Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

First browser problems, now Windows is slow!


  • This topic is locked This topic is locked
11 replies to this topic

#1 Lokemix

Lokemix

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 23 April 2012 - 04:19 PM

Hi there,

I've been searching for a solution for a while now. I've tried different spyware, anti-virus programs etc. and they don't seem to be helping.

Short version: Firefox browser problems, now windows is ridiculously slow and doesn't respond to anything after starting.

I use Windows 7 Home Premium.

My problems started with my Firefox browser acting weird.
Normally when I just type in something in the address line it does a google search for it, which is what I wanted.
Now whenever I type in anything it performs a search via google custom search.
I started Safe Mode and used Firefox to search, used test as my word.
This happened: http://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=test#gsc.q=test&gsc.page=1

I attempted to reboot and now after passing the welcome screen everything just loads slowly. Most programs don't even start up.
Furthermore I can't do anything, I can click the desktop or an icon, but I can't open up anything. The Start button doesn't work, nor does the task manager.
Ctrl Alt Delete doesn't even prompt the normal screen, it does nothing.

I'd be really thankful for any kind of insight or assistance!

Edited by Orange Blossom, 23 April 2012 - 06:02 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:54 PM

Posted 23 April 2012 - 05:04 PM

Lets take a look:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Lokemix

Lokemix
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 23 April 2012 - 05:35 PM

Hi again,

Thank you for the quick response! I did as you asked, here's the log file:

Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 24-04-2012 00:16:37
Running from D:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKU\Nicolas\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2012-01-01] (Valve Corporation)
HKU\Nicolas\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-28] (Skype Technologies S.A.)
HKU\Nicolas\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3514176 2011-11-10] (DT Soft Ltd)

==================== Services (Whitelisted) ======

2 Ad-Aware Service; "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [1161072 2012-03-29] (Lavasoft Limited)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-20] (Adobe Systems Incorporated)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-28] (LogMeIn Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
2 SBAMSvc; "C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe" [2804280 2011-05-17] (Sunbelt Software)
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [158856 2012-02-28] (Skype Technologies)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2012-01-05] (DT Soft Ltd)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 hitmanpro35; \??\C:\Windows\system32\drivers\hitmanpro36.sys [27936 2012-04-23] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
2 sbapifs; C:\Windows\System32\Drivers\sbapifs.sys [72280 2011-05-11] (Sunbelt Software)
1 SbFw; C:\Windows\System32\Drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-07] (Sunbelt Software, Inc.)
3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-07] (Sunbelt Software, Inc.)
3 sbhips; C:\Windows\System32\Drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)
1 SbTis; C:\Windows\System32\Drivers\SbTis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-24 00:16 - 2009-07-13 21:08 - 0000000 ____D C:\FRST
2012-04-23 14:03 - 2012-04-23 11:50 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-23 14:03 - 2009-07-13 17:16 - 0734810 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-23 14:02 - 2012-01-06 10:53 - 0000000 ____D C:\b84cfa3f495ed7c4bc
2012-04-23 14:02 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-23 13:45 - 2012-01-05 13:43 - 10165440 ____A (Microsoft Corporation) C:\Users\Nicolas\Downloads\mseinstall(1).exe
2012-04-23 13:07 - 2012-04-23 11:49 - 0000122 ____A C:\Users\Nicolas\Desktop\New Text Document.txt
2012-04-23 12:48 - - 0000000 ____D C:\$RECYCLE.BIN
2012-04-23 11:59 - 2012-04-23 11:25 - 0000000 ____D C:\Users\All Users\Kaspersky Lab Setup Files
2012-04-23 11:59 - 2012-04-23 11:25 - 0000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2012-04-23 11:51 - 2012-01-01 17:59 - 0000000 ____D C:\Users\Nicolas\AppData\Roaming\Malwarebytes
2012-04-23 11:50 - 2012-04-23 11:25 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-23 11:50 - 2012-04-23 08:09 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-23 11:50 - 2012-04-23 07:48 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-23 11:50 - 2012-04-23 07:48 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-23 11:50 - 2009-07-13 15:26 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-23 11:49 - 2009-07-13 21:37 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-23 11:48 - 2012-01-04 07:17 - 10165440 ____A (Microsoft Corporation) C:\Users\Nicolas\Desktop\mseinstall.exe
2012-04-23 11:47 - 2012-01-10 17:02 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Nicolas\Downloads\mbam-setup-1.61.0.1400.exe
2012-04-23 11:41 - 2012-04-23 13:45 - 128080584 ____A (Kaspersky Lab) C:\Users\Nicolas\Downloads\pure9.1.0.124da.exe
2012-04-23 11:25 - 2012-01-08 08:53 - 0001897 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-04-23 11:25 - 2010-11-20 02:43 - 0027936 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-04-23 11:24 - 2012-04-23 10:29 - 8252840 ____A (SurfRight B.V.) C:\Users\Nicolas\Downloads\HitmanPro36_x64.exe
2012-04-23 11:24 - 2012-01-09 09:10 - 0000000 ____D C:\Program Files\HitmanPro
2012-04-23 11:24 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\HitmanPro
2012-04-23 11:24 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\HitmanPro
2012-04-23 10:48 - 2012-04-23 14:04 - 0000000 ____D C:\Windows\ERDNT
2012-04-23 10:48 - 2012-04-20 10:58 - 0208896 ____A C:\Windows\MBR.exe
2012-04-23 10:48 - 2012-01-08 09:42 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-23 10:48 - 2009-07-13 23:50 - 0080412 ____A C:\Windows\grep.exe
2012-04-23 10:48 - 2009-07-13 21:32 - 0256000 ____A C:\Windows\PEV.exe
2012-04-23 10:48 - 2009-07-13 19:20 - 0098816 ____A C:\Windows\sed.exe
2012-04-23 10:48 - 2009-07-13 17:39 - 0068096 ____A C:\Windows\zip.exe
2012-04-23 10:48 - 2009-06-10 12:31 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-23 10:48 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-23 10:44 - 2012-01-08 09:31 - 0388608 ____A (Trend Micro Inc.) C:\Users\Nicolas\Desktop\HijackThis.exe
2012-04-23 10:43 - 2009-07-13 17:39 - 0972458 ____A C:\Windows\ntbtlog.txt
2012-04-23 10:32 - 2012-04-23 06:33 - 4473179 ____A (Swearware) C:\Users\Nicolas\Downloads\ComboFix.exe
2012-04-23 10:29 - 2012-01-08 09:53 - 0388608 ____A (Trend Micro Inc.) C:\Users\Nicolas\Downloads\HijackThis.exe
2012-04-23 09:42 - 2012-02-17 09:20 - 0000000 ____D C:\Program Files (x86)\Ubisoft
2012-04-23 08:09 - 2012-01-29 13:35 - 0000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-04-23 07:49 - 2010-11-20 05:33 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2012-04-23 07:49 - 2009-07-13 17:41 - 0045904 ____A (Sunbelt Software) C:\Windows\System32\sbbd.exe
2012-04-23 07:49 - - 0001868 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2012-04-23 07:49 - - 0000000 ____D C:\Users\Nicolas\AppData\Local\adaware
2012-04-23 07:49 - - 0000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-04-23 07:49 - - 0000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2012-04-23 07:48 - 2012-04-23 11:59 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-04-23 07:48 - 2012-04-23 11:59 - 0000000 ____D C:\ProgramData\Lavasoft
2012-04-23 07:48 - 2011-05-11 06:26 - 0253528 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\SbFw.sys
2012-04-23 07:48 - 2011-04-29 04:15 - 0094296 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\sbtis.sys
2012-04-23 07:48 - 2011-04-05 07:35 - 0084568 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\SbFwIm.sys
2012-04-23 07:48 - 2011-02-07 23:14 - 0060504 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\sbhips.sys
2012-04-23 07:48 - - 0000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-04-23 07:47 - - 6243960 ____A (Lavasoft Limited) C:\Users\Nicolas\Downloads\Adaware_Installer.exe
2012-04-23 07:47 - - 0000000 ____D C:\Users\Nicolas\AppData\Roaming\Ad-Aware Antivirus
2012-04-23 05:47 - 2012-03-06 15:04 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-04-23 05:47 - 2012-03-06 15:04 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-04-23 05:47 - 2012-03-06 15:02 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-04-23 05:47 - 2012-03-06 15:01 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-04-23 05:47 - 2012-03-06 15:01 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-04-23 05:47 - 2012-01-05 05:40 - 0001841 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-04-23 05:47 - 2009-07-13 19:20 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-04-23 05:47 - 2009-07-13 17:24 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-04-23 05:47 - 2005-03-28 16:30 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-04-23 05:46 - 2012-04-22 07:48 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-04-23 05:46 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-04-23 05:46 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\AVAST Software
2012-04-23 05:46 - 2009-07-13 17:03 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-04-23 05:46 - - 0000000 ____D C:\Program Files\AVAST Software
2012-04-23 05:44 - 2012-02-02 04:49 - 74761776 ____A C:\Users\Nicolas\Downloads\avast_free_antivirus_setup.exe
2012-04-23 05:24 - 2011-02-24 22:19 - 0026694 ____A C:\Windows\fav_123setup.ico
2012-04-23 05:24 - 2004-04-06 15:37 - 0085182 ____A C:\Windows\fav_google.ico
2012-04-22 11:52 - 2012-02-26 11:40 - 0000000 ____D C:\Users\Nicolas\AppData\Roaming\CDisplayEx
2012-04-22 11:49 - 2012-01-29 13:15 - 5749280 ____A (Henri Gourvest. ) C:\Users\Nicolas\Downloads\CDisplayEx_V1.8.exe
2012-04-20 15:16 - 2012-04-20 10:58 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-20 15:16 - 2012-04-20 10:58 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-20 15:16 - 2012-04-20 10:58 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-20 15:16 - 2012-04-20 10:58 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-20 15:16 - 2012-04-20 10:58 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-20 15:16 - 2012-04-20 10:58 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-20 15:16 - 2012-04-20 10:58 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-20 15:16 - 2012-04-20 10:58 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-20 15:16 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-20 15:16 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-20 15:16 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-20 15:16 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-20 15:16 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-20 15:16 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-20 15:16 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-20 15:16 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-20 15:16 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-20 15:16 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-20 15:16 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-20 15:16 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-20 15:16 - 2010-11-20 05:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-20 15:16 - 2010-11-20 04:21 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-20 15:16 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-20 15:16 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-20 15:16 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-20 15:16 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-20 15:16 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-20 15:16 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-20 15:16 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-20 15:14 - 2009-07-13 17:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-20 15:14 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-20 15:14 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-20 15:14 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-20 15:14 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-20 15:14 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-20 15:14 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-20 13:00 - 2010-11-20 05:26 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-04-20 13:00 - 2010-11-20 04:18 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-04-20 13:00 - 2009-07-13 17:39 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-20 12:57 - 2012-02-16 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-20 12:57 - 2010-11-20 05:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-04-20 12:57 - 2010-11-20 05:27 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-20 12:57 - 2010-11-20 04:21 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-04-20 12:57 - 2009-07-13 17:39 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-20 12:57 - 2009-07-13 16:16 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-20 12:57 - 2009-07-13 16:16 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-04-20 12:03 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-20 12:02 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-20 10:58 - 2012-04-20 10:58 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-20 10:58 - 2012-04-20 10:58 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-20 10:58 - 2012-02-27 23:02 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-20 10:58 - 2012-02-27 22:43 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-20 10:58 - 2012-02-27 22:43 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-20 10:58 - 2012-02-27 22:39 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-04-20 10:58 - 2012-02-27 17:27 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-20 10:58 - 2012-02-27 17:04 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-20 10:58 - 2012-02-27 17:03 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-20 10:58 - 2012-02-27 16:59 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-04-20 10:58 - 2012-01-01 17:36 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-20 10:58 - 2012-01-01 17:36 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-20 10:58 - 2010-11-20 05:26 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-20 10:58 - 2010-11-20 05:25 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-20 10:58 - 2010-11-20 05:24 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-20 10:58 - 2010-11-20 04:19 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-20 10:58 - 2010-11-20 04:18 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-20 10:58 - 2010-11-20 04:17 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-20 10:58 - 2010-11-20 04:16 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-20 10:58 - 2009-07-13 19:20 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-20 10:58 - 2009-07-13 19:20 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-20 10:58 - 2009-07-13 19:20 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-20 10:58 - 2009-07-13 19:20 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-20 10:58 - 2009-07-13 17:41 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-20 10:58 - 2009-07-13 17:41 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-20 10:58 - 2009-07-13 17:41 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-20 10:58 - 2009-07-13 17:41 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-20 10:58 - 2009-07-13 17:41 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-20 10:58 - 2009-07-13 17:39 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-20 10:58 - 2009-07-13 17:39 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-20 10:58 - 2009-07-13 17:39 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-20 10:58 - 2009-07-13 17:38 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-20 10:58 - 2009-07-13 17:38 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-20 10:58 - 2009-07-13 17:16 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-20 10:58 - 2009-07-13 17:16 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-20 10:58 - 2009-07-13 17:15 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-20 10:58 - 2009-07-13 17:15 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-20 10:58 - 2009-07-13 17:15 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-20 10:58 - 2009-07-13 17:14 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-20 10:58 - 2009-07-13 17:14 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-20 10:58 - 2009-07-13 17:14 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-20 10:58 - 2009-07-13 17:14 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-20 10:58 - 2009-07-13 17:14 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-20 10:58 - 2009-07-13 15:55 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-20 10:58 - 2009-07-13 15:40 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-20 10:58 - 2009-07-13 15:31 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-20 10:58 - 2009-07-13 15:19 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-20 10:58 - 2009-07-13 12:49 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-20 10:58 - 2009-06-10 13:14 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-20 10:58 - 2009-06-10 12:30 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-20 10:56 - 2009-06-10 12:30 - 0003555 ____A C:\Windows\IE9_main.log
2012-04-20 09:33 - 2012-04-20 08:25 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-04-20 09:33 - 2012-04-20 08:25 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2012-04-20 09:33 - 2012-02-16 03:22 - 0000000 ____D C:\Users\Nicolas\Documents\Diablo III
2012-04-20 09:01 - 2012-02-16 03:22 - 60790979 ____A C:\Users\Nicolas\Downloads\Do Not Open An Encyclopedia of the World's Best-Kept Secrets mantesh.pdf
2012-04-20 08:26 - 2009-07-13 20:54 - 0001263 ____A C:\Users\Public\Desktop\Diablo III Beta.lnk
2012-04-20 08:26 - 2009-07-13 20:54 - 0000000 ____D C:\Program Files (x86)\Diablo III Beta
2012-04-20 08:24 - 2012-04-23 05:46 - 0000000 ____D C:\Users\All Users\Battle.net
2012-04-20 08:24 - 2012-04-23 05:46 - 0000000 ____D C:\ProgramData\Battle.net
2012-04-20 08:22 - 2012-02-29 16:02 - 5892928 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-04-20 08:22 - 2012-02-29 16:02 - 2872640 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-04-20 08:22 - 2012-02-29 16:02 - 2672448 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-04-20 08:22 - 2012-02-29 16:02 - 25222976 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-04-20 08:22 - 2012-02-29 16:02 - 2517312 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-04-20 08:22 - 2012-02-29 16:02 - 2437440 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-04-20 08:22 - 2012-02-29 16:02 - 19444544 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-04-20 08:22 - 2012-02-29 16:02 - 17642816 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-04-20 08:22 - 2012-02-29 16:02 - 17543488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-04-20 08:22 - 2012-02-29 13:00 - 8008000 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-04-20 08:22 - 2012-02-29 12:59 - 25543488 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-04-20 08:22 - 2012-02-29 03:26 - 7713088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-04-20 08:22 - 2011-07-15 20:29 - 2301248 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-04-20 08:22 - 2010-11-20 05:27 - 0068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-04-20 08:22 - 2010-11-20 04:20 - 0061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-04-20 08:22 - 2009-07-13 15:19 - 13626688 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys

