Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer/internet slow and emails about password resets


  • This topic is locked This topic is locked
17 replies to this topic

#1 pwoz

pwoz

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 23 April 2012 - 06:49 PM

I'm not having much success tracking down the slow response from a hardware side and today I got an email about someone resetting one of my passwords, so I thought it was maybe software side which I am not as good at.

This is on Win 7 64 bit so GMER is not included. Thanks for your help ahead of time, even if it is to just say all clear. May just do a windows format if I have to.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Paul at 18:44:00 on 2012-04-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8187.6436 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\SysWOW64\ASGT.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;<local>
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Pidgin] "C:\Program Files (x86)\Pidgin\pidgin.exe"
uRun: [NCsoft]
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - E:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{DD9B520E-4C86-414C-BB1E-4DC67065293A} : DhcpNameServer = 10.0.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\n48w8or9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
R2 MySQL55;MySQL55;"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="E:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253088]
S3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-4-2 135584]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-2-2 3246040]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-2-1 8704]
.
=============== Created Last 30 ================
.
2012-04-22 15:24:56 -------- d-----w- C:\Users\Paul\AppData\Local\NCSoft
2012-04-22 14:04:25 -------- d-----w- C:\Users\Paul\AppData\Local\assembly
2012-04-22 14:04:22 -------- d-----w- C:\Program Files (x86)\NCSoft
2012-04-22 14:03:58 -------- d-----w- C:\Users\Paul\AppData\Roaming\GetRightToGo
2012-04-21 00:35:49 -------- d-----w- C:\Program Files (x86)\Titan Network
2012-04-19 02:09:14 -------- d-----w- C:\Program Files\MySQL
2012-04-19 02:06:52 -------- d-----w- C:\Program Files (x86)\MySQL
2012-04-19 02:06:51 -------- d-----w- C:\ProgramData\MySQL
2012-04-18 11:01:26 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94C417D4-D0A7-4896-88A4-FE8C20E106BC}\mpengine.dll
2012-04-15 16:39:13 -------- d-----w- C:\Users\Paul\AppData\Roaming\MySQL
2012-04-15 15:40:18 -------- d-----r- C:\Program Files (x86)\Skype
2012-04-15 02:18:05 -------- d--h--w- C:\ProgramData\Common Files
2012-04-15 02:18:05 -------- d-----w- C:\Users\Paul\AppData\Roaming\AVG2012
2012-04-15 02:14:59 -------- d--h--w- C:\$AVG
2012-04-15 02:14:59 -------- d-----w- C:\ProgramData\AVG2012
2012-04-15 02:14:51 -------- d-----w- C:\Program Files (x86)\AVG
2012-04-15 02:12:55 -------- d-----w- C:\ProgramData\MFAData
2012-04-14 03:20:53 -------- d-----w- C:\Windows\pss
2012-04-13 23:12:19 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-13 20:52:10 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-04-13 20:52:10 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-04-13 20:52:09 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-04-13 20:52:09 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-04-13 20:51:26 -------- d-----w- C:\Program Files\ATI Technologies
2012-04-11 11:28:33 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 11:28:33 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 11:28:33 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 11:28:33 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 11:28:33 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 11:28:33 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 11:28:33 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-10 00:42:42 -------- d-----w- C:\Users\Paul\Heaven
2012-04-10 00:40:38 -------- d-----w- C:\Program Files\Unigine
2012-04-09 23:23:20 -------- d-----w- C:\Program Files\ATI
2012-04-09 02:24:13 23680 ----a-w- C:\Windows\System32\drivers\IOMap64.sys
2012-04-09 02:20:41 -------- d-----w- C:\Windows\Downloaded Installations
2012-04-08 21:49:20 -------- d-----w- C:\Users\Paul\AppData\Local\OCCT
2012-04-03 00:42:59 -------- d-----w- C:\Users\Paul\AppData\Local\IsolatedStorage
2012-04-03 00:42:58 -------- d-----w- C:\Users\Paul\AppData\Local\Futuremark_Corporation
2012-04-03 00:30:12 -------- d-----w- C:\Program Files (x86)\Futuremark
2012-04-03 00:29:40 -------- d-----w- C:\Program Files\Futuremark
2012-04-02 23:17:26 110592 ----a-w- C:\Windows\System32\rtvcvfw32.dll
2012-04-02 23:07:09 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-04-01 14:51:00 16384 ----a-w- C:\Windows\SysWow64\FileOps.exe
2012-04-01 14:51:00 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-04-01 14:50:32 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe Systems Shared
2012-04-01 14:50:30 -------- d-----w- C:\Adobe
2012-04-01 14:44:28 -------- d-----w- C:\Users\Paul\AppData\Roaming\DAEMON Tools Lite
2012-04-01 14:44:26 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-03-30 11:45:43 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-20 11:01:10 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-15 17:34:44 3696480 ----a-w- C:\Windows\System32\AutoPartNt.exe
2012-04-01 14:45:11 564792 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-03-15 22:09:22 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-03-15 22:09:18 64000 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-03-15 22:09:12 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-03-15 22:09:08 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-03-15 22:09:02 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-03-15 22:08:20 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-03-09 06:28:08 10857984 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-03-09 05:16:44 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-03-09 05:16:28 791552 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-03-09 05:14:42 958464 ----a-w- C:\Windows\System32\aticfx64.dll
2012-03-09 05:11:24 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-03-09 05:11:16 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-03-09 05:10:20 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-03-09 05:08:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-03-09 05:08:02 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-03-09 05:07:56 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-03-09 05:07:50 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-03-09 05:04:18 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-03-09 05:03:40 26166784 ----a-w- C:\Windows\System32\atio6axx.dll
2012-03-09 04:45:00 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-03-09 04:39:20 19739136 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-03-09 04:36:40 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-03-09 04:36:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-03-09 04:35:54 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-03-09 04:23:44 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-03-09 04:23:16 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-03-09 04:18:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-03-09 04:18:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-03-09 04:18:14 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-03-09 04:18:12 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-03-09 04:17:54 16069632 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-03-09 04:16:56 70144 ----a-w- C:\Windows\System32\amdave64.dll
2012-03-09 04:16:48 71680 ----a-w- C:\Windows\SysWow64\amdave32.dll
2012-03-09 04:16:34 70656 ----a-w- C:\Windows\System32\atisamu64.dll
2012-03-09 04:16:28 65536 ----a-w- C:\Windows\atisamu32.dll
2012-03-09 04:12:38 13715968 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-03-09 04:11:52 7552000 ----a-w- C:\Windows\System32\atiumd64.dll
2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-03-09 03:58:54 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-03-09 03:58:44 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-03-09 03:58:30 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-03-09 03:58:26 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-03-09 03:58:26 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-03-09 03:58:20 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-03-09 03:58:10 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-03-09 03:58:02 328704 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-03-09 03:57:04 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-03-09 03:56:56 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-03-09 03:56:48 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-03-09 03:56:38 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-03-09 03:55:58 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-03-09 03:47:22 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 03:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-15 03:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-02 17:24:46 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-02 17:24:46 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-02-02 17:03:44 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2012-02-02 17:03:43 943712 ----a-w- C:\Windows\System32\drivers\timntr.sys
2012-02-02 17:03:43 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
2012-02-02 17:03:42 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys
2012-02-01 22:56:12 0 ----a-w- C:\Windows\ativpsrm.bin
2012-01-31 12:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-01-31 12:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 18:44:09.85 ===============

