Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stop c0000135 BSOD


  • This topic is locked This topic is locked
25 replies to this topic

#1 danger.sg

danger.sg

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 04 April 2012 - 11:36 PM

I ran combofix earlier today to fix some issues with my computer.
I have an asus with win 7.

I restarted my computer about an hour ago and I got the msg: stop: c0000135 program can't start because %hs is missing.

I ran frst64 and here's the log for it.

PLEASE HELP!




Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 04-04-2012 21:23:31
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2085160 2010-03-05] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8321568 2009-11-10] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-24] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [273544 2011-07-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKU\Kid Danger\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
HKU\Kid Danger\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [650104 2012-02-26] (BitTorrent, Inc.)
HKU\Kid Danger\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Kid Danger\...\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [5013128 2011-10-23] ()
HKU\Kid Danger\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\Kid Danger\...\Run: [Facebook Update] "C:\Users\Kid Danger\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-08-22] (Facebook Inc.)
HKU\Kid Danger\...\Run: [EVEMon] "C:\Program Files (x86)\EVEMon\EVEMon.exe" -startMinimized [1797120 2012-03-10] (EVEMon Development Team)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
2 mpe; C:\Windows\System32\tfsnifs.dll [6656 2009-07-13] (Oak Technology Inc.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-08-01] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 SPService; C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\Adobe\sp.DLL [78848 2012-04-04] ()

========================== Drivers (Whitelisted) =============

3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
3 Bridge; C:\Windows\System32\Drivers\Bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-01-28] (DT Soft Ltd)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2011-01-28] (Duplex Secure Ltd.)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [x]
3 hexmagic; \??\C:\Windows\system32\drivers\hexmagic.sys [x]
3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [x]
3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x]
3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x]
3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [x]
3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [x]
3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [x]
3 motusbdevice; C:\Windows\System32\DRIVERS\motusbdevice.sys [x]
3 X6va005; \??\C:\Users\KIDDAN~1\AppData\Local\Temp\0051BD5.tmp [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: mpe

============ One Month Created Files and Folders ==============

2012-04-04 21:23 - 2012-04-04 21:23 - 0000000 ____D C:\FRST
2012-04-04 19:15 - 2012-04-04 19:44 - 0898578 ____A C:\Windows\ntbtlog.txt
2012-04-04 13:58 - 2012-04-04 13:58 - 0022175 ____A C:\ComboFix.txt
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-04 13:34 - 2012-04-04 13:58 - 0000000 ____D C:\Qoobox
2012-04-04 13:34 - 2012-04-04 13:56 - 0000000 ____D C:\Windows\ERDNT
2012-04-04 13:34 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-04-04 13:34 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-04-04 13:34 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-04 13:34 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-04 13:34 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-04 13:34 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-04-04 13:34 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-04-04 13:34 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-04-04 13:33 - 2012-04-04 13:33 - 4456875 ____R (Swearware) C:\Users\Kid Danger\Downloads\ComboFix.exe
2012-04-03 20:08 - 2012-04-03 20:08 - 0000000 ____D C:\found.000
2012-04-02 19:00 - 2012-04-02 19:00 - 0038661 ____A C:\Users\Kid Danger\Desktop\319154_210274682379322_100001903766031_518432_1402134871_n.jpg
2012-04-02 18:34 - 2012-04-02 18:35 - 0000000 ____D C:\Users\Kid Danger\Downloads\Act of Valor 2012 KORSUB 720p HDRip H264 ARMS
2012-03-31 15:24 - 2012-03-31 15:25 - 0000000 ____D C:\Users\Kid Danger\Documents\Spartan
2012-03-29 12:55 - 2012-03-29 12:55 - 0276224 ____A C:\Windows\Minidump\032912-23244-01.dmp
2012-03-28 15:53 - 2012-03-28 15:53 - 0044374 ____A C:\Users\Kid Danger\Desktop\207.jpg
2012-03-28 13:08 - 2012-03-28 13:08 - 0070024 ____A C:\Users\Kid Danger\Desktop\college-spring-break-parties-girls-funny23.jpg
2012-03-28 12:49 - 2012-03-28 12:49 - 0028326 ____A C:\Users\Kid Danger\Desktop\Capture.PNG
2012-03-26 19:15 - 2012-03-26 19:15 - 0065536 __ASH C:\Windows\System32\config\components{a1a6fc31-a8d7-11e0-88fd-e0cb4ea2f028}.TxR.blf
2012-03-26 17:41 - 2012-03-26 17:41 - 0111670 ____A C:\Users\Kid Danger\Desktop\dating-fails-dating-fails-a-love-letter-told-in-pictures.jpg
2012-03-26 09:58 - 2012-03-26 09:58 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\Cobra Mobile
2012-03-24 18:51 - 2012-03-24 21:20 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\Ventrilo
2012-03-24 18:50 - 2012-03-24 18:50 - 0000871 ____A C:\Users\Public\Desktop\Ventrilo.lnk
2012-03-24 18:50 - 2012-03-24 18:50 - 0000268 ____A C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2012-03-24 18:50 - 2012-03-24 18:50 - 0000000 ____D C:\Program Files (x86)\Ventrilo
2012-03-21 18:29 - 2012-03-21 18:43 - 0002098 ____A C:\Users\Kid Danger\Desktop\darkcrusade - Shortcut.lnk
2012-03-21 16:19 - 2012-03-21 16:19 - 0000220 ____A C:\Users\Kid Danger\Desktop\Warhammer 40,000 Dawn of War Gold Edition.url
2012-03-21 14:42 - 2012-03-21 14:42 - 0178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2012-03-21 14:05 - 2012-03-21 15:57 - 0000000 ____D C:\Program Files (x86)\THQ
2012-03-19 19:35 - 2012-03-19 19:35 - 0004096 ____A C:\Windows\d3dx.dat
2012-03-19 19:35 - 2012-03-19 19:35 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\MinMaxGames
2012-03-19 19:19 - 2012-03-19 19:19 - 0000222 ____A C:\Users\Kid Danger\Desktop\Space Pirates and Zombies.url
2012-03-19 19:19 - 2012-03-19 19:19 - 0000222 ____A C:\Users\Kid Danger\Desktop\Really Big Sky.url
2012-03-18 13:42 - 2012-03-21 15:57 - 0000000 ____D C:\Program Files (x86)\Dungeon Defenders
2012-03-18 12:48 - 2012-03-18 12:49 - 0000000 ____D C:\Users\Kid Danger\Downloads\Dungeond Defenders 7.16
2012-03-17 07:55 - 2012-03-17 07:55 - 0000000 ____D C:\Users\Kid Danger\AppData\Local\BigHugeEngine
2012-03-16 22:54 - 2012-03-16 22:54 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\Trine2
2012-03-16 22:51 - 2012-03-16 22:51 - 0000000 ____D C:\Program Files (x86)\Frozenbyte
2012-03-16 20:18 - 2012-03-16 20:18 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\RotMG.Production
2012-03-16 20:10 - 2012-03-16 20:10 - 0000000 ___AD C:\Users\Kid Danger\Downloads\DATA
2012-03-15 21:16 - 2012-03-15 21:16 - 0000000 ____D C:\Users\Kid Danger\Downloads\fifty shades trilogy
2012-03-15 08:19 - 2012-03-15 08:19 - 0001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-03-15 00:27 - 2012-03-15 00:27 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-15 00:27 - 2012-03-15 00:27 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-15 00:27 - 2012-03-15 00:27 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-15 00:27 - 2012-03-15 00:27 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-15 00:27 - 2012-03-15 00:27 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-15 00:27 - 2012-03-15 00:27 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-15 00:27 - 2012-03-15 00:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-15 00:27 - 2012-03-15 00:27 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-15 00:27 - 2012-03-15 00:27 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-15 00:27 - 2012-03-15 00:27 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-15 00:27 - 2012-03-15 00:27 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-15 00:27 - 2012-03-15 00:27 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-15 00:27 - 2012-03-15 00:27 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-15 00:26 - 2012-03-15 00:26 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-03-15 00:26 - 2012-03-15 00:26 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-03-15 00:26 - 2012-03-15 00:26 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-03-15 00:26 - 2012-03-15 00:26 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-03-15 00:26 - 2012-03-15 00:26 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-03-15 00:25 - 2012-03-15 00:27 - 0003797 ____A C:\Windows\IE9_main.log
2012-03-14 02:07 - 2012-02-02 20:16 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 21:33 - 2012-03-13 21:33 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-03-13 21:05 - 2012-03-13 21:05 - 0000000 ____D C:\Program Files (x86)\Bioware
2012-03-13 21:00 - 2012-03-13 21:00 - 0000000 ____D C:\Users\Kid Danger\MSE3
2012-03-13 20:12 - 2012-03-21 15:03 - 0000000 ____D C:\Users\Kid Danger\Desktop\MASSEFFECT3
2012-03-13 14:58 - 2012-02-09 22:18 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 14:58 - 2012-02-09 22:17 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-03-13 14:58 - 2012-02-09 22:17 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-13 14:58 - 2012-02-09 22:17 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-03-13 14:58 - 2012-02-09 22:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-13 14:58 - 2012-02-09 21:41 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-03-13 14:58 - 2012-02-09 21:41 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 14:58 - 2012-02-09 21:41 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-03-13 14:58 - 2012-02-09 21:41 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-03-13 14:58 - 2012-02-09 21:41 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-03-13 14:51 - 2012-02-14 22:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 14:51 - 2012-02-14 21:44 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 14:51 - 2012-02-14 20:47 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 14:51 - 2012-02-14 20:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 14:51 - 2012-01-24 22:27 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 14:51 - 2012-01-24 22:27 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 14:51 - 2012-01-24 22:20 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-11 03:37 - 2012-03-11 03:37 - 0053912 ____A C:\Users\Kid Danger\Documents\EVEMon_Settings_3315.xml.bak
2012-03-10 00:04 - 2012-03-10 00:04 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-03-09 23:57 - 2012-03-09 23:57 - 0000000 ____D C:\Program Files (x86)\FLVPlayer
2012-03-09 23:53 - 2012-03-09 23:53 - 0000000 ____D C:\Users\Kid Danger\AppData\Local\DDMSettings
2012-03-09 23:50 - 2012-03-09 23:50 - 0000000 ____D C:\Program Files (x86)\AC3 Player
2012-03-09 22:13 - 2012-04-04 17:28 - 0000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-09 22:13 - 2012-04-04 15:28 - 0000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-08 10:10 - 2012-03-08 10:10 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\Indicium Technologies
2012-03-08 10:10 - 2012-03-08 10:10 - 0000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2012-03-08 10:09 - 2012-03-08 10:10 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-08 10:09 - 2012-03-08 10:09 - 0000000 ____D C:\Users\Kid Danger\Documents\EveHQ
2012-03-08 10:08 - 2012-03-08 10:15 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\EveHQ
2012-03-08 10:08 - 2012-03-08 10:08 - 0000000 ____D C:\Program Files (x86)\EveHQ
2012-03-08 10:07 - 2012-03-08 10:07 - 0000000 ____D C:\Users\Kid Danger\Downloads\EveHQv2.5Installer