============ 3 Months Modified Files and Folders =============

2012-04-24 00:16 - 2012-04-24 00:16 - 0000000 ____D C:\FRST
2012-04-23 14:12 - 2012-04-23 10:43 - 0972458 ____A C:\Windows\ntbtlog.txt
2012-04-23 14:10 - 2012-01-01 17:34 - 1808347 ____A C:\Windows\WindowsUpdate.log
2012-04-23 14:09 - 2012-04-23 14:02 - 0000000 ____D C:\b84cfa3f495ed7c4bc
2012-04-23 14:09 - 2012-01-06 10:06 - 0009434 ____A C:\Windows\PFRO.log
2012-04-23 14:09 - 2012-01-01 17:31 - 1609424896 __ASH C:\hiberfil.sys
2012-04-23 14:06 - 2009-07-13 20:45 - 0014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-23 14:06 - 2009-07-13 20:45 - 0014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-23 14:04 - 2012-04-23 11:49 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-23 14:03 - 2012-04-23 14:03 - 0734810 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-23 14:03 - 2012-04-23 14:03 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-23 14:03 - 2012-04-23 14:02 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-23 13:47 - 2012-01-01 18:01 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-23 13:47 - 2012-01-01 18:01 - 0000000 ____D C:\ProgramData\NVIDIA
2012-04-23 13:47 - 2012-01-01 17:49 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-23 13:47 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-23 13:47 - 2009-07-13 20:51 - 0024867 ____A C:\Windows\setupact.log
2012-04-23 13:45 - 2012-04-23 13:45 - 10165440 ____A (Microsoft Corporation) C:\Users\Nicolas\Downloads\mseinstall(1).exe
2012-04-23 13:11 - 2012-04-23 13:07 - 0000122 ____A C:\Users\Nicolas\Desktop\New Text Document.txt
2012-04-23 13:11 - 2012-04-23 11:25 - 0027936 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-04-23 13:08 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-23 12:49 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-23 12:48 - 2012-04-23 12:48 - 0000000 ____D C:\$RECYCLE.BIN
2012-04-23 12:48 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-23 12:47 - 2012-04-23 07:49 - 0001868 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2012-04-23 12:27 - 2012-01-08 09:56 - 0000000 ____D C:\Users\Nicolas\AppData\Local\LogMeIn Hamachi
2012-04-23 11:59 - 2012-04-23 11:59 - 0000000 ____D C:\Users\All Users\Kaspersky Lab Setup Files
2012-04-23 11:59 - 2012-04-23 11:59 - 0000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2012-04-23 11:52 - 2012-04-23 11:41 - 128080584 ____A (Kaspersky Lab) C:\Users\Nicolas\Downloads\pure9.1.0.124da.exe
2012-04-23 11:51 - 2012-04-23 11:51 - 0000000 ____D C:\Users\Nicolas\AppData\Roaming\Malwarebytes
2012-04-23 11:50 - 2012-04-23 11:50 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-23 11:50 - 2012-04-23 11:50 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-23 11:50 - 2012-04-23 11:50 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-23 11:50 - 2012-04-23 11:50 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-23 11:49 - 2012-04-23 11:48 - 10165440 ____A (Microsoft Corporation) C:\Users\Nicolas\Desktop\mseinstall.exe
2012-04-23 11:48 - 2012-04-23 11:47 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Nicolas\Downloads\mbam-setup-1.61.0.1400.exe
2012-04-23 11:39 - 2012-01-01 18:31 - 0057944 ____A C:\Users\Nicolas\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-23 11:25 - 2012-04-23 11:25 - 0001897 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-04-23 11:25 - 2012-04-23 11:24 - 0000000 ____D C:\Users\All Users\HitmanPro
2012-04-23 11:25 - 2012-04-23 11:24 - 0000000 ____D C:\ProgramData\HitmanPro
2012-04-23 11:24 - 2012-04-23 11:24 - 8252840 ____A (SurfRight B.V.) C:\Users\Nicolas\Downloads\HitmanPro36_x64.exe
2012-04-23 11:24 - 2012-04-23 11:24 - 0000000 ____D C:\Program Files\HitmanPro
2012-04-23 10:59 - 2012-04-23 10:48 - 0000000 ____D C:\Windows\ERDNT
2012-04-23 10:38 - 2009-07-13 20:45 - 0267280 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-23 10:33 - 2012-04-23 10:32 - 4473179 ____A (Swearware) C:\Users\Nicolas\Downloads\ComboFix.exe
2012-04-23 10:30 - 2012-04-20 12:03 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-23 10:29 - 2012-04-23 10:44 - 0388608 ____A (Trend Micro Inc.) C:\Users\Nicolas\Desktop\HijackThis.exe
2012-04-23 10:29 - 2012-04-23 10:29 - 0388608 ____A (Trend Micro Inc.) C:\Users\Nicolas\Downloads\HijackThis.exe
2012-04-23 10:07 - 2012-01-01 18:06 - 0000000 ____D C:\Users\Nicolas\AppData\Roaming\Skype
2012-04-23 09:57 - 2012-01-29 13:35 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-23 09:45 - 2012-04-23 09:42 - 0000000 ____D C:\Program Files (x86)\Ubisoft
2012-04-23 08:09 - 2012-04-23 08:09 - 0000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-04-23 08:05 - 2012-04-23 07:47 - 0000000 ____D C:\Users\Nicolas\AppData\Roaming\Ad-Aware Antivirus
2012-04-23 08:05 - 2012-01-05 13:41 - 0000000 ____D C:\Users\Nicolas\AppData\Roaming\uTorrent
2012-04-23 07:49 - 2012-04-23 07:49 - 0000000 ____D C:\Users\Nicolas\AppData\Local\adaware
2012-04-23 07:49 - 2012-04-23 07:49 - 0000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-04-23 07:49 - 2012-04-23 07:49 - 0000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2012-04-23 07:48 - 2012-04-23 07:48 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-04-23 07:48 - 2012-04-23 07:48 - 0000000 ____D C:\ProgramData\Lavasoft
2012-04-23 07:48 - 2012-04-23 07:48 - 0000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-04-23 07:47 - 2012-04-23 07:47 - 6243960 ____A (Lavasoft Limited) C:\Users\Nicolas\Downloads\Adaware_Installer.exe
2012-04-23 06:33 - 2012-04-23 05:49 - 2170028032 ____A C:\Users\Nicolas\Downloads\Chessmate 11th - Chessmaster Grandmaster Edition.iso
2012-04-23 05:47 - 2012-04-23 05:47 - 0001841 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-04-23 05:47 - 2012-04-23 05:47 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-04-23 05:46 - 2012-04-23 05:46 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-04-23 05:46 - 2012-04-23 05:46 - 0000000 ____D C:\ProgramData\AVAST Software
2012-04-23 05:46 - 2012-04-23 05:46 - 0000000 ____D C:\Program Files\AVAST Software
2012-04-23 05:45 - 2012-04-23 05:44 - 74761776 ____A C:\Users\Nicolas\Downloads\avast_free_antivirus_setup.exe
2012-04-23 05:36 - 2012-01-02 02:39 - 0000000 ____D C:\Users\Nicolas\AppData\Local\VirtualStore
2012-04-22 11:52 - 2012-04-22 11:52 - 0000000 ____D C:\Users\Nicolas\AppData\Roaming\CDisplayEx
2012-04-21 02:14 - 2012-01-01 17:47 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-20 12:09 - 2012-01-10 17:04 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-20 12:02 - 2012-04-20 12:02 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-20 12:02 - 2012-01-01 17:57 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-20 11:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-20 10:59 - 2012-04-20 10:56 - 0003555 ____A C:\Windows\IE9_main.log
2012-04-20 10:58 - 2012-04-20 10:58 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-20 10:58 - 2012-04-20 10:58 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-20 10:58 - 2012-04-20 10:58 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-20 10:58 - 2012-04-20 10:58 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-20 10:58 - 2012-04-20 10:58 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-20 10:58 - 2012-04-20 10:58 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-04-20 10:58 - 2012-04-20 10:58 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-04-20 10:58 - 2012-04-20 10:58 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-20 10:58 - 2012-04-20 10:58 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-20 10:58 - 2012-04-20 10:58 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-20 10:58 - 2012-04-20 10:58 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-20 09:33 - 2012-04-20 09:33 - 0000000 ____D C:\Users\Nicolas\Documents\Diablo III
2012-04-20 09:33 - 2012-04-20 09:33 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-04-20 09:33 - 2012-04-20 09:33 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2012-04-20 09:32 - 2012-04-20 08:26 - 0000000 ____D C:\Program Files (x86)\Diablo III Beta
2012-04-20 09:06 - 2012-04-20 09:01 - 60790979 ____A C:\Users\Nicolas\Downloads\Do Not Open An Encyclopedia of the World's Best-Kept Secrets mantesh.pdf
2012-04-20 08:27 - 2012-04-20 08:26 - 0001263 ____A C:\Users\Public\Desktop\Diablo III Beta.lnk
2012-04-20 08:25 - 2012-04-20 08:24 - 0000000 ____D C:\Users\All Users\Battle.net
2012-04-20 08:25 - 2012-04-20 08:24 - 0000000 ____D C:\ProgramData\Battle.net
2012-04-20 08:25 - 2012-01-01 18:01 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-04-20 08:25 - 2012-01-01 17:59 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-20 08:24 - 2012-01-01 17:59 - 0000000 ____D C:\NVIDIA
2012-04-20 08:04 - 2012-01-01 18:06 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-20 08:04 - 2012-01-01 18:06 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-04-20 08:03 - 2012-01-01 18:06 - 0000000 ____D C:\Users\All Users\Skype
2012-04-20 08:03 - 2012-01-01 18:06 - 0000000 ____D C:\ProgramData\Skype