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:50 AM

Posted 28 April 2012 - 06:19 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#3 pwoz

pwoz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 28 April 2012 - 07:51 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-28 19:43:35
-----------------------------
19:43:35.538 OS Version: Windows x64 6.1.7601 Service Pack 1
19:43:35.538 Number of processors: 8 586 0x1E05
19:43:35.539 ComputerName: PAUL-PC UserName: Paul
19:43:35.682 Initialize success
19:44:21.592 AVAST engine defs: 12042801
19:46:20.970 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
19:46:20.971 Disk 0 Vendor: ST3750528AS CC38 Size: 715404MB BusType: 11
19:46:20.973 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
19:46:20.974 Disk 1 Vendor: Patriot_Pyro 332ABBF0 Size: 114473MB BusType: 11
19:46:20.976 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3
19:46:20.978 Disk 2 Vendor: WDC_WD2000JS-22MHB0 02.01C03 Size: 190782MB BusType: 11
19:46:20.980 Disk 1 MBR read successfully
19:46:20.982 Disk 1 MBR scan
19:46:20.985 Disk 1 Windows 7 default MBR code
19:46:20.988 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:46:20.991 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
19:46:20.996 Disk 1 scanning C:\Windows\system32\drivers
19:46:23.316 Service scanning
19:46:29.649 Modules scanning
19:46:29.656 Disk 1 trace - called modules:
19:46:29.661 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80066e22c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:46:29.665 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8006fbe790]
19:46:29.669 3 CLASSPNP.SYS[fffff880017b443f] -> nt!IofCallDriver -> [0xfffffa80069713f0]
19:46:29.672 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80069b5060]
19:46:29.675 \Driver\atapi[0xfffffa800694f7d0] -> IRP_MJ_CREATE -> 0xfffffa80066e22c0
19:46:29.827 AVAST engine scan C:\Windows
19:46:30.198 AVAST engine scan C:\Windows\system32
19:47:26.814 AVAST engine scan C:\Windows\system32\drivers
19:47:29.504 AVAST engine scan C:\Users\Paul
19:47:45.390 AVAST engine scan C:\ProgramData
19:47:46.747 Scan finished successfully
19:49:13.289 Disk 1 MBR has been saved successfully to "C:\Users\Paul\Desktop\MBR.dat"
19:49:13.292 The log file has been saved successfully to "C:\Users\Paul\Desktop\aswMBR.txt"

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:50 AM

Posted 28 April 2012 - 08:02 PM

Please run TDSSKiller next

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 pwoz

pwoz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 28 April 2012 - 08:34 PM