============ 3 Months Modified Files and Folders =============

2012-04-04 21:23 - 2012-04-04 21:23 - 0000000 ____D C:\FRST
2012-04-04 19:54 - 2010-12-20 16:05 - 477532160 __ASH C:\hiberfil.sys
2012-04-04 19:44 - 2012-04-04 19:15 - 0898578 ____A C:\Windows\ntbtlog.txt
2012-04-04 17:55 - 2011-01-19 10:23 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\BitTorrent
2012-04-04 17:50 - 2011-07-15 17:05 - 0000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1146084035-806319024-1515760263-1000UA.job
2012-04-04 17:28 - 2012-03-09 22:13 - 0000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-04 17:08 - 2010-12-20 16:08 - 1992880 ____A C:\Windows\WindowsUpdate.log
2012-04-04 15:28 - 2012-03-09 22:13 - 0000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-04 15:07 - 2011-08-22 12:02 - 0000948 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1146084035-806319024-1515760263-1000UA.job
2012-04-04 14:01 - 2009-07-13 20:45 - 0019008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-04 14:01 - 2009-07-13 20:45 - 0019008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-04 13:58 - 2012-04-04 13:58 - 0022175 ____A C:\ComboFix.txt
2012-04-04 13:58 - 2012-04-04 13:34 - 0000000 ____D C:\Qoobox
2012-04-04 13:58 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-04-04 13:58 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-04 13:57 - 2009-07-13 21:13 - 0792550 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-04 13:56 - 2012-04-04 13:34 - 0000000 ____D C:\Windows\ERDNT
2012-04-04 13:51 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-04 13:50 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-04 13:50 - 2009-07-13 20:51 - 0081902 ____A C:\Windows\setupact.log
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-04 13:49 - 2012-04-04 13:49 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-04 13:49 - 2009-07-13 18:34 - 72613888 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-04-04 13:49 - 2009-07-13 18:34 - 5242880 ____A C:\Windows\System32\config\DEFAULT.bak
2012-04-04 13:49 - 2009-07-13 18:34 - 22806528 ____A C:\Windows\System32\config\SYSTEM.bak
2012-04-04 13:49 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-04-04 13:49 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-04-04 13:33 - 2012-04-04 13:33 - 4456875 ____R (Swearware) C:\Users\Kid Danger\Downloads\ComboFix.exe
2012-04-04 12:07 - 2011-08-22 12:02 - 0000926 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1146084035-806319024-1515760263-1000Core.job
2012-04-04 04:50 - 2010-12-23 09:46 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\Mozilla
2012-04-04 03:50 - 2011-07-15 17:05 - 0000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1146084035-806319024-1515760263-1000Core.job
2012-04-03 21:22 - 2010-12-23 12:17 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-03 20:08 - 2012-04-03 20:08 - 0000000 ____D C:\found.000
2012-04-02 19:00 - 2012-04-02 19:00 - 0038661 ____A C:\Users\Kid Danger\Desktop\319154_210274682379322_100001903766031_518432_1402134871_n.jpg
2012-04-02 18:35 - 2012-04-02 18:34 - 0000000 ____D C:\Users\Kid Danger\Downloads\Act of Valor 2012 KORSUB 720p HDRip H264 ARMS
2012-03-31 16:14 - 2012-01-12 17:35 - 0000000 ____D C:\Users\Kid Danger\Desktop\New folder
2012-03-31 15:25 - 2012-03-31 15:24 - 0000000 ____D C:\Users\Kid Danger\Documents\Spartan
2012-03-31 15:12 - 2010-12-24 13:45 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-03-29 12:55 - 2012-03-29 12:55 - 0276224 ____A C:\Windows\Minidump\032912-23244-01.dmp
2012-03-29 12:55 - 2011-04-15 18:23 - 490694525 ____A C:\Windows\MEMORY.DMP
2012-03-29 12:55 - 2011-04-15 18:23 - 0000000 ____D C:\Windows\Minidump
2012-03-29 07:28 - 2012-01-20 20:00 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\EVEMon
2012-03-28 15:53 - 2012-03-28 15:53 - 0044374 ____A C:\Users\Kid Danger\Desktop\207.jpg
2012-03-28 13:08 - 2012-03-28 13:08 - 0070024 ____A C:\Users\Kid Danger\Desktop\college-spring-break-parties-girls-funny23.jpg
2012-03-28 12:49 - 2012-03-28 12:49 - 0028326 ____A C:\Users\Kid Danger\Desktop\Capture.PNG
2012-03-26 23:11 - 2011-06-11 11:37 - 0000000 ____D C:\Users\Kid Danger\AppData\Local\V CAST Media Manager
2012-03-26 23:00 - 2011-06-11 11:37 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\vlc
2012-03-26 19:15 - 2012-03-26 19:15 - 0065536 __ASH C:\Windows\System32\config\components{a1a6fc31-a8d7-11e0-88fd-e0cb4ea2f028}.TxR.blf
2012-03-26 17:41 - 2012-03-26 17:41 - 0111670 ____A C:\Users\Kid Danger\Desktop\dating-fails-dating-fails-a-love-letter-told-in-pictures.jpg
2012-03-26 09:58 - 2012-03-26 09:58 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\Cobra Mobile
2012-03-26 09:58 - 2012-02-02 03:20 - 0466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-03-26 09:58 - 2012-02-02 03:20 - 0444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-03-26 09:58 - 2012-02-02 03:20 - 0122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-03-26 09:58 - 2012-02-02 03:20 - 0109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-03-26 02:46 - 2010-12-20 19:19 - 0337963 ____A C:\Windows\DirectX.log
2012-03-25 23:22 - 2011-12-23 12:06 - 0005286 ____A C:\Users\Kid Danger\Documents\GFWLIVESetupLogVerbose.txt
2012-03-25 23:22 - 2011-12-23 12:06 - 0000066 ____A C:\Users\Kid Danger\Documents\GFWLIVESetupLog.txt
2012-03-25 23:22 - 2010-12-24 11:53 - 0000000 ____D C:\Users\Kid Danger\Documents\My Games
2012-03-25 17:02 - 2011-04-12 11:39 - 0000000 ____D C:\Users\Kid Danger\Documents\StarCraft II
2012-03-24 21:20 - 2012-03-24 18:51 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\Ventrilo
2012-03-24 18:50 - 2012-03-24 18:50 - 0000871 ____A C:\Users\Public\Desktop\Ventrilo.lnk
2012-03-24 18:50 - 2012-03-24 18:50 - 0000268 ____A C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2012-03-24 18:50 - 2012-03-24 18:50 - 0000000 ____D C:\Program Files (x86)\Ventrilo
2012-03-24 00:03 - 2009-07-13 21:08 - 0032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-23 21:25 - 2011-01-24 08:20 - 0000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-03-23 21:25 - 2011-01-24 08:20 - 0000000 ____D C:\ProgramData\DAEMON Tools Lite
2012-03-21 18:43 - 2012-03-21 18:29 - 0002098 ____A C:\Users\Kid Danger\Desktop\darkcrusade - Shortcut.lnk
2012-03-21 16:19 - 2012-03-21 16:19 - 0000220 ____A C:\Users\Kid Danger\Desktop\Warhammer 40,000 Dawn of War Gold Edition.url
2012-03-21 15:57 - 2012-03-21 14:05 - 0000000 ____D C:\Program Files (x86)\THQ
2012-03-21 15:57 - 2012-03-18 13:42 - 0000000 ____D C:\Program Files (x86)\Dungeon Defenders
2012-03-21 15:29 - 2010-12-20 19:09 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-21 15:03 - 2012-03-13 20:12 - 0000000 ____D C:\Users\Kid Danger\Desktop\MASSEFFECT3
2012-03-21 14:42 - 2012-03-21 14:42 - 0178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2012-03-21 14:36 - 2012-01-13 15:25 - 0043520 ____A C:\Windows\SysWOW64\CmdLineExt03.dll
2012-03-19 19:35 - 2012-03-19 19:35 - 0004096 ____A C:\Windows\d3dx.dat
2012-03-19 19:35 - 2012-03-19 19:35 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\MinMaxGames
2012-03-19 19:19 - 2012-03-19 19:19 - 0000222 ____A C:\Users\Kid Danger\Desktop\Space Pirates and Zombies.url
2012-03-19 19:19 - 2012-03-19 19:19 - 0000222 ____A C:\Users\Kid Danger\Desktop\Really Big Sky.url
2012-03-18 14:08 - 2011-05-09 11:55 - 0000000 ____D C:\Users\Kid Danger\AppData\Local\SKIDROW
2012-03-18 12:49 - 2012-03-18 12:48 - 0000000 ____D C:\Users\Kid Danger\Downloads\Dungeond Defenders 7.16
2012-03-17 07:55 - 2012-03-17 07:55 - 0000000 ____D C:\Users\Kid Danger\AppData\Local\BigHugeEngine
2012-03-17 07:34 - 2012-01-01 19:55 - 0000000 ____D C:\Program Files (x86)\EA Games
2012-03-16 22:54 - 2012-03-16 22:54 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\Trine2
2012-03-16 22:51 - 2012-03-16 22:51 - 0000000 ____D C:\Program Files (x86)\Frozenbyte
2012-03-16 22:16 - 2012-01-15 09:28 - 0000000 ____D C:\Users\Kid Danger\Desktop\nerd
2012-03-16 20:18 - 2012-03-16 20:18 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\RotMG.Production
2012-03-16 20:10 - 2012-03-16 20:10 - 0000000 ___AD C:\Users\Kid Danger\Downloads\DATA
2012-03-15 21:16 - 2012-03-15 21:16 - 0000000 ____D C:\Users\Kid Danger\Downloads\fifty shades trilogy
2012-03-15 08:19 - 2012-03-15 08:19 - 0001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-03-15 08:19 - 2010-12-23 09:46 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-15 02:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-15 00:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-15 00:27 - 2012-03-15 00:27 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-15 00:27 - 2012-03-15 00:27 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-15 00:27 - 2012-03-15 00:27 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-03-15 00:27 - 2012-03-15 00:27 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-03-15 00:27 - 2012-03-15 00:27 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-03-15 00:27 - 2012-03-15 00:27 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-03-15 00:27 - 2012-03-15 00:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-15 00:27 - 2012-03-15 00:27 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-15 00:27 - 2012-03-15 00:27 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-15 00:27 - 2012-03-15 00:27 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-15 00:27 - 2012-03-15 00:27 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-15 00:27 - 2012-03-15 00:27 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-15 00:27 - 2012-03-15 00:27 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-15 00:27 - 2012-03-15 00:27 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-15 00:27 - 2012-03-15 00:27 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-15 00:27 - 2012-03-15 00:25 - 0003797 ____A C:\Windows\IE9_main.log
2012-03-15 00:26 - 2012-03-15 00:26 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-03-15 00:26 - 2012-03-15 00:26 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-03-15 00:26 - 2012-03-15 00:26 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-03-15 00:26 - 2012-03-15 00:26 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-03-15 00:26 - 2012-03-15 00:26 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-03-15 00:26 - 2012-03-15 00:26 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-03-15 00:25 - 2011-04-06 13:57 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-15 00:25 - 2011-04-06 13:57 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-14 11:41 - 2009-07-13 20:45 - 4863616 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 02:01 - 2011-04-07 11:18 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-13 21:33 - 2012-03-13 21:33 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-03-13 21:05 - 2012-03-13 21:05 - 0000000 ____D C:\Program Files (x86)\Bioware
2012-03-13 21:00 - 2012-03-13 21:00 - 0000000 ____D C:\Users\Kid Danger\MSE3
2012-03-13 21:00 - 2010-12-20 16:12 - 0000000 ____D C:\users\Kid Danger
2012-03-13 20:56 - 2011-12-02 15:17 - 0000000 ____D C:\Users\Kid Danger\Documents\BioWare
2012-03-12 21:06 - 2012-03-04 19:01 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\mIRC
2012-03-12 10:33 - 2012-03-04 19:01 - 0000000 ____D C:\Program Files (x86)\mIRC
2012-03-11 21:36 - 2011-04-18 15:42 - 0000000 ____D C:\Program Files (x86)\EphPod
2012-03-11 21:35 - 2011-12-26 22:27 - 0000000 ____D C:\Users\All Users\Origin
2012-03-11 21:35 - 2011-12-26 22:27 - 0000000 ____D C:\ProgramData\Origin
2012-03-11 21:35 - 2011-01-11 11:08 - 0000000 ____D C:\Users\All Users\Electronic Arts
2012-03-11 21:35 - 2011-01-11 11:08 - 0000000 ____D C:\ProgramData\Electronic Arts
2012-03-11 21:34 - 2011-06-01 11:36 - 0000814 ____A C:\Windows\QwestInstallerSetup.log