2012-04-04 05:56 - 2012-04-23 11:50 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-28 17:00 - 2012-01-09 06:28 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-06 15:15 - 2012-04-23 05:47 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-06 15:15 - 2012-04-23 05:46 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 15:15 - 2012-04-23 05:46 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-06 15:04 - 2012-04-23 05:47 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-03-06 15:04 - 2012-04-23 05:47 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-03-06 15:02 - 2012-04-23 05:47 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-03-06 15:01 - 2012-04-23 05:47 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-03-06 15:01 - 2012-04-23 05:47 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-03-06 15:01 - 2012-04-23 05:47 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-03-05 22:53 - 2012-04-20 15:16 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-20 15:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-20 15:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-02-29 22:46 - 2012-04-20 15:14 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-20 15:14 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-20 15:14 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-20 15:14 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-20 15:14 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-20 15:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-20 15:14 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 16:02 - 2012-04-20 08:22 - 8008000 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-02-29 16:02 - 2012-04-20 08:22 - 7713088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-02-29 16:02 - 2012-04-20 08:22 - 5892928 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-02-29 16:02 - 2012-04-20 08:22 - 2872640 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-02-29 16:02 - 2012-04-20 08:22 - 2672448 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-02-29 16:02 - 2012-04-20 08:22 - 25543488 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-02-29 16:02 - 2012-04-20 08:22 - 25222976 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-02-29 16:02 - 2012-04-20 08:22 - 2517312 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-02-29 16:02 - 2012-04-20 08:22 - 2437440 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-02-29 16:02 - 2012-04-20 08:22 - 2301248 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-02-29 16:02 - 2012-04-20 08:22 - 19444544 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-02-29 16:02 - 2012-04-20 08:22 - 17642816 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-02-29 16:02 - 2012-04-20 08:22 - 17543488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-02-29 16:02 - 2012-04-20 08:22 - 13626688 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-02-29 16:02 - 2012-04-20 08:22 - 0068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-02-29 16:02 - 2012-04-20 08:22 - 0061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-02-29 16:02 - 2012-01-01 18:00 - 2660160 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-02-29 16:02 - 2012-01-01 18:00 - 1737536 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-02-29 16:02 - 2012-01-01 18:00 - 1466176 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-02-29 16:02 - 2012-01-01 18:00 - 0011770 ____A C:\Windows\System32\nvinfo.pb
2012-02-29 16:02 - 2009-07-13 13:59 - 9717568 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-02-29 16:02 - 2009-06-10 12:37 - 15009600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-02-29 13:00 - 2012-01-01 18:01 - 6074176 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-02-29 13:00 - 2012-01-01 18:01 - 3089728 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-02-29 12:59 - 2012-01-01 18:01 - 0889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-02-29 12:59 - 2012-01-01 18:01 - 0118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-02-29 12:59 - 2012-01-01 18:01 - 0063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-02-29 03:26 - 2012-02-29 03:26 - 0416064 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-02-27 23:34 - 2012-04-20 15:16 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-20 15:16 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-20 15:16 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-20 15:16 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-20 15:16 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-20 15:16 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-20 15:16 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-20 15:16 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-20 15:16 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-20 15:16 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-20 15:16 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-20 15:16 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-20 15:16 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-20 15:16 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-20 15:16 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-20 15:16 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-20 15:16 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-20 15:16 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-20 15:16 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-20 15:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-20 15:16 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-20 15:16 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-20 15:16 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-20 15:16 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-20 15:16 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-20 15:16 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-26 11:40 - 2012-02-07 06:45 - 0000000 ____D C:\Users\Nicolas\AppData\Roaming\BSW
2012-02-26 07:47 - 2012-02-26 07:47 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-02-26 07:31 - 2012-01-10 17:05 - 1031845 ____A C:\Users\Nicolas\danid.log
2012-02-24 14:33 - 2012-02-24 14:32 - 14943554 ____A C:\Users\Nicolas\Downloads\dominion_20111114.zip
2012-02-23 00:18 - 2012-01-01 17:56 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-20 15:10 - 2012-02-20 15:10 - 0034483 ____A C:\Users\Nicolas\Downloads\Snapshot_20120221_4.JPG
2012-02-17 15:11 - 2012-02-17 15:10 - 0000000 ____D C:\Program Files (x86)\Cpukiller3
2012-02-17 15:10 - 2012-02-17 15:10 - 0000967 ____A C:\Users\Nicolas\Desktop\Cpukiller3.lnk
2012-02-17 09:20 - 2012-02-17 09:20 - 0000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-02-17 09:20 - 2012-02-17 09:19 - 0000000 ____D C:\Users\Nicolas\AppData\Roaming\SystemRequirementsLab
2012-02-16 22:38 - 2012-04-20 12:57 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-04-20 12:57 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-04-20 12:57 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-04-20 12:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 03:22 - 2012-01-02 02:40 - 0000174 ___SH C:\Users\Nicolas\Start Menu\Programs\Startup\desktop.ini
2012-02-16 03:22 - 2012-01-02 02:40 - 0000174 ___SH C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-13 14:52 - 2012-02-13 14:52 - 0000000 ____D C:\Users\Nicolas\AppData\Local\FalloutNV
2012-02-13 14:52 - 2012-02-08 04:25 - 0000000 ____D C:\Users\Nicolas\Documents\My Games
2012-02-13 14:43 - 2012-02-13 14:43 - 0000000 ____D C:\Windows\System32\Macromed
2012-02-13 14:43 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-02-13 14:15 - 2012-02-13 14:15 - 0000000 ____D C:\Program Files (x86)\Bethesda Softworks
2012-02-09 22:36 - 2012-04-20 13:00 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-04-20 13:00 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-08 04:26 - 2012-02-08 04:20 - 0000000 ____D C:\Program Files (x86)\Battle for Wesnoth 1.10.0
2012-02-08 04:17 - 2012-02-08 04:14 - 312678319 ____A C:\Users\Nicolas\Downloads\wesnoth-1.10-win32.exe
2012-02-07 06:45 - 2012-02-07 06:45 - 0001000 ____A C:\Users\Nicolas\Desktop\BrettspielWelt.lnk
2012-02-07 06:45 - 2012-02-07 06:45 - 0000000 ____D C:\Program Files (x86)\BSW
2012-02-06 10:59 - 2012-01-04 05:58 - 0000000 ____D C:\Users\Nicolas\AppData\Local\ElevatedDiagnostics
2012-02-03 08:45 - 2012-02-03 08:36 - 427013441 ____A C:\Users\Nicolas\Downloads\Bachelor Thesis.zip
2012-02-02 20:34 - 2012-04-20 13:00 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 04:49 - 2012-02-02 04:49 - 0373578 ____A C:\Users\Nicolas\Downloads\Ans%c3%b8gningsskema__UK__til_hjemmeside.pdf
2012-02-02 04:47 - 2012-01-04 08:20 - 0000000 ____D C:\Users\Nicolas\AppData\Local\Microsoft Games
2012-01-31 17:17 - 2012-01-31 17:17 - 0084992 ____A C:\Users\Nicolas\Downloads\Junta_Overview_v1.doc
2012-01-31 17:12 - 2012-01-31 17:12 - 0135767 ____A C:\Users\Nicolas\Desktop\junta_helper_v1.1.pdf
2012-01-31 12:20 - 2012-01-31 12:20 - 6109671 ____A C:\Users\Nicolas\Downloads\super-solvers-gizmos-gadgets.zip
2012-01-29 13:56 - 2012-01-29 13:53 - 0000000 ____D C:\Users\Nicolas\Documents\Black & White 2
2012-01-29 13:50 - 2012-01-29 13:50 - 0002579 ____A C:\Users\Public\Desktop\Black & White 2 Battle of the Gods.lnk
2012-01-29 13:49 - 2012-01-01 18:31 - 0059155 ____A C:\Windows\DirectX.log
2012-01-29 13:47 - 2012-01-29 13:47 - 0001918 ____A C:\Users\Public\Desktop\Black & White 2.lnk
2012-01-29 13:35 - 2012-01-29 13:35 - 0000000 ____D C:\Program Files (x86)\Lionhead Studios
2012-01-29 13:31 - 2012-01-05 14:30 - 0000000 ____D C:\Users\Nicolas\AppData\Roaming\DAEMON Tools Lite
2012-01-28 03:56 - 2012-01-28 03:56 - 0000221 ____A C:\Users\Nicolas\Desktop\Age of Wonders.url

