Getting random popups while browsing..

Hello! While browsing I seem to get random popups, failure to disconnect to websites and really slow internet speeds while playing games.
I am using x64 Windows 7 so I assume I don't have to do a GMER Log.. Thanks for the help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Daroth Men at 19:45:34 on 2012-05-17
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.7935.5234 [GMT -5:00]
.
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm
IE: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: pcapwsp.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
LSP: mswsock.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{0B47D2C2-3636-4E51-B6DA-6EEF1042FFAC} : DhcpNameServer = 192.168.1.254 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
STS: CAveStartButtonChangerObject Class: {f791a188-699d-4fd4-955a-eb59e89b1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
STS-X64: CAveStartButtonChangerObject Class: {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Daroth Men\AppData\Roaming\Mozilla\Firefox\Profiles\ermbuj6h.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPGetRt.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Roblox\Versions\version-76ed5b3c6cb0467f\NPRobloxProxy.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Daroth Men\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-17 654408]
R2 pcapsvc;ProxyCap Service;C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe [2010-9-18 635904]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-5-6 2280312]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 0131331298771391mcinstcleanup;McAfee Application Installer Cleanup (0131331298771391);C:\Users\DAROTH~1\AppData\Local\Temp\013133~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Users\DAROTH~1\AppData\Local\Temp\013133~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-12 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 257696]
S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2011-5-27 45176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S4 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-8-9 974944]
S4 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
S4 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;C:\Windows\Installer\MSI6FBC.tmp [2011-2-12 102400]
S4 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S4 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-9 2214504]
S4 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-26 243232]
S4 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-17 22:42:34 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{EEF494E6-D5A8-4A7A-8016-8EA729C9B7DC}
2012-05-17 22:42:09 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{297523F8-F950-44D8-B6EA-913DA9AD5E9B}
2012-05-17 22:30:24 388096 ----a-r- C:\Users\Daroth Men\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-17 22:30:24 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-05-17 21:29:11 711240 ----a-w- C:\Windows\isRS-000.tmp
2012-05-17 19:35:31 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-14 08:08:13 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{F2BBDC24-828C-4572-A353-D9B57486B5E4}
2012-05-14 08:07:59 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{61D2F960-9ABE-4C5D-B8F4-89ACC6530C2D}
2012-05-14 05:49:58 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4BBFCB27-F064-425B-B2C5-671A73EAFCE8}\mpengine.dll
2012-05-14 05:43:51 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-14 05:43:51 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-14 05:43:50 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-14 05:43:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-14 05:43:14 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-14 05:43:14 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-14 05:43:07 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-14 05:42:59 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-14 05:42:59 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-14 05:42:59 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-14 05:42:59 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-14 05:42:59 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-14 05:42:21 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 09:58:05 -------- d-----w- C:\Program Files (x86)\Warlock - Master of the Arcane
2012-05-09 06:28:06 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{FCC93700-BB83-4784-97F9-84B75706B256}
2012-05-09 06:27:44 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{2C4F4D66-C818-401E-8BE9-C40E86E8B1C1}
2012-05-04 18:50:44 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{9B29C5AA-7A7F-4448-973D-E1B6C2DBB9EF}
2012-05-04 06:50:06 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{14A52160-BF47-4174-A66F-EB73E9102D3A}
2012-05-04 06:49:49 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{B8B40223-A61A-4642-BBC8-E15AB7484853}
2012-04-30 22:23:39 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{0F891A57-CE5F-4629-B0C5-AE9413C33586}
2012-04-30 22:23:17 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{37FD59F9-EB64-45B7-9D5C-97786B3E63BF}
2012-04-28 07:52:21 -------- d-----w- C:\Program Files (x86)\Common Files\duowan
2012-04-27 21:03:11 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{D5632273-6A8F-465C-9645-FE5029DBE9D0}
2012-04-27 21:02:48 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{A2142178-ACEF-47BC-86C3-6B0F576E5F7B}
2012-04-26 19:55:56 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{ED21C120-494C-45F2-AD23-D45CCD4C05D3}
2012-04-26 19:55:33 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{03BC2C81-482E-49C3-BCEE-77636E65A196}
2012-04-26 07:21:31 -------- d-----w- C:\Down
2012-04-26 07:21:00 -------- d-----w- C:\Perfect World Entertainment
2012-04-26 02:38:35 -------- d-----w- C:\ProgramData\RELOADED
2012-04-26 02:37:15 -------- d-----w- C:\Program Files (x86)\The Walking Dead
2012-04-26 01:15:03 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 01:15:03 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-26 01:07:40 -------- d-----w- C:\Program Files (x86)\Legend of Grimrock
2012-04-25 20:18:55 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{73E6B085-AE95-48BF-858E-E944AE5F4C4A}
2012-04-25 20:18:34 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{B7674ED7-4AC5-44D3-BA94-EF81DE144510}
2012-04-24 21:53:51 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{7646C7E7-B22D-4249-B639-6EC41D3BDD8A}
2012-04-24 21:53:38 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{361A3E4A-6D54-4F95-9854-7702C015CDE7}
2012-04-23 20:22:33 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{06B666FC-1037-41F1-B333-843D6BC758CA}
2012-04-23 20:22:12 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{4A460095-1DB5-457B-AFDA-6362FFB3E3A3}
2012-04-23 01:35:12 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{70E1D66F-AF05-4C7F-8CBE-AF8CC0D8EC8F}
2012-04-23 01:34:50 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{5AD6F839-DBF7-4202-8897-A6EBEFA55E16}
2012-04-21 19:41:09 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{7E08015F-69AE-45B5-95EF-D2E416E5075F}
2012-04-20 19:57:01 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{2D3080DE-9894-416D-985C-22812233F483}
2012-04-20 19:56:51 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{DA2FE6E4-03AC-41A5-AADA-4B591A202D1F}
2012-04-19 21:00:40 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{725F758A-2BC2-47F5-BCFA-07DD5E176A85}
2012-04-19 21:00:30 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{2B027C2A-3DD9-43A3-B75C-610F0FAC2427}
2012-04-18 20:42:10 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 20:19:07 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-18 19:31:30 -------- d-----w- C:\Users\Daroth Men\AppData\Roaming\NVIDIA
2012-04-18 19:28:39 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-18 19:28:39 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-18 19:28:39 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-18 19:28:38 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-18 19:28:38 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-18 19:28:38 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-18 19:28:38 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-18 19:02:42 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-18 19:02:42 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-18 19:02:42 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-18 19:02:42 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-18 19:00:02 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{E569E584-42C8-4F32-97C9-C7F08B6677E9}
2012-04-18 18:59:44 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{508AC4AE-28CA-468A-8D91-4428E7DB446A}
2012-04-18 18:58:17 -------- d-----w- C:\Windows\en
2012-04-18 18:52:19 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\615d25001cd1d9401\DSETUP.dll
2012-04-18 18:52:19 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\615d25001cd1d9401\DXSETUP.exe
2012-04-18 18:52:19 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\615d25001cd1d9401\dsetup32.dll
2012-04-18 18:52:19 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\61a997501cd1d9402\MeshBetaRemover.exe
2012-04-18 18:33:21 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{3698E4FC-B6CD-455A-95B5-93FA6902FBE6}
2012-04-18 18:33:11 -------- d-----w- C:\Users\Daroth Men\AppData\Local\{9D50A14F-0598-46B2-829F-4706A234C2C1}
.
==================== Find3M ====================
.
2012-05-05 13:42:53 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-08 23:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 23:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 19:46:43.73 ===============

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
WinPatrol 2008 (Outdated! Latest version is WinPatrol 2011)
MVPS Hosts File
Spybot - Search & Destroy
Java™ 6 Update 22
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.6.13) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
WinPatrol winpatrol.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````


And I can't find Combofix's logs anywhere but it ran fine.

extra combofix report

• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
• please copy and past the following into the box

C:\ComboFix.txt

• click ok

copy and paste the report into this topic for me to review

Gringo

It says "Windows cannot C:\ComboFix.txt." I don't have any AV running.. The program seems to run fine and it finishes just no text file..