2012-03-11 21:34 - 2011-06-01 11:28 - 0000000 ____D C:\Users\All Users\Qwest
2012-03-11 21:34 - 2011-06-01 11:28 - 0000000 ____D C:\ProgramData\Qwest
2012-03-11 21:25 - 2011-01-08 15:49 - 0000000 ____D C:\Program Files (x86)\Runic Games
2012-03-11 21:09 - 2012-01-12 23:51 - 0000000 ____D C:\Program Files (x86)\Ubisoft
2012-03-11 03:37 - 2012-03-11 03:37 - 0053912 ____A C:\Users\Kid Danger\Documents\EVEMon_Settings_3315.xml.bak
2012-03-11 03:37 - 2012-01-20 20:00 - 0000000 ____D C:\Program Files (x86)\EVEMon
2012-03-10 00:04 - 2012-03-10 00:04 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-03-09 23:57 - 2012-03-09 23:57 - 0000000 ____D C:\Program Files (x86)\FLVPlayer
2012-03-09 23:57 - 2012-01-21 23:01 - 0000474 ____A C:\user.js
2012-03-09 23:53 - 2012-03-09 23:53 - 0000000 ____D C:\Users\Kid Danger\AppData\Local\DDMSettings
2012-03-09 23:52 - 2011-03-24 23:49 - 0000000 ____D C:\Program Files\DivX
2012-03-09 23:52 - 2011-03-24 23:33 - 0000000 ____D C:\Program Files (x86)\DivX
2012-03-09 23:52 - 2011-03-24 23:31 - 0000000 ____D C:\Users\All Users\DivX
2012-03-09 23:52 - 2011-03-24 23:31 - 0000000 ____D C:\ProgramData\DivX
2012-03-09 23:52 - 2010-12-20 16:12 - 0000000 ____D C:\Users\Kid Danger\AppData\LocalLow
2012-03-09 23:50 - 2012-03-09 23:50 - 0000000 ____D C:\Program Files (x86)\AC3 Player
2012-03-09 22:14 - 2011-07-17 12:50 - 0000000 ____D C:\Program Files (x86)\Google
2012-03-08 10:15 - 2012-03-08 10:08 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\EveHQ
2012-03-08 10:10 - 2012-03-08 10:10 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\Indicium Technologies
2012-03-08 10:10 - 2012-03-08 10:10 - 0000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2012-03-08 10:10 - 2012-03-08 10:09 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-08 10:09 - 2012-03-08 10:09 - 0000000 ____D C:\Users\Kid Danger\Documents\EveHQ
2012-03-08 10:08 - 2012-03-08 10:08 - 0000000 ____D C:\Program Files (x86)\EveHQ
2012-03-08 10:07 - 2012-03-08 10:07 - 0000000 ____D C:\Users\Kid Danger\Downloads\EveHQv2.5Installer
2012-03-04 19:01 - 2012-03-04 19:01 - 0000951 ____A C:\Users\Public\Desktop\mIRC.lnk
2012-03-03 14:00 - 2012-03-03 14:00 - 0000000 ____D C:\Users\Kid Danger\Documents\zmud-mccp
2012-03-02 19:50 - 2012-03-02 14:57 - 0000000 ____D C:\Users\Kid Danger\Documents\My Digital Editions
2012-03-02 14:57 - 2012-03-02 14:57 - 0002178 ____A C:\Users\Public\Desktop\Adobe Digital Editions.lnk
2012-03-02 14:57 - 2010-12-20 17:58 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\Adobe
2012-03-02 14:56 - 2011-02-05 01:05 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-03-02 14:13 - 2012-03-02 14:13 - 0000000 ____D C:\Users\Kid Danger\Downloads\A Song of Ice and Fire By George R. R. Martin
2012-03-02 11:44 - 2011-04-12 11:39 - 0000000 ____D C:\Program Files (x86)\StarCraft II
2012-03-02 11:32 - 2012-01-14 12:43 - 0000000 ____D C:\Users\Kid Danger\AppData\Local\2K Games
2012-03-02 11:30 - 2011-12-27 09:51 - 0000000 ____D C:\Program Files (x86)\Diablo II
2012-03-02 11:30 - 2011-12-20 09:49 - 0000000 ____D C:\Program Files (x86)\RIFT Game
2012-02-29 10:50 - 2012-02-29 10:50 - 0000000 ____D C:\Program Files\Motorola Inc
2012-02-28 10:52 - 2011-01-19 10:24 - 0000000 ____D C:\Program Files (x86)\BitTorrent
2012-02-26 11:00 - 2012-02-26 11:00 - 0000000 ____D C:\Windows\System32\Macromed
2012-02-26 11:00 - 2011-12-01 10:17 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 - 2010-12-20 17:01 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-21 23:09 - 2012-01-20 10:35 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\TS3Client
2012-02-20 02:49 - 2012-02-20 02:49 - 0000000 ____D C:\Users\Kid Danger\Documents\TinyMinerTrialSingleClient
2012-02-20 01:30 - 2012-02-20 01:30 - 0010127 ____A C:\Users\Kid Danger\Documents\Chronicles of Conner Ryan.docx
2012-02-16 23:44 - 2012-01-20 10:33 - 0000000 ____D C:\Program Files\TeamSpeak 3 Client
2012-02-15 17:32 - 2011-01-13 15:38 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\Skype
2012-02-15 17:07 - 2011-01-13 16:40 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\skypePM
2012-02-14 22:27 - 2012-03-13 14:51 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-13 14:51 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-03-13 14:51 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-13 14:51 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-09 22:18 - 2012-03-13 14:58 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-03-13 14:58 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-03-13 14:58 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-03-13 14:58 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-03-13 14:58 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-03-13 14:58 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-03-13 14:58 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-03-13 14:58 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-03-13 14:58 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-13 14:58 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-05 13:49 - 2010-12-20 16:40 - 0068264 ____A C:\Users\Kid Danger\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-05 01:00 - 2011-01-02 05:22 - 0000000 ____D C:\Users\Kid Danger\AppData\Local\ElevatedDiagnostics
2012-02-04 15:43 - 2012-02-04 15:43 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf
2012-02-04 15:43 - 2012-02-04 15:43 - 0000000 ____D C:\Program Files\Microsoft IntelliPoint
2012-02-04 15:43 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-02-04 15:42 - 2012-02-04 15:42 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2012-02-03 12:52 - 2012-02-03 12:52 - 0000000 ____D C:\Users\Kid Danger\Documents\Square Enix
2012-02-03 12:49 - 2012-02-03 12:49 - 0001337 ____A C:\Users\Public\Desktop\Just Cause 2.lnk
2012-02-03 12:45 - 2012-02-03 12:45 - 0000000 ____D C:\Program Files (x86)\SQUARE ENIX - Eidos Interactive
2012-02-02 20:16 - 2012-03-14 02:07 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 03:22 - 2012-02-02 03:22 - 0000000 ____D C:\Users\Kid Danger\Documents\Book of Unwritten Tales
2012-02-02 03:20 - 2012-02-02 03:20 - 0000000 ____D C:\Program Files (x86)\OpenAL
2012-01-30 23:21 - 2012-01-30 23:08 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\wargaming.net
2012-01-30 22:52 - 2011-04-06 11:43 - 0000000 ____D C:\Games
2012-01-30 17:33 - 2011-07-20 12:14 - 0000000 ___HD C:\Windows\msdownld.tmp
2012-01-30 17:33 - 2011-07-20 12:14 - 0000000 ____D C:\Windows\SysWOW64\directx
2012-01-30 16:07 - 2012-01-29 20:06 - 0000000 ____D C:\Program Files (x86)\Rockstar Games
2012-01-29 21:05 - 2012-01-29 21:05 - 0000000 ____D C:\Users\Kid Danger\AppData\Local\Chromium
2012-01-29 21:05 - 2011-05-13 13:17 - 0000000 ____D C:\Users\Kid Danger\Documents\Rockstar Games
2012-01-24 22:27 - 2012-03-13 14:51 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:27 - 2012-03-13 14:51 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:20 - 2012-03-13 14:51 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-23 03:46 - 2012-01-23 03:23 - 0013469 ____A C:\Users\Kid Danger\Desktop\New Microsoft Office Word Document.docx
2012-01-21 23:12 - 2012-01-21 23:12 - 0000159 __RAH C:\Windows\ctfile.rfc
2012-01-21 23:12 - 2012-01-21 23:12 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-01-21 23:12 - 2012-01-21 23:12 - 0000000 ____D C:\Program Files\Realtek
2012-01-21 23:11 - 2012-01-21 23:11 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-01-21 23:01 - 2012-01-21 23:01 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\Babylon
2012-01-21 23:01 - 2012-01-21 23:01 - 0000000 ____D C:\Users\Kid Danger\AppData\Local\Babylon
2012-01-21 23:01 - 2012-01-21 23:01 - 0000000 ____D C:\Users\All Users\Babylon
2012-01-21 23:01 - 2012-01-21 23:01 - 0000000 ____D C:\ProgramData\Babylon
2012-01-21 23:01 - 2012-01-21 23:01 - 0000000 ____D C:\Program Files (x86)\FoxTabFLVPlayer
2012-01-21 04:45 - 2011-02-01 16:36 - 0001888 ____A C:\users\Kid
2012-01-21 04:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-20 10:37 - 2012-01-20 10:36 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\ts3overlay
2012-01-15 08:24 - 2012-01-13 13:50 - 0000000 ____D C:\Sierra
2012-01-14 20:35 - 2012-01-14 20:35 - 0000000 ____D C:\Users\Kid Danger\Documents\EVE
2012-01-14 20:35 - 2012-01-14 20:35 - 0000000 ____D C:\Users\All Users\CCP
2012-01-14 20:35 - 2012-01-14 20:35 - 0000000 ____D C:\ProgramData\CCP
2012-01-14 20:18 - 2012-01-14 20:18 - 0000000 ____D C:\Program Files (x86)\CCP
2012-01-14 17:11 - 2012-01-14 17:11 - 0000000 ____D C:\Users\Kid Danger\AppData\Local\CCP
2012-01-13 21:30 - 2012-01-13 21:29 - 2047079 ____A C:\Users\Kid Danger\Documents\RPGRinksQuest.SC2Map
2012-01-13 16:24 - 2011-06-11 11:36 - 0000000 ____D C:\Program Files\Verizon V CAST Media Manager
2012-01-13 16:24 - 2011-06-02 12:26 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-01-13 14:55 - 2012-01-13 13:50 - 0000318 ____A C:\Windows\SIERRA.INI
2012-01-13 14:55 - 2012-01-13 13:50 - 0000000 ____D C:\Program Files (x86)\Sierra On-Line
2012-01-13 11:29 - 2011-01-19 11:15 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\.minecraft
2012-01-13 11:10 - 2012-01-13 08:45 - 0000000 ____D C:\Users\Kid Danger\AppData\Local\PMB Files
2012-01-13 11:10 - 2012-01-13 08:45 - 0000000 ____D C:\Users\All Users\PMB Files
2012-01-13 11:10 - 2012-01-13 08:45 - 0000000 ____D C:\ProgramData\PMB Files
2012-01-13 10:26 - 2012-01-13 10:26 - 0000000 ____D C:\Users\Kid Danger\riotsGamesLogs
2012-01-13 10:26 - 2012-01-13 10:26 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\LolClient
2012-01-13 08:45 - 2010-12-23 13:59 - 0000000 ____D C:\Program Files (x86)\Pando Networks
2012-01-12 23:11 - 2012-01-12 23:11 - 0000000 ____D C:\Users\Kid Danger\XRL
2012-01-12 19:34 - 2012-01-12 19:34 - 0000000 ____D C:\Users\Kid Danger\AppData\Local\Stardock
2012-01-12 19:21 - 2012-01-12 19:21 - 0000000 ____D C:\Users\Kid Danger\AppData\Roaming\Stardock
2012-01-12 19:20 - 2012-01-12 19:20 - 0000000 __HDC C:\Users\All Users\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
2012-01-12 19:20 - 2012-01-12 19:20 - 0000000 __HDC C:\ProgramData\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
2012-01-12 19:20 - 2012-01-12 19:20 - 0000000 ____D C:\Users\All Users\Stardock
2012-01-12 19:20 - 2012-01-12 19:20 - 0000000 ____D C:\ProgramData\Stardock
2012-01-12 19:20 - 2011-11-21 10:15 - 0000000 ____D C:\Program Files (x86)\Stardock
2012-01-12 19:19 - 2012-01-12 19:19 - 0000000 ____D C:\Program Files (x86)\Kalypso
2012-01-12 09:17 - 2011-11-18 09:47 - 0000000 ____D C:\Program Files (x86)\Heroes of Newerth
2012-01-11 20:14 - 2011-01-06 17:19 - 0000000 ____D C:\Program Files (x86)\Electronic Arts
2012-01-11 20:13 - 2012-01-11 20:12 - 0010481 ____A C:\Users\Kid Danger\Documents\Uninstall Dragon Age 2.log
2012-01-10 21:21 - 2012-01-10 21:18 - 0000000 ____D C:\Users\Kid Danger\Downloads\MineCraft 1.0.0
2012-01-07 19:40 - 2012-01-07 19:39 - 0003189 ____A C:\Users\Kid Danger\Documents\Dragon Age 2 - da2_pro_col.log
2012-01-07 19:40 - 2012-01-07 19:39 - 0001908 ____A C:\Users\Kid Danger\Documents\Dragon Age 2 - da2_prc_seb.log
2012-01-07 19:39 - 2012-01-07 19:39 - 0001908 ____A C:\Users\Kid Danger\Documents\Dragon Age 2 - da2_prc_one.log
2012-01-07 19:37 - 2012-01-07 19:19 - 0011857 ____A C:\Users\Kid Danger\Documents\Install Dragon Age 2.log
2012-01-07 14:02 - 2012-01-06 20:19 - 0000000 ____D C:\Users\Kid Danger\Documents\Command & Conquer 3 Tiberium Wars
2012-01-06 14:23 - 2012-01-06 12:12 - 0000000 ____D C:\Users\Kid Danger\Documents\Command and Conquer Generals + Zero Hour-thetwinskiss
2012-01-06 08:03 - 2011-07-07 22:29 - 0000000 ____D C:\Users\Kid Danger\Documents\VirtualDJ