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 22%
Total physical RAM: 2046.49 MB
Available physical RAM: 1593.96 MB
Total Pagefile: 2046.49 MB
Available Pagefile: 1574.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:465.76 GB) (Free:372.48 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive d: () (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 986 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 31 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 986 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D FAT Removable 986 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-02-19 05:04

======================= End Of Log ==========================

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:54 PM

Posted 23 April 2012 - 11:47 PM

The log shows that more than one (1) Antivirus programs are running in the background. Among these we see signs of the following programs:

Ad-Aware Antivirus
AVAST
Kaspersky


Running more than one (1) Antivirus programs only serves to deplete your resources, and it will cause a slowdown in the system, or a possible stall. You must decide which antivirus program to keep. I would recommend that you only keep only AVAST active in your computer.

To remove the antivirus programs you wont keep, please go to the Add/Remove Programs option in the Control Panel and remove these applications.

In addition, the log shows Anti-Malware programs and a firewall. Among these we see signs of the following programs:

HitmanPro
Malwarebytes Antimalware


As mentioned before, having that many programs running in the background only serve to deplete your resources.The computer is being overprotected. Applications such as, AVAST, protects against viruses, spyware, and instant messaging threats, as well as offers firewall rules to block undesirable traffic and a privacy gateway to keep your identity and preferences private while surfing the Internet. In addition, once we have completed this fix, I would offer a list of tools and utilities that will help you from getting infected again.

In your position I will only keep Malwarebytes Antimalware.

Please go to the Add/Remove Programs option in the Control Panel and remove these applications.

Once done, download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30
  • Under the Custom Scan box paste this in


    netsvcs
    set /c
    /md5start
    UXTHEME.DLL
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    Userinit.exe
    Explorer.exe
    Winlogon.exe
    Regedit.exe
    SCLWAPI.dll
    /md5stop
    %SYSTEMDRIVE%\*.*
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Lokemix

Lokemix
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 24 April 2012 - 03:52 AM

Hi again,

I ran OTL with the listed settings, below is the notepad file and I've attached the Extras file as well.


OTL logfile created on: 24-04-2012 10:32:28 - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Nicolas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,67% Memory free
4,00 Gb Paging File | 2,78 Gb Available in Paging File | 69,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 373,05 Gb Free Space | 80,10% Space Free | Partition Type: NTFS

Computer Name: NICOLAS-PC | User Name: Nicolas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-04-24 10:30:35 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Nicolas\Downloads\OTL.exe
PRC - [2012-04-21 12:14:16 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-04-20 22:00:21 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-03-01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-02-29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-02-28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-01-02 03:50:06 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe


========== Modules (No Company Name) ==========

MOD - [2012-04-21 12:14:15 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-04-20 22:02:56 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012-04-20 22:00:21 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012-04-20 22:00:18 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012-04-20 22:00:18 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012-04-20 22:00:18 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012-04-20 22:00:18 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012-02-29 13:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012-04-20 22:02:56 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-04-20 22:00:21 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-03-01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-02-29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-02-29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-02-28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (All) ==========