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Tdsskiller Log

15:50:23.0579 1552 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
15:50:24.0078 1552 ============================================================
15:50:24.0078 1552 Current date / time: 2012/05/18 15:50:24.0078
15:50:24.0078 1552 SystemInfo:
15:50:24.0078 1552
15:50:24.0078 1552 OS Version: 6.1.7601 ServicePack: 1.0
15:50:24.0078 1552 Product type: Workstation
15:50:24.0078 1552 ComputerName: DM
15:50:24.0078 1552 UserName: Daroth Men
15:50:24.0078 1552 Windows directory: C:\Windows
15:50:24.0078 1552 System windows directory: C:\Windows
15:50:24.0078 1552 Running under WOW64
15:50:24.0078 1552 Processor architecture: Intel x64
15:50:24.0078 1552 Number of processors: 2
15:50:24.0078 1552 Page size: 0x1000
15:50:24.0078 1552 Boot type: Normal boot
15:50:24.0078 1552 ============================================================
15:50:25.0357 1552 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:50:25.0373 1552 ============================================================
15:50:25.0373 1552 \Device\Harddisk0\DR0:
15:50:25.0373 1552 MBR partitions:
15:50:25.0373 1552 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2328800, BlocksNum 0x32000
15:50:25.0373 1552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x235A800, BlocksNum 0x723ABDB0
15:50:25.0373 1552 ============================================================
15:50:25.0404 1552 C: <-> \Device\Harddisk0\DR0\Partition1
15:50:25.0404 1552 ============================================================
15:50:25.0404 1552 Initialize success
15:50:25.0404 1552 ============================================================
15:50:27.0744 3988 ============================================================
15:50:27.0744 3988 Scan started
15:50:27.0744 3988 Mode: Manual;
15:50:27.0744 3988 ============================================================
15:50:30.0833 3988 0131331298771391mcinstcleanup - ok
15:50:30.0942 3988 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:50:30.0942 3988 1394ohci - ok
15:50:30.0973 3988 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:50:30.0989 3988 ACPI - ok
15:50:31.0005 3988 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:50:31.0005 3988 AcpiPmi - ok
15:50:31.0145 3988 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:50:31.0145 3988 AdobeFlashPlayerUpdateSvc - ok
15:50:31.0192 3988 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:50:31.0223 3988 adp94xx - ok
15:50:31.0239 3988 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:50:31.0239 3988 adpahci - ok
15:50:31.0254 3988 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:50:31.0270 3988 adpu320 - ok
15:50:31.0285 3988 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:50:31.0285 3988 AeLookupSvc - ok
15:50:31.0348 3988 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:50:31.0348 3988 AFD - ok
15:50:31.0379 3988 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:50:31.0379 3988 agp440 - ok
15:50:31.0395 3988 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:50:31.0395 3988 ALG - ok
15:50:31.0395 3988 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:50:31.0395 3988 aliide - ok
15:50:31.0410 3988 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:50:31.0441 3988 amdide - ok
15:50:31.0551 3988 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:50:31.0566 3988 AmdK8 - ok
15:50:31.0613 3988 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:50:31.0613 3988 AmdPPM - ok
15:50:31.0660 3988 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:50:31.0660 3988 amdsata - ok
15:50:31.0675 3988 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:50:31.0675 3988 amdsbs - ok
15:50:31.0691 3988 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:50:31.0691 3988 amdxata - ok
15:50:31.0722 3988 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:50:31.0722 3988 AppID - ok
15:50:31.0738 3988 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:50:31.0738 3988 AppIDSvc - ok
15:50:31.0769 3988 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:50:31.0769 3988 Appinfo - ok
15:50:31.0831 3988 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:50:31.0831 3988 Apple Mobile Device - ok
15:50:31.0847 3988 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:50:31.0847 3988 arc - ok
15:50:31.0863 3988 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:50:31.0863 3988 arcsas - ok
15:50:31.0956 3988 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:50:31.0956 3988 aspnet_state - ok
15:50:31.0972 3988 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:50:31.0972 3988 AsyncMac - ok
15:50:31.0987 3988 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:50:31.0987 3988 atapi - ok
15:50:32.0050 3988 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:50:32.0081 3988 AudioEndpointBuilder - ok
15:50:32.0097 3988 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:50:32.0097 3988 AudioSrv - ok
15:50:32.0206 3988 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:50:32.0206 3988 AxInstSV - ok
15:50:32.0253 3988 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:50:32.0268 3988 b06bdrv - ok
15:50:32.0284 3988 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:50:32.0284 3988 b57nd60a - ok
15:50:32.0315 3988 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:50:32.0315 3988 BDESVC - ok
15:50:32.0315 3988 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:50:32.0315 3988 Beep - ok
15:50:32.0377 3988 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:50:32.0393 3988 BITS - ok
15:50:32.0409 3988 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:50:32.0409 3988 blbdrive - ok
15:50:32.0455 3988 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:50:32.0471 3988 Bonjour Service - ok
15:50:32.0487 3988 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:50:32.0502 3988 bowser - ok
15:50:32.0518 3988 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:50:32.0518 3988 BrFiltLo - ok
15:50:32.0518 3988 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:50:32.0518 3988 BrFiltUp - ok
15:50:32.0533 3988 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:50:32.0533 3988 BridgeMP - ok
15:50:32.0565 3988 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:50:32.0580 3988 Browser - ok
15:50:32.0596 3988 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:50:32.0611 3988 Brserid - ok
15:50:32.0611 3988 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:50:32.0611 3988 BrSerWdm - ok
15:50:32.0611 3988 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:50:32.0611 3988 BrUsbMdm - ok
15:50:32.0627 3988 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:50:32.0627 3988 BrUsbSer - ok
15:50:32.0627 3988 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:50:32.0627 3988 BTHMODEM - ok
15:50:32.0643 3988 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:50:32.0643 3988 bthserv - ok
15:50:32.0658 3988 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:50:32.0658 3988 cdfs - ok
15:50:32.0674 3988 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:50:32.0674 3988 cdrom - ok
15:50:32.0721 3988 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:50:32.0721 3988 CertPropSvc - ok
15:50:32.0721 3988 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:50:32.0721 3988 circlass - ok
15:50:32.0752 3988 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:50:32.0752 3988 CLFS - ok
15:50:32.0783 3988 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:50:32.0783 3988 clr_optimization_v2.0.50727_32 - ok
15:50:32.0830 3988 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:50:32.0830 3988 clr_optimization_v2.0.50727_64 - ok
15:50:32.0908 3988 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:50:32.0908 3988 clr_optimization_v4.0.30319_32 - ok
15:50:33.0033 3988 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:50:33.0033 3988 clr_optimization_v4.0.30319_64 - ok
15:50:33.0033 3988 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:50:33.0033 3988 CmBatt - ok
15:50:33.0048 3988 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:50:33.0048 3988 cmdide - ok
15:50:33.0095 3988 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:50:33.0111 3988 CNG - ok
15:50:33.0111 3988 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:50:33.0111 3988 Compbatt - ok
15:50:33.0142 3988 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:50:33.0142 3988 CompositeBus - ok
15:50:33.0142 3988 COMSysApp - ok
15:50:33.0142 3988 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:50:33.0142 3988 crcdisk - ok
15:50:33.0204 3988 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:50:33.0204 3988 CryptSvc - ok
15:50:33.0313 3988 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:50:33.0329 3988 cvhsvc - ok
15:50:33.0376 3988 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
15:50:33.0376 3988 DAUpdaterSvc - ok
15:50:33.0423 3988 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:50:33.0438 3988 DcomLaunch - ok
15:50:33.0469 3988 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:50:33.0469 3988 defragsvc - ok
15:50:33.0532 3988 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:50:33.0532 3988 DfsC - ok
15:50:33.0579 3988 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:50:33.0594 3988 Dhcp - ok
15:50:33.0610 3988 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:50:33.0610 3988 discache - ok
15:50:33.0625 3988 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:50:33.0641 3988 Disk - ok
15:50:33.0657 3988 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:50:33.0672 3988 Dnscache - ok
15:50:33.0703 3988 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:50:33.0719 3988 dot3svc - ok
15:50:33.0719 3988 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:50:33.0719 3988 DPS - ok
15:50:33.0781 3988 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:50:33.0781 3988 drmkaud - ok
15:50:33.0844 3988 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:50:33.0844 3988 DXGKrnl - ok
15:50:33.0859 3988 EagleX64 - ok
15:50:33.0891 3988 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
15:50:33.0891 3988 eamonm - ok
15:50:33.0922 3988 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:50:33.0922 3988 EapHost - ok
15:50:34.0078 3988 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:50:34.0125 3988 ebdrv - ok
15:50:34.0234 3988 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:50:34.0234 3988 EFS - ok
15:50:34.0281 3988 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
15:50:34.0281 3988 ehdrv - ok
15:50:34.0343 3988 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:50:34.0343 3988 ehRecvr - ok
15:50:34.0374 3988 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:50:34.0374 3988 ehSched - ok
15:50:34.0499 3988 ekrn (f0eebac2f362aa866188a1c0ef819cb9) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
15:50:34.0499 3988 ekrn - ok
15:50:34.0561 3988 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:50:34.0577 3988 elxstor - ok
15:50:34.0608 3988 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys
15:50:34.0608 3988 epfw - ok
15:50:34.0624 3988 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys
15:50:34.0624 3988 EpfwLWF - ok
15:50:34.0639 3988 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys
15:50:34.0639 3988 epfwwfp - ok
15:50:34.0655 3988 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:50:34.0655 3988 ErrDev - ok
15:50:34.0702 3988 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:50:34.0702 3988 EventSystem - ok
15:50:34.0717 3988 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:50:34.0717 3988 exfat - ok
15:50:34.0733 3988 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:50:34.0749 3988 fastfat - ok
15:50:34.0795 3988 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:50:34.0811 3988 Fax - ok
15:50:34.0827 3988 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:50:34.0827 3988 fdc - ok
15:50:34.0858 3988 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:50:34.0858 3988 fdPHost - ok
15:50:34.0873 3988 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:50:34.0873 3988 FDResPub - ok
15:50:34.0889 3988 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:50:34.0889 3988 FileInfo - ok
15:50:34.0905 3988 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:50:34.0905 3988 Filetrace - ok
15:50:34.0905 3988 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:50:34.0920 3988 flpydisk - ok
15:50:34.0936 3988 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:50:34.0951 3988 FltMgr - ok
15:50:35.0014 3988 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:50:35.0029 3988 FontCache - ok
15:50:35.0092 3988 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:50:35.0092 3988 FontCache3.0.0.0 - ok
15:50:35.0185 3988 ForceWare Intelligent Application Manager (IAM) (a9ff65ea14e4cabfcc1bb8ece111a249) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
15:50:35.0201 3988 ForceWare Intelligent Application Manager (IAM) - ok
15:50:35.0217 3988 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:50:35.0232 3988 FsDepends - ok
15:50:35.0263 3988 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:50:35.0263 3988 Fs_Rec - ok
15:50:35.0295 3988 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:50:35.0295 3988 fvevol - ok
15:50:35.0310 3988 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:50:35.0310 3988 gagp30kx - ok
15:50:35.0388 3988 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
15:50:35.0404 3988 GameConsoleService - ok
15:50:35.0419 3988 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:50:35.0419 3988 GEARAspiWDM - ok
15:50:35.0482 3988 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:50:35.0497 3988 gpsvc - ok
15:50:35.0529 3988 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
15:50:35.0529 3988 GREGService - ok
15:50:35.0575 3988 Gun (721ce1551f8198714f3cabfe2147939b) C:\Game\SoftnyxGame\GunBoundIS\Gun64.sys
15:50:35.0575 3988 Gun - ok
15:50:35.0591 3988 hcmon (ba207b48aa3d9d73fd4856400f852458) C:\Windows\system32\drivers\hcmon.sys
15:50:35.0591 3988 hcmon - ok
15:50:35.0638 3988 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:50:35.0638 3988 hcw85cir - ok
15:50:35.0700 3988 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:50:35.0700 3988 HdAudAddService - ok
15:50:35.0716 3988 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:50:35.0716 3988 HDAudBus - ok
15:50:35.0747 3988 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:50:35.0747 3988 HidBatt - ok
15:50:35.0763 3988 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:50:35.0763 3988 HidBth - ok
15:50:35.0763 3988 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:50:35.0763 3988 HidIr - ok
15:50:35.0778 3988 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:50:35.0778 3988 hidserv - ok
15:50:35.0809 3988 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:50:35.0809 3988 HidUsb - ok
15:50:35.0841 3988 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:50:35.0841 3988 hkmsvc - ok
15:50:35.0872 3988 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:50:35.0872 3988 HomeGroupListener - ok
15:50:35.0903 3988 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:50:35.0903 3988 HomeGroupProvider - ok
15:50:35.0919 3988 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:50:35.0919 3988 HpSAMD - ok
15:50:35.0965 3988 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:50:35.0981 3988 HTTP - ok
15:50:36.0012 3988 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:50:36.0012 3988 hwpolicy - ok
15:50:36.0075 3988 HyperDeskCustomThemeEnabler (ea644a529809d2218c0d7062582dd4dd) C:\Windows\Installer\MSI6FBC.tmp
15:50:36.0075 3988 HyperDeskCustomThemeEnabler - ok
15:50:36.0106 3988 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:50:36.0106 3988 i8042prt - ok
15:50:36.0137 3988 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:50:36.0153 3988 iaStorV - ok
15:50:36.0231 3988 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:50:36.0231 3988 IDriverT - ok
15:50:36.0309 3988 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:50:36.0340 3988 idsvc - ok
15:50:36.0433 3988 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:50:36.0433 3988 iirsp - ok
15:50:36.0496 3988 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:50:36.0527 3988 IKEEXT - ok
15:50:37.0198 3988 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
15:50:37.0198 3988 IntcAzAudAddService - ok
15:50:37.0401 3988 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:50:37.0401 3988 intelide - ok
15:50:37.0416 3988 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:50:37.0416 3988 intelppm - ok
15:50:37.0432 3988 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:50:37.0432 3988 IPBusEnum - ok
15:50:37.0447 3988 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:50:37.0447 3988 IpFilterDriver - ok
15:50:37.0510 3988 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:50:37.0525 3988 iphlpsvc - ok
15:50:37.0541 3988 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:50:37.0541 3988 IPMIDRV - ok
15:50:37.0557 3988 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:50:37.0557 3988 IPNAT - ok
15:50:37.0697 3988 iPod Service (a9e53e1a9c4274eebc00d36ae5ed40de) C:\Program Files\iPod\bin\iPodService.exe
15:50:37.0697 3988 iPod Service - ok
15:50:37.0744 3988 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:50:37.0744 3988 IRENUM - ok
15:50:37.0759 3988 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:50:37.0759 3988 isapnp - ok
15:50:37.0791 3988 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:50:37.0791 3988 iScsiPrt - ok
15:50:37.0822 3988 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:50:37.0822 3988 kbdclass - ok
15:50:37.0947 3988 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:50:37.0947 3988 kbdhid - ok
15:50:37.0962 3988 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:37.0962 3988 KeyIso - ok
15:50:37.0993 3988 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:50:37.0993 3988 KSecDD - ok
15:50:38.0009 3988 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:50:38.0009 3988 KSecPkg - ok
15:50:38.0009 3988 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:50:38.0009 3988 ksthunk - ok
15:50:38.0056 3988 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:50:38.0071 3988 KtmRm - ok
15:50:38.0118 3988 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:50:38.0134 3988 LanmanServer - ok
15:50:38.0165 3988 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:50:38.0165 3988 LanmanWorkstation - ok
15:50:38.0181 3988 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:50:38.0181 3988 lltdio - ok
15:50:38.0227 3988 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:50:38.0227 3988 lltdsvc - ok
15:50:38.0243 3988 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:50:38.0243 3988 lmhosts - ok
15:50:38.0259 3988 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:50:38.0259 3988 LSI_FC - ok
15:50:38.0274 3988 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:50:38.0274 3988 LSI_SAS - ok
15:50:38.0305 3988 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:50:38.0305 3988 LSI_SAS2 - ok
15:50:38.0305 3988 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:50:38.0305 3988 LSI_SCSI - ok
15:50:38.0337 3988 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:50:38.0337 3988 luafv - ok
15:50:38.0368 3988 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
15:50:38.0368 3988 ManyCam - ok
15:50:38.0415 3988 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:50:38.0415 3988 MBAMProtector - ok
15:50:38.0555 3988 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:50:38.0555 3988 MBAMService - ok
15:50:38.0633 3988 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
15:50:38.0633 3988 McciCMService - ok
15:50:38.0680 3988 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:50:38.0680 3988 Mcx2Svc - ok
15:50:38.0695 3988 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:50:38.0695 3988 megasas - ok
15:50:38.0711 3988 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:50:38.0727 3988 MegaSR - ok
15:50:38.0742 3988 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:50:38.0742 3988 MMCSS - ok
15:50:38.0742 3988 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:50:38.0758 3988 Modem - ok
15:50:38.0773 3988 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:50:38.0773 3988 monitor - ok
15:50:38.0789 3988 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:50:38.0789 3988 mouclass - ok
15:50:38.0789 3988 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:50:38.0789 3988 mouhid - ok
15:50:38.0820 3988 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:50:38.0820 3988 mountmgr - ok
15:50:38.0851 3988 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:50:38.0851 3988 mpio - ok
15:50:38.0851 3988 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:50:38.0851 3988 mpsdrv - ok
15:50:38.0883 3988 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
15:50:38.0883 3988 MREMP50 - ok
15:50:38.0945 3988 MREMP50a64 - ok
15:50:38.0945 3988 MREMPR5 - ok
15:50:38.0961 3988 MRENDIS5 - ok
15:50:38.0976 3988 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
15:50:38.0976 3988 MRESP50 - ok
15:50:38.0976 3988 MRESP50a64 - ok
15:50:39.0007 3988 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:50:39.0007 3988 MRxDAV - ok
15:50:39.0039 3988 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:50:39.0039 3988 mrxsmb - ok
15:50:39.0085 3988 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:50:39.0085 3988 mrxsmb10 - ok
15:50:39.0117 3988 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:50:39.0117 3988 mrxsmb20 - ok
15:50:39.0132 3988 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:50:39.0132 3988 msahci - ok
15:50:39.0148 3988 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:50:39.0148 3988 msdsm - ok
15:50:39.0179 3988 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:50:39.0179 3988 MSDTC - ok
15:50:39.0195 3988 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:50:39.0210 3988 Msfs - ok
15:50:39.0226 3988 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:50:39.0226 3988 mshidkmdf - ok
15:50:39.0241 3988 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:50:39.0241 3988 msisadrv - ok
15:50:39.0273 3988 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:50:39.0273 3988 MSiSCSI - ok
15:50:39.0273 3988 msiserver - ok
15:50:39.0304 3988 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:50:39.0304 3988 MSKSSRV - ok
15:50:39.0304 3988 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:50:39.0304 3988 MSPCLOCK - ok
15:50:39.0319 3988 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:50:39.0319 3988 MSPQM - ok
15:50:39.0366 3988 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:50:39.0366 3988 MsRPC - ok
15:50:39.0397 3988 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:50:39.0397 3988 mssmbios - ok
15:50:39.0397 3988 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:50:39.0397 3988 MSTEE - ok
15:50:39.0413 3988 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:50:39.0413 3988 MTConfig - ok
15:50:39.0429 3988 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:50:39.0444 3988 Mup - ok
15:50:39.0460 3988 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:50:39.0460 3988 mwlPSDFilter - ok
15:50:39.0475 3988 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:50:39.0475 3988 mwlPSDNServ - ok
15:50:39.0491 3988 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:50:39.0491 3988 mwlPSDVDisk - ok
15:50:39.0553 3988 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
15:50:39.0569 3988 MWLService - ok
15:50:39.0616 3988 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:50:39.0647 3988 napagent - ok
15:50:39.0709 3988 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:50:39.0725 3988 NativeWifiP - ok
15:50:39.0772 3988 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:50:39.0787 3988 NDIS - ok
15:50:39.0803 3988 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:50:39.0803 3988 NdisCap - ok
15:50:39.0819 3988 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:50:39.0819 3988 NdisTapi - ok
15:50:39.0850 3988 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:50:39.0850 3988 Ndisuio - ok
15:50:39.0897 3988 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:50:39.0897 3988 NdisWan - ok
15:50:39.0943 3988 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:50:39.0959 3988 NDProxy - ok
15:50:40.0068 3988 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:50:40.0099 3988 Nero BackItUp Scheduler 4.0 - ok
15:50:40.0131 3988 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:50:40.0131 3988 NetBIOS - ok