20:33:43.0221 4544 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
20:33:43.0526 4544 ============================================================
20:33:43.0526 4544 Current date / time: 2012/04/28 20:33:43.0526
20:33:43.0526 4544 SystemInfo:
20:33:43.0526 4544
20:33:43.0526 4544 OS Version: 6.1.7601 ServicePack: 1.0
20:33:43.0526 4544 Product type: Workstation
20:33:43.0526 4544 ComputerName: PAUL-PC
20:33:43.0526 4544 UserName: Paul
20:33:43.0526 4544 Windows directory: C:\Windows
20:33:43.0526 4544 System windows directory: C:\Windows
20:33:43.0526 4544 Running under WOW64
20:33:43.0526 4544 Processor architecture: Intel x64
20:33:43.0526 4544 Number of processors: 8
20:33:43.0526 4544 Page size: 0x1000
20:33:43.0526 4544 Boot type: Normal boot
20:33:43.0526 4544 ============================================================
20:33:43.0668 4544 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0xD72C, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
20:33:43.0677 4544 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:33:43.0688 4544 Drive \Device\Harddisk2\DR2 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x718F9, SectorsPerTrack: 0x14, TracksPerCylinder: 0x2A, Type 'K0', Flags 0x00000040
20:33:43.0690 4544 ============================================================
20:33:43.0690 4544 \Device\Harddisk1\DR1:
20:33:43.0690 4544 MBR partitions:
20:33:43.0690 4544 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:33:43.0690 4544 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
20:33:43.0690 4544 \Device\Harddisk0\DR0:
20:33:43.0691 4544 MBR partitions:
20:33:43.0691 4544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
20:33:43.0691 4544 \Device\Harddisk2\DR2:
20:33:43.0691 4544 MBR partitions:
20:33:43.0691 4544 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x52800
20:33:43.0691 4544 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x53000, BlocksNum 0x1744C000
20:33:43.0691 4544 ============================================================
20:33:43.0692 4544 C: <-> \Device\Harddisk1\DR1\Partition1
20:33:43.0709 4544 E: <-> \Device\Harddisk0\DR0\Partition0
20:33:43.0723 4544 F: <-> \Device\Harddisk2\DR2\Partition0
20:33:43.0735 4544 G: <-> \Device\Harddisk2\DR2\Partition1
20:33:43.0735 4544 ============================================================
20:33:43.0735 4544 Initialize success
20:33:43.0735 4544 ============================================================
20:33:51.0294 4580 ============================================================
20:33:51.0294 4580 Scan started
20:33:51.0294 4580 Mode: Manual;
20:33:51.0294 4580 ============================================================
20:33:51.0541 4580 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:33:51.0542 4580 1394ohci - ok
20:33:51.0552 4580 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:33:51.0554 4580 ACPI - ok
20:33:51.0556 4580 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:33:51.0557 4580 AcpiPmi - ok
20:33:51.0585 4580 AcrSch2Svc (084621fd37ad3c274282071cb8b9d855) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
20:33:51.0592 4580 AcrSch2Svc - ok
20:33:51.0596 4580 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
20:33:51.0597 4580 Adobe LM Service - ok
20:33:51.0601 4580 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:33:51.0601 4580 AdobeARMservice - ok
20:33:51.0626 4580 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:33:51.0627 4580 AdobeFlashPlayerUpdateSvc - ok
20:33:51.0662 4580 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:33:51.0666 4580 adp94xx - ok
20:33:51.0675 4580 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:33:51.0677 4580 adpahci - ok
20:33:51.0684 4580 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:33:51.0685 4580 adpu320 - ok
20:33:51.0689 4580 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:33:51.0689 4580 AeLookupSvc - ok
20:33:51.0697 4580 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
20:33:51.0699 4580 afcdp - ok
20:33:51.0774 4580 afcdpsrv (af44f7e027037628f1fac3c13cde73e6) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
20:33:51.0797 4580 afcdpsrv - ok
20:33:51.0831 4580 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:33:51.0835 4580 AFD - ok
20:33:51.0838 4580 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:33:51.0838 4580 agp440 - ok
20:33:51.0842 4580 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:33:51.0842 4580 ALG - ok
20:33:51.0844 4580 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:33:51.0844 4580 aliide - ok
20:33:51.0856 4580 ALSysIO - ok
20:33:51.0865 4580 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
20:33:51.0866 4580 AMD External Events Utility - ok
20:33:51.0868 4580 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:33:51.0868 4580 amdide - ok
20:33:51.0872 4580 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:33:51.0872 4580 AmdK8 - ok
20:33:52.0131 4580 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
20:33:52.0209 4580 amdkmdag - ok
20:33:52.0240 4580 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
20:33:52.0242 4580 amdkmdap - ok
20:33:52.0244 4580 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:33:52.0245 4580 AmdPPM - ok
20:33:52.0249 4580 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:33:52.0249 4580 amdsata - ok
20:33:52.0256 4580 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:33:52.0257 4580 amdsbs - ok
20:33:52.0259 4580 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:33:52.0259 4580 amdxata - ok
20:33:52.0263 4580 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:33:52.0263 4580 AppID - ok
20:33:52.0265 4580 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:33:52.0266 4580 AppIDSvc - ok
20:33:52.0269 4580 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:33:52.0269 4580 Appinfo - ok
20:33:52.0277 4580 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:33:52.0278 4580 AppMgmt - ok
20:33:52.0282 4580 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:33:52.0282 4580 arc - ok
20:33:52.0286 4580 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:33:52.0286 4580 arcsas - ok
20:33:52.0306 4580 ASGT (e536856e96a7605ebf580d62a868e5fe) C:\Windows\SysWOW64\ASGT.exe
20:33:52.0307 4580 ASGT - ok
20:33:52.0317 4580 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:33:52.0319 4580 aspnet_state - ok
20:33:52.0321 4580 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:33:52.0322 4580 AsyncMac - ok
20:33:52.0324 4580 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:33:52.0324 4580 atapi - ok
20:33:52.0582 4580 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
20:33:52.0618 4580 atikmdag - ok
20:33:52.0660 4580 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:33:52.0666 4580 AudioEndpointBuilder - ok
20:33:52.0669 4580 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:33:52.0671 4580 AudioSrv - ok
20:33:52.0677 4580 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:33:52.0677 4580 AxInstSV - ok
20:33:52.0691 4580 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:33:52.0694 4580 b06bdrv - ok
20:33:52.0702 4580 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:33:52.0704 4580 b57nd60a - ok
20:33:52.0709 4580 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:33:52.0709 4580 BDESVC - ok
20:33:52.0712 4580 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:33:52.0712 4580 Beep - ok
20:33:52.0733 4580 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:33:52.0738 4580 BFE - ok
20:33:52.0762 4580 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:33:52.0770 4580 BITS - ok
20:33:52.0775 4580 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:33:52.0775 4580 blbdrive - ok
20:33:52.0789 4580 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:33:52.0792 4580 Bonjour Service - ok
20:33:52.0797 4580 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:33:52.0797 4580 bowser - ok