DRV:64bit: - [2012-04-23 23:11:11 | 000,027,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV:64bit: - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-03-07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012-03-07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012-03-07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012-03-07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012-03-07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012-03-07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-03-01 02:02:00 | 013,626,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV:64bit: - [2012-02-17 06:58:24 | 000,210,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpwd.sys -- (RDPWD)
DRV:64bit: - [2012-02-17 06:57:32 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdtcp.sys -- (TDTCP)
DRV:64bit: - [2012-01-06 00:31:03 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011-12-28 05:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afd.sys -- (AFD)
DRV:64bit: - [2011-11-17 08:49:14 | 000,152,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2011-11-17 08:49:14 | 000,095,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecdd.sys -- (KSecDD)
DRV:64bit: - [2011-11-17 08:44:43 | 000,459,232 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2011-09-29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcpip.sys -- (TCPIP6)
DRV:64bit: - [2011-09-29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tcpip.sys -- (Tcpip)
DRV:64bit: - [2011-07-09 04:46:28 | 000,288,768 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV:64bit: - [2011-04-29 05:06:10 | 000,467,456 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv.sys -- (srv)
DRV:64bit: - [2011-04-29 05:05:49 | 000,410,112 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv2.sys -- (srv2)
DRV:64bit: - [2011-04-29 05:05:37 | 000,168,448 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srvnet.sys -- (srvnet)
DRV:64bit: - [2011-04-27 04:40:40 | 000,158,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb.sys -- (mrxsmb)
DRV:64bit: - [2011-04-27 04:39:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV:64bit: - [2011-04-05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011-04-05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011-04-05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011-03-25 05:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbhub.sys -- (usbhub)
DRV:64bit: - [2011-03-25 05:29:14 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbccgp.sys -- (usbccgp)
DRV:64bit: - [2011-03-25 05:29:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbehci.sys -- (usbehci)
DRV:64bit: - [2011-03-25 05:29:04 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci)
DRV:64bit: - [2011-03-25 05:29:03 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbuhci.sys -- (usbuhci)
DRV:64bit: - [2011-03-11 08:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\ntfs.sys -- (Ntfs)
DRV:64bit: - [2011-03-11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor)
DRV:64bit: - [2011-03-11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid)
DRV:64bit: - [2011-03-11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorV.sys -- (iaStorV)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-03-11 06:37:16 | 000,091,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBSTOR.SYS -- (USBSTOR)
DRV:64bit: - [2011-02-23 06:55:04 | 000,090,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bowser.sys -- (bowser)
DRV:64bit: - [2011-02-08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011-02-08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2010-11-20 15:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volsnap.sys -- (volsnap)
DRV:64bit: - [2010-11-20 15:34:01 | 000,363,392 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgrx.sys -- (volmgrx)
DRV:64bit: - [2010-11-20 15:34:01 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgr.sys -- (volmgr)
DRV:64bit: - [2010-11-20 15:34:00 | 000,215,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2010-11-20 15:33:57 | 000,063,360 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\termdd.sys -- (TermDD)
DRV:64bit: - [2010-11-20 15:33:54 | 000,103,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port)
DRV:64bit: - [2010-11-20 15:33:53 | 000,213,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2010-11-20 15:33:48 | 000,184,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pci.sys -- (pci)
DRV:64bit: - [2010-11-20 15:33:48 | 000,075,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\partmgr.sys -- (partmgr)
DRV:64bit: - [2010-11-20 15:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ndis.sys -- (NDIS)
DRV:64bit: - [2010-11-20 15:33:45 | 000,366,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msrpc.sys -- (MsRPC)
DRV:64bit: - [2010-11-20 15:33:45 | 000,273,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msiscsi.sys -- (iScsiPrt)
DRV:64bit: - [2010-11-20 15:33:44 | 000,155,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio)
DRV:64bit: - [2010-11-20 15:33:44 | 000,140,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm)
DRV:64bit: - [2010-11-20 15:33:44 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msahci.sys -- (msahci)
DRV:64bit: - [2010-11-20 15:33:43 | 000,094,592 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mountmgr.sys -- (mountmgr)
DRV:64bit: - [2010-11-20 15:33:36 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 15:33:34 | 000,289,664 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fltMgr.sys -- (FltMgr)
DRV:64bit: - [2010-11-20 15:33:25 | 000,982,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV:64bit: - [2010-11-20 15:32:46 | 000,334,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpi.sys -- (ACPI)
DRV:64bit: - [2010-11-20 15:28:59 | 000,223,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:04:09 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tssecsrv.sys -- (tssecsrv)
DRV:64bit: - [2010-11-20 12:52:37 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wanarp.sys -- (Wanarpv6)
DRV:64bit: - [2010-11-20 12:52:37 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanarp.sys -- (WANARP)
DRV:64bit: - [2010-11-20 12:52:35 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rasl2tp.sys -- (Rasl2tp)
DRV:64bit: - [2010-11-20 12:52:34 | 000,164,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndiswan.sys -- (NdisWan)
DRV:64bit: - [2010-11-20 12:52:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspptp.sys -- (PptpMiniport)
DRV:64bit: - [2010-11-20 12:52:20 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pacer.sys -- (Psched)
DRV:64bit: - [2010-11-20 12:52:20 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndproxy.sys -- (NDProxy)
DRV:64bit: - [2010-11-20 12:52:19 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV:64bit: - [2010-11-20 12:51:50 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tunnel.sys -- (tunnel)
DRV:64bit: - [2010-11-20 12:51:48 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tcpipreg.sys -- (tcpipreg)
DRV:64bit: - [2010-11-20 12:50:08 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndisuio.sys -- (Ndisuio)
DRV:64bit: - [2010-11-20 12:44:56 | 000,229,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2010-11-20 12:44:37 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umbus.sys -- (umbus)
DRV:64bit: - [2010-11-20 12:43:56 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2010-11-20 12:43:52 | 000,109,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2010-11-20 12:43:49 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidusb.sys -- (HidUsb)
DRV:64bit: - [2010-11-20 12:43:43 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hdaudbus.sys -- (HDAudBus)
DRV:64bit: - [2010-11-20 12:43:32 | 000,172,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WUDFRd.sys -- (WUDFRd)
DRV:64bit: - [2010-11-20 12:42:44 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2010-11-20 12:34:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_sd.sys -- (sffp_sd)
DRV:64bit: - [2010-11-20 12:33:25 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdhid.sys -- (kbdhid)
DRV:64bit: - [2010-11-20 12:33:17 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2010-11-20 12:14:37 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2010-11-20 12:09:59 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2010-11-20 12:04:53 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV:64bit: - [2010-11-20 11:30:42 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2010-11-20 11:27:54 | 000,309,248 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\rdbss.sys -- (rdbss)
DRV:64bit: - [2010-11-20 11:26:42 | 000,140,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mrxdav.sys -- (MRxDAV)
DRV:64bit: - [2010-11-20 11:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfsc.sys -- (DfsC)
DRV:64bit: - [2010-11-20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010-11-20 11:25:14 | 000,753,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\http.sys -- (HTTP)
DRV:64bit: - [2010-11-20 11:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netbt.sys -- (NetBT)
DRV:64bit: - [2010-11-20 11:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tdx.sys -- (tdx)
DRV:64bit: - [2010-11-20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrom.sys -- (cdrom)
DRV:64bit: - [2009-07-14 03:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\clfs.sys -- (CLFS)
DRV:64bit: - [2009-07-14 03:52:31 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt)
DRV:64bit: - [2009-07-14 03:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide)
DRV:64bit: - [2009-07-14 03:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2009-07-14 03:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci)
DRV:64bit: - [2009-07-14 03:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320)
DRV:64bit: - [2009-07-14 03:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas)
DRV:64bit: - [2009-07-14 03:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc)
DRV:64bit: - [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AGP440.sys -- (agp440)
DRV:64bit: - [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\atapi.sys -- (atapi)
DRV:64bit: - [2009-07-14 03:52:21 | 000,015,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide)
DRV:64bit: - [2009-07-14 03:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:27 | 000,060,496 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mup.sys -- (Mup)
DRV:64bit: - [2009-07-14 03:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouclass.sys -- (mouclass)
DRV:64bit: - [2009-07-14 03:48:27 | 000,032,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mssmbios.sys -- (mssmbios)
DRV:64bit: - [2009-07-14 03:48:27 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\msisadrv.sys -- (msisadrv)
DRV:64bit: - [2009-07-14 03:48:26 | 000,122,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NV_AGP.SYS -- (nv_agp)
DRV:64bit: - [2009-07-14 03:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2009-07-14 03:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR.sys -- (MegaSR)
DRV:64bit: - [2009-07-14 03:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2009-07-14 03:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2009-07-14 03:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdclass.sys -- (kbdclass)
DRV:64bit: - [2009-07-14 03:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp)
DRV:64bit: - [2009-07-14 03:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas)
DRV:64bit: - [2009-07-14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp)
DRV:64bit: - [2009-07-14 03:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelide.sys -- (intelide)
DRV:64bit: - [2009-07-14 03:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009-07-14 03:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor)
DRV:64bit: - [2009-07-14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\disk.sys -- (Disk)
DRV:64bit: - [2009-07-14 03:47:48 | 000,070,224 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fileinfo.sys -- (FileInfo)
DRV:64bit: - [2009-07-14 03:47:48 | 000,065,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GAGP30KX.SYS -- (gagp30kx)
DRV:64bit: - [2009-07-14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009-07-14 03:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009-07-14 03:45:55 | 000,654,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Wdf01000.sys -- (Wdf01000)
DRV:64bit: - [2009-07-14 03:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2009-07-14 03:45:55 | 000,064,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV:64bit: - [2009-07-14 03:45:55 | 000,064,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UAGP35.SYS -- (uagp35)
DRV:64bit: - [2009-07-14 03:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 03:45:55 | 000,021,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd)
DRV:64bit: - [2009-07-14 03:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spldr.sys -- (spldr)
DRV:64bit: - [2009-07-14 03:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide)
DRV:64bit: - [2009-07-14 03:45:55 | 000,012,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swenum.sys -- (swenum)
DRV:64bit: - [2009-07-14 03:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300)
DRV:64bit: - [2009-07-14 03:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2009-07-14 03:45:45 | 000,220,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia)
DRV:64bit: - [2009-07-14 03:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2009-07-14 03:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009-07-14 03:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2)
DRV:64bit: - [2009-07-14 03:45:45 | 000,012,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide)
DRV:64bit: - [2009-07-14 03:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV:64bit: - [2009-07-14 03:01:48 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bridge.sys -- (BridgeMP)
DRV:64bit: - [2009-07-14 03:01:19 | 000,651,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PEAuth.sys -- (PEAUTH)
DRV:64bit: - [2009-07-14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbprint.sys -- (usbprint)
DRV:64bit: - [2009-07-14 02:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009-07-14 02:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009-07-14 02:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV:64bit: - [2009-07-14 02:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPCDD.sys -- (RDPCDD)
DRV:64bit: - [2009-07-14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdpipe.sys -- (TDPIPE)
DRV:64bit: - [2009-07-14 02:10:48 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modem.sys -- (Modem)
DRV:64bit: - [2009-07-14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009-07-14 02:10:25 | 000,083,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rassstp.sys -- (RasSstp)
DRV:64bit: - [2009-07-14 02:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009-07-14 02:10:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspppoe.sys -- (RasPppoe)
DRV:64bit: - [2009-07-14 02:10:13 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asyncmac.sys -- (AsyncMac)
DRV:64bit: - [2009-07-14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rasacd.sys -- (RasAcd)
DRV:64bit: - [2009-07-14 02:10:03 | 000,116,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipnat.sys -- (IPNAT)
DRV:64bit: - [2009-07-14 02:10:00 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndistapi.sys -- (NdisTapi)
DRV:64bit: - [2009-07-14 02:09:48 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV:64bit: - [2009-07-14 02:09:26 | 000,044,544 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\netbios.sys -- (NetBIOS)
DRV:64bit: - [2009-07-14 02:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009-07-14 02:09:09 | 000,093,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smb.sys -- (Smb)
DRV:64bit: - [2009-07-14 02:08:59 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irenum.sys -- (IRENUM)
DRV:64bit: - [2009-07-14 02:08:51 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rspndr.sys -- (rspndr)
DRV:64bit: - [2009-07-14 02:08:51 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lltdio.sys -- (lltdio)
DRV:64bit: - [2009-07-14 02:08:25 | 000,077,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mpsdrv.sys -- (mpsdrv)
DRV:64bit: - [2009-07-14 02:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009-07-14 02:07:23 | 000,318,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwifi.sys -- (NativeWifiP)
DRV:64bit: - [2009-07-14 02:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009-07-14 02:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009-07-14 02:06:52 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth)
DRV:64bit: - [2009-07-14 02:06:52 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM)
DRV:64bit: - [2009-07-14 02:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009-07-14 02:06:45 | 000,072,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ohci1394.sys -- (ohci1394) 1394 OHCI Compliant Host Controller (Legacy)
DRV:64bit: - [2009-07-14 02:06:37 | 000,100,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV:64bit: - [2009-07-14 02:06:34 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass)
DRV:64bit: - [2009-07-14 02:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009-07-14 02:06:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr)
DRV:64bit: - [2009-07-14 02:06:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drmkaud.sys -- (drmkaud)
DRV:64bit: - [2009-07-14 02:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009-07-14 02:02:07 | 000,027,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen)
DRV:64bit: - [2009-07-14 02:01:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV:64bit: - [2009-07-14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy)
DRV:64bit: - [2009-07-14 02:01:01 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk)
DRV:64bit: - [2009-07-14 02:00:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fdc.sys -- (fdc)
DRV:64bit: - [2009-07-14 02:00:54 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\flpydisk.sys -- (flpydisk)
DRV:64bit: - [2009-07-14 02:00:41 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport)
DRV:64bit: - [2009-07-14 02:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serial.sys -- (Serial)
DRV:64bit: - [2009-07-14 02:00:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serenum.sys -- (Serenum)
DRV:64bit: - [2009-07-14 02:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouhid.sys -- (mouhid)
DRV:64bit: - [2009-07-14 02:00:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse)
DRV:64bit: - [2009-07-14 02:00:19 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksthunk.sys -- (ksthunk)
DRV:64bit: - [2009-07-14 02:00:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mskssrv.sys -- (MSKSSRV)
DRV:64bit: - [2009-07-14 02:00:17 | 000,008,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstee.sys -- (MSTEE)
DRV:64bit: - [2009-07-14 02:00:17 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspclock.sys -- (MSPCLOCK)
DRV:64bit: - [2009-07-14 02:00:17 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspqm.sys -- (MSPQM)
DRV:64bit: - [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009-07-14 01:38:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\monitor.sys -- (monitor)
DRV:64bit: - [2009-07-14 01:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vga.sys -- (VgaSave)
DRV:64bit: - [2009-07-14 01:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vgapnp.sys -- (vga)
DRV:64bit: - [2009-07-14 01:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009-07-14 01:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive)
DRV:64bit: - [2009-07-14 01:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009-07-14 01:31:04 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev)
DRV:64bit: - [2009-07-14 01:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009-07-14 01:31:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:64bit: - [2009-07-14 01:26:13 | 000,113,152 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\luafv.sys -- (luafv)
DRV:64bit: - [2009-07-14 01:25:40 | 000,034,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\filetrace.sys -- (Filetrace)
DRV:64bit: - [2009-07-14 01:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fastfat.sys -- (fastfat)
DRV:64bit: - [2009-07-14 01:23:29 | 000,195,072 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\exfat.sys -- (exfat)
DRV:64bit: - [2009-07-14 01:21:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nsiproxy.sys -- (nsiproxy)
DRV:64bit: - [2009-07-14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\i8042prt.sys -- (i8042prt)
