razer Core
2013-09-24 14:04 . 2013-09-24 14:04 -------- d-----w- c:\program files (x86)\Razer
2013-09-22 19:20 . 2013-09-17 20:31 46792 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 15:09 . 2013-05-02 13:27 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-09 15:17 . 2012-04-25 22:05 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 15:17 . 2012-03-10 14:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-27 08:57 . 2012-10-11 16:34 15232424 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-09-27 08:57 . 2012-03-10 13:42 18259624 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-09-27 08:57 . 2012-03-10 13:42 1432408 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-09-27 08:57 . 2012-03-10 12:00 3052616 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-27 08:57 . 2012-03-10 12:00 2682816 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-09-27 07:45 . 2012-03-10 12:00 6641440 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-27 07:45 . 2012-03-10 12:00 3483424 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-27 07:44 . 2012-03-10 12:00 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-27 07:44 . 2012-03-10 12:00 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-27 07:44 . 2012-03-10 12:00 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-26 13:32 . 2012-03-10 13:42 3386608 ----a-w- c:\windows\system32\nvcoproc.bin
2013-09-12 08:58 . 2013-09-20 14:03 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll
2013-09-12 08:58 . 2013-09-20 14:03 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll
2013-09-03 06:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 01:48 . 2013-10-10 14:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-24 02:50 . 2013-08-24 02:50 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-08-20 13:33 . 2013-08-29 05:20 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-08-20 13:32 . 2013-08-29 05:20 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-08-20 13:32 . 2013-08-29 05:20 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-08-18 21:02 . 2013-08-29 05:32 1884448 ----a-w- c:\windows\system32\nvdispco6432680.dll
2013-08-18 21:02 . 2013-08-29 05:32 1511712 ----a-w- c:\windows\system32\nvdispgenco6432680.dll
2013-08-05 02:25 . 2013-09-11 16:53 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-11 16:53 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-11 16:53 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-11 16:53 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-11 16:53 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-11 16:53 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-11 16:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-11 16:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-11 16:53 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-11 16:53 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-11 16:53 338432 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-11 16:53 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-11 16:53 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 16:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-26 02:24 . 2013-09-11 16:51 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-07-26 02:24 . 2013-09-11 16:51 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-07-25 09:25 . 2013-08-14 14:47 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 14:47 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2011-08-02 2248704]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2013-08-06 9739056]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Steam"="c:\program files (x86)\steam\Steam.exe" [2013-10-09 1813928]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]
"Razer Comms"="c:\program files (x86)\Razer\Core\RazerCore.exe" [2013-08-26 1091264]
"wmi32"="c:\programdata\Application Data\wmimgmt.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Autorun Eater"="c:\program files (x86)\Autorun Eater\oldmcdonald.exe" [2012-02-17 522720]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-10-11 29768376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
JVExec.lnk - c:\program files (x86)\VOX\JamVOX\JVExec.exe [2009-4-15 980280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 JamVOXUSBAudioSrv;CEntrance USB Audio Driver Service for JamVOX;c:\windows\system32\drivers\jamvox.sys;c:\windows\SYSNATIVE\drivers\jamvox.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 JAMVOX_AA;Service for JamVOX Controller driver;c:\windows\system32\DRIVERS\JamDRV.sys;c:\windows\SYSNATIVE\DRIVERS\JamDRV.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 JAMVOX_01;Service for JamVOX Audio driver;c:\windows\system32\DRIVERS\JamWdm.sys;c:\windows\SYSNATIVE\DRIVERS\JamWdm.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-19 15:19 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 15:17]
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-02 12:52]
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-02 12:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JamInit"="InitJam.exe" [2009-04-14 253008]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\
FF - ExtSQL: 2013-09-01 23:36; [email protected]; c:\program files (x86)\Mozilla Firefox\browser\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3533916949-36865485-774322356-1000\¬ ë*W*]
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Garena Plus\ggdllhost.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-10-21 11:22:30 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-21 03:22
.
Pre-Run: 22,734,114,816 bytes free
Post-Run: 22,299,549,696 bytes free
.
- - End Of File - - 302FF4646E1BA809B95AC17965F4E71D
A36C5E4F47E84449FF07ED3517B43A31

#15
RKinner

Posted 21 October 2013 - 01:14 AM

Malware Expert

Expert
24,442 posts

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************
DirLook::
C:\Program Files\Common
%user%\library

File::
c:\programdata\Application Data\wmimgmt.exe
H:\AUTORUN_.INF -- [ FAT32 ]
H:\AuToRUn.iNf
c:\RECyCLER\wmimgmt.com
d:\RECyCLER\wmimgmt.com
f:\RECyCLER\wmimgmt.com
h:\RECyCLER\wmimgmt.com
c:\programdata\wmimgmt.exe

RootKit::
c:\programdata\Application Data\wmimgmt.exe
c:\programdata\wmimgmt.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wmi32"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Do you see any sign of the malware now?