20:33:52.0799 4580 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:33:52.0799 4580 BrFiltLo - ok
20:33:52.0801 4580 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:33:52.0801 4580 BrFiltUp - ok
20:33:52.0806 4580 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:33:52.0807 4580 Browser - ok
20:33:52.0815 4580 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:33:52.0817 4580 Brserid - ok
20:33:52.0819 4580 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:33:52.0819 4580 BrSerWdm - ok
20:33:52.0821 4580 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:33:52.0821 4580 BrUsbMdm - ok
20:33:52.0823 4580 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:33:52.0823 4580 BrUsbSer - ok
20:33:52.0827 4580 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:33:52.0828 4580 BTHMODEM - ok
20:33:52.0832 4580 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:33:52.0833 4580 bthserv - ok
20:33:52.0836 4580 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:33:52.0837 4580 cdfs - ok
20:33:52.0842 4580 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:33:52.0843 4580 cdrom - ok
20:33:52.0847 4580 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:33:52.0847 4580 CertPropSvc - ok
20:33:52.0850 4580 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:33:52.0850 4580 circlass - ok
20:33:52.0862 4580 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:33:52.0865 4580 CLFS - ok
20:33:52.0870 4580 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:33:52.0872 4580 clr_optimization_v2.0.50727_32 - ok
20:33:52.0877 4580 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:33:52.0878 4580 clr_optimization_v2.0.50727_64 - ok
20:33:52.0889 4580 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:33:52.0896 4580 clr_optimization_v4.0.30319_32 - ok
20:33:52.0905 4580 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:33:52.0908 4580 clr_optimization_v4.0.30319_64 - ok
20:33:52.0910 4580 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:33:52.0910 4580 CmBatt - ok
20:33:52.0912 4580 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:33:52.0912 4580 cmdide - ok
20:33:52.0924 4580 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:33:52.0928 4580 CNG - ok
20:33:52.0930 4580 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:33:52.0930 4580 Compbatt - ok
20:33:52.0932 4580 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:33:52.0933 4580 CompositeBus - ok
20:33:52.0934 4580 COMSysApp - ok
20:33:52.0936 4580 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:33:52.0937 4580 crcdisk - ok
20:33:52.0944 4580 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:33:52.0945 4580 CryptSvc - ok
20:33:52.0961 4580 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:33:52.0966 4580 CSC - ok
20:33:52.0986 4580 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:33:52.0991 4580 CscService - ok
20:33:53.0008 4580 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:33:53.0013 4580 DcomLaunch - ok
20:33:53.0023 4580 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:33:53.0025 4580 defragsvc - ok
20:33:53.0031 4580 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:33:53.0032 4580 DfsC - ok
20:33:53.0042 4580 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:33:53.0045 4580 Dhcp - ok
20:33:53.0047 4580 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:33:53.0047 4580 discache - ok
20:33:53.0051 4580 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:33:53.0051 4580 Disk - ok
20:33:53.0057 4580 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:33:53.0058 4580 Dnscache - ok
20:33:53.0066 4580 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:33:53.0068 4580 dot3svc - ok
20:33:53.0074 4580 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:33:53.0075 4580 DPS - ok
20:33:53.0077 4580 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:33:53.0077 4580 drmkaud - ok
20:33:53.0105 4580 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:33:53.0109 4580 DXGKrnl - ok
20:33:53.0114 4580 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:33:53.0114 4580 EapHost - ok
20:33:53.0187 4580 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:33:53.0209 4580 ebdrv - ok
20:33:53.0231 4580 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:33:53.0232 4580 EFS - ok
20:33:53.0249 4580 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:33:53.0255 4580 ehRecvr - ok
20:33:53.0259 4580 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:33:53.0260 4580 ehSched - ok
20:33:53.0278 4580 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:33:53.0283 4580 elxstor - ok
20:33:53.0285 4580 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:33:53.0285 4580 ErrDev - ok
20:33:53.0300 4580 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:33:53.0304 4580 EventSystem - ok
20:33:53.0310 4580 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:33:53.0312 4580 exfat - ok
20:33:53.0317 4580 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:33:53.0319 4580 fastfat - ok
20:33:53.0337 4580 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:33:53.0342 4580 Fax - ok
20:33:53.0345 4580 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:33:53.0345 4580 fdc - ok
20:33:53.0347 4580 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:33:53.0347 4580 fdPHost - ok
20:33:53.0350 4580 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:33:53.0350 4580 FDResPub - ok
20:33:53.0354 4580 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:33:53.0355 4580 FileInfo - ok
20:33:53.0357 4580 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:33:53.0357 4580 Filetrace - ok
20:33:53.0359 4580 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:33:53.0359 4580 flpydisk - ok
20:33:53.0369 4580 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:33:53.0373 4580 FltMgr - ok
20:33:53.0400 4580 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:33:53.0408 4580 FontCache - ok
20:33:53.0412 4580 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:33:53.0412 4580 FontCache3.0.0.0 - ok
20:33:53.0417 4580 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:33:53.0418 4580 FsDepends - ok
20:33:53.0420 4580 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:33:53.0420 4580 Fs_Rec - ok
20:33:53.0426 4580 Futuremark SystemInfo Service (0d015d3584704ec814a58276232f143b) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
20:33:53.0427 4580 Futuremark SystemInfo Service - ok
20:33:53.0435 4580 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:33:53.0436 4580 fvevol - ok
20:33:53.0439 4580 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:33:53.0440 4580 gagp30kx - ok
20:33:53.0442 4580 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:33:53.0442 4580 GEARAspiWDM - ok
20:33:53.0466 4580 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:33:53.0474 4580 gpsvc - ok
20:33:53.0485 4580 GPU-Z - ok
20:33:53.0488 4580 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:33:53.0488 4580 hcw85cir - ok
20:33:53.0498 4580 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:33:53.0500 4580 HdAudAddService - ok
20:33:53.0505 4580 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:33:53.0506 4580 HDAudBus - ok
20:33:53.0508 4580 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:33:53.0508 4580 HidBatt - ok
20:33:53.0511 4580 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:33:53.0512 4580 HidBth - ok
20:33:53.0514 4580 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:33:53.0515 4580 HidIr - ok
20:33:53.0517 4580 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:33:53.0518 4580 hidserv - ok
20:33:53.0521 4580 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:33:53.0521 4580 HidUsb - ok
20:33:53.0523 4580 HiPatchService (d61f8e72032bdc43157f2b8aea32b529) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
20:33:53.0524 4580 HiPatchService - ok
20:33:53.0527 4580 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:33:53.0528 4580 hkmsvc - ok