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 6068.55 MB
Available physical RAM: 5122.3 MB
Total Pagefile: 6066.7 MB
Available Pagefile: 5113.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:219.01 GB) NTFS
3 Drive f: () (Removable) (Total:3.73 GB) (Free:0.34 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 3818 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-30 02:00

======================= End Of Log ==========================

Edited by Orange Blossom, 05 April 2012 - 12:02 AM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 05 April 2012 - 01:41 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 mpe; C:\Windows\System32\tfsnifs.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\tfsnifs.dll
NETSVC: mpe 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 danger.sg

danger.sg
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 05 April 2012 - 07:47 PM

Ran the fix.

Here is the log.

Is there anything else I need to do??

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-05 17:44:51 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
mpe service deleted successfully.
C:\Windows\System32\tfsnifs.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs mpe not found.

==== End of Fixlog ====

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 05 April 2012 - 08:43 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 danger.sg

danger.sg
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 05 April 2012 - 09:49 PM

Combofix ran successfully.

Here is the log:


ComboFix 12-04-04.02 - Kid Danger 04/05/2012 19:25:59.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6069.4671 [GMT -7:00]
Running from: c:\users\Kid Danger\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\cfg.ini
c:\windows\SysWow64\config\systemprofile\appdata\roaming\adobe\sp.Dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 02:37 . 2012-04-06 02:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 05:23 . 2012-04-05 05:24 -------- d-----w- C:\FRST
2012-04-05 00:42 . 2012-03-20 10:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E8CC274-6ECB-4990-AF3D-00AB6D6771E8}\mpengine.dll
2012-04-04 04:08 . 2012-04-04 04:08 -------- d-----w- C:\found.000
2012-03-26 17:58 . 2012-03-26 17:58 -------- d-----w- c:\users\Kid Danger\AppData\Roaming\Cobra Mobile
2012-03-25 02:51 . 2012-03-25 05:20 -------- d-----w- c:\users\Kid Danger\AppData\Roaming\Ventrilo
2012-03-25 02:50 . 2012-03-25 02:50 -------- d-----w- c:\program files (x86)\Ventrilo
2012-03-21 22:42 . 2012-03-21 22:42 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-03-21 22:05 . 2012-03-21 23:57 -------- d-----w- c:\program files (x86)\THQ
2012-03-20 03:35 . 2012-03-20 03:35 -------- d-----w- c:\users\Kid Danger\AppData\Roaming\MinMaxGames
2012-03-18 21:42 . 2012-03-21 23:57 -------- d-----w- c:\program files (x86)\Dungeon Defenders
2012-03-17 15:55 . 2012-03-17 15:55 -------- d-----w- c:\users\Kid Danger\AppData\Local\BigHugeEngine
2012-03-17 06:54 . 2012-03-17 06:54 -------- d-----w- c:\users\Kid Danger\AppData\Roaming\Trine2
2012-03-17 06:51 . 2012-03-17 06:51 -------- d-----w- c:\program files (x86)\Frozenbyte
2012-03-17 04:18 . 2012-03-17 04:18 -------- d-----w- c:\users\Kid Danger\AppData\Roaming\RotMG.Production
2012-03-15 08:27 . 2012-03-15 08:27 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2012-03-15 08:26 . 2012-03-15 08:26 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-14 10:07 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 05:33 . 2012-03-14 05:33 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-03-14 05:33 . 2012-03-14 05:33 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-03-14 05:05 . 2012-03-14 05:05 -------- d-----w- c:\program files (x86)\Bioware
2012-03-14 05:00 . 2012-03-14 05:00 -------- d-----w- c:\users\Kid Danger\MSE3
2012-03-13 22:58 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 22:58 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 22:58 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-13 22:58 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-13 22:58 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 22:58 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 22:58 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 22:58 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 22:58 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-13 22:58 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-13 22:51 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 22:51 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 22:51 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 22:51 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 22:51 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 22:51 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 22:51 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-10 08:04 . 2012-03-10 08:04 -------- d-----w- c:\program files (x86)\VideoLAN
2012-03-10 07:57 . 2012-03-10 07:57 -------- d-----w- c:\program files (x86)\FLVPlayer
2012-03-10 07:53 . 2012-03-10 07:53 -------- d-----w- c:\users\Kid Danger\AppData\Local\DDMSettings
2012-03-10 07:50 . 2012-03-10 07:50 -------- d-----w- c:\program files (x86)\AC3 Player
2012-03-08 18:10 . 2012-03-08 18:10 -------- d-----w- c:\users\Kid Danger\AppData\Roaming\Indicium Technologies
2012-03-08 18:10 . 2012-03-08 18:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-03-08 18:09 . 2012-03-08 18:10 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-03-08 18:08 . 2012-03-08 18:15 -------- d-----w- c:\users\Kid Danger\AppData\Roaming\EveHQ
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\program files (x86)\EveHQ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-26 17:58 . 2012-02-02 11:20 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-26 17:58 . 2012-02-02 11:20 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-03-26 17:58 . 2012-02-02 11:20 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-26 17:58 . 2012-02-02 11:20 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-03-21 22:36 . 2012-01-13 23:25 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-02-26 19:00 . 2011-12-01 18:17 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 16:18 . 2010-12-21 01:01 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-04_21.51.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-21 00:34 . 2012-04-06 02:06 47456 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-06 02:41 35532 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-21 00:18 . 2012-04-06 02:41 22738 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1146084035-806319024-1515760263-1000_UserData.bin
+ 2011-10-10 00:51 . 2012-04-05 02:02 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-10-10 00:51 . 2012-04-04 04:01 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2010-12-21 00:09 . 2012-04-04 04:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-21 00:09 . 2012-04-04 21:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-21 00:09 . 2012-04-04 04:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-21 00:09 . 2012-04-04 21:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-04 21:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-04 04:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-04 21:50 . 2012-04-04 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-06 02:38 . 2012-04-06 02:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-04 21:50 . 2012-04-04 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-06 02:38 . 2012-04-06 02:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-24 19:53 . 2012-04-06 02:38 2352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-06-11 19:42 . 2012-04-04 21:49 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-06-11 19:42 . 2012-04-06 02:06 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-06 02:06 311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-04 21:49 311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-04-06 02:10 669298 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-04 05:39 669298 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 02:10 125452 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-04 05:39 125452 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:12 . 2012-04-04 21:50 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-04-04 04:39 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-04-04 21:49 358300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-06 02:38 358300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-04-04 21:49 4046848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-06 02:06 4046848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-24 20:56 . 2012-04-06 02:38 5399440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1146084035-806319024-1515760263-1000-12288.dat
- 2010-12-24 20:56 . 2012-04-04 21:49 5399440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1146084035-806319024-1515760263-1000-12288.dat
- 2009-07-14 04:54 . 2012-04-04 21:49 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-06 02:06 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-04-04 05:21 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-04-06 01:00 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-02-26 650104]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-10-23 5013128]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Facebook Update"="c:\users\Kid Danger\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-22 137536]
"EVEMon"="c:\program files (x86)\EVEMon\EVEMon.exe" [2012-03-10 1797120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-07-17 273544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-13 343168]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10 135664]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10 135664]
R3 hexmagic;hexmagic;c:\windows\system32\drivers\hexmagic.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\KIDDAN~1\AppData\Local\Temp\0051BD5.tmp [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1146084035-806319024-1515760263-1000Core.job
- c:\users\Kid Danger\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-22 20:02]
.
2012-04-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1146084035-806319024-1515760263-1000UA.job
- c:\users\Kid Danger\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-22 20:02]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10 06:13]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10 06:13]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1146084035-806319024-1515760263-1000Core.job
- c:\users\Kid Danger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 01:05]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1146084035-806319024-1515760263-1000UA.job
- c:\users\Kid Danger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 01:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-11 8321568]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF7104.3XE" [2009-07-14 344576]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mpe
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Kid Danger\AppData\Roaming\Mozilla\Firefox\Profiles\ejn4i42o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.eveonline.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110788&babsrc=adbartrp&mntrId=2c9b1a230000000000001a4bd65ae438&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
FF - user.js: extensions.BabylonToolbar_i.id - 2c9b1a230000000000001a4bd65ae438
FF - user.js: extensions.BabylonToolbar_i.hardId - 2c9b1a230000000000001a4bd65ae438
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15409
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:57
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\KIDDAN~1\AppData\Local\Temp\0051BD5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1146084035-806319024-1515760263-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1146084035-806319024-1515760263-1000\Software\SecuROM\License information*]
"datasecu"=hex:29,45,68,08,57,90,27,b7,f1,f7,bd,73,62,27,d9,eb,08,81,f9,be,c0,
75,19,15,e6,4e,1b,f4,ef,02,5f,70,17,fe,62,db,c1,c5,37,78,1d,38,18,ae,a9,5f,\
"rkeysecu"=hex:0f,5b,1c,19,d0,55,be,c8,49,97,26,41,0c,03,03,88
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Completion time: 2012-04-05 19:47:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 02:47
ComboFix2.txt 2012-04-04 21:58
.
Pre-Run: 234,747,801,600 bytes free
Post-Run: 234,659,274,752 bytes free
.
- - End Of File - - FF7454E13C86D9C387E99C6B065BBA44

As far as problems I've had:

Randomly my speakers have playback that sounds like random radio stations at random times. Also other problems: include random shutoffs of my computer at random times, almost like the computer is overworking or something.

But as far as the primary concern I can log in and my computer fully boots up. Thanks for that Fix!!!!!!!

Edited by danger.sg, 05 April 2012 - 09:55 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 05 April 2012 - 09:57 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 danger.sg

danger.sg
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 05 April 2012 - 10:20 PM

Ran both:

TDSSKiller Log:

20:00:07.0390 4268 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
20:00:08.0035 4268 ============================================================
20:00:08.0035 4268 Current date / time: 2012/04/05 20:00:08.0035
20:00:08.0035 4268 SystemInfo:
20:00:08.0035 4268
20:00:08.0035 4268 OS Version: 6.1.7600 ServicePack: 0.0
20:00:08.0035 4268 Product type: Workstation
20:00:08.0035 4268 ComputerName: KIDDANGER-PC
20:00:08.0036 4268 UserName: Kid Danger
20:00:08.0036 4268 Windows directory: C:\Windows
20:00:08.0036 4268 System windows directory: C:\Windows
20:00:08.0036 4268 Running under WOW64
20:00:08.0036 4268 Processor architecture: Intel x64
20:00:08.0036 4268 Number of processors: 8
20:00:08.0036 4268 Page size: 0x1000
20:00:08.0036 4268 Boot type: Normal boot
20:00:08.0036 4268 ============================================================
20:00:08.0488 4268 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:00:08.0497 4268 \Device\Harddisk0\DR0:
20:00:08.0497 4268 MBR used
20:00:08.0497 4268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:00:08.0497 4268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
20:00:08.0521 4268 Initialize success
20:00:08.0521 4268 ============================================================
20:00:15.0423 1668 ============================================================
20:00:15.0423 1668 Scan started
20:00:15.0423 1668 Mode: Manual;
20:00:15.0423 1668 ============================================================
20:00:15.0859 1668 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:00:15.0862 1668 1394ohci - ok
20:00:15.0967 1668 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:00:15.0970 1668 ACPI - ok
20:00:16.0073 1668 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:00:16.0074 1668 AcpiPmi - ok
20:00:16.0260 1668 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:00:16.0261 1668 AdobeARMservice - ok
20:00:16.0368 1668 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:00:16.0373 1668 adp94xx - ok
20:00:16.0487 1668 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:00:16.0492 1668 adpahci - ok
20:00:16.0599 1668 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:00:16.0601 1668 adpu320 - ok
20:00:16.0681 1668 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:00:16.0683 1668 AeLookupSvc - ok
20:00:16.0829 1668 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
20:00:16.0834 1668 AFD - ok
20:00:16.0939 1668 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:00:16.0940 1668 agp440 - ok
20:00:17.0035 1668 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:00:17.0037 1668 ALG - ok
20:00:17.0147 1668 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:00:17.0148 1668 aliide - ok
20:00:17.0266 1668 AMD External Events Utility (c8a4c897ab335d885d0ecb9357d1638f) C:\Windows\system32\atiesrxx.exe
20:00:17.0268 1668 AMD External Events Utility - ok
20:00:17.0515 1668 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:00:17.0516 1668 amdide - ok
20:00:17.0608 1668 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:00:17.0610 1668 AmdK8 - ok
20:00:17.0900 1668 amdkmdag (85193e1bcefe65d0a1befd4fda9180f9) C:\Windows\system32\DRIVERS\atikmdag.sys
20:00:18.0095 1668 amdkmdag - ok
20:00:18.0248 1668 amdkmdap (60ab0b979198da597b7251b3c7444f7e) C:\Windows\system32\DRIVERS\atikmpag.sys
20:00:18.0250 1668 amdkmdap - ok
20:00:18.0345 1668 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:00:18.0346 1668 AmdPPM - ok
20:00:18.0436 1668 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
20:00:18.0438 1668 amdsata - ok
20:00:18.0516 1668 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:00:18.0519 1668 amdsbs - ok
20:00:18.0613 1668 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
20:00:18.0614 1668 amdxata - ok
20:00:18.0731 1668 androidusb (363571bc0c79e394e69300d1f2e3ddae) C:\Windows\system32\Drivers\androidusb.sys
20:00:18.0732 1668 androidusb - ok
20:00:18.0843 1668 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:00:18.0844 1668 AppID - ok
20:00:18.0933 1668 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:00:18.0934 1668 AppIDSvc - ok
20:00:19.0030 1668 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
20:00:19.0032 1668 Appinfo - ok
20:00:19.0180 1668 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:00:19.0182 1668 Apple Mobile Device - ok
20:00:19.0302 1668 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:00:19.0303 1668 arc - ok
20:00:19.0399 1668 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:00:19.0401 1668 arcsas - ok
20:00:19.0522 1668 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
20:00:19.0523 1668 ASLDRService - ok
20:00:19.0556 1668 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
20:00:19.0556 1668 ASMMAP64 - ok
20:00:19.0695 1668 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:00:19.0696 1668 aspnet_state - ok
20:00:19.0798 1668 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:00:19.0798 1668 AsyncMac - ok
20:00:19.0882 1668 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:00:19.0883 1668 atapi - ok
20:00:20.0059 1668 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
20:00:20.0089 1668 athr - ok
20:00:20.0228 1668 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
20:00:20.0230 1668 AtiHdmiService - ok
20:00:20.0535 1668 atikmdag (85193e1bcefe65d0a1befd4fda9180f9) C:\Windows\system32\DRIVERS\atikmdag.sys
20:00:20.0577 1668 atikmdag - ok
20:00:20.0717 1668 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
20:00:20.0719 1668 ATKGFNEXSrv - ok
20:00:20.0824 1668 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:00:20.0831 1668 AudioEndpointBuilder - ok
20:00:20.0843 1668 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:00:20.0846 1668 AudioSrv - ok
20:00:20.0937 1668 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
20:00:20.0938 1668 AxInstSV - ok
20:00:21.0049 1668 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:00:21.0054 1668 b06bdrv - ok
20:00:21.0162 1668 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:00:21.0165 1668 b57nd60a - ok
20:00:21.0271 1668 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:00:21.0273 1668 BDESVC - ok
20:00:21.0385 1668 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:00:21.0386 1668 Beep - ok
20:00:21.0511 1668 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
20:00:21.0517 1668 BFE - ok
20:00:21.0621 1668 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
20:00:21.0625 1668 BITS - ok
20:00:21.0717 1668 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:00:21.0718 1668 blbdrive - ok
20:00:21.0823 1668 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:00:21.0827 1668 Bonjour Service - ok
20:00:21.0944 1668 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:00:21.0946 1668 bowser - ok
20:00:22.0052 1668 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:00:22.0053 1668 BrFiltLo - ok
20:00:22.0126 1668 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:00:22.0127 1668 BrFiltUp - ok
20:00:22.0226 1668 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:00:22.0228 1668 Bridge - ok
20:00:22.0250 1668 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:00:22.0251 1668 BridgeMP - ok
20:00:22.0338 1668 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
20:00:22.0339 1668 Browser - ok
20:00:22.0435 1668 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:00:22.0439 1668 Brserid - ok
20:00:22.0530 1668 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:00:22.0531 1668 BrSerWdm - ok
20:00:22.0636 1668 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:00:22.0637 1668 BrUsbMdm - ok
20:00:22.0736 1668 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:00:22.0737 1668 BrUsbSer - ok
20:00:22.0835 1668 BTCFilterService - ok
20:00:22.0945 1668 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:00:22.0946 1668 BTHMODEM - ok
20:00:23.0011 1668 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:00:23.0012 1668 bthserv - ok
20:00:23.0048 1668 catchme - ok
20:00:23.0143 1668 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:00:23.0145 1668 cdfs - ok
20:00:23.0258 1668 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:00:23.0260 1668 cdrom - ok
20:00:23.0352 1668 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:00:23.0353 1668 CertPropSvc - ok
20:00:23.0467 1668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:00:23.0469 1668 circlass - ok
20:00:23.0578 1668 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:00:23.0583 1668 CLFS - ok
20:00:23.0678 1668 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:00:23.0679 1668 clr_optimization_v2.0.50727_32 - ok
20:00:23.0752 1668 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:00:23.0754 1668 clr_optimization_v2.0.50727_64 - ok
20:00:23.0887 1668 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:00:23.0889 1668 clr_optimization_v4.0.30319_32 - ok
20:00:23.0919 1668 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:00:23.0921 1668 clr_optimization_v4.0.30319_64 - ok
20:00:24.0012 1668 clwvd - ok
20:00:24.0104 1668 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:00:24.0105 1668 CmBatt - ok
20:00:24.0189 1668 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:00:24.0190 1668 cmdide - ok
20:00:24.0327 1668 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
20:00:24.0332 1668 CNG - ok
20:00:24.0446 1668 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:00:24.0447 1668 Compbatt - ok
20:00:24.0558 1668 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:00:24.0559 1668 CompositeBus - ok
20:00:24.0635 1668 COMSysApp - ok
20:00:24.0681 1668 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:00:24.0682 1668 crcdisk - ok
20:00:24.0777 1668 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
20:00:24.0778 1668 CryptSvc - ok
20:00:24.0898 1668 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
20:00:24.0899 1668 dc3d - ok
20:00:25.0012 1668 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:00:25.0015 1668 DcomLaunch - ok
20:00:25.0095 1668 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:00:25.0099 1668 defragsvc - ok
20:00:25.0216 1668 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:00:25.0218 1668 DfsC - ok
20:00:25.0337 1668 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
20:00:25.0340 1668 Dhcp - ok
20:00:25.0416 1668 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:00:25.0417 1668 discache - ok
20:00:25.0540 1668 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:00:25.0541 1668 Disk - ok
20:00:25.0655 1668 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
20:00:25.0658 1668 Dnscache - ok
20:00:25.0690 1668 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
20:00:25.0693 1668 dot3svc - ok
20:00:25.0769 1668 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
20:00:25.0772 1668 DPS - ok
20:00:25.0887 1668 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:00:25.0888 1668 drmkaud - ok
20:00:26.0011 1668 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:00:26.0012 1668 dtsoftbus01 - ok
20:00:26.0128 1668 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
20:00:26.0132 1668 DXGKrnl - ok
20:00:26.0226 1668 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:00:26.0228 1668 EapHost - ok
20:00:26.0373 1668 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:00:26.0441 1668 ebdrv - ok
20:00:26.0565 1668 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
20:00:26.0566 1668 EFS - ok
20:00:26.0621 1668 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
20:00:26.0628 1668 ehRecvr - ok
20:00:26.0650 1668 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:00:26.0652 1668 ehSched - ok
20:00:26.0779 1668 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:00:26.0784 1668 elxstor - ok
20:00:26.0889 1668 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:00:26.0890 1668 ErrDev - ok
20:00:27.0011 1668 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:00:27.0014 1668 EventSystem - ok
20:00:27.0161 1668 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:00:27.0163 1668 exfat - ok
20:00:27.0279 1668 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:00:27.0281 1668 fastfat - ok
20:00:27.0396 1668 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
20:00:27.0403 1668 Fax - ok
20:00:27.0536 1668 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:00:27.0537 1668 fdc - ok
20:00:27.0634 1668 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:00:27.0636 1668 fdPHost - ok
20:00:27.0735 1668 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:00:27.0736 1668 FDResPub - ok
20:00:27.0866 1668 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:00:27.0867 1668 FileInfo - ok
20:00:27.0964 1668 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:00:27.0965 1668 Filetrace - ok
20:00:28.0074 1668 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:00:28.0075 1668 flpydisk - ok
20:00:28.0159 1668 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:00:28.0162 1668 FltMgr - ok
20:00:28.0281 1668 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
20:00:28.0298 1668 FontCache - ok
20:00:28.0413 1668 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:00:28.0414 1668 FontCache3.0.0.0 - ok
20:00:28.0488 1668 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:00:28.0490 1668 FsDepends - ok
20:00:28.0573 1668 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:00:28.0573 1668 Fs_Rec - ok
20:00:28.0702 1668 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
20:00:28.0705 1668 fvevol - ok
20:00:28.0818 1668 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:00:28.0820 1668 gagp30kx - ok
20:00:28.0956 1668 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:00:28.0956 1668 GEARAspiWDM - ok
20:00:29.0087 1668 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
20:00:29.0094 1668 gpsvc - ok
20:00:29.0260 1668 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:00:29.0262 1668 gupdate - ok
20:00:29.0284 1668 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:00:29.0284 1668 gupdatem - ok
20:00:29.0386 1668 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:00:29.0387 1668 hcw85cir - ok
20:00:29.0529 1668 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:00:29.0532 1668 HdAudAddService - ok
20:00:29.0658 1668 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:00:29.0659 1668 HDAudBus - ok
20:00:29.0768 1668 hexmagic - ok
20:00:29.0836 1668 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:00:29.0837 1668 HidBatt - ok
20:00:29.0941 1668 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:00:29.0942 1668 HidBth - ok
20:00:30.0066 1668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:00:30.0067 1668 HidIr - ok
20:00:30.0189 1668 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:00:30.0190 1668 hidserv - ok
20:00:30.0330 1668 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:00:30.0331 1668 HidUsb - ok
20:00:30.0445 1668 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
20:00:30.0447 1668 hkmsvc - ok
20:00:30.0511 1668 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
20:00:30.0514 1668 HomeGroupListener - ok
20:00:30.0563 1668 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
20:00:30.0566 1668 HomeGroupProvider - ok
20:00:30.0703 1668 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:00:30.0704 1668 HpSAMD - ok