15:50:40.0146 3988 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:50:40.0162 3988 NetBT - ok
15:50:40.0193 3988 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:40.0193 3988 Netlogon - ok
15:50:40.0224 3988 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:50:40.0240 3988 Netman - ok
15:50:40.0365 3988 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:50:40.0380 3988 NetMsmqActivator - ok
15:50:40.0380 3988 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:50:40.0380 3988 NetPipeActivator - ok
15:50:40.0427 3988 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:50:40.0474 3988 netprofm - ok
15:50:40.0474 3988 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:50:40.0474 3988 NetTcpActivator - ok
15:50:40.0474 3988 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:50:40.0474 3988 NetTcpPortSharing - ok
15:50:40.0521 3988 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:50:40.0536 3988 nfrd960 - ok
15:50:40.0567 3988 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:50:40.0567 3988 NlaSvc - ok
15:50:40.0739 3988 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
15:50:40.0786 3988 NOBU - ok
15:50:40.0911 3988 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:50:40.0911 3988 Npfs - ok
15:50:40.0926 3988 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:50:40.0926 3988 nsi - ok
15:50:40.0926 3988 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:50:40.0926 3988 nsiproxy - ok
15:50:41.0020 3988 nSvcIp (c04f5def37e55f6a34428b050f44d3d6) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
15:50:41.0020 3988 nSvcIp - ok
15:50:41.0129 3988 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:50:41.0176 3988 Ntfs - ok
15:50:41.0254 3988 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:50:41.0254 3988 Null - ok
15:50:41.0301 3988 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
15:50:41.0301 3988 NVENETFD - ok
15:50:41.0363 3988 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
15:50:41.0363 3988 NVHDA - ok
15:50:41.0987 3988 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:50:42.0049 3988 nvlddmkm - ok
15:50:42.0424 3988 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
15:50:42.0424 3988 NVNET - ok
15:50:42.0455 3988 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:50:42.0455 3988 nvraid - ok
15:50:42.0502 3988 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys
15:50:42.0502 3988 nvsmu - ok
15:50:42.0533 3988 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:50:42.0533 3988 nvstor - ok
15:50:42.0549 3988 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys
15:50:42.0549 3988 nvstor64 - ok
15:50:42.0611 3988 NVSvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
15:50:42.0611 3988 NVSvc - ok
15:50:42.0751 3988 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:50:42.0783 3988 nvUpdatusService - ok
15:50:42.0861 3988 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:50:42.0861 3988 nv_agp - ok
15:50:42.0876 3988 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:50:42.0876 3988 ohci1394 - ok
15:50:42.0939 3988 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:50:42.0939 3988 ose - ok
15:50:43.0157 3988 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:50:43.0235 3988 osppsvc - ok
15:50:43.0313 3988 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:50:43.0313 3988 p2pimsvc - ok
15:50:43.0344 3988 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:50:43.0360 3988 p2psvc - ok
15:50:43.0375 3988 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:50:43.0375 3988 Parport - ok
15:50:43.0422 3988 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:50:43.0422 3988 partmgr - ok
15:50:43.0469 3988 pcapsvc (85eac582e1479154a405a6c47f8ddfbd) C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe
15:50:43.0485 3988 pcapsvc - ok
15:50:43.0500 3988 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:50:43.0516 3988 PcaSvc - ok
15:50:43.0531 3988 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:50:43.0531 3988 pci - ok
15:50:43.0547 3988 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:50:43.0547 3988 pciide - ok
15:50:43.0563 3988 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:50:43.0563 3988 pcmcia - ok
15:50:43.0563 3988 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:50:43.0578 3988 pcw - ok
15:50:43.0609 3988 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:50:43.0672 3988 PEAUTH - ok
15:50:43.0750 3988 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:50:43.0750 3988 PerfHost - ok
15:50:43.0859 3988 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:50:43.0906 3988 pla - ok
15:50:44.0015 3988 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:50:44.0015 3988 PlugPlay - ok
15:50:44.0031 3988 PnkBstrA - ok
15:50:44.0046 3988 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:50:44.0046 3988 PNRPAutoReg - ok
15:50:44.0062 3988 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:50:44.0062 3988 PNRPsvc - ok
15:50:44.0124 3988 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:50:44.0124 3988 PolicyAgent - ok
15:50:44.0155 3988 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:50:44.0155 3988 Power - ok
15:50:44.0202 3988 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:50:44.0202 3988 PptpMiniport - ok
15:50:44.0202 3988 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:50:44.0218 3988 Processor - ok
15:50:44.0233 3988 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:50:44.0233 3988 ProfSvc - ok
15:50:44.0265 3988 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:44.0265 3988 ProtectedStorage - ok
15:50:44.0311 3988 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:50:44.0311 3988 Psched - ok
15:50:44.0374 3988 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:50:44.0389 3988 ql2300 - ok
15:50:44.0467 3988 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:50:44.0467 3988 ql40xx - ok
15:50:44.0483 3988 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:50:44.0483 3988 QWAVE - ok
15:50:44.0499 3988 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:50:44.0499 3988 QWAVEdrv - ok
15:50:44.0514 3988 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:50:44.0514 3988 RasAcd - ok
15:50:44.0545 3988 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:50:44.0545 3988 RasAgileVpn - ok
15:50:44.0577 3988 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:50:44.0577 3988 RasAuto - ok
15:50:44.0592 3988 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:50:44.0592 3988 Rasl2tp - ok
15:50:44.0623 3988 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:50:44.0639 3988 RasMan - ok
15:50:44.0639 3988 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:50:44.0639 3988 RasPppoe - ok
15:50:44.0655 3988 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:50:44.0655 3988 RasSstp - ok
15:50:44.0686 3988 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:50:44.0686 3988 rdbss - ok
15:50:44.0701 3988 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:50:44.0701 3988 rdpbus - ok
15:50:44.0717 3988 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:50:44.0717 3988 RDPCDD - ok
15:50:44.0733 3988 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:50:44.0733 3988 RDPENCDD - ok
15:50:44.0733 3988 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:50:44.0733 3988 RDPREFMP - ok
15:50:44.0779 3988 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:50:44.0795 3988 RDPWD - ok
15:50:44.0811 3988 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:50:44.0826 3988 rdyboost - ok
15:50:44.0857 3988 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:50:44.0857 3988 RemoteAccess - ok
15:50:44.0873 3988 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:50:44.0889 3988 RemoteRegistry - ok
15:50:44.0982 3988 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
15:50:44.0998 3988 RichVideo - ok
15:50:45.0013 3988 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:50:45.0013 3988 RpcEptMapper - ok
15:50:45.0045 3988 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:50:45.0045 3988 RpcLocator - ok
15:50:45.0091 3988 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:50:45.0091 3988 RpcSs - ok
15:50:45.0107 3988 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:50:45.0107 3988 rspndr - ok
15:50:45.0107 3988 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:45.0107 3988 SamSs - ok
15:50:45.0154 3988 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:50:45.0154 3988 sbp2port - ok
15:50:45.0247 3988 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:50:45.0263 3988 SBSDWSCService - ok
15:50:45.0279 3988 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:50:45.0294 3988 SCardSvr - ok
15:50:45.0310 3988 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:50:45.0310 3988 scfilter - ok
15:50:45.0388 3988 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:50:45.0403 3988 Schedule - ok
15:50:45.0435 3988 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:50:45.0435 3988 SCPolicySvc - ok
15:50:45.0450 3988 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:50:45.0450 3988 SDRSVC - ok
15:50:45.0497 3988 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:50:45.0497 3988 SeaPort - ok
15:50:45.0513 3988 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:50:45.0513 3988 secdrv - ok
15:50:45.0528 3988 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:50:45.0528 3988 seclogon - ok
15:50:45.0544 3988 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:50:45.0544 3988 SENS - ok
15:50:45.0559 3988 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:50:45.0559 3988 SensrSvc - ok
15:50:45.0575 3988 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:50:45.0575 3988 Serenum - ok
15:50:45.0591 3988 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:50:45.0591 3988 Serial - ok
15:50:45.0622 3988 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:50:45.0622 3988 sermouse - ok
15:50:45.0684 3988 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:50:45.0684 3988 SessionEnv - ok
15:50:45.0700 3988 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:50:45.0700 3988 sffdisk - ok
15:50:45.0700 3988 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:50:45.0700 3988 sffp_mmc - ok
15:50:45.0715 3988 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:50:45.0715 3988 sffp_sd - ok
15:50:45.0715 3988 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:50:45.0731 3988 sfloppy - ok
15:50:45.0793 3988 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
15:50:45.0793 3988 Sftfs - ok
15:50:45.0887 3988 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:50:45.0887 3988 sftlist - ok
15:50:45.0981 3988 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:50:45.0981 3988 Sftplay - ok
15:50:46.0012 3988 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:50:46.0012 3988 Sftredir - ok
15:50:46.0027 3988 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
15:50:46.0027 3988 Sftvol - ok
15:50:46.0043 3988 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:50:46.0043 3988 sftvsa - ok
15:50:46.0090 3988 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:50:46.0105 3988 ShellHWDetection - ok
15:50:46.0105 3988 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:50:46.0121 3988 SiSRaid2 - ok
15:50:46.0121 3988 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:50:46.0137 3988 SiSRaid4 - ok
15:50:46.0152 3988 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:50:46.0152 3988 Smb - ok
15:50:46.0168 3988 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:50:46.0168 3988 SNMPTRAP - ok
15:50:46.0230 3988 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
15:50:46.0230 3988 speedfan - ok
15:50:46.0246 3988 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:50:46.0246 3988 spldr - ok
15:50:46.0277 3988 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:50:46.0308 3988 Spooler - ok
15:50:46.0464 3988 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:50:46.0511 3988 sppsvc - ok
15:50:46.0573 3988 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:50:46.0573 3988 sppuinotify - ok
15:50:46.0651 3988 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
15:50:46.0651 3988 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
15:50:46.0651 3988 sptd ( LockedFile.Multi.Generic ) - warning
15:50:46.0651 3988 sptd - detected LockedFile.Multi.Generic (1)
15:50:46.0698 3988 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:50:46.0714 3988 srv - ok
15:50:46.0761 3988 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:50:46.0776 3988 srv2 - ok
15:50:46.0792 3988 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:50:46.0792 3988 srvnet - ok
15:50:46.0839 3988 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:50:46.0839 3988 SSDPSRV - ok
15:50:46.0854 3988 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:50:46.0854 3988 SstpSvc - ok
15:50:46.0901 3988 Steam Client Service - ok
15:50:46.0917 3988 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:50:46.0917 3988 stexstor - ok
15:50:46.0963 3988 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:50:46.0963 3988 stisvc - ok
15:50:46.0995 3988 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:50:46.0995 3988 swenum - ok
15:50:47.0041 3988 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:50:47.0057 3988 swprv - ok
15:50:47.0166 3988 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:50:47.0182 3988 SysMain - ok
15:50:47.0229 3988 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:50:47.0244 3988 TabletInputService - ok
15:50:47.0275 3988 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:50:47.0275 3988 TapiSrv - ok
15:50:47.0275 3988 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:50:47.0291 3988 TBS - ok
15:50:47.0400 3988 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:50:47.0463 3988 Tcpip - ok
15:50:47.0899 3988 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:50:47.0915 3988 TCPIP6 - ok
15:50:47.0993 3988 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:50:47.0993 3988 tcpipreg - ok
15:50:48.0009 3988 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:50:48.0009 3988 TDPIPE - ok
15:50:48.0040 3988 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:50:48.0040 3988 TDTCP - ok
15:50:48.0087 3988 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:50:48.0087 3988 tdx - ok
15:50:48.0243 3988 TeamViewer6 (efd6843c137991cd253ca959e300e886) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
15:50:48.0258 3988 TeamViewer6 - ok
15:50:48.0305 3988 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:50:48.0305 3988 TermDD - ok
15:50:48.0336 3988 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:50:48.0352 3988 TermService - ok
15:50:48.0367 3988 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:50:48.0367 3988 Themes - ok
15:50:48.0383 3988 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:50:48.0399 3988 THREADORDER - ok
15:50:48.0414 3988 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:50:48.0414 3988 TrkWks - ok
15:50:48.0445 3988 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:50:48.0445 3988 TrustedInstaller - ok
15:50:48.0477 3988 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:50:48.0477 3988 tssecsrv - ok
15:50:48.0492 3988 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:50:48.0492 3988 TsUsbFlt - ok
15:50:48.0539 3988 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:50:48.0539 3988 tunnel - ok
15:50:48.0555 3988 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:50:48.0555 3988 uagp35 - ok
15:50:48.0586 3988 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:50:48.0601 3988 udfs - ok
15:50:48.0664 3988 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
15:50:48.0664 3988 ufad-ws60 - ok
15:50:48.0711 3988 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:50:48.0711 3988 UI0Detect - ok
15:50:48.0726 3988 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:50:48.0726 3988 uliagpkx - ok
15:50:48.0742 3988 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:50:48.0742 3988 umbus - ok
15:50:48.0757 3988 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:50:48.0757 3988 UmPass - ok
15:50:48.0820 3988 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:50:48.0820 3988 Updater Service - ok
15:50:48.0851 3988 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:50:48.0851 3988 upnphost - ok
15:50:48.0913 3988 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
15:50:48.0913 3988 USBAAPL64 - ok
15:50:48.0929 3988 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:50:48.0929 3988 usbccgp - ok
15:50:48.0960 3988 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:50:48.0960 3988 usbcir - ok
15:50:48.0976 3988 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:50:48.0976 3988 usbehci - ok
15:50:49.0007 3988 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:50:49.0007 3988 usbhub - ok
15:50:49.0023 3988 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:50:49.0023 3988 usbohci - ok
15:50:49.0038 3988 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:50:49.0038 3988 usbprint - ok
15:50:49.0054 3988 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
15:50:49.0054 3988 USBSTOR - ok
15:50:49.0069 3988 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:50:49.0069 3988 usbuhci - ok
15:50:49.0085 3988 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:50:49.0085 3988 UxSms - ok
15:50:49.0116 3988 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:49.0132 3988 VaultSvc - ok
15:50:49.0163 3988 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:50:49.0163 3988 vdrvroot - ok
15:50:49.0194 3988 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:50:49.0210 3988 vds - ok
15:50:49.0210 3988 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:50:49.0210 3988 vga - ok
15:50:49.0225 3988 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:50:49.0225 3988 VgaSave - ok
15:50:49.0241 3988 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:50:49.0241 3988 vhdmp - ok
15:50:49.0257 3988 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:50:49.0257 3988 viaide - ok
15:50:49.0288 3988 VMAuthdService (42f0ecaf36636841a4a006850695507f) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
15:50:49.0288 3988 VMAuthdService - ok
15:50:49.0303 3988 vmci (3d810a11c3e7fd4682a8824f54c1a04f) C:\Windows\system32\drivers\vmci.sys
15:50:49.0303 3988 vmci - ok
15:50:49.0319 3988 vmkbd (1af6462718e5ab0ed55014a6ef3790ef) C:\Windows\system32\drivers\VMkbd.sys
15:50:49.0319 3988 vmkbd - ok
15:50:49.0319 3988 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
15:50:49.0319 3988 VMnetAdapter - ok
15:50:49.0350 3988 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
15:50:49.0350 3988 VMnetBridge - ok
15:50:49.0350 3988 VMnetDHCP - ok
15:50:49.0366 3988 VMnetuserif (daf5e04eb56cd0ed945fb2fdd94812db) C:\Windows\system32\drivers\vmnetuserif.sys
15:50:49.0366 3988 VMnetuserif - ok
15:50:49.0444 3988 VMUSBArbService (f22098dbdd13c1221c274496b3e18da7) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
15:50:49.0444 3988 VMUSBArbService - ok
15:50:49.0459 3988 VMware NAT Service - ok
15:50:49.0459 3988 vmx86 (ae7f667db83e108e83c86a56b821e9a6) C:\Windows\system32\drivers\vmx86.sys
15:50:49.0459 3988 vmx86 - ok
15:50:49.0475 3988 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:50:49.0475 3988 volmgr - ok
15:50:49.0522 3988 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:50:49.0537 3988 volmgrx - ok
15:50:49.0569 3988 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:50:49.0569 3988 volsnap - ok
15:50:49.0584 3988 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:50:49.0584 3988 vsmraid - ok
15:50:49.0709 3988 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:50:49.0756 3988 VSS - ok
15:50:49.0787 3988 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
15:50:49.0787 3988 vstor2-ws60 - ok
15:50:49.0865 3988 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:50:49.0881 3988 vwifibus - ok
15:50:49.0927 3988 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:50:49.0943 3988 W32Time - ok
15:50:49.0959 3988 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:50:49.0974 3988 WacomPen - ok
15:50:50.0005 3988 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:50:50.0005 3988 WANARP - ok
15:50:50.0005 3988 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:50:50.0005 3988 Wanarpv6 - ok
15:50:50.0115 3988 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:50:50.0161 3988 WatAdminSvc - ok
15:50:50.0286 3988 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:50:50.0317 3988 wbengine - ok
15:50:50.0380 3988 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:50:50.0380 3988 WbioSrvc - ok
15:50:50.0427 3988 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:50:50.0427 3988 wcncsvc - ok
15:50:50.0442 3988 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:50:50.0442 3988 WcsPlugInService - ok
15:50:50.0473 3988 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:50:50.0473 3988 Wd - ok
15:50:50.0520 3988 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:50:50.0520 3988 Wdf01000 - ok
15:50:50.0536 3988 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:50:50.0536 3988 WdiServiceHost - ok
15:50:50.0551 3988 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:50:50.0551 3988 WdiSystemHost - ok
15:50:50.0583 3988 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:50:50.0583 3988 WebClient - ok
15:50:50.0614 3988 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:50:50.0614 3988 Wecsvc - ok
15:50:50.0614 3988 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:50:50.0629 3988 wercplsupport - ok
15:50:50.0629 3988 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:50:50.0629 3988 WerSvc - ok
15:50:50.0645 3988 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:50:50.0645 3988 WfpLwf - ok
15:50:50.0645 3988 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:50:50.0645 3988 WIMMount - ok
15:50:50.0661 3988 WinDefend - ok
15:50:50.0676 3988 WinHttpAutoProxySvc - ok
15:50:50.0739 3988 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:50:50.0739 3988 Winmgmt - ok
15:50:50.0848 3988 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:50:50.0910 3988 WinRM - ok
15:50:51.0035 3988 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:50:51.0051 3988 Wlansvc - ok
15:50:51.0082 3988 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:50:51.0082 3988 wlcrasvc - ok
15:50:51.0238 3988 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:50:51.0238 3988 wlidsvc - ok
15:50:51.0300 3988 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:50:51.0300 3988 WmiAcpi - ok
15:50:51.0316 3988 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:50:51.0331 3988 wmiApSrv - ok
15:50:51.0347 3988 WMPNetworkSvc - ok
15:50:51.0363 3988 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:50:51.0363 3988 WPCSvc - ok
15:50:51.0378 3988 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:50:51.0378 3988 WPDBusEnum - ok
15:50:51.0394 3988 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:50:51.0394 3988 ws2ifsl - ok
15:50:51.0394 3988 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:50:51.0409 3988 wscsvc - ok
15:50:51.0409 3988 WSearch - ok
15:50:51.0519 3988 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:50:51.0565 3988 wuauserv - ok
15:50:51.0643 3988 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:50:51.0643 3988 WudfPf - ok
15:50:51.0675 3988 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:50:51.0690 3988 WUDFRd - ok
15:50:51.0706 3988 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:50:51.0706 3988 wudfsvc - ok
15:50:51.0721 3988 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:50:51.0737 3988 WwanSvc - ok
15:50:51.0799 3988 X6va005 - ok
15:50:51.0846 3988 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:50:52.0018 3988 \Device\Harddisk0\DR0 - ok
15:50:52.0018 3988 Boot (0x1200) (4831db8892bb992461affe3a7b8ae636) \Device\Harddisk0\DR0\Partition0
15:50:52.0018 3988 \Device\Harddisk0\DR0\Partition0 - ok
15:50:52.0049 3988 Boot (0x1200) (d124dbbd319d58b8d2df84a360b8dca4) \Device\Harddisk0\DR0\Partition1
15:50:52.0049 3988 \Device\Harddisk0\DR0\Partition1 - ok
15:50:52.0049 3988 ============================================================
15:50:52.0049 3988 Scan finished
15:50:52.0049 3988 ============================================================
15:50:52.0065 3784 Detected object count: 1
15:50:52.0065 3784 Actual detected object count: 1
15:51:07.0774 3784 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:51:07.0774 3784 sptd ( LockedFile.Multi.Generic ) - User select action: Skip



aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-18 15:52:49
-----------------------------
15:52:49.791 OS Version: Windows x64 6.1.7601 Service Pack 1
15:52:49.791 Number of processors: 2 586 0x602
15:52:49.791 ComputerName: DM UserName:
15:52:54.070 Initialize success
16:07:36.763 AVAST engine defs: 12051800
16:36:37.294 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000070
16:36:37.294 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
16:36:37.309 Disk 0 MBR read successfully
16:36:37.309 Disk 0 MBR scan
16:36:37.356 Disk 0 Windows 7 default MBR code
16:36:37.372 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18000 MB offset 2048
16:36:37.403 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 36866048
16:36:37.403 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 935767 MB offset 37070848
16:36:37.450 Disk 0 scanning C:\Windows\system32\drivers
16:36:44.610 Service scanning
16:37:02.933 Modules scanning
16:37:02.933 Disk 0 trace - called modules:
16:37:02.949 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80070482c0]<<sprq.sys storport.sys hal.dll nvstor64.sys
16:37:02.949 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007708060]
16:37:02.949 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80075607b0]
16:37:02.964 5 ACPI.sys[fffff880011ad7a1] -> nt!IofCallDriver -> \Device\00000070[0xfffffa8007565060]
16:37:02.964 \Driver\nvstor64[0xfffffa80066a0e70] -> IRP_MJ_CREATE -> 0xfffffa80070482c0
16:37:06.427 AVAST engine scan C:\Windows
16:37:09.017 AVAST engine scan C:\Windows\system32
16:39:01.290 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:39:03.287 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:40:10.336 AVAST engine scan C:\Windows\system32\drivers
16:40:24.360 AVAST engine scan C:\Users\Daroth Men
16:48:29.624 Disk 0 MBR has been saved successfully to "C:\Users\Daroth Men\Desktop\MBR.dat"
16:48:29.639 The log file has been saved successfully to "C:\Users\Daroth Men\Desktop\aswMBR.txt"