20:33:53.0536 4580 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:33:53.0538 4580 HomeGroupListener - ok
20:33:53.0544 4580 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:33:53.0546 4580 HomeGroupProvider - ok
20:33:53.0549 4580 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:33:53.0550 4580 HpSAMD - ok
20:33:53.0571 4580 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:33:53.0576 4580 HTTP - ok
20:33:53.0578 4580 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:33:53.0579 4580 hwpolicy - ok
20:33:53.0583 4580 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:33:53.0583 4580 i8042prt - ok
20:33:53.0594 4580 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:33:53.0597 4580 iaStorV - ok
20:33:53.0619 4580 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:33:53.0625 4580 idsvc - ok
20:33:53.0628 4580 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:33:53.0629 4580 iirsp - ok
20:33:53.0650 4580 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:33:53.0656 4580 IKEEXT - ok
20:33:53.0742 4580 IntcAzAudAddService (a5f7cef8a939ebe270462edefd629f20) C:\Windows\system32\drivers\RTKVHD64.sys
20:33:53.0752 4580 IntcAzAudAddService - ok
20:33:53.0775 4580 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:33:53.0775 4580 intelide - ok
20:33:53.0779 4580 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:33:53.0779 4580 intelppm - ok
20:33:53.0782 4580 IOMap (a01c412699b6f21645b2885c2bae4454) C:\Windows\system32\drivers\IOMap64.sys
20:33:53.0782 4580 IOMap - ok
20:33:53.0786 4580 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:33:53.0787 4580 IPBusEnum - ok
20:33:53.0790 4580 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:33:53.0791 4580 IpFilterDriver - ok
20:33:53.0808 4580 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:33:53.0813 4580 iphlpsvc - ok
20:33:53.0816 4580 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:33:53.0816 4580 IPMIDRV - ok
20:33:53.0821 4580 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:33:53.0821 4580 IPNAT - ok
20:33:53.0845 4580 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
20:33:53.0851 4580 iPod Service - ok
20:33:53.0854 4580 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:33:53.0854 4580 IRENUM - ok
20:33:53.0856 4580 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:33:53.0856 4580 isapnp - ok
20:33:53.0864 4580 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:33:53.0866 4580 iScsiPrt - ok
20:33:53.0869 4580 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:33:53.0869 4580 kbdclass - ok
20:33:53.0871 4580 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:33:53.0872 4580 kbdhid - ok
20:33:53.0874 4580 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:33:53.0875 4580 KeyIso - ok
20:33:53.0878 4580 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:33:53.0879 4580 KSecDD - ok
20:33:53.0884 4580 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:33:53.0885 4580 KSecPkg - ok
20:33:53.0887 4580 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:33:53.0887 4580 ksthunk - ok
20:33:53.0896 4580 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:33:53.0899 4580 KtmRm - ok
20:33:53.0908 4580 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:33:53.0910 4580 LanmanServer - ok
20:33:53.0915 4580 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:33:53.0917 4580 LanmanWorkstation - ok
20:33:53.0921 4580 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:33:53.0921 4580 lltdio - ok
20:33:53.0929 4580 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:33:53.0932 4580 lltdsvc - ok
20:33:53.0934 4580 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:33:53.0934 4580 lmhosts - ok
20:33:53.0940 4580 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:33:53.0940 4580 LSI_FC - ok
20:33:53.0944 4580 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:33:53.0945 4580 LSI_SAS - ok
20:33:53.0948 4580 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:33:53.0948 4580 LSI_SAS2 - ok
20:33:53.0953 4580 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:33:53.0954 4580 LSI_SCSI - ok
20:33:53.0959 4580 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:33:53.0959 4580 luafv - ok
20:33:53.0962 4580 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:33:53.0963 4580 Mcx2Svc - ok
20:33:53.0975 4580 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
20:33:53.0976 4580 MDM - ok
20:33:53.0979 4580 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:33:53.0979 4580 megasas - ok
20:33:53.0988 4580 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:33:53.0990 4580 MegaSR - ok
20:33:53.0997 4580 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:33:53.0998 4580 Microsoft Office Groove Audit Service - ok
20:33:54.0001 4580 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:33:54.0002 4580 MMCSS - ok
20:33:54.0004 4580 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:33:54.0004 4580 Modem - ok
20:33:54.0007 4580 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:33:54.0007 4580 monitor - ok
20:33:54.0010 4580 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:33:54.0010 4580 mouclass - ok
20:33:54.0014 4580 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:33:54.0014 4580 mouhid - ok
20:33:54.0018 4580 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:33:54.0018 4580 mountmgr - ok
20:33:54.0023 4580 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:33:54.0024 4580 mpio - ok
20:33:54.0028 4580 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:33:54.0028 4580 mpsdrv - ok
20:33:54.0049 4580 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:33:54.0055 4580 MpsSvc - ok
20:33:54.0060 4580 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:33:54.0061 4580 MRxDAV - ok
20:33:54.0066 4580 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:33:54.0067 4580 mrxsmb - ok
20:33:54.0075 4580 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:33:54.0077 4580 mrxsmb10 - ok
20:33:54.0081 4580 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:33:54.0082 4580 mrxsmb20 - ok
20:33:54.0084 4580 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:33:54.0084 4580 msahci - ok
20:33:54.0089 4580 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:33:54.0090 4580 msdsm - ok
20:33:54.0095 4580 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:33:54.0096 4580 MSDTC - ok
20:33:54.0100 4580 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:33:54.0100 4580 Msfs - ok
20:33:54.0102 4580 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:33:54.0102 4580 mshidkmdf - ok
20:33:54.0104 4580 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:33:54.0104 4580 msisadrv - ok
20:33:54.0110 4580 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:33:54.0111 4580 MSiSCSI - ok
20:33:54.0112 4580 msiserver - ok
20:33:54.0115 4580 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:33:54.0115 4580 MSKSSRV - ok
20:33:54.0117 4580 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:33:54.0117 4580 MSPCLOCK - ok
20:33:54.0119 4580 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:33:54.0119 4580 MSPQM - ok
20:33:54.0131 4580 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:33:54.0135 4580 MsRPC - ok
20:33:54.0138 4580 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:33:54.0138 4580 mssmbios - ok
20:33:54.0140 4580 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:33:54.0140 4580 MSTEE - ok
20:33:54.0142 4580 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:33:54.0142 4580 MTConfig - ok
20:33:54.0145 4580 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:33:54.0146 4580 Mup - ok
20:33:54.0149 4580 MySQL55 - ok
20:33:54.0163 4580 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:33:54.0166 4580 napagent - ok
20:33:54.0176 4580 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:33:54.0178 4580 NativeWifiP - ok