20:00:30.0851 1668 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:00:30.0858 1668 HTTP - ok
20:00:31.0000 1668 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:00:31.0000 1668 hwpolicy - ok
20:00:31.0151 1668 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:00:31.0153 1668 i8042prt - ok
20:00:31.0293 1668 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
20:00:31.0295 1668 iaStor - ok
20:00:31.0434 1668 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
20:00:31.0439 1668 iaStorV - ok
20:00:31.0567 1668 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:00:31.0568 1668 IDriverT - ok
20:00:31.0660 1668 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:00:31.0672 1668 idsvc - ok
20:00:31.0787 1668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:00:31.0788 1668 iirsp - ok
20:00:31.0907 1668 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
20:00:31.0915 1668 IKEEXT - ok
20:00:32.0099 1668 IntcAzAudAddService (045555f0d572bb48498d040c31e9dc6a) C:\Windows\system32\drivers\RTKVHD64.sys
20:00:32.0108 1668 IntcAzAudAddService - ok
20:00:32.0212 1668 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:00:32.0213 1668 intelide - ok
20:00:32.0347 1668 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:00:32.0347 1668 intelppm - ok
20:00:32.0449 1668 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:00:32.0451 1668 IPBusEnum - ok
20:00:32.0535 1668 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:00:32.0537 1668 IpFilterDriver - ok
20:00:32.0692 1668 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
20:00:32.0699 1668 iphlpsvc - ok
20:00:32.0815 1668 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:00:32.0817 1668 IPMIDRV - ok
20:00:32.0954 1668 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:00:32.0956 1668 IPNAT - ok
20:00:33.0104 1668 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
20:00:33.0116 1668 iPod Service - ok
20:00:33.0215 1668 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:00:33.0216 1668 IRENUM - ok
20:00:33.0284 1668 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:00:33.0284 1668 isapnp - ok
20:00:33.0306 1668 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:00:33.0308 1668 iScsiPrt - ok
20:00:33.0438 1668 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:00:33.0439 1668 kbdclass - ok
20:00:33.0563 1668 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:00:33.0565 1668 kbdhid - ok
20:00:33.0698 1668 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:00:33.0699 1668 KeyIso - ok
20:00:33.0789 1668 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
20:00:33.0791 1668 KSecDD - ok
20:00:33.0854 1668 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
20:00:33.0856 1668 KSecPkg - ok
20:00:33.0976 1668 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:00:33.0977 1668 ksthunk - ok
20:00:34.0114 1668 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:00:34.0119 1668 KtmRm - ok
20:00:34.0248 1668 L1C (9ddc68b87a9b837736a2b193ee14a4a5) C:\Windows\system32\DRIVERS\L1C62x64.sys
20:00:34.0249 1668 L1C - ok
20:00:34.0365 1668 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
20:00:34.0369 1668 LanmanServer - ok
20:00:34.0458 1668 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
20:00:34.0461 1668 LanmanWorkstation - ok
20:00:34.0568 1668 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:00:34.0570 1668 lltdio - ok
20:00:34.0699 1668 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:00:34.0702 1668 lltdsvc - ok
20:00:34.0839 1668 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:00:34.0841 1668 lmhosts - ok
20:00:34.0978 1668 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:00:34.0980 1668 LSI_FC - ok
20:00:35.0106 1668 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:00:35.0108 1668 LSI_SAS - ok
20:00:35.0256 1668 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:00:35.0258 1668 LSI_SAS2 - ok
20:00:35.0411 1668 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:00:35.0413 1668 LSI_SCSI - ok
20:00:35.0527 1668 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:00:35.0529 1668 luafv - ok
20:00:35.0606 1668 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
20:00:35.0608 1668 Mcx2Svc - ok
20:00:35.0670 1668 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:00:35.0672 1668 megasas - ok
20:00:35.0734 1668 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:00:35.0737 1668 MegaSR - ok
20:00:35.0827 1668 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:00:35.0829 1668 MMCSS - ok
20:00:35.0935 1668 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:00:35.0936 1668 Modem - ok
20:00:36.0079 1668 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:00:36.0080 1668 monitor - ok
20:00:36.0301 1668 motandroidusb - ok
20:00:36.0424 1668 motccgp - ok
20:00:36.0523 1668 motccgpfl - ok
20:00:36.0656 1668 motmodem - ok
20:00:36.0772 1668 MotoHelper (3bbc6c2402242401f791548aaebf3d39) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
20:00:36.0774 1668 MotoHelper - ok
20:00:36.0934 1668 MotoSwitchService - ok
20:00:37.0056 1668 Motousbnet - ok
20:00:37.0202 1668 motusbdevice - ok
20:00:37.0342 1668 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:00:37.0343 1668 mouclass - ok
20:00:37.0505 1668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:00:37.0506 1668 mouhid - ok
20:00:37.0662 1668 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:00:37.0663 1668 mountmgr - ok
20:00:37.0777 1668 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:00:37.0779 1668 mpio - ok
20:00:37.0934 1668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:00:37.0936 1668 mpsdrv - ok
20:00:38.0139 1668 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
20:00:38.0147 1668 MpsSvc - ok
20:00:38.0289 1668 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:00:38.0291 1668 MRxDAV - ok
20:00:38.0444 1668 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:00:38.0446 1668 mrxsmb - ok
20:00:38.0600 1668 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:00:38.0603 1668 mrxsmb10 - ok
20:00:38.0747 1668 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:00:38.0749 1668 mrxsmb20 - ok
20:00:38.0866 1668 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:00:38.0867 1668 msahci - ok
20:00:38.0998 1668 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:00:39.0000 1668 msdsm - ok
20:00:39.0136 1668 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:00:39.0138 1668 MSDTC - ok
20:00:39.0271 1668 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:00:39.0272 1668 Msfs - ok
20:00:39.0424 1668 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:00:39.0425 1668 mshidkmdf - ok
20:00:39.0549 1668 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:00:39.0549 1668 msisadrv - ok
20:00:39.0687 1668 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:00:39.0689 1668 MSiSCSI - ok
20:00:39.0769 1668 msiserver - ok
20:00:39.0917 1668 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:00:39.0918 1668 MSKSSRV - ok
20:00:40.0053 1668 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:00:40.0054 1668 MSPCLOCK - ok
20:00:40.0173 1668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:00:40.0173 1668 MSPQM - ok
20:00:40.0314 1668 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:00:40.0319 1668 MsRPC - ok
20:00:40.0446 1668 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:00:40.0446 1668 mssmbios - ok
20:00:40.0600 1668 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:00:40.0601 1668 MSTEE - ok
20:00:40.0739 1668 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:00:40.0740 1668 MTConfig - ok
20:00:40.0874 1668 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
20:00:40.0875 1668 MTsensor - ok
20:00:40.0980 1668 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:00:40.0980 1668 Mup - ok
20:00:41.0118 1668 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
20:00:41.0124 1668 napagent - ok
20:00:41.0290 1668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:00:41.0293 1668 NativeWifiP - ok
20:00:41.0486 1668 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:00:41.0490 1668 NDIS - ok
20:00:41.0637 1668 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:00:41.0638 1668 NdisCap - ok
20:00:41.0778 1668 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:00:41.0779 1668 NdisTapi - ok
20:00:41.0896 1668 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:00:41.0897 1668 Ndisuio - ok
20:00:42.0020 1668 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:00:42.0022 1668 NdisWan - ok
20:00:42.0140 1668 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:00:42.0142 1668 NDProxy - ok
20:00:42.0282 1668 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:00:42.0283 1668 NetBIOS - ok
20:00:42.0398 1668 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:00:42.0401 1668 NetBT - ok
20:00:42.0554 1668 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:00:42.0555 1668 Netlogon - ok
20:00:42.0696 1668 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:00:42.0698 1668 Netman - ok
20:00:42.0876 1668 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:00:42.0878 1668 NetMsmqActivator - ok
20:00:42.0894 1668 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:00:42.0895 1668 NetPipeActivator - ok
20:00:43.0041 1668 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:00:43.0047 1668 netprofm - ok
20:00:43.0220 1668 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:00:43.0221 1668 NetTcpActivator - ok
20:00:43.0224 1668 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:00:43.0225 1668 NetTcpPortSharing - ok
20:00:43.0376 1668 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:00:43.0378 1668 nfrd960 - ok
20:00:43.0524 1668 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
20:00:43.0528 1668 NlaSvc - ok
20:00:43.0667 1668 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:00:43.0668 1668 Npfs - ok
20:00:43.0782 1668 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:00:43.0783 1668 nsi - ok
20:00:43.0927 1668 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:00:43.0928 1668 nsiproxy - ok
20:00:44.0072 1668 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
20:00:44.0079 1668 Ntfs - ok
20:00:44.0222 1668 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:00:44.0222 1668 Null - ok
20:00:44.0385 1668 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
20:00:44.0387 1668 nvraid - ok
20:00:44.0540 1668 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
20:00:44.0543 1668 nvstor - ok
20:00:44.0678 1668 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:00:44.0680 1668 nv_agp - ok
20:00:44.0812 1668 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:00:44.0817 1668 odserv - ok
20:00:44.0945 1668 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:00:44.0946 1668 ohci1394 - ok
20:00:45.0058 1668 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:00:45.0060 1668 ose - ok
20:00:45.0184 1668 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:00:45.0189 1668 p2pimsvc - ok
20:00:45.0329 1668 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:00:45.0335 1668 p2psvc - ok
20:00:45.0485 1668 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:00:45.0487 1668 Parport - ok
20:00:45.0639 1668 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:00:45.0640 1668 partmgr - ok
20:00:45.0751 1668 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:00:45.0754 1668 PcaSvc - ok
20:00:45.0869 1668 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:00:45.0871 1668 pci - ok
20:00:45.0994 1668 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:00:45.0995 1668 pciide - ok
20:00:46.0144 1668 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:00:46.0147 1668 pcmcia - ok
20:00:46.0295 1668 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:00:46.0295 1668 pcw - ok
20:00:46.0437 1668 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:00:46.0443 1668 PEAUTH - ok
20:00:46.0575 1668 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:00:46.0576 1668 PerfHost - ok
20:00:46.0720 1668 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
20:00:46.0751 1668 pla - ok
20:00:46.0919 1668 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
20:00:46.0925 1668 PlugPlay - ok
20:00:47.0046 1668 PnkBstrA - ok
20:00:47.0167 1668 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:00:47.0169 1668 PNRPAutoReg - ok
20:00:47.0273 1668 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:00:47.0275 1668 PNRPsvc - ok
20:00:47.0437 1668 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
20:00:47.0438 1668 Point64 - ok
20:00:47.0575 1668 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
20:00:47.0581 1668 PolicyAgent - ok
20:00:47.0727 1668 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:00:47.0730 1668 Power - ok
20:00:47.0892 1668 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:00:47.0894 1668 PptpMiniport - ok
20:00:48.0037 1668 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:00:48.0038 1668 Processor - ok
20:00:48.0174 1668 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
20:00:48.0177 1668 ProfSvc - ok
20:00:48.0321 1668 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:00:48.0321 1668 ProtectedStorage - ok
20:00:48.0477 1668 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:00:48.0478 1668 Psched - ok
20:00:48.0658 1668 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:00:48.0691 1668 ql2300 - ok
20:00:48.0851 1668 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:00:48.0853 1668 ql40xx - ok
20:00:48.0989 1668 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:00:48.0992 1668 QWAVE - ok
20:00:49.0103 1668 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:00:49.0104 1668 QWAVEdrv - ok
20:00:49.0224 1668 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:00:49.0225 1668 RasAcd - ok
20:00:49.0376 1668 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:00:49.0377 1668 RasAgileVpn - ok
20:00:49.0506 1668 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:00:49.0509 1668 RasAuto - ok
20:00:49.0652 1668 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:00:49.0653 1668 Rasl2tp - ok
20:00:49.0798 1668 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
20:00:49.0802 1668 RasMan - ok
20:00:49.0960 1668 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:00:49.0962 1668 RasPppoe - ok
20:00:50.0110 1668 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:00:50.0112 1668 RasSstp - ok
20:00:50.0226 1668 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:00:50.0230 1668 rdbss - ok
20:00:50.0332 1668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:00:50.0333 1668 rdpbus - ok
20:00:50.0482 1668 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:00:50.0483 1668 RDPCDD - ok
20:00:50.0636 1668 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:00:50.0637 1668 RDPENCDD - ok
20:00:50.0777 1668 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:00:50.0778 1668 RDPREFMP - ok
20:00:50.0912 1668 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
20:00:50.0914 1668 RDPWD - ok
20:00:51.0062 1668 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:00:51.0065 1668 rdyboost - ok
20:00:51.0218 1668 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:00:51.0220 1668 RemoteAccess - ok