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo

Still the same result for combofix in safe mode, no .txt file. Tried running as administrator, no luck either.

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]

I don't own a flash drive..could an external HD work? If so do I follow the same directions?
Also about combofix..could problem arise from a bad download? could this be the .txt file? When I try to open it in notepad it says Access Denied though..

go ahead and run frst for me and then we will see what we can do

does combofix get past that point?

it should get thru 50 sections? what you are showing me is just unpacking and not started the scanning yet



gringo

The green progress bar in Combofix finishes with that text being the last bit of it and the program just closes so I was assuming it was done whatever it was doing.

I don't own a flash drive..could an external HD work? If so do I follow the same directions?
Here is the frst log you requested:

Scan result of Farbar Recovery Scan Tool Version: 18-05-2012 02
Ran by Daroth Men at 19-05-2012 01:20:22
Running from C:\Users\Daroth Men\Desktop
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

========================== Registry (Whitelisted) =============

HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x ] ()

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-19 00:17 - 2012-05-19 00:17 - 0066442 ____A C:\Users\Daroth Men\Desktop\Untitled.png
2012-05-18 23:55 - 2012-05-18 23:56 - 1392839 ____A C:\Users\Daroth Men\Desktop\FRST64.exe
2012-05-18 21:49 - 2012-05-18 21:49 - 0690391 ____A C:\Users\Daroth Men\Desktop\wallpaper-1655819.jpg
2012-05-18 21:40 - 2012-05-18 21:40 - 0451384 ____A C:\Users\Daroth Men\Desktop\wallpaper-275970.jpg
2012-05-18 21:27 - 2012-05-18 21:27 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{8A8793F2-2DFD-474A-83FE-22872313C83C}
2012-05-18 21:27 - 2012-05-18 21:27 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{3929EC73-03C2-404C-8CD6-ED70B98884C5}
2012-05-18 21:19 - 2012-05-18 21:19 - 0047440 ____A C:\Windows\ntbtlog.txt
2012-05-18 16:48 - 2012-05-18 16:48 - 0002236 ____A C:\Users\Daroth Men\Desktop\aswMBR.txt
2012-05-18 16:48 - 2012-05-18 16:48 - 0000512 ____A C:\Users\Daroth Men\Desktop\MBR.dat
2012-05-18 15:50 - 2012-05-18 15:52 - 4731392 ____A (AVAST Software) C:\Users\Daroth Men\Desktop\aswMBR.exe
2012-05-18 15:50 - 2012-05-18 15:52 - 0134394 ____A C:\TDSSKiller.2.7.35.0_18.05.2012_15.50.23_log.txt
2012-05-18 15:49 - 2012-05-18 15:50 - 2126424 ____A (Kaspersky Lab ZAO) C:\Users\Daroth Men\Desktop\tdsskiller.exe
2012-05-18 01:36 - 2012-05-19 01:19 - 0000000 ___SD C:\32788R22FWJFW
2012-05-18 01:33 - 2012-05-18 01:34 - 4496857 ____R (Swearware) C:\Users\Daroth Men\Desktop\ComboFix.exe
2012-05-18 01:33 - 2012-05-18 01:33 - 0879714 ____A C:\Users\Daroth Men\Desktop\SecurityCheck.exe
2012-05-17 19:45 - 2012-05-17 19:45 - 0607260 ____R (Swearware) C:\Users\Daroth Men\Desktop\dds.scr
2012-05-17 17:42 - 2012-05-17 17:42 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{EEF494E6-D5A8-4A7A-8016-8EA729C9B7DC}
2012-05-17 17:42 - 2012-05-17 17:42 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{297523F8-F950-44D8-B6EA-913DA9AD5E9B}
2012-05-17 17:30 - 2012-05-17 17:30 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-05-17 16:50 - 2012-05-17 16:50 - 0003352 ____N C:\bootsqm.dat
2012-05-17 16:13 - 2012-05-17 16:29 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-17 16:13 - 2012-05-17 16:13 - 0000107 ____A C:\Users\Daroth Men\Desktop\fdsfs.txt
2012-05-17 14:35 - 2012-05-17 14:35 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-16 03:25 - 2012-05-17 15:44 - 0000000 ____D C:\Users\Daroth Men\Downloads\Starting
2012-05-14 03:08 - 2012-05-14 03:08 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{F2BBDC24-828C-4572-A353-D9B57486B5E4}
2012-05-14 03:07 - 2012-05-14 03:08 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{61D2F960-9ABE-4C5D-B8F4-89ACC6530C2D}
2012-05-14 00:43 - 2012-03-31 01:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-14 00:43 - 2012-03-30 23:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-14 00:43 - 2012-03-30 23:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-14 00:43 - 2012-03-30 22:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 00:43 - 2012-03-30 06:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-14 00:43 - 2012-03-03 01:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-14 00:43 - 2012-03-03 00:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-14 00:42 - 2012-03-17 02:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-13 20:21 - 2012-05-13 20:21 - 0001229 ____A C:\Users\Daroth Men\Desktop\Bad.Sex.S01.WS.DSR.XviD-Reb - Shortcut.lnk
2012-05-13 14:30 - 2012-05-13 14:30 - 0050783 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-13 14_30_51.293200.dmp
2012-05-13 00:29 - 2012-05-13 00:29 - 0434986 ____A C:\Users\Daroth Men\Desktop\Undead Unit Tree.jpg
2012-05-12 04:13 - 2012-05-12 05:07 - 236303728 ____A C:\Users\Daroth Men\Desktop\AD-THE FRONTLINE.avi
2012-05-11 04:58 - 2012-05-11 05:01 - 0000000 ____D C:\Program Files (x86)\Warlock - Master of the Arcane
2012-05-10 03:32 - 2012-05-10 03:35 - 11789005 ____A C:\Users\Daroth Men\Desktop\Breaking Benjamin - Breath OFFICIAL MUSIC VIDEO.mp4
2012-05-10 01:55 - 2012-05-10 05:08 - 0000000 ____D C:\Users\Daroth Men\Downloads\Once.Upon.a.Time.S01E05.HDTV.XviD-LOL
2012-05-10 01:55 - 2012-05-10 01:57 - 0000000 ____D C:\Users\Daroth Men\Downloads\Once Upon a Time S01E04 HDTV XviD-LOL[ettv]
2012-05-10 00:21 - 2012-05-10 02:14 - 0000000 ____D C:\Users\Daroth Men\Downloads\download at superseeds.org Once.Upon.a.Time.S01E03.HDTV.XviD-LOL[ss]
2012-05-09 17:03 - 2012-05-09 17:04 - 9361029 ____A C:\Users\Daroth Men\Desktop\Breaking Benjamin - The Diary of Jane.mp4
2012-05-09 01:28 - 2012-05-09 01:28 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{FCC93700-BB83-4784-97F9-84B75706B256}
2012-05-09 01:27 - 2012-05-09 01:28 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{2C4F4D66-C818-401E-8BE9-C40E86E8B1C1}
2012-05-08 12:44 - 2012-05-08 12:44 - 0062366 ____A C:\Users\Daroth Men\Desktop\School Transcript.pdf
2012-05-07 05:11 - 2012-05-07 05:11 - 0000000 ____D C:\Users\Daroth Men\Downloads\The Harvard Medical School Guide to a Good Night's Sleep
2012-05-06 02:58 - 2012-05-06 02:58 - 0050783 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-06 02_58_35.727500.dmp
2012-05-05 12:30 - 2012-05-05 12:30 - 0050783 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-05 12_30_51.412300.dmp
2012-05-05 10:50 - 2012-05-05 10:50 - 0000000 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-05 10_50_00.874300.dmp
2012-05-05 09:37 - 2012-05-05 09:37 - 0050783 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-05 09_37_51.226500.dmp
2012-05-04 13:50 - 2012-05-04 13:50 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{9B29C5AA-7A7F-4448-973D-E1B6C2DBB9EF}
2012-05-04 01:50 - 2012-05-04 01:50 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{14A52160-BF47-4174-A66F-EB73E9102D3A}
2012-05-04 01:49 - 2012-05-04 13:50 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{B8B40223-A61A-4642-BBC8-E15AB7484853}
2012-05-03 06:39 - 2012-05-03 06:39 - 0000629 ____A C:\Users\Daroth Men\Desktop\aaaaaaadfsaf.txt
2012-05-02 05:05 - 2012-05-02 05:05 - 0024890 ____A C:\Users\Daroth Men\Desktop\tumblr_m10qzhmEz91qkk3a9o1_500.jpg
2012-04-30 22:41 - 2012-04-30 22:41 - 0050783 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-30 22_41_29.005500.dmp
2012-04-30 17:23 - 2012-04-30 17:23 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{37FD59F9-EB64-45B7-9D5C-97786B3E63BF}
2012-04-30 17:23 - 2012-04-30 17:23 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{0F891A57-CE5F-4629-B0C5-AE9413C33586}
2012-04-28 22:40 - 2012-04-28 22:43 - 23970842 ____A C:\Users\Daroth Men\Desktop\Pendulum _Crush_ - Official Video.flv
2012-04-27 16:03 - 2012-04-27 16:03 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{D5632273-6A8F-465C-9645-FE5029DBE9D0}
2012-04-27 16:02 - 2012-04-27 16:03 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{A2142178-ACEF-47BC-86C3-6B0F576E5F7B}
2012-04-26 14:55 - 2012-04-26 14:56 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{ED21C120-494C-45F2-AD23-D45CCD4C05D3}
2012-04-26 14:55 - 2012-04-26 14:55 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{03BC2C81-482E-49C3-BCEE-77636E65A196}
2012-04-26 02:21 - 2012-04-26 02:21 - 0000000 ____D C:\Perfect World Entertainment
2012-04-26 02:21 - 2012-04-26 02:21 - 0000000 ____D C:\Down
2012-04-25 21:38 - 2012-04-25 21:38 - 0000000 ____D C:\Users\Daroth Men\Documents\Telltale Games
2012-04-25 21:38 - 2012-04-25 21:38 - 0000000 ____D C:\Users\All Users\RELOADED
2012-04-25 21:37 - 2012-04-25 21:37 - 0000000 ____D C:\Program Files (x86)\The Walking Dead
2012-04-25 20:20 - 2012-04-25 20:20 - 0000000 ____D C:\Users\Daroth Men\Documents\Almost Human
2012-04-25 20:07 - 2012-04-25 20:08 - 0000000 ____D C:\Program Files (x86)\Legend of Grimrock
2012-04-25 15:18 - 2012-04-25 15:19 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{73E6B085-AE95-48BF-858E-E944AE5F4C4A}
2012-04-25 15:18 - 2012-04-25 15:18 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{B7674ED7-4AC5-44D3-BA94-EF81DE144510}
2012-04-24 16:53 - 2012-04-24 16:54 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{7646C7E7-B22D-4249-B639-6EC41D3BDD8A}
2012-04-24 16:53 - 2012-04-24 16:53 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{361A3E4A-6D54-4F95-9854-7702C015CDE7}
2012-04-24 14:05 - 2012-04-24 14:08 - 8104563 ____A C:\Users\Daroth Men\Desktop\Seether - Fake It.flv
2012-04-24 12:10 - 2012-04-27 13:00 - 734822400 ____A C:\Users\Daroth Men\Downloads\Hate Crime.avi
2012-04-23 15:22 - 2012-04-23 15:22 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{4A460095-1DB5-457B-AFDA-6362FFB3E3A3}
2012-04-23 15:22 - 2012-04-23 15:22 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{06B666FC-1037-41F1-B333-843D6BC758CA}
2012-04-22 20:35 - 2012-04-22 20:35 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{70E1D66F-AF05-4C7F-8CBE-AF8CC0D8EC8F}
2012-04-22 20:34 - 2012-04-22 20:35 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{5AD6F839-DBF7-4202-8897-A6EBEFA55E16}
2012-04-21 14:41 - 2012-04-21 14:41 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{7E08015F-69AE-45B5-95EF-D2E416E5075F}
2012-04-21 11:39 - 2012-04-21 15:50 - 204010290 ____A C:\Users\Daroth Men\Downloads\Night Swimming.avi
2012-04-20 22:52 - 2012-04-20 22:56 - 6427904 ____A C:\Users\Daroth Men\Desktop\Gotye - Somebody That I Used To Know (Lyrics).flv
2012-04-20 22:09 - 2012-04-20 22:17 - 20125208 ____A C:\Users\Daroth Men\Desktop\._ Ellie Goulding _Starry Eyed_ _..flv
2012-04-20 14:57 - 2012-04-20 14:57 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{2D3080DE-9894-416D-985C-22812233F483}
2012-04-20 14:56 - 2012-04-20 14:57 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{DA2FE6E4-03AC-41A5-AADA-4B591A202D1F}
2012-04-19 16:00 - 2012-04-19 16:00 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{725F758A-2BC2-47F5-BCFA-07DD5E176A85}
2012-04-19 16:00 - 2012-04-19 16:00 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{2B027C2A-3DD9-43A3-B75C-610F0FAC2427}
2012-04-19 04:04 - 2012-04-19 04:04 - 0050783 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-19 04_04_50.002550.dmp