20:33:54.0204 4580 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:33:54.0211 4580 NDIS - ok
20:33:54.0214 4580 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:33:54.0214 4580 NdisCap - ok
20:33:54.0216 4580 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:33:54.0216 4580 NdisTapi - ok
20:33:54.0219 4580 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:33:54.0220 4580 Ndisuio - ok
20:33:54.0225 4580 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:33:54.0226 4580 NdisWan - ok
20:33:54.0229 4580 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:33:54.0230 4580 NDProxy - ok
20:33:54.0232 4580 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:33:54.0233 4580 NetBIOS - ok
20:33:54.0241 4580 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:33:54.0243 4580 NetBT - ok
20:33:54.0245 4580 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:33:54.0246 4580 Netlogon - ok
20:33:54.0258 4580 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:33:54.0262 4580 Netman - ok
20:33:54.0272 4580 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:33:54.0274 4580 NetMsmqActivator - ok
20:33:54.0276 4580 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:33:54.0277 4580 NetPipeActivator - ok
20:33:54.0291 4580 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:33:54.0295 4580 netprofm - ok
20:33:54.0296 4580 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:33:54.0297 4580 NetTcpActivator - ok
20:33:54.0299 4580 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:33:54.0299 4580 NetTcpPortSharing - ok
20:33:54.0304 4580 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:33:54.0305 4580 nfrd960 - ok
20:33:54.0314 4580 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:33:54.0317 4580 NlaSvc - ok
20:33:54.0319 4580 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:33:54.0320 4580 Npfs - ok
20:33:54.0322 4580 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:33:54.0323 4580 nsi - ok
20:33:54.0325 4580 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:33:54.0325 4580 nsiproxy - ok
20:33:54.0367 4580 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:33:54.0378 4580 Ntfs - ok
20:33:54.0401 4580 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:33:54.0401 4580 Null - ok
20:33:54.0405 4580 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
20:33:54.0406 4580 nusb3hub - ok
20:33:54.0412 4580 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:33:54.0413 4580 nusb3xhc - ok
20:33:54.0418 4580 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:33:54.0419 4580 nvraid - ok
20:33:54.0424 4580 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:33:54.0425 4580 nvstor - ok
20:33:54.0429 4580 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:33:54.0430 4580 nv_agp - ok
20:33:54.0444 4580 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:33:54.0448 4580 odserv - ok
20:33:54.0452 4580 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:33:54.0452 4580 ohci1394 - ok
20:33:54.0457 4580 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:33:54.0459 4580 ose - ok
20:33:54.0471 4580 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:33:54.0474 4580 p2pimsvc - ok
20:33:54.0488 4580 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:33:54.0492 4580 p2psvc - ok
20:33:54.0496 4580 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:33:54.0498 4580 Parport - ok
20:33:54.0501 4580 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:33:54.0501 4580 partmgr - ok
20:33:54.0508 4580 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:33:54.0510 4580 PcaSvc - ok
20:33:54.0516 4580 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:33:54.0517 4580 pci - ok
20:33:54.0519 4580 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:33:54.0519 4580 pciide - ok
20:33:54.0525 4580 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:33:54.0527 4580 pcmcia - ok
20:33:54.0530 4580 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:33:54.0530 4580 pcw - ok
20:33:54.0550 4580 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:33:54.0555 4580 PEAUTH - ok
20:33:54.0588 4580 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:33:54.0597 4580 PeerDistSvc - ok
20:33:54.0617 4580 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:33:54.0618 4580 PerfHost - ok
20:33:54.0673 4580 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:33:54.0683 4580 pla - ok
20:33:54.0694 4580 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:33:54.0698 4580 PlugPlay - ok
20:33:54.0700 4580 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:33:54.0701 4580 PNRPAutoReg - ok
20:33:54.0713 4580 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:33:54.0715 4580 PNRPsvc - ok
20:33:54.0720 4580 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
20:33:54.0720 4580 Point64 - ok
20:33:54.0735 4580 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:33:54.0738 4580 PolicyAgent - ok
20:33:54.0746 4580 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:33:54.0748 4580 Power - ok
20:33:54.0752 4580 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:33:54.0753 4580 PptpMiniport - ok
20:33:54.0756 4580 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:33:54.0756 4580 Processor - ok
20:33:54.0764 4580 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:33:54.0766 4580 ProfSvc - ok
20:33:54.0768 4580 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:33:54.0769 4580 ProtectedStorage - ok
20:33:54.0773 4580 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:33:54.0774 4580 Psched - ok
20:33:54.0812 4580 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:33:54.0822 4580 ql2300 - ok
20:33:54.0847 4580 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:33:54.0848 4580 ql40xx - ok
20:33:54.0857 4580 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:33:54.0859 4580 QWAVE - ok
20:33:54.0862 4580 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:33:54.0862 4580 QWAVEdrv - ok
20:33:54.0864 4580 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:33:54.0864 4580 RasAcd - ok
20:33:54.0867 4580 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:33:54.0868 4580 RasAgileVpn - ok
20:33:54.0872 4580 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:33:54.0873 4580 RasAuto - ok
20:33:54.0878 4580 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:33:54.0879 4580 Rasl2tp - ok
20:33:54.0888 4580 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:33:54.0891 4580 RasMan - ok
20:33:54.0896 4580 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:33:54.0897 4580 RasPppoe - ok
20:33:54.0901 4580 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:33:54.0901 4580 RasSstp - ok
20:33:54.0913 4580 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:33:54.0916 4580 rdbss - ok
20:33:54.0918 4580 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:33:54.0918 4580 rdpbus - ok
20:33:54.0919 4580 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:33:54.0920 4580 RDPCDD - ok
20:33:54.0926 4580 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:33:54.0927 4580 RDPDR - ok
20:33:54.0929 4580 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:33:54.0929 4580 RDPENCDD - ok
20:33:54.0932 4580 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:33:54.0932 4580 RDPREFMP - ok
20:33:54.0939 4580 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:33:54.0940 4580 RDPWD - ok
20:33:54.0947 4580 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:33:54.0949 4580 rdyboost - ok
20:33:54.0953 4580 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:33:54.0954 4580 RemoteAccess - ok
20:33:54.0960 4580 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:33:54.0962 4580 RemoteRegistry - ok
20:33:54.0965 4580 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:33:54.0966 4580 RpcEptMapper - ok
20:33:54.0968 4580 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:33:54.0969 4580 RpcLocator - ok