20:00:51.0337 1668 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:00:51.0338 1668 RemoteRegistry - ok
20:00:51.0447 1668 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:00:51.0449 1668 RpcEptMapper - ok
20:00:51.0558 1668 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:00:51.0560 1668 RpcLocator - ok
20:00:51.0679 1668 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:00:51.0682 1668 RpcSs - ok
20:00:51.0807 1668 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:00:51.0809 1668 rspndr - ok
20:00:51.0991 1668 RTHDMIAzAudService (483c537e69fa97c77f7fe0e2e1c1f102) C:\Windows\system32\drivers\RtHDMIVX.sys
20:00:51.0992 1668 RTHDMIAzAudService - ok
20:00:52.0109 1668 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:00:52.0110 1668 SamSs - ok
20:00:52.0237 1668 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:00:52.0239 1668 sbp2port - ok
20:00:52.0379 1668 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:00:52.0395 1668 SBSDWSCService - ok
20:00:52.0526 1668 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:00:52.0529 1668 SCardSvr - ok
20:00:52.0633 1668 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:00:52.0634 1668 scfilter - ok
20:00:52.0784 1668 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
20:00:52.0789 1668 Schedule - ok
20:00:52.0907 1668 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:00:52.0907 1668 SCPolicySvc - ok
20:00:53.0012 1668 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
20:00:53.0015 1668 SDRSVC - ok
20:00:53.0140 1668 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:00:53.0141 1668 secdrv - ok
20:00:53.0233 1668 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
20:00:53.0235 1668 seclogon - ok
20:00:53.0365 1668 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:00:53.0367 1668 SENS - ok
20:00:53.0474 1668 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:00:53.0476 1668 SensrSvc - ok
20:00:53.0611 1668 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:00:53.0612 1668 Serenum - ok
20:00:53.0761 1668 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:00:53.0762 1668 Serial - ok
20:00:53.0912 1668 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:00:53.0914 1668 sermouse - ok
20:00:54.0032 1668 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
20:00:54.0035 1668 SessionEnv - ok
20:00:54.0163 1668 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:00:54.0164 1668 sffdisk - ok
20:00:54.0294 1668 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:00:54.0296 1668 sffp_mmc - ok
20:00:54.0410 1668 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:00:54.0411 1668 sffp_sd - ok
20:00:54.0540 1668 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:00:54.0541 1668 sfloppy - ok
20:00:54.0685 1668 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:00:54.0689 1668 SharedAccess - ok
20:00:54.0817 1668 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
20:00:54.0820 1668 ShellHWDetection - ok
20:00:54.0968 1668 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:00:54.0969 1668 SiSRaid2 - ok
20:00:55.0090 1668 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:00:55.0091 1668 SiSRaid4 - ok
20:00:55.0231 1668 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:00:55.0233 1668 Smb - ok
20:00:55.0359 1668 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:00:55.0361 1668 SNMPTRAP - ok
20:00:55.0480 1668 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:00:55.0481 1668 spldr - ok
20:00:55.0621 1668 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
20:00:55.0624 1668 Spooler - ok
20:00:55.0797 1668 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
20:00:55.0879 1668 sppsvc - ok
20:00:56.0028 1668 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:00:56.0030 1668 sppuinotify - ok
20:00:56.0245 1668 sptd (aa90a319bb067e0d149b4c95608c4b05) C:\Windows\system32\Drivers\sptd.sys
20:00:56.0253 1668 sptd - ok
20:00:56.0408 1668 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:00:56.0413 1668 srv - ok
20:00:56.0566 1668 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:00:56.0570 1668 srv2 - ok
20:00:56.0731 1668 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:00:56.0733 1668 srvnet - ok
20:00:56.0874 1668 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:00:56.0876 1668 SSDPSRV - ok
20:00:56.0969 1668 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:00:56.0971 1668 SstpSvc - ok
20:00:57.0098 1668 Steam Client Service - ok
20:00:57.0250 1668 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:00:57.0251 1668 stexstor - ok
20:00:57.0443 1668 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
20:00:57.0444 1668 StillCam - ok
20:00:57.0597 1668 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
20:00:57.0603 1668 stisvc - ok
20:00:57.0745 1668 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:00:57.0745 1668 swenum - ok
20:00:57.0949 1668 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:00:57.0954 1668 SwitchBoard - ok
20:00:58.0046 1668 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:00:58.0053 1668 swprv - ok
20:00:58.0163 1668 SynTP (01a658167619075baad31c96074c0b38) C:\Windows\system32\DRIVERS\SynTP.sys
20:00:58.0165 1668 SynTP - ok
20:00:58.0304 1668 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
20:00:58.0339 1668 SysMain - ok
20:00:58.0428 1668 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
20:00:58.0430 1668 TabletInputService - ok
20:00:58.0508 1668 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
20:00:58.0511 1668 TapiSrv - ok
20:00:58.0583 1668 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:00:58.0585 1668 TBS - ok
20:00:58.0748 1668 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
20:00:58.0756 1668 Tcpip - ok
20:00:58.0915 1668 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
20:00:58.0923 1668 TCPIP6 - ok
20:00:59.0027 1668 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:00:59.0028 1668 tcpipreg - ok
20:00:59.0134 1668 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:00:59.0135 1668 TDPIPE - ok
20:00:59.0244 1668 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
20:00:59.0244 1668 TDTCP - ok
20:00:59.0374 1668 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:00:59.0375 1668 tdx - ok
20:00:59.0500 1668 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:00:59.0500 1668 TermDD - ok
20:00:59.0594 1668 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
20:00:59.0598 1668 TermService - ok
20:00:59.0667 1668 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:00:59.0669 1668 Themes - ok
20:00:59.0772 1668 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:00:59.0773 1668 THREADORDER - ok
20:00:59.0841 1668 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:00:59.0843 1668 TrkWks - ok
20:00:59.0936 1668 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
20:00:59.0939 1668 TrustedInstaller - ok
20:01:00.0045 1668 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:01:00.0047 1668 tssecsrv - ok
20:01:00.0175 1668 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:01:00.0177 1668 tunnel - ok
20:01:00.0294 1668 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:01:00.0295 1668 uagp35 - ok
20:01:00.0403 1668 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:01:00.0407 1668 udfs - ok
20:01:00.0486 1668 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:01:00.0488 1668 UI0Detect - ok
20:01:00.0595 1668 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:01:00.0597 1668 uliagpkx - ok
20:01:00.0718 1668 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:01:00.0719 1668 umbus - ok
20:01:00.0844 1668 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:01:00.0845 1668 UmPass - ok
20:01:00.0964 1668 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:01:00.0968 1668 upnphost - ok
20:01:01.0138 1668 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
20:01:01.0139 1668 USBAAPL64 - ok
20:01:01.0299 1668 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
20:01:01.0301 1668 usbaudio - ok
20:01:01.0424 1668 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
20:01:01.0425 1668 usbccgp - ok
20:01:01.0564 1668 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:01:01.0566 1668 usbcir - ok
20:01:01.0687 1668 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
20:01:01.0688 1668 usbehci - ok
20:01:01.0843 1668 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
20:01:01.0847 1668 usbhub - ok
20:01:01.0981 1668 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:01:01.0983 1668 usbohci - ok
20:01:02.0118 1668 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:01:02.0119 1668 usbprint - ok
20:01:02.0256 1668 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:01:02.0257 1668 usbscan - ok
20:01:02.0376 1668 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:01:02.0378 1668 USBSTOR - ok
20:01:02.0491 1668 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:01:02.0493 1668 usbuhci - ok
20:01:02.0632 1668 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
20:01:02.0634 1668 usbvideo - ok
20:01:02.0748 1668 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:01:02.0750 1668 UxSms - ok
20:01:02.0854 1668 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:01:02.0855 1668 VaultSvc - ok
20:01:02.0991 1668 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:01:02.0992 1668 vdrvroot - ok
20:01:03.0108 1668 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
20:01:03.0115 1668 vds - ok
20:01:03.0252 1668 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:01:03.0253 1668 vga - ok
20:01:03.0365 1668 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:01:03.0366 1668 VgaSave - ok
20:01:03.0492 1668 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:01:03.0495 1668 vhdmp - ok
20:01:03.0611 1668 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:01:03.0612 1668 viaide - ok
20:01:03.0722 1668 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:01:03.0723 1668 volmgr - ok
20:01:03.0836 1668 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:01:03.0841 1668 volmgrx - ok
20:01:03.0954 1668 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:01:03.0956 1668 volsnap - ok
20:01:04.0089 1668 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:01:04.0091 1668 vsmraid - ok
20:01:04.0229 1668 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
20:01:04.0261 1668 VSS - ok
20:01:04.0376 1668 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:01:04.0377 1668 vwifibus - ok
20:01:04.0488 1668 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:01:04.0490 1668 vwififlt - ok
20:01:04.0626 1668 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:01:04.0627 1668 vwifimp - ok
20:01:04.0755 1668 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:01:04.0760 1668 W32Time - ok
20:01:04.0855 1668 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:01:04.0856 1668 WacomPen - ok
20:01:04.0976 1668 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:01:04.0977 1668 WANARP - ok
20:01:04.0998 1668 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:01:04.0999 1668 Wanarpv6 - ok
20:01:05.0180 1668 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:01:05.0208 1668 WatAdminSvc - ok
20:01:05.0335 1668 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
20:01:05.0369 1668 wbengine - ok
20:01:05.0467 1668 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:01:05.0471 1668 WbioSrvc - ok
20:01:05.0554 1668 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
20:01:05.0559 1668 wcncsvc - ok
20:01:05.0618 1668 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:01:05.0620 1668 WcsPlugInService - ok
20:01:05.0718 1668 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:01:05.0720 1668 Wd - ok
20:01:05.0854 1668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:01:05.0860 1668 Wdf01000 - ok
20:01:05.0977 1668 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:01:05.0979 1668 WdiServiceHost - ok
20:01:05.0982 1668 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:01:05.0983 1668 WdiSystemHost - ok
20:01:06.0107 1668 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
20:01:06.0110 1668 WebClient - ok
20:01:06.0233 1668 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:01:06.0237 1668 Wecsvc - ok
20:01:06.0336 1668 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:01:06.0338 1668 wercplsupport - ok
20:01:06.0474 1668 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:01:06.0476 1668 WerSvc - ok
20:01:06.0600 1668 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:01:06.0601 1668 WfpLwf - ok
20:01:06.0706 1668 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:01:06.0707 1668 WIMMount - ok
20:01:06.0759 1668 WinDefend - ok
20:01:06.0764 1668 WinHttpAutoProxySvc - ok
20:01:06.0872 1668 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:01:06.0875 1668 Winmgmt - ok
20:01:07.0018 1668 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
20:01:07.0062 1668 WinRM - ok
20:01:07.0247 1668 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
20:01:07.0248 1668 WinUsb - ok
20:01:07.0355 1668 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:01:07.0368 1668 Wlansvc - ok
20:01:07.0495 1668 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:01:07.0547 1668 wlidsvc - ok
20:01:07.0661 1668 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:01:07.0662 1668 WmiAcpi - ok
20:01:07.0796 1668 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:01:07.0799 1668 wmiApSrv - ok
20:01:07.0846 1668 WMPNetworkSvc - ok
20:01:07.0920 1668 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:01:07.0922 1668 WPCSvc - ok
20:01:08.0028 1668 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
20:01:08.0030 1668 WPDBusEnum - ok
20:01:08.0156 1668 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:01:08.0157 1668 ws2ifsl - ok
20:01:08.0306 1668 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:01:08.0308 1668 wscsvc - ok
20:01:08.0390 1668 WSearch - ok
20:01:08.0562 1668 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
20:01:08.0625 1668 wuauserv - ok
20:01:08.0744 1668 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:01:08.0746 1668 WudfPf - ok
20:01:08.0876 1668 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:01:08.0879 1668 WUDFRd - ok
20:01:08.0979 1668 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
20:01:08.0982 1668 wudfsvc - ok
20:01:09.0085 1668 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:01:09.0088 1668 WwanSvc - ok
20:01:09.0205 1668 X6va005 - ok
20:01:09.0381 1668 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
20:01:09.0388 1668 xnacc - ok
20:01:09.0421 1668 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:01:09.0487 1668 \Device\Harddisk0\DR0 - ok
20:01:09.0490 1668 Boot (0x1200) (c74c0936c4b3347d1ea2824c2bb1faae) \Device\Harddisk0\DR0\Partition0
20:01:09.0492 1668 \Device\Harddisk0\DR0\Partition0 - ok
20:01:09.0500 1668 Boot (0x1200) (f2bd5dca5a9f41cfa2f1bb4240186b44) \Device\Harddisk0\DR0\Partition1
20:01:09.0503 1668 \Device\Harddisk0\DR0\Partition1 - ok
20:01:09.0503 1668 ============================================================
20:01:09.0503 1668 Scan finished
20:01:09.0503 1668 ============================================================
20:01:09.0510 3372 Detected object count: 0
20:01:09.0510 3372 Actual detected object count: 0