============ 3 Months Modified Files and Folders =============

2012-05-19 01:20 - 2012-05-19 01:20 - 0000000 ____D C:\FRST
2012-05-19 01:19 - 2012-05-18 01:36 - 0000000 ___SD C:\32788R22FWJFW
2012-05-19 00:58 - 2011-02-12 20:27 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\PMB Files
2012-05-19 00:58 - 2011-02-12 20:27 - 0000000 ____D C:\Users\All Users\PMB Files
2012-05-19 00:58 - 2011-02-12 20:27 - 0000000 ____D C:\ProgramData\PMB Files
2012-05-19 00:41 - 2012-04-18 15:19 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-19 00:17 - 2012-05-19 00:17 - 0066442 ____A C:\Users\Daroth Men\Desktop\Untitled.png
2012-05-19 00:13 - 2011-02-15 05:20 - 0000000 ____D C:\Program Files (x86)\Steam
2012-05-18 23:56 - 2012-05-18 23:55 - 1392839 ____A C:\Users\Daroth Men\Desktop\FRST64.exe
2012-05-18 21:49 - 2012-05-18 21:49 - 0690391 ____A C:\Users\Daroth Men\Desktop\wallpaper-1655819.jpg
2012-05-18 21:40 - 2012-05-18 21:40 - 0451384 ____A C:\Users\Daroth Men\Desktop\wallpaper-275970.jpg
2012-05-18 21:33 - 2009-07-13 23:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-18 21:33 - 2009-07-13 23:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-18 21:30 - 2009-07-14 00:13 - 0784304 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-18 21:29 - 2009-07-07 03:11 - 1389615 ____A C:\Windows\WindowsUpdate.log
2012-05-18 21:27 - 2012-05-18 21:27 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{8A8793F2-2DFD-474A-83FE-22872313C83C}
2012-05-18 21:27 - 2012-05-18 21:27 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{3929EC73-03C2-404C-8CD6-ED70B98884C5}
2012-05-18 21:27 - 2011-11-08 22:52 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\Windows Live
2012-05-18 21:26 - 2012-02-05 19:13 - 0000000 ____D C:\Users\Daroth Men\Tracing
2012-05-18 21:26 - 2011-11-13 02:00 - 0003696 ____A C:\Windows\setupact.log
2012-05-18 21:26 - 2011-05-28 14:59 - 0000000 ____D C:\Users\All Users\VMware
2012-05-18 21:26 - 2011-05-28 14:59 - 0000000 ____D C:\ProgramData\VMware
2012-05-18 21:26 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-18 21:26 - 2009-07-07 03:08 - 1945554944 __ASH C:\hiberfil.sys
2012-05-18 21:19 - 2012-05-18 21:19 - 0047440 ____A C:\Windows\ntbtlog.txt
2012-05-18 18:12 - 2011-02-12 19:58 - 0000000 ____D C:\Users\Daroth Men\AppData\Roaming\uTorrent
2012-05-18 16:48 - 2012-05-18 16:48 - 0002236 ____A C:\Users\Daroth Men\Desktop\aswMBR.txt
2012-05-18 16:48 - 2012-05-18 16:48 - 0000512 ____A C:\Users\Daroth Men\Desktop\MBR.dat
2012-05-18 15:52 - 2012-05-18 15:50 - 4731392 ____A (AVAST Software) C:\Users\Daroth Men\Desktop\aswMBR.exe
2012-05-18 15:52 - 2012-05-18 15:50 - 0134394 ____A C:\TDSSKiller.2.7.35.0_18.05.2012_15.50.23_log.txt
2012-05-18 15:50 - 2012-05-18 15:49 - 2126424 ____A (Kaspersky Lab ZAO) C:\Users\Daroth Men\Desktop\tdsskiller.exe
2012-05-18 08:44 - 2011-11-22 06:16 - 0052498 ____A C:\Windows\PFRO.log
2012-05-18 08:44 - 2011-02-12 19:58 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-05-18 02:16 - 2012-03-07 17:41 - 0000000 ____D C:\Users\Daroth Men\Desktop\Games
2012-05-18 01:34 - 2012-05-18 01:33 - 4496857 ____R (Swearware) C:\Users\Daroth Men\Desktop\ComboFix.exe
2012-05-18 01:33 - 2012-05-18 01:33 - 0879714 ____A C:\Users\Daroth Men\Desktop\SecurityCheck.exe
2012-05-17 19:45 - 2012-05-17 19:45 - 0607260 ____R (Swearware) C:\Users\Daroth Men\Desktop\dds.scr
2012-05-17 18:24 - 2012-02-22 15:36 - 0000000 ____D C:\Program Files (x86)\Beat Hazard Ultra
2012-05-17 18:24 - 2012-02-06 09:05 - 0000000 ____D C:\Program Files (x86)\Fortune Summoners - Secret of the Elemental Stone
2012-05-17 18:24 - 2011-10-13 19:57 - 0000000 ____D C:\Program Files (x86)\Orcs Must Die!
2012-05-17 17:42 - 2012-05-17 17:42 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{EEF494E6-D5A8-4A7A-8016-8EA729C9B7DC}
2012-05-17 17:42 - 2012-05-17 17:42 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{297523F8-F950-44D8-B6EA-913DA9AD5E9B}
2012-05-17 17:30 - 2012-05-17 17:30 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-05-17 16:51 - 2011-09-05 11:34 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-17 16:50 - 2012-05-17 16:50 - 0003352 ____N C:\bootsqm.dat
2012-05-17 16:29 - 2012-05-17 16:13 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-17 16:13 - 2012-05-17 16:13 - 0000107 ____A C:\Users\Daroth Men\Desktop\fdsfs.txt
2012-05-17 15:44 - 2012-05-16 03:25 - 0000000 ____D C:\Users\Daroth Men\Downloads\Starting
2012-05-17 14:35 - 2012-05-17 14:35 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-14 03:08 - 2012-05-14 03:08 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{F2BBDC24-828C-4572-A353-D9B57486B5E4}
2012-05-14 03:08 - 2012-05-14 03:07 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{61D2F960-9ABE-4C5D-B8F4-89ACC6530C2D}
2012-05-14 03:00 - 2009-07-13 23:45 - 0268744 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-14 02:59 - 2010-08-26 21:15 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-14 01:00 - 2011-02-13 12:03 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-14 00:50 - 2009-07-14 02:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-13 20:21 - 2012-05-13 20:21 - 0001229 ____A C:\Users\Daroth Men\Desktop\Bad.Sex.S01.WS.DSR.XviD-Reb - Shortcut.lnk
2012-05-13 14:30 - 2012-05-13 14:30 - 0050783 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-13 14_30_51.293200.dmp
2012-05-13 02:53 - 2012-05-12 21:07 - 0000000 ____D C:\Users\Daroth Men\Downloads\[CBM] The Book of Bantorra 1-13 Part 1 (Dual Audio) [DVDRip-480p-8bit]
2012-05-13 01:07 - 2011-08-18 14:08 - 0000000 ___RD C:\Users\Daroth Men\Desktop\Network Connections
2012-05-13 00:29 - 2012-05-13 00:29 - 0434986 ____A C:\Users\Daroth Men\Desktop\Undead Unit Tree.jpg
2012-05-12 21:29 - 2012-05-12 21:02 - 0000000 ____D C:\Users\Daroth Men\Downloads\FMA - Sacred Star of Milos + OVAs
2012-05-12 05:07 - 2012-05-12 04:13 - 236303728 ____A C:\Users\Daroth Men\Desktop\AD-THE FRONTLINE.avi
2012-05-11 20:28 - 2010-08-26 21:10 - 0000000 ____D C:\Users\All Users\WildTangent
2012-05-11 20:28 - 2010-08-26 21:10 - 0000000 ____D C:\ProgramData\WildTangent
2012-05-11 05:01 - 2012-05-11 04:58 - 0000000 ____D C:\Program Files (x86)\Warlock - Master of the Arcane
2012-05-10 03:35 - 2012-05-10 03:32 - 11789005 ____A C:\Users\Daroth Men\Desktop\Breaking Benjamin - Breath OFFICIAL MUSIC VIDEO.mp4
2012-05-09 17:04 - 2012-05-09 17:03 - 9361029 ____A C:\Users\Daroth Men\Desktop\Breaking Benjamin - The Diary of Jane.mp4
2012-05-09 01:28 - 2012-05-09 01:28 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{FCC93700-BB83-4784-97F9-84B75706B256}
2012-05-09 01:28 - 2012-05-09 01:27 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{2C4F4D66-C818-401E-8BE9-C40E86E8B1C1}
2012-05-08 12:44 - 2012-05-08 12:44 - 0062366 ____A C:\Users\Daroth Men\Desktop\School Transcript.pdf
2012-05-07 05:11 - 2012-05-07 05:11 - 0000000 ____D C:\Users\Daroth Men\Downloads\The Harvard Medical School Guide to a Good Night's Sleep
2012-05-06 17:40 - 2012-04-13 16:51 - 0001247 ____A C:\Users\Daroth Men\Desktop\Play Roblox.lnk
2012-05-06 02:58 - 2012-05-06 02:58 - 0050783 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-06 02_58_35.727500.dmp
2012-05-05 12:30 - 2012-05-05 12:30 - 0050783 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-05 12_30_51.412300.dmp
2012-05-05 10:50 - 2012-05-05 10:50 - 0000000 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-05 10_50_00.874300.dmp
2012-05-05 09:37 - 2012-05-05 09:37 - 0050783 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-05 09_37_51.226500.dmp
2012-05-05 08:42 - 2012-04-18 15:42 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 08:42 - 2012-04-18 15:19 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-05 08:42 - 2011-08-27 10:49 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-04 13:50 - 2012-05-04 13:50 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{9B29C5AA-7A7F-4448-973D-E1B6C2DBB9EF}
2012-05-04 13:50 - 2012-05-04 01:49 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{B8B40223-A61A-4642-BBC8-E15AB7484853}
2012-05-04 01:50 - 2012-05-04 01:50 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{14A52160-BF47-4174-A66F-EB73E9102D3A}
2012-05-03 06:39 - 2012-05-03 06:39 - 0000629 ____A C:\Users\Daroth Men\Desktop\aaaaaaadfsaf.txt
2012-05-03 06:31 - 2009-07-13 21:34 - 0441475 ____R C:\Windows\System32\Drivers\etc\hosts
2012-05-02 05:05 - 2012-05-02 05:05 - 0024890 ____A C:\Users\Daroth Men\Desktop\tumblr_m10qzhmEz91qkk3a9o1_500.jpg
2012-04-30 22:41 - 2012-04-30 22:41 - 0050783 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-30 22_41_29.005500.dmp
2012-04-30 17:23 - 2012-04-30 17:23 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{37FD59F9-EB64-45B7-9D5C-97786B3E63BF}
2012-04-30 17:23 - 2012-04-30 17:23 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{0F891A57-CE5F-4629-B0C5-AE9413C33586}
2012-04-28 22:43 - 2012-04-28 22:40 - 23970842 ____A C:\Users\Daroth Men\Desktop\Pendulum _Crush_ - Official Video.flv
2012-04-27 16:03 - 2012-04-27 16:03 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{D5632273-6A8F-465C-9645-FE5029DBE9D0}
2012-04-27 16:03 - 2012-04-27 16:02 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{A2142178-ACEF-47BC-86C3-6B0F576E5F7B}
2012-04-27 13:00 - 2012-04-24 12:10 - 734822400 ____A C:\Users\Daroth Men\Downloads\Hate Crime.avi
2012-04-26 14:56 - 2012-04-26 14:55 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{ED21C120-494C-45F2-AD23-D45CCD4C05D3}
2012-04-26 14:55 - 2012-04-26 14:55 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{03BC2C81-482E-49C3-BCEE-77636E65A196}
2012-04-26 02:21 - 2012-04-26 02:21 - 0000000 ____D C:\Perfect World Entertainment
2012-04-26 02:21 - 2012-04-26 02:21 - 0000000 ____D C:\Down
2012-04-26 02:18 - 2011-11-14 02:29 - 0073023 ____A C:\Windows\DirectX.log
2012-04-25 21:38 - 2012-04-25 21:38 - 0000000 ____D C:\Users\Daroth Men\Documents\Telltale Games
2012-04-25 21:37 - 2012-04-25 21:37 - 0000000 ____D C:\Program Files (x86)\The Walking Dead
2012-04-25 20:20 - 2012-04-25 20:20 - 0000000 ____D C:\Users\Daroth Men\Documents\Almost Human
2012-04-25 20:15 - 2011-02-12 19:51 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-25 20:08 - 2012-04-25 20:07 - 0000000 ____D C:\Program Files (x86)\Legend of Grimrock
2012-04-25 15:19 - 2012-04-25 15:18 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{73E6B085-AE95-48BF-858E-E944AE5F4C4A}
2012-04-25 15:18 - 2012-04-25 15:18 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{B7674ED7-4AC5-44D3-BA94-EF81DE144510}
2012-04-24 16:54 - 2012-04-24 16:53 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{7646C7E7-B22D-4249-B639-6EC41D3BDD8A}
2012-04-24 16:53 - 2012-04-24 16:53 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{361A3E4A-6D54-4F95-9854-7702C015CDE7}
2012-04-24 14:10 - 2011-02-14 14:48 - 0000000 ____D C:\Users\Daroth Men\AppData\Roaming\DFO Control Panel
2012-04-24 14:08 - 2012-04-24 14:05 - 8104563 ____A C:\Users\Daroth Men\Desktop\Seether - Fake It.flv
2012-04-23 15:22 - 2012-04-23 15:22 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{4A460095-1DB5-457B-AFDA-6362FFB3E3A3}
2012-04-23 15:22 - 2012-04-23 15:22 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{06B666FC-1037-41F1-B333-843D6BC758CA}
2012-04-22 20:35 - 2012-04-22 20:35 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{70E1D66F-AF05-4C7F-8CBE-AF8CC0D8EC8F}
2012-04-22 20:35 - 2012-04-22 20:34 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{5AD6F839-DBF7-4202-8897-A6EBEFA55E16}
2012-04-21 17:44 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-21 17:40 - 2011-02-13 10:58 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\ElevatedDiagnostics
2012-04-21 15:50 - 2012-04-21 11:39 - 204010290 ____A C:\Users\Daroth Men\Downloads\Night Swimming.avi
2012-04-21 14:41 - 2012-04-21 14:41 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{7E08015F-69AE-45B5-95EF-D2E416E5075F}
2012-04-20 22:56 - 2012-04-20 22:52 - 6427904 ____A C:\Users\Daroth Men\Desktop\Gotye - Somebody That I Used To Know (Lyrics).flv
2012-04-20 22:17 - 2012-04-20 22:09 - 20125208 ____A C:\Users\Daroth Men\Desktop\._ Ellie Goulding _Starry Eyed_ _..flv
2012-04-20 14:57 - 2012-04-20 14:57 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{2D3080DE-9894-416D-985C-22812233F483}
2012-04-20 14:57 - 2012-04-20 14:56 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{DA2FE6E4-03AC-41A5-AADA-4B591A202D1F}
2012-04-20 02:59 - 2012-03-03 03:19 - 0000000 ___HD C:\Users\Daroth Men\Desktop\Yaoi
2012-04-20 02:56 - 2012-03-07 20:19 - 0000000 ____D C:\Users\Daroth Men\Downloads\Lady GaGa - Discography
2012-04-19 16:00 - 2012-04-19 16:00 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{725F758A-2BC2-47F5-BCFA-07DD5E176A85}
2012-04-19 16:00 - 2012-04-19 16:00 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{2B027C2A-3DD9-43A3-B75C-610F0FAC2427}
2012-04-19 04:54 - 2011-07-26 22:22 - 0000000 ____D C:\Users\Daroth Men\riotsGamesLogs
2012-04-19 04:06 - 2012-04-08 03:07 - 0000000 ____D C:\Users\Daroth Men\Downloads\PS2 - Castlevania Lament of Innocence - PAL DVDFull
2012-04-19 04:05 - 2012-04-08 03:09 - 0000000 ____D C:\Users\Daroth Men\Downloads\PS2 GAMES
2012-04-19 04:04 - 2012-04-19 04:04 - 0050783 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-19 04_04_50.002550.dmp
2012-04-18 14:51 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-18 14:31 - 2012-04-18 14:31 - 0000000 ____D C:\Users\Daroth Men\AppData\Roaming\NVIDIA
2012-04-18 14:30 - 2011-02-15 03:29 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-04-18 14:29 - 2010-08-26 20:56 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-18 14:00 - 2012-04-18 14:00 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{E569E584-42C8-4F32-97C9-C7F08B6677E9}
2012-04-18 13:59 - 2012-04-18 13:59 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{508AC4AE-28CA-468A-8D91-4428E7DB446A}
2012-04-18 13:58 - 2012-04-18 13:58 - 0000000 ____D C:\Windows\en
2012-04-18 13:55 - 2009-07-07 03:30 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-18 13:55 - 2009-07-07 03:29 - 0000000 ____D C:\Program Files\Windows Live
2012-04-18 13:33 - 2012-04-18 13:33 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{9D50A14F-0598-46B2-829F-4706A234C2C1}
2012-04-18 13:33 - 2012-04-18 13:33 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{3698E4FC-B6CD-455A-95B5-93FA6902FBE6}
2012-04-17 14:19 - 2012-04-17 14:18 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{E8E52F76-325D-4468-BD8E-5B47D8AB33FB}
2012-04-17 14:18 - 2012-04-17 14:18 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{7C4C2897-20BD-494F-A083-DE3A0537E0EB}
2012-04-16 22:25 - 2012-04-16 22:25 - 0000000 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-16 22_25_58.738200.dmp
2012-04-16 22:25 - 2012-04-16 22:25 - 0000000 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-16 22_25_58.737200.dmp
2012-04-16 22:25 - 2012-04-16 22:25 - 0000000 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-16 22_25_58.736200.dmp