20:33:54.0984 4580 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:33:54.0987 4580 RpcSs - ok
20:33:54.0991 4580 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:33:54.0991 4580 rspndr - ok
20:33:55.0060 4580 RTCore64 (4b60ef388071e0baf299496e3d6590ae) E:\Program Files (x86)\MSI Afterburner\RTCore64.sys
20:33:55.0061 4580 RTCore64 - ok
20:33:55.0073 4580 RTHDMIAzAudService (2e7d1ca91d62501713c9d6e6704395c6) C:\Windows\system32\drivers\RtHDMIVX.sys
20:33:55.0074 4580 RTHDMIAzAudService - ok
20:33:55.0088 4580 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:33:55.0090 4580 RTL8167 - ok
20:33:55.0092 4580 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:33:55.0093 4580 s3cap - ok
20:33:55.0095 4580 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:33:55.0096 4580 SamSs - ok
20:33:55.0099 4580 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:33:55.0100 4580 sbp2port - ok
20:33:55.0107 4580 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:33:55.0109 4580 SCardSvr - ok
20:33:55.0111 4580 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:33:55.0111 4580 scfilter - ok
20:33:55.0143 4580 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:33:55.0151 4580 Schedule - ok
20:33:55.0155 4580 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:33:55.0156 4580 SCPolicySvc - ok
20:33:55.0161 4580 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:33:55.0163 4580 SDRSVC - ok
20:33:55.0167 4580 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:33:55.0167 4580 secdrv - ok
20:33:55.0169 4580 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:33:55.0170 4580 seclogon - ok
20:33:55.0174 4580 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:33:55.0175 4580 SENS - ok
20:33:55.0178 4580 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:33:55.0179 4580 SensrSvc - ok
20:33:55.0181 4580 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:33:55.0181 4580 Serenum - ok
20:33:55.0186 4580 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:33:55.0186 4580 Serial - ok
20:33:55.0188 4580 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:33:55.0188 4580 sermouse - ok
20:33:55.0196 4580 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:33:55.0197 4580 SessionEnv - ok
20:33:55.0199 4580 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:33:55.0199 4580 sffdisk - ok
20:33:55.0201 4580 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:33:55.0201 4580 sffp_mmc - ok
20:33:55.0203 4580 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:33:55.0203 4580 sffp_sd - ok
20:33:55.0205 4580 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:33:55.0205 4580 sfloppy - ok
20:33:55.0216 4580 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:33:55.0219 4580 SharedAccess - ok
20:33:55.0230 4580 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:33:55.0233 4580 ShellHWDetection - ok
20:33:55.0236 4580 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:33:55.0236 4580 SiSRaid2 - ok
20:33:55.0240 4580 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:33:55.0240 4580 SiSRaid4 - ok
20:33:55.0247 4580 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:33:55.0247 4580 SkypeUpdate - ok
20:33:55.0251 4580 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:33:55.0252 4580 Smb - ok
20:33:55.0262 4580 snapman (b2c19ae46c5a109679b4fb38058df05a) C:\Windows\system32\DRIVERS\snapman.sys
20:33:55.0264 4580 snapman - ok
20:33:55.0266 4580 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:33:55.0267 4580 SNMPTRAP - ok
20:33:55.0269 4580 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:33:55.0269 4580 spldr - ok
20:33:55.0286 4580 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:33:55.0291 4580 Spooler - ok
20:33:55.0389 4580 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:33:55.0417 4580 sppsvc - ok
20:33:55.0439 4580 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:33:55.0440 4580 sppuinotify - ok
20:33:55.0459 4580 sptd (dfc4e2081324e505ca479e473a78d893) C:\Windows\System32\Drivers\sptd.sys
20:33:55.0463 4580 sptd - ok
20:33:55.0476 4580 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:33:55.0479 4580 srv - ok
20:33:55.0490 4580 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:33:55.0493 4580 srv2 - ok
20:33:55.0498 4580 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:33:55.0499 4580 srvnet - ok
20:33:55.0506 4580 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:33:55.0508 4580 SSDPSRV - ok
20:33:55.0512 4580 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:33:55.0513 4580 SstpSvc - ok
20:33:55.0515 4580 Steam Client Service - ok
20:33:55.0518 4580 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:33:55.0519 4580 stexstor - ok
20:33:55.0534 4580 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:33:55.0539 4580 stisvc - ok
20:33:55.0542 4580 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:33:55.0543 4580 storflt - ok
20:33:55.0545 4580 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:33:55.0547 4580 StorSvc - ok
20:33:55.0549 4580 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:33:55.0549 4580 storvsc - ok
20:33:55.0551 4580 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:33:55.0551 4580 swenum - ok
20:33:55.0566 4580 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:33:55.0570 4580 swprv - ok
20:33:55.0616 4580 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:33:55.0629 4580 SysMain - ok
20:33:55.0652 4580 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:33:55.0653 4580 TabletInputService - ok
20:33:55.0663 4580 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:33:55.0666 4580 TapiSrv - ok
20:33:55.0669 4580 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:33:55.0670 4580 TBS - ok
20:33:55.0719 4580 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:33:55.0732 4580 Tcpip - ok
20:33:55.0797 4580 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:33:55.0804 4580 TCPIP6 - ok
20:33:55.0828 4580 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:33:55.0828 4580 tcpipreg - ok
20:33:55.0831 4580 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:33:55.0831 4580 TDPIPE - ok
20:33:55.0862 4580 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
20:33:55.0870 4580 tdrpman273 - ok
20:33:55.0873 4580 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:33:55.0873 4580 TDTCP - ok
20:33:55.0878 4580 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:33:55.0879 4580 tdx - ok
20:33:55.0882 4580 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:33:55.0882 4580 TermDD - ok
20:33:55.0900 4580 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:33:55.0906 4580 TermService - ok
20:33:55.0908 4580 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:33:55.0910 4580 Themes - ok
20:33:55.0913 4580 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:33:55.0913 4580 THREADORDER - ok
20:33:55.0936 4580 timounter (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys
20:33:55.0943 4580 timounter - ok
20:33:55.0948 4580 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:33:55.0949 4580 TrkWks - ok
20:33:55.0956 4580 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:33:55.0957 4580 TrustedInstaller - ok
20:33:55.0961 4580 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:33:55.0961 4580 tssecsrv - ok
20:33:55.0964 4580 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:33:55.0965 4580 TsUsbFlt - ok
20:33:55.0969 4580 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:33:55.0970 4580 tunnel - ok
20:33:55.0973 4580 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:33:55.0974 4580 uagp35 - ok
20:33:55.0985 4580 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:33:55.0988 4580 udfs - ok
20:33:55.0992 4580 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:33:55.0993 4580 UI0Detect - ok
20:33:55.0997 4580 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:33:55.0997 4580 uliagpkx - ok
20:33:56.0000 4580 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:33:56.0000 4580 umbus - ok