DRV:64bit: - [2009-07-14 01:19:48 | 000,044,032 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\npfs.sys -- (Npfs)
DRV:64bit: - [2009-07-14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009-07-14 01:19:47 | 000,026,112 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\msfs.sys -- (Msfs)
DRV:64bit: - [2009-07-14 01:19:38 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\null.sys -- (Null)
DRV:64bit: - [2009-07-14 01:19:25 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8)
DRV:64bit: - [2009-07-14 01:19:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelppm.sys -- (intelppm)
DRV:64bit: - [2009-07-14 01:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009-07-14 01:19:25 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor)
DRV:64bit: - [2009-06-20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009-06-10 22:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV:64bit: - [2009-06-10 22:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV:64bit: - [2009-06-10 22:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV:64bit: - [2009-06-10 22:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltLo.sys -- (BrFiltLo)
DRV:64bit: - [2009-06-10 22:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltUp.sys -- (BrFiltUp)
DRV:64bit: - [2009-06-10 22:37:19 | 000,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\secdrv.sys -- (secdrv)
DRV:64bit: - [2009-06-10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-03-18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2005-03-29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 AF 9E D4 A0 EA CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "en.wikipedia.org"
FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-23 15:47:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-04-23 20:20:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012-01-02 03:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicolas\AppData\Roaming\Mozilla\Extensions
[2012-04-22 12:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-04-21 12:14:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011-12-21 06:30:41 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2011-12-21 06:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011-12-21 06:30:41 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2011-12-21 06:30:41 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2011-12-21 06:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2011-12-21 06:30:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2011-12-21 06:30:41 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2012-04-23 22:48:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey File not found
O4 - HKLM..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{417EDDDE-68E3-4AED-8127-D3AFD5F26317}: DhcpNameServer = 193.162.153.164 194.239.134.83
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2012-04-24 10:16:31 | 000,000,000 | ---D | C] -- C:\FRST
[2012-04-24 10:03:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-04-24 00:02:36 | 000,000,000 | ---D | C] -- C:\b84cfa3f495ed7c4bc
[2012-04-23 22:48:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012-04-23 22:40:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-04-23 21:51:04 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\Malwarebytes
[2012-04-23 21:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-04-23 21:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-04-23 21:50:54 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-04-23 21:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-04-23 20:48:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-04-23 20:48:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-04-23 20:48:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-04-23 20:48:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012-04-23 20:44:06 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Nicolas\Desktop\HijackThis.exe
[2012-04-23 19:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012-04-23 18:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012-04-23 18:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012-04-23 17:48:59 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012-04-23 17:48:56 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbtis.sys
[2012-04-23 17:48:37 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012-04-23 17:48:37 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012-04-23 17:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012-04-23 17:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012-04-23 17:47:49 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\Ad-Aware Antivirus
[2012-04-23 15:47:37 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012-04-23 15:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012-04-23 15:47:36 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012-04-23 15:47:31 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012-04-23 15:47:31 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012-04-23 15:47:30 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012-04-23 15:47:26 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012-04-23 15:47:25 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012-04-23 15:46:51 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012-04-23 15:46:50 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012-04-23 15:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012-04-23 15:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012-04-22 21:52:17 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\CDisplayEx
[2012-04-21 01:16:43 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-04-21 01:16:43 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-04-21 01:16:42 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012-04-21 01:16:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-04-21 01:16:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-04-21 01:16:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-04-21 01:16:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-04-21 01:16:41 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-04-21 01:16:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-04-21 01:16:40 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012-04-21 01:16:40 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012-04-21 01:16:23 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012-04-21 01:16:22 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012-04-21 01:16:22 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012-04-21 01:14:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012-04-21 01:14:11 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012-04-21 01:14:09 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012-04-20 23:00:07 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012-04-20 22:57:38 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012-04-20 22:57:38 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012-04-20 22:57:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012-04-20 22:57:35 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012-04-20 22:57:35 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012-04-20 22:02:56 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-04-20 20:58:32 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012-04-20 20:58:32 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012-04-20 20:58:32 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012-04-20 20:58:32 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012-04-20 20:58:32 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012-04-20 20:58:32 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012-04-20 20:58:32 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012-04-20 20:58:32 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012-04-20 20:58:32 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012-04-20 20:58:32 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012-04-20 20:58:32 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012-04-20 20:58:32 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012-04-20 20:58:32 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012-04-20 20:58:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012-04-20 20:58:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012-04-20 20:58:32 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012-04-20 20:58:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012-04-20 20:58:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012-04-20 20:58:32 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012-04-20 20:58:32 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012-04-20 20:58:32 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012-04-20 20:58:32 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012-04-20 20:58:32 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012-04-20 20:58:32 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012-04-20 20:58:32 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012-04-20 20:58:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012-04-20 20:58:32 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012-04-20 20:58:32 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012-04-20 20:58:32 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012-04-20 20:58:32 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012-04-20 20:58:32 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012-04-20 20:58:32 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012-04-20 20:58:32 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012-04-20 20:58:32 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012-04-20 20:58:32 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012-04-20 20:58:32 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012-04-20 20:58:32 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012-04-20 20:58:32 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012-04-20 20:58:32 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012-04-20 20:58:32 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012-04-20 20:58:32 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012-04-20 20:58:32 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012-04-20 20:58:32 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012-04-20 20:58:32 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012-04-20 20:58:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012-04-20 20:58:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012-04-20 20:58:32 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012-04-20 20:58:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012-04-20 20:58:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012-04-20 20:58:32 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012-04-20 20:58:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012-04-20 20:58:32 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012-04-20 20:58:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012-04-20 20:58:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012-04-20 20:58:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012-04-20 20:58:32 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012-04-20 20:58:32 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012-04-20 20:58:32 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012-04-20 20:58:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012-04-20 20:58:32 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012-04-20 20:58:32 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012-04-20 19:33:05 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\Documents\Diablo III
[2012-04-20 19:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012-04-20 18:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
[2012-04-20 18:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III Beta
[2012-04-20 18:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012-04-20 18:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012-04-20 18:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012-04-20 18:22:50 | 025,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012-04-20 18:22:50 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012-04-20 18:22:50 | 007,713,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012-04-20 18:22:50 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012-04-20 18:22:50 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012-04-20 18:22:49 | 025,222,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012-04-20 18:22:49 | 017,642,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012-04-20 18:22:49 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012-04-20 18:22:49 | 008,008,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012-04-20 18:22:49 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012-04-20 18:22:49 | 002,872,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012-04-20 18:22:49 | 002,672,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012-04-20 18:22:49 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012-04-20 18:22:49 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012-04-20 18:22:48 | 002,301,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012-04-20 18:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012-04-20 18:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-04-24 10:35:08 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-04-24 10:35:08 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-04-24 10:35:08 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-04-24 10:30:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-04-24 10:28:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-04-24 10:28:33 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2012-04-24 10:27:46 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-04-24 10:27:46 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-04-24 10:27:19 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-04-24 00:03:07 | 000,734,810 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-04-23 23:11:11 | 000,027,936 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012-04-23 22:48:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-04-23 20:38:28 | 000,267,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-04-23 20:29:49 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Nicolas\Desktop\HijackThis.exe
[2012-04-23 15:47:37 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012-04-23 15:47:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012-04-20 22:09:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012-04-20 22:02:56 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-04-20 22:02:56 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-04-20 22:00:15 | 000,001,441 | ---- | M] () -- C:\Users\Nicolas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012-04-20 20:58:32 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012-04-20 20:58:32 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012-04-20 20:58:32 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012-04-20 20:58:32 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012-04-20 20:58:32 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012-04-20 20:58:32 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012-04-20 20:58:32 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012-04-20 20:58:32 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012-04-20 20:58:32 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012-04-20 20:58:32 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012-04-20 20:58:32 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012-04-20 20:58:32 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012-04-20 20:58:32 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012-04-20 20:58:32 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012-04-20 20:58:32 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012-04-20 20:58:32 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012-04-20 20:58:32 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012-04-20 20:58:32 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012-04-20 20:58:32 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012-04-20 20:58:32 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012-04-20 20:58:32 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012-04-20 20:58:32 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012-04-20 20:58:32 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012-04-20 20:58:32 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012-04-20 20:58:32 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012-04-20 20:58:32 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012-04-20 20:58:32 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012-04-20 20:58:32 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012-04-20 20:58:32 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012-04-20 20:58:32 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012-04-20 20:58:32 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012-04-20 20:58:32 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012-04-20 20:58:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012-04-20 20:58:32 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012-04-20 20:58:32 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012-04-20 20:58:32 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012-04-20 20:58:32 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012-04-20 20:58:32 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012-04-20 20:58:32 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012-04-20 20:58:32 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012-04-20 20:58:32 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012-04-20 20:58:32 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012-04-20 20:58:32 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012-04-20 20:58:32 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012-04-20 20:58:32 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012-04-20 20:58:32 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012-04-20 20:58:32 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012-04-20 20:58:32 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012-04-20 20:58:32 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012-04-20 20:58:32 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012-04-20 20:58:32 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012-04-20 20:58:32 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012-04-20 20:58:32 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012-04-20 20:58:32 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012-04-20 20:58:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012-04-20 20:58:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012-04-20 20:58:32 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012-04-20 20:58:32 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012-04-20 20:58:32 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012-04-20 20:58:32 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012-04-20 20:58:32 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012-04-20 20:58:32 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012-04-20 20:58:32 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012-04-20 18:27:09 | 000,001,263 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012-04-20 18:04:00 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-04-24 00:03:07 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-04-23 21:49:52 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012-04-23 21:25:00 | 000,027,936 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012-04-23 20:48:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-04-23 20:48:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-04-23 20:48:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-04-23 20:48:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-04-23 20:48:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-04-23 15:47:37 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012-04-23 15:47:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012-04-20 22:03:01 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-04-20 20:58:32 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012-04-20 20:58:32 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012-04-20 18:26:36 | 000,001,263 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012-02-29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== Custom Scans ==========