2012-04-15 04:21 - 2012-02-06 01:29 - 0000000 ____D C:\Users\Daroth Men\Downloads\(C75) [07th Expansion] Umineko no Naku Koro ni EP4 (mdf+mds+rr)
2012-04-15 02:02 - 2012-04-15 02:02 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{05EB60F9-36D9-474A-96F4-9FBCA96064C2}
2012-04-14 18:50 - 2012-04-14 18:49 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{8FB20A5B-DA0F-4F5A-BE53-F8E877D44EC3}
2012-04-14 16:32 - 2012-04-14 16:32 - 0048999 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-14 16_32_11.317700.dmp
2012-04-13 17:10 - 2012-04-13 16:51 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\Roblox
2012-04-13 16:48 - 2012-04-13 16:48 - 0000000 ____D C:\Users\All Users\Roblox
2012-04-13 16:48 - 2012-04-13 16:48 - 0000000 ____D C:\ProgramData\Roblox
2012-04-13 16:48 - 2012-04-13 16:48 - 0000000 ____D C:\Program Files (x86)\Roblox
2012-04-13 16:48 - 2011-02-12 19:40 - 0000000 ____D C:\Users\Daroth Men\AppData\LocalLow
2012-04-12 20:41 - 2012-04-12 20:41 - 0050783 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-12 20_41_29.195000.dmp
2012-04-12 17:27 - 2012-04-12 17:27 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{1BEF22CC-567C-45A8-B6F5-90B185BD2FE9}
2012-04-11 17:39 - 2012-04-11 17:39 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{906FFC5A-E388-4842-AB97-5DC9D290B33D}
2012-04-10 20:22 - 2012-04-10 20:22 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{B4EBC8C4-CE6D-4CB0-BE32-4584436D5EDB}
2012-04-10 18:47 - 2012-04-10 18:44 - 0000000 ____D C:\Users\Daroth Men\Downloads\Codebreaker v10 [PS2]
2012-04-10 17:40 - 2012-04-10 17:40 - 0050512 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-10 17_40_46.253600.dmp
2012-04-10 15:32 - 2012-04-08 01:31 - 0000000 ____D C:\Users\Daroth Men\Downloads\Dot Hack Complete Series PS2 NTSC-US JigzJuggalo
2012-04-10 02:11 - 2012-04-10 02:11 - 0050783 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-10 02_11_49.782500.dmp
2012-04-09 21:01 - 2012-04-09 21:01 - 0050783 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-09 21_01_44.182500.dmp
2012-04-09 19:03 - 2012-04-09 19:03 - 0050783 ____A C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-09 19_03_26.949300.dmp
2012-04-09 16:02 - 2012-04-09 16:02 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{6A02702D-897D-4B55-87AC-BBFFC13C70D8}
2012-04-08 19:36 - 2012-04-08 19:35 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{719C6909-6E2F-43AD-9C10-34D871D747C8}
2012-04-08 03:17 - 2012-04-07 01:00 - 0000000 ____D C:\Users\Daroth Men\AppData\Roaming\TS3Client
2012-04-08 02:36 - 2012-04-08 01:49 - 0000000 ____D C:\Users\Daroth Men\Downloads\Marvel_vs_Capcom_2_Usa_PS2-CSiSO
2012-04-08 02:26 - 2012-04-08 02:07 - 0000000 ____D C:\PS2 Emulator
2012-04-08 02:07 - 2012-04-08 02:07 - 0000481 ____A C:\Users\Public\Desktop\PS2 Emulator.lnk
2012-04-07 19:39 - 2012-04-07 19:39 - 0001100 ____A C:\Users\Daroth Men\Documents - Shortcut.lnk
2012-04-07 19:39 - 2011-02-12 19:40 - 0000000 ____D C:\users\Daroth Men
2012-04-07 09:13 - 2012-04-07 09:13 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{0EC1F20E-1481-4625-9A84-8664005DDAC2}
2012-04-07 01:01 - 2012-04-07 01:01 - 0000000 ____D C:\Users\Daroth Men\AppData\Roaming\ts3overlay
2012-04-07 00:59 - 2012-04-07 00:59 - 0001220 ____A C:\Users\Daroth Men\Desktop\TeamSpeak 3 Client.lnk
2012-04-07 00:59 - 2012-04-07 00:59 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\TeamSpeak 3 Client
2012-04-05 23:40 - 2009-07-13 22:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-04-05 00:44 - 2012-04-05 00:43 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{A6862C01-B86B-47ED-AA25-47C73D3A5524}
2012-04-04 15:56 - 2011-09-05 11:34 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 05:27 - 2012-04-04 05:27 - 0000000 ____D C:\Users\Daroth Men\Downloads\PS2 Emulator + BIOS
2012-04-04 03:26 - 2012-04-04 03:25 - 8965078 ____A C:\Users\Daroth Men\Desktop\Pendulum - The Island Part 1 (Dawn) Lyrics.mp4
2012-04-04 03:08 - 2012-04-04 03:01 - 23188325 ____A C:\Users\Daroth Men\Desktop\Pendulum - The Island.flv
2012-04-02 20:51 - 2012-04-02 19:37 - 0034336 ____A C:\Users\Daroth Men\Documents\(Mage - Fire 85).xml
2012-04-02 19:30 - 2012-03-18 06:14 - 0034563 ____A C:\Users\Daroth Men\Documents\Cataclysm Mage 85.xml
2012-04-02 17:42 - 2012-04-02 17:42 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{79230826-2EA6-4BF0-9A0A-41C8EFD9EB86}
2012-04-02 06:40 - 2012-04-02 06:40 - 2448123 ____A C:\Users\Daroth Men\Desktop\Flyleaf-07-All_Around_Me.mp3
2012-04-01 14:04 - 2012-04-01 14:04 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{A20E3F33-B666-4E8E-8250-FDB851D0A500}
2012-04-01 00:00 - 2011-09-08 11:33 - 0000000 ____D C:\Users\Daroth Men\AppData\Roaming\SoftGrid Client
2012-03-31 16:22 - 2012-03-31 16:22 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{38FFC791-950E-4D37-B857-8861B4F2F248}
2012-03-31 01:05 - 2012-05-14 00:43 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-31 01:01 - 2012-03-30 20:22 - 0000084 ____A C:\cmdlog.txt
2012-03-30 23:39 - 2012-05-14 00:43 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 23:39 - 2012-05-14 00:43 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 22:10 - 2012-05-14 00:43 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 20:22 - 2012-03-30 20:22 - 0000000 ____D C:\Users\Daroth Men\Documents\LucasArts
2012-03-30 20:22 - 2012-03-30 20:22 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\LucasArts
2012-03-30 19:38 - 2012-03-30 19:38 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{A3FD68C7-9426-4828-9624-AFF6993747C4}
2012-03-30 13:10 - 2012-03-30 13:10 - 0000000 ____D C:\Program Files (x86)\LucasArts
2012-03-30 06:35 - 2012-05-14 00:43 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 19:56 - 2012-03-29 19:56 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{D8CC97B1-914D-4D7F-AAEC-E77BA89452E6}
2012-03-29 19:46 - 2012-03-29 19:46 - 0027807 ____A C:\Users\Daroth Men\Documents\Protection Paladin 85.xml
2012-03-28 16:12 - 2012-03-28 16:12 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{D78F53FA-5848-412F-89FA-F77BD40CF632}
2012-03-28 16:12 - 2012-03-28 16:11 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{7DD30FB5-4ACF-4552-8005-0A4DC591EAD5}
2012-03-27 16:10 - 2012-03-27 16:10 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{95BA19A3-BE5A-44CD-B45B-7D3EDDB1817B}
2012-03-27 16:10 - 2012-03-27 16:10 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{7EEAB412-5176-4E9E-B1D3-A5112B95BF1B}
2012-03-27 07:20 - 2012-02-09 00:32 - 0000000 ___HD C:\Users\Daroth Men\Desktop\p
2012-03-26 20:19 - 2012-03-26 20:19 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{C826705D-CE33-4E41-877F-DEE2CF1C31DA}
2012-03-26 20:19 - 2012-03-26 20:19 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{48483CE5-D915-4B39-80F5-635F30978B8B}
2012-03-25 17:09 - 2012-03-25 17:08 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{7E93B6C4-213C-4A24-996F-8503202AEDFA}
2012-03-25 17:08 - 2012-03-25 17:08 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{03CC6357-C6B6-48CA-9B82-ACB42EE462A3}
2012-03-24 17:14 - 2012-03-24 17:14 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{935764C2-CD8D-4AE2-9BF7-4B08863D55ED}
2012-03-24 17:14 - 2012-03-24 17:13 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{4616E429-8B9D-428C-804C-61E275B66C20}
2012-03-23 23:54 - 2012-03-23 23:52 - 4848396 ____A C:\Users\Daroth Men\Desktop\SKRILLEX - Scary Monsters And Nice Sprites.flv
2012-03-23 18:58 - 2012-03-23 18:58 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{06BAD21E-3DEA-4589-B6F2-CA743E203711}
2012-03-23 18:58 - 2012-03-23 18:57 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{C30CD6CF-39CF-4E1D-9EBF-34A87734BEE9}
2012-03-21 00:21 - 2012-03-21 00:21 - 7390309 ____A C:\Users\Daroth Men\Desktop\LADY_GAGA_-_MONSTER_LYRICS.flv
2012-03-20 06:11 - 2012-03-20 06:10 - 1866966 ____A C:\Users\Daroth Men\Desktop\tsukihime ED.flv
2012-03-20 06:11 - 2012-03-20 06:09 - 6793542 ____A C:\Users\Daroth Men\Desktop\Lunar Legend Tsukihime Opening.flv
2012-03-17 02:58 - 2012-05-14 00:42 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-17 01:01 - 2012-03-17 01:01 - 0000000 ____D C:\Users\Daroth Men\Desktop\rawr
2012-03-12 14:48 - 2012-03-12 07:11 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-12 14:48 - 2012-03-12 07:11 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-12 07:17 - 2009-07-13 21:34 - 0441475 ___RA C:\Windows\System32\Drivers\etc\hosts.20120503-063123.backup
2012-03-12 07:12 - 2012-03-12 07:11 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-12 07:11 - 2012-03-12 07:11 - 0001262 ____A C:\Users\Daroth Men\Desktop\Spybot - Search & Destroy.lnk
2012-03-12 01:02 - 2012-03-12 00:17 - 373920104 ____A C:\Users\Daroth Men\Desktop\UTSexySoundsFiora.zip
2012-03-11 05:39 - 2012-03-11 05:36 - 8549770 ____A C:\Users\Daroth Men\Desktop\Papa Roach-Scars (lyrics).flv
2012-03-11 03:17 - 2012-03-11 03:17 - 0000000 ____D C:\Program Files (x86)\Safer Networking
2012-03-10 16:48 - 2011-02-12 21:41 - 0000000 ____D C:\Program Files (x86)\World of Warcraft
2012-03-10 07:23 - 2011-02-12 21:41 - 0001037 ____A C:\Users\Daroth Men\Desktop\World of Warcraft.lnk
2012-03-10 00:13 - 2012-03-10 00:13 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{618AE6D5-08F1-4520-AA5F-877ED941CE3B}
2012-03-10 00:13 - 2012-03-10 00:13 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{341BD4F2-7F42-4D0B-AD0D-05B4A346B426}
2012-03-10 00:04 - 2011-02-14 15:21 - 0000000 ____D C:\Users\Daroth Men\AppData\Roaming\vlc
2012-03-08 18:50 - 2012-03-08 18:50 - 0049016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sirenacm.dll
2012-03-08 18:37 - 2012-03-08 18:37 - 0302448 ____A (Microsoft Corporation) C:\Windows\WLXPGSS.SCR
2012-03-07 21:36 - 2012-03-07 21:36 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{EAEB880D-E1BF-4F83-A230-C5C0A61A606B}
2012-03-07 21:36 - 2012-03-07 21:36 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\{D485103C-993B-4784-8E16-7E7FE1B69B21}
2012-03-07 21:33 - 2012-03-07 21:33 - 0000000 ____D C:\Windows\Minidump
2012-03-06 04:04 - 2012-03-06 03:56 - 23744712 ____A C:\Users\Daroth Men\Desktop\Psychotic Afterburn Training Workout.flv
2012-03-05 16:13 - 2012-03-05 16:12 - 0000000 ____D C:\Users\Daroth Men\Documents\LOLReplay
2012-03-05 16:12 - 2012-03-05 16:12 - 0000000 ____D C:\Program Files (x86)\LOLReplay
2012-03-05 00:28 - 2012-03-05 00:28 - 0008620 ____A C:\Users\Daroth Men\Documents\Uninstall Mass Effect.log
2012-03-04 23:36 - 2012-03-04 23:36 - 0000000 ___HD C:\Windows\msdownld.tmp
2012-03-04 23:36 - 2012-03-04 23:36 - 0000000 ____D C:\Windows\SysWOW64\directx
2012-03-03 13:47 - 2011-02-14 23:11 - 0000000 ____D C:\Users\Daroth Men\Documents\My Games
2012-03-03 13:36 - 2011-02-18 11:26 - 0000000 ____D C:\Program Files (x86)\CAPCOM
2012-03-03 01:35 - 2012-05-14 00:43 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-03 00:52 - 2012-03-03 00:52 - 0599281 ____A C:\Windows\Minidump\030712-26520-01.dmp
2012-03-03 00:31 - 2012-05-14 00:43 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-02 22:49 - 2012-03-02 22:43 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-03-02 22:44 - 2010-08-26 21:26 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-03-02 01:29 - 2012-03-02 01:25 - 0000000 ____D C:\Users\Daroth Men\AppData\Roaming\Mumble
2012-03-02 01:28 - 2012-03-02 01:28 - 0002377 ____A C:\Users\Daroth Men\Documents\MumbleAutomaticCertificateBackup.p12
2012-03-01 01:46 - 2012-04-18 14:28 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-03-01 01:38 - 2012-04-18 14:28 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-03-01 01:33 - 2012-04-18 14:28 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-03-01 01:28 - 2012-04-18 14:28 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-03-01 00:37 - 2012-04-18 14:28 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-03-01 00:33 - 2012-04-18 14:28 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-03-01 00:29 - 2012-04-18 14:28 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-28 01:39 - 2012-04-18 14:03 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-28 01:39 - 2012-04-18 14:03 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-28 01:39 - 2012-04-18 14:03 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-28 01:36 - 2012-04-18 14:03 - 9020928 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 01:36 - 2012-04-18 14:03 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-28 01:36 - 2012-04-18 14:03 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-28 01:35 - 2012-04-18 14:03 - 2453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-28 01:35 - 2012-04-18 14:03 - 12264448 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-28 01:35 - 2012-04-18 14:03 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-28 01:35 - 2012-04-18 14:03 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-28 00:38 - 2012-04-18 14:03 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-28 00:38 - 2012-04-18 14:03 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-28 00:38 - 2012-04-18 14:03 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-28 00:35 - 2012-04-18 14:03 - 5998080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-28 00:35 - 2012-04-18 14:03 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-28 00:35 - 2012-04-18 14:03 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-28 00:34 - 2012-04-18 14:03 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-28 00:34 - 2012-04-18 14:03 - 10992640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-28 00:34 - 2012-04-18 14:03 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-28 00:34 - 2012-04-18 14:03 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 23:31 - 2012-04-18 14:03 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:52 - 2012-04-18 14:03 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-24 20:42 - 2012-02-22 15:36 - 0000000 ____D C:\Users\Daroth Men\AppData\Roaming\Beat Hazard
2012-02-24 16:44 - 2011-11-14 02:34 - 0000000 ____D C:\Users\Daroth Men\AppData\Roaming\Sony Online Entertainment
2012-02-23 10:18 - 2011-02-13 21:50 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 16:00 - 2012-02-22 16:00 - 0000000 ____D C:\Users\Daroth Men\AppData\Roaming\Trine2
2012-02-22 15:33 - 2012-02-22 15:33 - 0000000 ____D C:\Program Files (x86)\Frozenbyte
2012-02-21 17:53 - 2012-02-21 17:53 - 0000000 ____D C:\Users\Daroth Men\Documents\PassMark
2012-02-21 17:53 - 2012-02-21 17:53 - 0000000 ____D C:\Users\Daroth Men\AppData\Local\PassMark
2012-02-21 17:52 - 2012-02-21 17:52 - 0000000 ____D C:\Users\All Users\Passmark
2012-02-21 17:52 - 2012-02-21 17:52 - 0000000 ____D C:\ProgramData\Passmark
2012-02-21 17:52 - 2012-02-21 17:52 - 0000000 ____D C:\Program Files\PerformanceTest
2012-02-20 21:29 - 2011-07-03 22:08 - 0001051 ____A C:\Users\Daroth Men\Documents\AutoHotkey.ahk
2012-02-20 02:17 - 2012-02-20 02:17 - 0000000 ____D C:\Program Files (x86)\Mumble