aswMBR :

How long does it usually take? It's been running for a while now.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 05 April 2012 - 10:31 PM

on my computr about 10 min


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 danger.sg

danger.sg
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 05 April 2012 - 10:41 PM

It seems to be frozen on a file in my local/appdata.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 05 April 2012 - 10:43 PM

go ahead and stop it

and send me the report it gives you


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 danger.sg

danger.sg
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 05 April 2012 - 10:43 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-05 20:23:23
-----------------------------
20:23:23.506 OS Version: Windows x64 6.1.7600
20:23:23.506 Number of processors: 8 586 0x1E05
20:23:23.507 ComputerName: KIDDANGER-PC UserName: Kid Danger
20:23:25.113 Initialze error C000010E - driver not loaded
20:23:28.105 AVAST engine defs: 12040501
20:23:34.011 Service scanning
20:24:24.163 Modules scanning
20:24:24.168 Disk 0 trace - called modules:
20:24:24.170
20:24:29.024 AVAST engine scan C:\Windows
20:24:33.291 AVAST engine scan C:\Windows\system32
20:27:18.353 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
20:27:20.557 AVAST engine scan C:\Windows\system32\drivers
20:27:32.368 AVAST engine scan C:\Users\Kid Danger
20:43:18.126 The log file has been saved successfully to "C:\Users\Kid Danger\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 05 April 2012 - 10:52 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Windows\assembly\temp\U

FireFox::
FF - ProfilePath - c:\users\Kid Danger\AppData\Roaming\Mozilla\Firefox\Profiles\ejn4i42o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110788&babsrc=adbartrp&mntrId=2c9b1a230000000000001a4bd65ae438&q=
FF - user.js: extensions.BabylonToolbar_i.id - 2c9b1a230000000000001a4bd65ae438
FF - user.js: extensions.BabylonToolbar_i.hardId - 2c9b1a230000000000001a4bd65ae438
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15409
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:57
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 danger.sg

danger.sg
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 05 April 2012 - 11:21 PM

ComboFix 12-04-04.02 - Kid Danger 04/05/2012 21:02:18.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6069.4349 [GMT -7:00]
Running from: c:\users\Kid Danger\Desktop\ComboFix.exe
Command switches used :: c:\users\Kid Danger\Desktop\CFScript.txt.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\U
c:\windows\assembly\temp\U\00000001.@
c:\windows\assembly\temp\U\00000002.@
c:\windows\assembly\temp\U\00000004.@
c:\windows\assembly\temp\U\000000c0.@
c:\windows\assembly\temp\U\000000cb.@
c:\windows\assembly\temp\U\000000cf.@
c:\windows\assembly\temp\U\80000000.@
c:\windows\assembly\temp\U\80000004.@
c:\windows\assembly\temp\U\80000032.@
c:\windows\assembly\temp\U\80000064.@
c:\windows\assembly\temp\U\800000c0.@
c:\windows\assembly\temp\U\800000cb.@
c:\windows\assembly\temp\U\800000cf.@
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 04:10 . 2012-04-06 04:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 05:23 . 2012-04-05 05:24 -------- d-----w- C:\FRST
2012-04-05 00:42 . 2012-03-20 10:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E8CC274-6ECB-4990-AF3D-00AB6D6771E8}\mpengine.dll
2012-04-04 04:08 . 2012-04-04 04:08 -------- d-----w- C:\found.000
2012-03-26 17:58 . 2012-03-26 17:58 -------- d-----w- c:\users\Kid Danger\AppData\Roaming\Cobra Mobile
2012-03-25 02:51 . 2012-03-25 05:20 -------- d-----w- c:\users\Kid Danger\AppData\Roaming\Ventrilo
2012-03-25 02:50 . 2012-03-25 02:50 -------- d-----w- c:\program files (x86)\Ventrilo
2012-03-21 22:42 . 2012-03-21 22:42 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-03-21 22:05 . 2012-03-21 23:57 -------- d-----w- c:\program files (x86)\THQ
2012-03-20 03:35 . 2012-03-20 03:35 -------- d-----w- c:\users\Kid Danger\AppData\Roaming\MinMaxGames
2012-03-18 21:42 . 2012-03-21 23:57 -------- d-----w- c:\program files (x86)\Dungeon Defenders
2012-03-17 15:55 . 2012-03-17 15:55 -------- d-----w- c:\users\Kid Danger\AppData\Local\BigHugeEngine
2012-03-17 06:54 . 2012-03-17 06:54 -------- d-----w- c:\users\Kid Danger\AppData\Roaming\Trine2
2012-03-17 06:51 . 2012-03-17 06:51 -------- d-----w- c:\program files (x86)\Frozenbyte
2012-03-17 04:18 . 2012-03-17 04:18 -------- d-----w- c:\users\Kid Danger\AppData\Roaming\RotMG.Production
2012-03-15 08:27 . 2012-03-15 08:27 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2012-03-15 08:26 . 2012-03-15 08:26 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-14 10:07 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 05:33 . 2012-03-14 05:33 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-03-14 05:33 . 2012-03-14 05:33 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-03-14 05:05 . 2012-03-14 05:05 -------- d-----w- c:\program files (x86)\Bioware
2012-03-14 05:00 . 2012-03-14 05:00 -------- d-----w- c:\users\Kid Danger\MSE3
2012-03-13 22:58 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 22:58 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 22:58 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-13 22:58 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-13 22:58 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 22:58 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 22:58 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 22:58 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 22:58 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-13 22:58 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-13 22:51 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 22:51 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 22:51 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 22:51 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 22:51 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 22:51 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 22:51 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-10 08:04 . 2012-03-10 08:04 -------- d-----w- c:\program files (x86)\VideoLAN
2012-03-10 07:57 . 2012-03-10 07:57 -------- d-----w- c:\program files (x86)\FLVPlayer
2012-03-10 07:53 . 2012-03-10 07:53 -------- d-----w- c:\users\Kid Danger\AppData\Local\DDMSettings
2012-03-10 07:50 . 2012-03-10 07:50 -------- d-----w- c:\program files (x86)\AC3 Player
2012-03-08 18:10 . 2012-03-08 18:10 -------- d-----w- c:\users\Kid Danger\AppData\Roaming\Indicium Technologies
2012-03-08 18:10 . 2012-03-08 18:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-03-08 18:09 . 2012-03-08 18:10 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-03-08 18:08 . 2012-03-08 18:15 -------- d-----w- c:\users\Kid Danger\AppData\Roaming\EveHQ
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\program files (x86)\EveHQ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-26 17:58 . 2012-02-02 11:20 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-26 17:58 . 2012-02-02 11:20 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-03-26 17:58 . 2012-02-02 11:20 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-26 17:58 . 2012-02-02 11:20 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-03-21 22:36 . 2012-01-13 23:25 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-02-26 19:00 . 2011-12-01 18:17 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 16:18 . 2010-12-21 01:01 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-04_21.51.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-21 00:34 . 2012-04-06 04:13 47700 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-06 04:13 35548 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-21 00:18 . 2012-04-06 04:13 22920 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1146084035-806319024-1515760263-1000_UserData.bin
+ 2011-10-10 00:51 . 2012-04-05 02:02 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-10-10 00:51 . 2012-04-04 04:01 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2010-12-21 00:09 . 2012-04-04 04:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-21 00:09 . 2012-04-04 21:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-21 00:09 . 2012-04-04 04:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-21 00:09 . 2012-04-04 21:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-04 04:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-04 21:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-06 04:11 . 2012-04-06 04:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-04 21:50 . 2012-04-04 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-06 04:11 . 2012-04-06 04:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-04 21:50 . 2012-04-04 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-24 19:53 . 2012-04-06 02:38 2352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-11 19:42 . 2012-04-06 02:06 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-06-11 19:42 . 2012-04-04 21:49 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-06 02:06 311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-04 21:49 311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-04-06 02:46 669298 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-04 05:39 669298 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-04 05:39 125452 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-06 02:46 125452 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:12 . 2012-04-04 21:50 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-04-04 04:39 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-04-04 21:49 358300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-06 04:11 358300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-04-04 21:49 4046848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-06 02:06 4046848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-24 20:56 . 2012-04-06 04:11 5778020 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1146084035-806319024-1515760263-1000-12288.dat
- 2009-07-14 04:54 . 2012-04-04 21:49 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-06 02:06 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-04-04 05:21 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-04-06 01:00 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-02-26 650104]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-10-23 5013128]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Facebook Update"="c:\users\Kid Danger\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-22 137536]
"EVEMon"="c:\program files (x86)\EVEMon\EVEMon.exe" [2012-03-10 1797120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-07-17 273544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-13 343168]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10 135664]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10 135664]
R3 hexmagic;hexmagic;c:\windows\system32\drivers\hexmagic.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\KIDDAN~1\AppData\Local\Temp\0051BD5.tmp [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1146084035-806319024-1515760263-1000Core.job
- c:\users\Kid Danger\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-22 20:02]
.
2012-04-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1146084035-806319024-1515760263-1000UA.job
- c:\users\Kid Danger\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-22 20:02]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10 06:13]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-10 06:13]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1146084035-806319024-1515760263-1000Core.job
- c:\users\Kid Danger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 01:05]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1146084035-806319024-1515760263-1000UA.job
- c:\users\Kid Danger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 01:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-11 8321568]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mpe
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Kid Danger\AppData\Roaming\Mozilla\Firefox\Profiles\ejn4i42o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.eveonline.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\KIDDAN~1\AppData\Local\Temp\0051BD5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1146084035-806319024-1515760263-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1146084035-806319024-1515760263-1000\Software\SecuROM\License information*]
"datasecu"=hex:29,45,68,08,57,90,27,b7,f1,f7,bd,73,62,27,d9,eb,08,81,f9,be,c0,
75,19,15,e6,4e,1b,f4,ef,02,5f,70,17,fe,62,db,c1,c5,37,78,1d,38,18,ae,a9,5f,\
"rkeysecu"=hex:0f,5b,1c,19,d0,55,be,c8,49,97,26,41,0c,03,03,88
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Completion time: 2012-04-05 21:19:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 04:19
ComboFix2.txt 2012-04-06 02:47
ComboFix3.txt 2012-04-04 21:58
.
Pre-Run: 234,961,002,496 bytes free
Post-Run: 234,613,694,464 bytes free
.
- - End Of File - - 55DCEF623E666DC598E139009EBFECA7

It seems to be running better. I'm just really happy to be able to boot up and log in.
Anything else I should watch for or run?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 05 April 2012 - 11:24 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 danger.sg

danger.sg
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 05 April 2012 - 11:25 PM

Update for Microsoft Office 2007 (KB2508958)
AC3 Player version 1.0
AC3File 0.6b
AC3Filter (remove only)
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS5
Adobe Reader X (10.1.0)
Age of Empires Online
Apple Application Support
Apple Software Update
ASUS LifeFrame3
ASUS Live Update
ATK Package
Bandisoft MPEG-1 Decoder
BitTorrent
BulletStorm
Call of Duty: Modern Warfare 3 - Multiplayer
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help English
CDisplay 1.8
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
DAEMON Tools Lite
DAEMON Tools Toolbar
Dead Rising 2
Dead Space 2
DivX Setup
Dungeon Defenders
EVE Online (remove only)
EveHQ
EVEMon
Fable III
Facebook Video Calling 1.2.0.159
Fallout Mod Manager 0.13.21
ffdshow [rev 2527] [2008-12-19]
FLV Player
FoxTab Media Player
Google Chrome
Google Talk Plugin
Google Update Helper
Grand Theft Auto IV
HP Deskjet 1050 J410 series Help
HP Photo Creations
HP Photosmart Plus B210 series Help
HP Update
HydraVision
iBomber Defense Pacific
Impulse
InterActual Player
Java Auto Updater
Java™ 6 Update 24
Just Cause 2
Mass Effect 2
Mass Effect™ 3
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MotoHelper 2.0.51 Driver 5.1.0
MotoHelper MergeModules
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nexon Game Manager
NVIDIA PhysX
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
OpenAL
Overlord II
Pando Media Booster
PDF Settings CS5
PunkBuster Services
QuickTime
Really Big Sky
Realm of the Mad God
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Skype Toolbars
Skype™ 5.1
Solar 2
Space Pirates and Zombies
Spybot - Search & Destroy
Star Trek Online
StarCraft II
Steam
System Requirements Lab
Team Fortress 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Verizon V CAST Media Manager
VLC media player 2.0.0
Warhammer 40,000: Dawn of War Gold Edition
Warhammer 40,000: Dawn of War – Dark Crusade
Warhammer 40,000: Dawn of War – Winter Assault
Warhammer® 40,000™: Dawn of War® II
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
WinFlash
WinZip 15.0
X3 Terran Conflict v2.5
Xvid Video Codec




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users