< set /c >
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Nicolas\AppData\Roaming
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=NICOLAS-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Nicolas
LOCALAPPDATA=C:\Users\Nicolas\AppData\Local
LOGONSERVER=\\NICOLAS-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=AMD64 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Nicolas\AppData\Local\Temp
TMP=C:\Users\Nicolas\AppData\Local\Temp
USERDOMAIN=Nicolas-PC
USERNAME=Nicolas
USERPROFILE=C:\Users\Nicolas
windir=C:\Windows

< MD5 for: AGP440.SYS >
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009-07-14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009-07-14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011-02-26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011-02-26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011-02-26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010-12-24 07:05:01 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011-02-25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011-02-25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-02-26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010-11-20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010-12-24 07:02:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010-12-24 07:02:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010-12-24 07:05:01 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010-11-20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010-12-24 07:05:01 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010-12-24 07:02:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009-07-14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010-12-24 07:05:01 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011-02-26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010-12-24 07:02:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IASTORV.SYS >
[2010-11-20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010-11-20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011-03-11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011-03-11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011-03-11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009-07-14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011-03-11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011-03-11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011-03-11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-07-14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010-11-20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010-11-20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
[2010-11-20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010-11-20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009-07-14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011-03-11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011-03-11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011-03-11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011-03-11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011-03-11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011-03-11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010-11-20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010-11-20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: REGEDIT.EXE >
[2009-07-14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009-07-14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009-07-14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009-07-14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: SCECLI.DLL >
[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009-07-14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010-11-20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010-11-20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010-11-20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010-11-20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USERINIT.EXE >
[2010-11-20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010-11-20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009-07-14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010-11-20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010-11-20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: UXTHEME.DLL >
[2009-07-14 03:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) MD5=43964FA89CCF97BA6BE34D69455AC65F -- C:\Windows\SysWOW64\uxtheme.dll
[2009-07-14 03:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) MD5=43964FA89CCF97BA6BE34D69455AC65F -- C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll
[2009-07-14 03:41:56 | 000,332,288 | ---- | M] (Microsoft Corporation) MD5=D29E998E8277666982B4F0303BF4E7AF -- C:\Windows\SysNative\uxtheme.dll
[2009-07-14 03:41:56 | 000,332,288 | ---- | M] (Microsoft Corporation) MD5=D29E998E8277666982B4F0303BF4E7AF -- C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll

< MD5 for: WINLOGON.EXE >
[2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010-11-20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010-11-20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010-12-24 07:05:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010-12-24 07:05:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2010-11-20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012-01-02 12:21:02 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012-04-24 10:28:33 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2012-04-24 10:28:40 | 2145,902,592 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\System32\config\*.sav >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2012-04-24 10:30:05 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:54 PM

Posted 24 April 2012 - 03:20 PM

  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    DRV:64bit: - [2012-04-23 23:11:11 | 000,027,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro35)
    O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey File not found
    O4 - HKLM..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run File not found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [REBOOT]

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.


How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Lokemix

Lokemix
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 25 April 2012 - 07:31 AM

Hi again,

First off, the computer starts fine now and I can click on things! However my firefox browser is still using the custom search thing.

It seems I did something silly, but hope it doesn't affect anything, the computer took ages to reboot when I ran the OTL, so I tried it again.

Note that after the All processes killed part, the first log said it successfully removed all the listed files.

Here's the log

All processes killed
========== OTL ==========
Error: No service named hitmanpro35 was found to stop!
Service\Driver key hitmanpro35 not found.
File C:\Windows\SysNative\drivers\hitmanpro36.sys not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSC not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Antivirus not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nicolas
->Temp folder emptied: 164683 bytes
->Temporary Internet Files folder emptied: 1073893 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6373853 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 32866 bytes

Total Files Cleaned = 7,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Nicolas
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Nicolas
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.41.0 log created on 04252012_142238

Files\Folders moved on Reboot...
C:\Users\Nicolas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:54 PM

Posted 25 April 2012 - 01:05 PM

It is normal to have a slow boot after cleaning the temp files. In your position I would remove Firefox and reinstall.

Run another scan with OTL. Disregard the custom scan list. Post its report and let me know how is it doing.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Lokemix

Lokemix
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 26 April 2012 - 05:59 AM

Hi again,

I reinstalled Firefox and it seems everything is in order there. The computer starts up fine now and there doesn't seem to be any more problems!

Here's the OTL log from the latest scan.