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

========================= Memory info ======================

Percentage of memory in use: 28%
Total physical RAM: 7935.23 MB
Available physical RAM: 5712.68 MB
Total Pagefile: 15868.66 MB
Available Pagefile: 13579.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:913.84 GB) (Free:107.43 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 17 GB 1024 KB
Partition 2 Primary 100 MB 17 GB
Partition 3 Primary 913 GB 17 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 PQSERVICE NTFS Partition 17 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM RESE NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 913 GB Healthy Boot

======================================================================================================

==========================================================

Last Boot: 2012-05-09 05:47

======================= End Of Log ==========================

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened and the that I need posted back here
  • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
• Please post the contents of OTL.txt in your next reply.

Gringo

OTL logfile created on: 5/19/2012 2:00:00 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Daroth Men\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.72 Gb Available Physical Memory | 73.80% Memory free
15.50 Gb Paging File | 13.45 Gb Available in Paging File | 86.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913.84 Gb Total Space | 107.36 Gb Free Space | 11.75% Space Free | Partition Type: NTFS

Computer Name: DM | User Name: Daroth Men | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Daroth Men\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\PING.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (pcapsvc) -- C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe (Proxy Labs)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (HyperDeskCustomThemeEnabler) -- C:\Windows\Installer\MSI6FBC.tmp ()
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV - (Gun) -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys ()
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1640814059-990636896-3435535730-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-1640814059-990636896-3435535730-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKU\S-1-5-21-1640814059-990636896-3435535730-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1640814059-990636896-3435535730-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1640814059-990636896-3435535730-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-76ed5b3c6cb0467f\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Daroth Men\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011/09/24 10:41:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2009/07/07 03:23:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/07/07 03:23:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2009/07/07 03:23:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 20:15:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/18 17:42:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/09/24 10:41:47 | 000,000,000 | ---D | M]

[2011/02/12 19:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daroth Men\AppData\Roaming\Mozilla\Extensions
[2012/05/11 04:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daroth Men\AppData\Roaming\Mozilla\Firefox\Profiles\ermbuj6h.default\extensions
[2012/05/08 21:40:06 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Daroth Men\AppData\Roaming\Mozilla\Firefox\Profiles\ermbuj6h.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012/03/30 02:36:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daroth Men\AppData\Roaming\Mozilla\Firefox\Profiles\ermbuj6h.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/13 11:10:15 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Daroth Men\AppData\Roaming\Mozilla\Firefox\Profiles\ermbuj6h.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2012/05/11 04:00:57 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Daroth Men\AppData\Roaming\Mozilla\Firefox\Profiles\ermbuj6h.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/06 16:31:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/28 16:04:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/05/11 04:00:56 | 000,523,864 | ---- | M] () (No name found) -- C:\USERS\DAROTH MEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ERMBUJ6H.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/01/06 04:30:38 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\DAROTH MEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ERMBUJ6H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/04/25 20:15:03 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/28 16:03:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2006/06/06 17:44:12 | 000,108,544 | ---- | M] (Headlight Software, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPGetRt.dll
[2011/05/06 19:40:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 21:01:24 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/03 06:31:23 | 000,441,475 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15172 more lines...
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1640814059-990636896-3435535730-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1640814059-990636896-3435535730-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRDownload.htm ()
O8:64bit: - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRBrowse.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\pcapwsp.dll (Proxy Labs)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - ppcapwsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - ppcapwsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - ppcapwsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWow64\pcapwsp.dll (Proxy Labs)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1640814059-990636896-3435535730-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1640814059-990636896-3435535730-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1640814059-990636896-3435535730-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1640814059-990636896-3435535730-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B47D2C2-3636-4E51-B6DA-6EEF1042FFAC}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven)
O22 - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/19 01:59:02 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Daroth Men\Desktop\OTL.exe
[2012/05/19 01:20:21 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/18 21:27:23 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{8A8793F2-2DFD-474A-83FE-22872313C83C}
[2012/05/18 21:27:10 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{3929EC73-03C2-404C-8CD6-ED70B98884C5}
[2012/05/18 15:50:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Daroth Men\Desktop\aswMBR.exe
[2012/05/18 15:49:36 | 002,126,424 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Daroth Men\Desktop\tdsskiller.exe
[2012/05/18 01:36:26 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/05/18 01:33:41 | 004,496,857 | R--- | C] (Swearware) -- C:\Users\Daroth Men\Desktop\ComboFix.exe
[2012/05/17 19:45:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Daroth Men\Desktop\dds.scr
[2012/05/17 17:42:34 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{EEF494E6-D5A8-4A7A-8016-8EA729C9B7DC}
[2012/05/17 17:42:09 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{297523F8-F950-44D8-B6EA-913DA9AD5E9B}
[2012/05/17 17:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/05/17 17:30:24 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/05/17 14:35:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/05/14 03:08:13 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{F2BBDC24-828C-4572-A353-D9B57486B5E4}
[2012/05/14 03:07:59 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{61D2F960-9ABE-4C5D-B8F4-89ACC6530C2D}
[2012/05/14 00:43:51 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/14 00:43:50 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/14 00:43:50 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/14 00:43:14 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/11 04:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warlock - Master of the Arcane
[2012/05/09 01:28:06 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{FCC93700-BB83-4784-97F9-84B75706B256}
[2012/05/09 01:27:44 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{2C4F4D66-C818-401E-8BE9-C40E86E8B1C1}
[2012/05/04 13:50:44 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{9B29C5AA-7A7F-4448-973D-E1B6C2DBB9EF}
[2012/05/04 01:50:06 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{14A52160-BF47-4174-A66F-EB73E9102D3A}
[2012/05/04 01:49:49 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{B8B40223-A61A-4642-BBC8-E15AB7484853}
[2012/04/30 17:23:39 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{0F891A57-CE5F-4629-B0C5-AE9413C33586}
[2012/04/30 17:23:17 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{37FD59F9-EB64-45B7-9D5C-97786B3E63BF}
[2012/04/28 02:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\duowan
[2012/04/27 16:03:11 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{D5632273-6A8F-465C-9645-FE5029DBE9D0}
[2012/04/27 16:02:48 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{A2142178-ACEF-47BC-86C3-6B0F576E5F7B}
[2012/04/26 14:55:56 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{ED21C120-494C-45F2-AD23-D45CCD4C05D3}
[2012/04/26 14:55:33 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{03BC2C81-482E-49C3-BCEE-77636E65A196}
[2012/04/26 02:21:31 | 000,000,000 | ---D | C] -- C:\Down
[2012/04/26 02:21:00 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2012/04/25 21:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012/04/25 21:38:33 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\Documents\Telltale Games
[2012/04/25 21:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Walking Dead
[2012/04/25 20:20:28 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\Documents\Almost Human
[2012/04/25 20:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Legend of Grimrock
[2012/04/25 15:18:55 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{73E6B085-AE95-48BF-858E-E944AE5F4C4A}
[2012/04/25 15:18:34 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{B7674ED7-4AC5-44D3-BA94-EF81DE144510}
[2012/04/24 16:53:51 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{7646C7E7-B22D-4249-B639-6EC41D3BDD8A}
[2012/04/24 16:53:38 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{361A3E4A-6D54-4F95-9854-7702C015CDE7}
[2012/04/23 15:22:33 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{06B666FC-1037-41F1-B333-843D6BC758CA}
[2012/04/23 15:22:12 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{4A460095-1DB5-457B-AFDA-6362FFB3E3A3}
[2012/04/22 20:35:12 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{70E1D66F-AF05-4C7F-8CBE-AF8CC0D8EC8F}
[2012/04/22 20:34:50 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{5AD6F839-DBF7-4202-8897-A6EBEFA55E16}
[2012/04/21 14:41:09 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{7E08015F-69AE-45B5-95EF-D2E416E5075F}
[2012/04/20 14:57:01 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{2D3080DE-9894-416D-985C-22812233F483}
[2012/04/20 14:56:51 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{DA2FE6E4-03AC-41A5-AADA-4B591A202D1F}
[2012/04/19 16:00:40 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{725F758A-2BC2-47F5-BCFA-07DD5E176A85}
[2012/04/19 16:00:30 | 000,000,000 | ---D | C] -- C:\Users\Daroth Men\AppData\Local\{2B027C2A-3DD9-43A3-B75C-610F0FAC2427}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/19 01:59:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Daroth Men\Desktop\OTL.exe
[2012/05/19 01:41:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/18 23:56:07 | 001,392,839 | ---- | M] () -- C:\Users\Daroth Men\Desktop\FRST64.exe
[2012/05/18 21:49:41 | 000,690,391 | ---- | M] () -- C:\Users\Daroth Men\Desktop\wallpaper-1655819.jpg
[2012/05/18 21:40:46 | 000,451,384 | ---- | M] () -- C:\Users\Daroth Men\Desktop\wallpaper-275970.jpg
[2012/05/18 21:33:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 21:33:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 21:30:45 | 000,784,304 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/18 21:30:45 | 000,655,286 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/18 21:30:45 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/18 21:26:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/18 21:26:01 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/18 16:48:29 | 000,000,512 | ---- | M] () -- C:\Users\Daroth Men\Desktop\MBR.dat
[2012/05/18 15:52:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Daroth Men\Desktop\aswMBR.exe
[2012/05/18 15:50:18 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Daroth Men\Desktop\tdsskiller.exe
[2012/05/18 01:54:21 | 000,000,971 | ---- | M] () -- C:\Users\Daroth Men\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/18 01:34:10 | 004,496,857 | R--- | M] (Swearware) -- C:\Users\Daroth Men\Desktop\ComboFix.exe
[2012/05/18 01:33:28 | 000,879,714 | ---- | M] () -- C:\Users\Daroth Men\Desktop\SecurityCheck.exe
[2012/05/17 19:45:30 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Daroth Men\Desktop\dds.scr
[2012/05/17 16:50:28 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat
[2012/05/17 16:29:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/14 03:00:31 | 000,268,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/13 20:21:50 | 000,001,229 | ---- | M] () -- C:\Users\Daroth Men\Desktop\Bad.Sex.S01.WS.DSR.XviD-Reb - Shortcut.lnk
[2012/05/13 14:30:52 | 000,050,783 | ---- | M] () -- C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-13 14_30_51.293200.dmp
[2012/05/13 00:29:26 | 000,434,986 | ---- | M] () -- C:\Users\Daroth Men\Desktop\Undead Unit Tree.jpg
[2012/05/12 05:07:17 | 236,303,728 | ---- | M] () -- C:\Users\Daroth Men\Desktop\AD-THE FRONTLINE.avi
[2012/05/10 03:35:16 | 011,789,005 | ---- | M] () -- C:\Users\Daroth Men\Desktop\Breaking Benjamin - Breath OFFICIAL MUSIC VIDEO.mp4
[2012/05/09 17:04:49 | 009,361,029 | ---- | M] () -- C:\Users\Daroth Men\Desktop\Breaking Benjamin - The Diary of Jane.mp4
[2012/05/08 12:44:53 | 000,062,366 | ---- | M] () -- C:\Users\Daroth Men\Desktop\School Transcript.pdf
[2012/05/06 17:40:58 | 000,001,247 | ---- | M] () -- C:\Users\Daroth Men\Desktop\Play Roblox.lnk
[2012/05/06 02:58:36 | 000,050,783 | ---- | M] () -- C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-06 02_58_35.727500.dmp
[2012/05/05 12:30:51 | 000,050,783 | ---- | M] () -- C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-05 12_30_51.412300.dmp
[2012/05/05 10:50:00 | 000,000,000 | ---- | M] () -- C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-05 10_50_00.874300.dmp
[2012/05/05 09:37:52 | 000,050,783 | ---- | M] () -- C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-05 09_37_51.226500.dmp
[2012/05/05 08:42:53 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/05 08:42:53 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/05 08:42:50 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/03 06:31:23 | 000,441,475 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/02 05:05:38 | 000,024,890 | ---- | M] () -- C:\Users\Daroth Men\Desktop\tumblr_m10qzhmEz91qkk3a9o1_500.jpg
[2012/04/30 22:41:30 | 000,050,783 | ---- | M] () -- C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-30 22_41_29.005500.dmp
[2012/04/28 22:43:25 | 023,970,842 | ---- | M] () -- C:\Users\Daroth Men\Desktop\Pendulum _Crush_ - Official Video.flv
[2012/04/24 14:08:15 | 008,104,563 | ---- | M] () -- C:\Users\Daroth Men\Desktop\Seether - Fake It.flv
[2012/04/20 22:56:08 | 006,427,904 | ---- | M] () -- C:\Users\Daroth Men\Desktop\Gotye - Somebody That I Used To Know (Lyrics).flv
[2012/04/20 22:17:20 | 020,125,208 | ---- | M] () -- C:\Users\Daroth Men\Desktop\._ Ellie Goulding _Starry Eyed_ _..flv
[2012/04/19 04:04:51 | 000,050,783 | ---- | M] () -- C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-19 04_04_50.002550.dmp
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/18 23:55:59 | 001,392,839 | ---- | C] () -- C:\Users\Daroth Men\Desktop\FRST64.exe
[2012/05/18 21:49:40 | 000,690,391 | ---- | C] () -- C:\Users\Daroth Men\Desktop\wallpaper-1655819.jpg
[2012/05/18 21:40:44 | 000,451,384 | ---- | C] () -- C:\Users\Daroth Men\Desktop\wallpaper-275970.jpg
[2012/05/18 16:48:29 | 000,000,512 | ---- | C] () -- C:\Users\Daroth Men\Desktop\MBR.dat
[2012/05/18 01:33:22 | 000,879,714 | ---- | C] () -- C:\Users\Daroth Men\Desktop\SecurityCheck.exe
[2012/05/17 16:50:28 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat
[2012/05/17 16:13:40 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 20:21:50 | 000,001,229 | ---- | C] () -- C:\Users\Daroth Men\Desktop\Bad.Sex.S01.WS.DSR.XviD-Reb - Shortcut.lnk
[2012/05/13 14:30:51 | 000,050,783 | ---- | C] () -- C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-13 14_30_51.293200.dmp
[2012/05/13 00:29:25 | 000,434,986 | ---- | C] () -- C:\Users\Daroth Men\Desktop\Undead Unit Tree.jpg
[2012/05/12 04:13:37 | 236,303,728 | ---- | C] () -- C:\Users\Daroth Men\Desktop\AD-THE FRONTLINE.avi
[2012/05/10 03:32:05 | 011,789,005 | ---- | C] () -- C:\Users\Daroth Men\Desktop\Breaking Benjamin - Breath OFFICIAL MUSIC VIDEO.mp4
[2012/05/09 17:03:43 | 009,361,029 | ---- | C] () -- C:\Users\Daroth Men\Desktop\Breaking Benjamin - The Diary of Jane.mp4
[2012/05/08 12:44:52 | 000,062,366 | ---- | C] () -- C:\Users\Daroth Men\Desktop\School Transcript.pdf
[2012/05/06 02:58:35 | 000,050,783 | ---- | C] () -- C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-06 02_58_35.727500.dmp
[2012/05/05 12:30:51 | 000,050,783 | ---- | C] () -- C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-05 12_30_51.412300.dmp
[2012/05/05 10:50:00 | 000,000,000 | ---- | C] () -- C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-05 10_50_00.874300.dmp
[2012/05/05 09:37:51 | 000,050,783 | ---- | C] () -- C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-05-05 09_37_51.226500.dmp
[2012/05/02 05:05:37 | 000,024,890 | ---- | C] () -- C:\Users\Daroth Men\Desktop\tumblr_m10qzhmEz91qkk3a9o1_500.jpg
[2012/04/30 22:41:29 | 000,050,783 | ---- | C] () -- C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-30 22_41_29.005500.dmp
[2012/04/28 22:40:25 | 023,970,842 | ---- | C] () -- C:\Users\Daroth Men\Desktop\Pendulum _Crush_ - Official Video.flv
[2012/04/24 14:05:43 | 008,104,563 | ---- | C] () -- C:\Users\Daroth Men\Desktop\Seether - Fake It.flv
[2012/04/20 22:52:58 | 006,427,904 | ---- | C] () -- C:\Users\Daroth Men\Desktop\Gotye - Somebody That I Used To Know (Lyrics).flv
[2012/04/20 22:09:57 | 020,125,208 | ---- | C] () -- C:\Users\Daroth Men\Desktop\._ Ellie Goulding _Starry Eyed_ _..flv
[2012/04/19 04:04:50 | 000,050,783 | ---- | C] () -- C:\Users\Daroth Men\Documents\ts3_clientui-win64-1329301801-2012-04-19 04_04_50.002550.dmp
[2011/12/14 23:39:42 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/12/05 17:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\pla.ini
[2011/12/05 17:51:05 | 000,000,256 | ---- | C] () -- C:\Users\Daroth Men\AppData\Roaming\04005056C00001
[2011/10/17 20:59:05 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/08/04 02:16:39 | 000,004,608 | ---- | C] () -- C:\Users\Daroth Men\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/30 00:26:33 | 000,769,772 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/25 13:48:58 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/25 13:48:57 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/03/13 11:26:20 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll
[2011/02/15 08:32:24 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/02/15 07:21:28 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/02/12 19:51:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

< End of report >