OTL logfile created on: 26-04-2012 12:24:39 - Run 2
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Nicolas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,33% Memory free
4,00 Gb Paging File | 2,54 Gb Available in Paging File | 63,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 369,12 Gb Free Space | 79,25% Space Free | Partition Type: NTFS

Computer Name: NICOLAS-PC | User Name: Nicolas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-04-24 10:30:35 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Nicolas\Desktop\OTL.exe
PRC - [2012-04-20 22:00:21 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-03-01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-02-29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-02-28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-01-02 03:50:06 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe


========== Modules (No Company Name) ==========

MOD - [2012-04-20 22:00:21 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012-04-20 22:00:18 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012-04-20 22:00:18 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012-04-20 22:00:18 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012-04-20 22:00:18 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012-04-20 22:02:56 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-04-20 22:00:21 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-03-01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-02-29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-02-29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-02-28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-03-07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012-03-07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012-03-07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012-03-07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012-03-07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012-03-07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-01-06 00:31:03 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011-04-05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011-04-05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011-04-05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011-02-08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009-06-10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-03-18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2005-03-29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 AF 9E D4 A0 EA CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-23 15:47:07 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012-04-23 22:48:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O1364bit: - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{417EDDDE-68E3-4AED-8127-D3AFD5F26317}: DhcpNameServer = 193.162.153.164 194.239.134.83
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-04-26 12:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012-04-25 14:22:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-04-24 10:30:32 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Nicolas\Desktop\OTL.exe
[2012-04-24 10:16:31 | 000,000,000 | ---D | C] -- C:\FRST
[2012-04-24 10:03:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-04-24 00:02:36 | 000,000,000 | ---D | C] -- C:\b84cfa3f495ed7c4bc
[2012-04-23 22:48:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012-04-23 22:40:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-04-23 21:51:04 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\Malwarebytes
[2012-04-23 21:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-04-23 21:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-04-23 21:50:54 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-04-23 21:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-04-23 20:48:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-04-23 20:48:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-04-23 20:48:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-04-23 20:48:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012-04-23 20:44:06 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Nicolas\Desktop\HijackThis.exe
[2012-04-23 19:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012-04-23 18:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012-04-23 18:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012-04-23 17:48:59 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012-04-23 17:48:56 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbtis.sys
[2012-04-23 17:48:37 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012-04-23 17:48:37 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012-04-23 17:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012-04-23 17:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012-04-23 17:47:49 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\Ad-Aware Antivirus
[2012-04-23 15:47:37 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012-04-23 15:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012-04-23 15:47:36 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012-04-23 15:47:31 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012-04-23 15:47:31 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012-04-23 15:47:30 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012-04-23 15:47:26 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012-04-23 15:47:25 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012-04-23 15:46:51 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012-04-23 15:46:50 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012-04-23 15:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012-04-23 15:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012-04-22 21:52:17 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\CDisplayEx
[2012-04-21 01:16:43 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-04-21 01:16:43 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-04-21 01:16:42 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012-04-21 01:16:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-04-21 01:16:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-04-21 01:16:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-04-21 01:16:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-04-21 01:16:41 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-04-21 01:16:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-04-21 01:16:40 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012-04-21 01:16:40 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012-04-21 01:16:23 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012-04-21 01:16:22 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012-04-21 01:16:22 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012-04-21 01:14:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012-04-21 01:14:11 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012-04-21 01:14:09 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012-04-20 23:00:07 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012-04-20 22:57:38 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012-04-20 22:57:38 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012-04-20 22:57:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012-04-20 22:57:35 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012-04-20 22:57:35 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012-04-20 22:02:56 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-04-20 20:58:32 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012-04-20 20:58:32 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012-04-20 20:58:32 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012-04-20 20:58:32 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012-04-20 20:58:32 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012-04-20 20:58:32 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012-04-20 20:58:32 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012-04-20 20:58:32 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012-04-20 20:58:32 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012-04-20 20:58:32 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012-04-20 20:58:32 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012-04-20 20:58:32 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012-04-20 20:58:32 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012-04-20 20:58:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012-04-20 20:58:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012-04-20 20:58:32 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012-04-20 20:58:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012-04-20 20:58:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012-04-20 20:58:32 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012-04-20 20:58:32 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012-04-20 20:58:32 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012-04-20 20:58:32 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012-04-20 20:58:32 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012-04-20 20:58:32 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012-04-20 20:58:32 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012-04-20 20:58:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012-04-20 20:58:32 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012-04-20 20:58:32 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012-04-20 20:58:32 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012-04-20 20:58:32 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012-04-20 20:58:32 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012-04-20 20:58:32 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012-04-20 20:58:32 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012-04-20 20:58:32 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012-04-20 20:58:32 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012-04-20 20:58:32 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012-04-20 20:58:32 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012-04-20 20:58:32 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012-04-20 20:58:32 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012-04-20 20:58:32 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012-04-20 20:58:32 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012-04-20 20:58:32 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012-04-20 20:58:32 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012-04-20 20:58:32 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012-04-20 20:58:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012-04-20 20:58:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012-04-20 20:58:32 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012-04-20 20:58:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012-04-20 20:58:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012-04-20 20:58:32 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012-04-20 20:58:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012-04-20 20:58:32 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012-04-20 20:58:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012-04-20 20:58:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012-04-20 20:58:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012-04-20 20:58:32 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012-04-20 20:58:32 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012-04-20 20:58:32 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012-04-20 20:58:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012-04-20 20:58:32 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012-04-20 20:58:32 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012-04-20 19:33:05 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\Documents\Diablo III
[2012-04-20 19:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012-04-20 18:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
[2012-04-20 18:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III Beta
[2012-04-20 18:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012-04-20 18:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012-04-20 18:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012-04-20 18:22:50 | 025,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012-04-20 18:22:50 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012-04-20 18:22:50 | 007,713,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012-04-20 18:22:50 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012-04-20 18:22:50 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012-04-20 18:22:49 | 025,222,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012-04-20 18:22:49 | 017,642,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012-04-20 18:22:49 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012-04-20 18:22:49 | 008,008,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012-04-20 18:22:49 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012-04-20 18:22:49 | 002,872,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012-04-20 18:22:49 | 002,672,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012-04-20 18:22:49 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012-04-20 18:22:49 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012-04-20 18:22:48 | 002,301,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012-04-20 18:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012-04-20 18:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2012-04-26 12:23:02 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-04-26 12:23:02 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-04-26 12:22:55 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-04-26 12:22:55 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-04-26 12:22:55 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-04-26 12:15:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-04-26 12:15:40 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2012-04-25 20:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-04-25 15:48:03 | 000,000,219 | ---- | M] () -- C:\Users\Nicolas\Desktop\Alien Swarm.url
[2012-04-24 10:30:35 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Nicolas\Desktop\OTL.exe
[2012-04-24 10:27:19 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-04-24 00:03:07 | 000,734,810 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-04-23 22:48:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-04-23 20:38:28 | 000,267,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-04-23 20:29:49 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Nicolas\Desktop\HijackThis.exe
[2012-04-23 15:47:37 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012-04-23 15:47:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012-04-20 22:09:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012-04-20 22:02:56 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-04-20 22:02:56 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-04-20 22:00:15 | 000,001,441 | ---- | M] () -- C:\Users\Nicolas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012-04-20 20:58:32 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012-04-20 20:58:32 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012-04-20 20:58:32 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012-04-20 20:58:32 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012-04-20 20:58:32 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012-04-20 20:58:32 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012-04-20 20:58:32 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012-04-20 20:58:32 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012-04-20 20:58:32 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012-04-20 20:58:32 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012-04-20 20:58:32 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012-04-20 20:58:32 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012-04-20 20:58:32 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012-04-20 20:58:32 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012-04-20 20:58:32 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012-04-20 20:58:32 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012-04-20 20:58:32 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012-04-20 20:58:32 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012-04-20 20:58:32 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012-04-20 20:58:32 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012-04-20 20:58:32 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012-04-20 20:58:32 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012-04-20 20:58:32 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012-04-20 20:58:32 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012-04-20 20:58:32 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012-04-20 20:58:32 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012-04-20 20:58:32 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012-04-20 20:58:32 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012-04-20 20:58:32 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012-04-20 20:58:32 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012-04-20 20:58:32 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012-04-20 20:58:32 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012-04-20 20:58:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012-04-20 20:58:32 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012-04-20 20:58:32 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012-04-20 20:58:32 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012-04-20 20:58:32 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012-04-20 20:58:32 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012-04-20 20:58:32 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012-04-20 20:58:32 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012-04-20 20:58:32 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012-04-20 20:58:32 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012-04-20 20:58:32 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012-04-20 20:58:32 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012-04-20 20:58:32 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012-04-20 20:58:32 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012-04-20 20:58:32 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012-04-20 20:58:32 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012-04-20 20:58:32 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012-04-20 20:58:32 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012-04-20 20:58:32 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012-04-20 20:58:32 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012-04-20 20:58:32 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012-04-20 20:58:32 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012-04-20 20:58:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012-04-20 20:58:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012-04-20 20:58:32 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012-04-20 20:58:32 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012-04-20 20:58:32 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012-04-20 20:58:32 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012-04-20 20:58:32 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012-04-20 20:58:32 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012-04-20 20:58:32 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012-04-20 18:27:09 | 000,001,263 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012-04-20 18:04:00 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012-04-25 15:48:03 | 000,000,219 | ---- | C] () -- C:\Users\Nicolas\Desktop\Alien Swarm.url
[2012-04-24 00:03:07 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-04-23 21:49:52 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012-04-23 20:48:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-04-23 20:48:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-04-23 20:48:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-04-23 20:48:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-04-23 20:48:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-04-23 15:47:37 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012-04-23 15:47:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012-04-20 22:03:01 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-04-20 20:58:32 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012-04-20 20:58:32 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012-04-20 18:26:36 | 000,001,263 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012-02-29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

< End of report >

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:54 PM

Posted 26 April 2012 - 10:06 AM

Congratulations.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix.

  • Rename Combofix to Uninstall and click on it. That should remove the application.

Delete the C:\FRST folder

Manually remove any tool left.

The following is a list of tools and utilities that I like to suggest to people.

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Lokemix

Lokemix
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 26 April 2012 - 04:29 PM

Hi again,

Just a final thanks on all the effort and time you took out to help, I really appreciate it!
I'll be sure to recommend this to people I know!

Hopefully I won't need any help again! :)

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:54 PM

Posted 24 May 2012 - 08:34 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users