20:33:56.0002 4580 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:33:56.0002 4580 UmPass - ok
20:33:56.0009 4580 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:33:56.0011 4580 UmRdpService - ok
20:33:56.0024 4580 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:33:56.0027 4580 upnphost - ok
20:33:56.0032 4580 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:33:56.0032 4580 usbaudio - ok
20:33:56.0036 4580 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:33:56.0037 4580 usbccgp - ok
20:33:56.0041 4580 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:33:56.0041 4580 usbcir - ok
20:33:56.0044 4580 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:33:56.0044 4580 usbehci - ok
20:33:56.0054 4580 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:33:56.0056 4580 usbhub - ok
20:33:56.0059 4580 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:33:56.0059 4580 usbohci - ok
20:33:56.0061 4580 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:33:56.0061 4580 usbprint - ok
20:33:56.0065 4580 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
20:33:56.0065 4580 USBSTOR - ok
20:33:56.0067 4580 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:33:56.0068 4580 usbuhci - ok
20:33:56.0070 4580 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:33:56.0071 4580 UxSms - ok
20:33:56.0074 4580 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:33:56.0074 4580 VaultSvc - ok
20:33:56.0077 4580 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:33:56.0077 4580 vdrvroot - ok
20:33:56.0091 4580 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:33:56.0096 4580 vds - ok
20:33:56.0098 4580 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:33:56.0098 4580 vga - ok
20:33:56.0101 4580 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:33:56.0101 4580 VgaSave - ok
20:33:56.0107 4580 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:33:56.0109 4580 vhdmp - ok
20:33:56.0111 4580 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:33:56.0111 4580 viaide - ok
20:33:56.0117 4580 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:33:56.0119 4580 vmbus - ok
20:33:56.0121 4580 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:33:56.0121 4580 VMBusHID - ok
20:33:56.0124 4580 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:33:56.0125 4580 volmgr - ok
20:33:56.0135 4580 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:33:56.0138 4580 volmgrx - ok
20:33:56.0146 4580 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:33:56.0149 4580 volsnap - ok
20:33:56.0155 4580 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:33:56.0156 4580 vsmraid - ok
20:33:56.0199 4580 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:33:56.0211 4580 VSS - ok
20:33:56.0234 4580 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:33:56.0234 4580 vwifibus - ok
20:33:56.0245 4580 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:33:56.0249 4580 W32Time - ok
20:33:56.0252 4580 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:33:56.0253 4580 WacomPen - ok
20:33:56.0257 4580 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:33:56.0257 4580 WANARP - ok
20:33:56.0258 4580 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:33:56.0259 4580 Wanarpv6 - ok
20:33:56.0299 4580 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:33:56.0310 4580 WatAdminSvc - ok
20:33:56.0351 4580 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:33:56.0363 4580 wbengine - ok
20:33:56.0388 4580 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:33:56.0390 4580 WbioSrvc - ok
20:33:56.0402 4580 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:33:56.0405 4580 wcncsvc - ok
20:33:56.0408 4580 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:33:56.0409 4580 WcsPlugInService - ok
20:33:56.0413 4580 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:33:56.0413 4580 Wd - ok
20:33:56.0434 4580 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:33:56.0440 4580 Wdf01000 - ok
20:33:56.0444 4580 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:33:56.0445 4580 WdiServiceHost - ok
20:33:56.0447 4580 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:33:56.0448 4580 WdiSystemHost - ok
20:33:56.0456 4580 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:33:56.0458 4580 WebClient - ok
20:33:56.0467 4580 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:33:56.0469 4580 Wecsvc - ok
20:33:56.0473 4580 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:33:56.0475 4580 wercplsupport - ok
20:33:56.0478 4580 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:33:56.0480 4580 WerSvc - ok
20:33:56.0484 4580 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:33:56.0484 4580 WfpLwf - ok
20:33:56.0486 4580 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:33:56.0486 4580 WIMMount - ok
20:33:56.0488 4580 WinDefend - ok
20:33:56.0492 4580 WinHttpAutoProxySvc - ok
20:33:56.0502 4580 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:33:56.0505 4580 Winmgmt - ok
20:33:56.0552 4580 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:33:56.0566 4580 WinRM - ok
20:33:56.0592 4580 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:33:56.0592 4580 WinUsb - ok
20:33:56.0618 4580 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:33:56.0627 4580 Wlansvc - ok
20:33:56.0630 4580 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:33:56.0630 4580 WmiAcpi - ok
20:33:56.0639 4580 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:33:56.0641 4580 wmiApSrv - ok
20:33:56.0643 4580 WMPNetworkSvc - ok
20:33:56.0646 4580 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:33:56.0647 4580 WPCSvc - ok
20:33:56.0652 4580 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:33:56.0653 4580 WPDBusEnum - ok
20:33:56.0655 4580 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:33:56.0656 4580 ws2ifsl - ok
20:33:56.0659 4580 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:33:56.0661 4580 wscsvc - ok
20:33:56.0662 4580 WSearch - ok
20:33:56.0733 4580 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:33:56.0754 4580 wuauserv - ok
20:33:56.0779 4580 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:33:56.0779 4580 WudfPf - ok
20:33:56.0785 4580 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:33:56.0786 4580 WUDFRd - ok
20:33:56.0790 4580 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:33:56.0791 4580 wudfsvc - ok
20:33:56.0799 4580 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:33:56.0801 4580 WwanSvc - ok
20:33:56.0805 4580 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:33:56.0808 4580 \Device\Harddisk1\DR1 - ok
20:33:56.0809 4580 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:33:56.0958 4580 \Device\Harddisk0\DR0 - ok
20:33:56.0960 4580 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
20:33:56.0978 4580 \Device\Harddisk2\DR2 - ok
20:33:56.0981 4580 Boot (0x1200) (6b674fba1e1c4b128e2306f817b66659) \Device\Harddisk1\DR1\Partition0
20:33:56.0982 4580 \Device\Harddisk1\DR1\Partition0 - ok
20:33:56.0983 4580 Boot (0x1200) (98a43ac1706fdbb684826a9a704d07dc) \Device\Harddisk1\DR1\Partition1
20:33:56.0984 4580 \Device\Harddisk1\DR1\Partition1 - ok
20:33:56.0985 4580 Boot (0x1200) (1202035d0037300d4aa1945879251dde) \Device\Harddisk0\DR0\Partition0
20:33:56.0986 4580 \Device\Harddisk0\DR0\Partition0 - ok
20:33:56.0987 4580 Boot (0x1200) (661feca5bc75aea5b508c8c95a987699) \Device\Harddisk2\DR2\Partition0
20:33:56.0988 4580 \Device\Harddisk2\DR2\Partition0 - ok
20:33:56.0989 4580 Boot (0x1200) (a3e684c81de6ce90fb4dc7f7225981e7) \Device\Harddisk2\DR2\Partition1
20:33:56.0990 4580 \Device\Harddisk2\DR2\Partition1 - ok
20:33:56.0990 4580 ============================================================
20:33:56.0990 4580 Scan finished
20:33:56.0990 4580 ============================================================
20:33:56.0994 4376 Detected object count: 0
20:33:56.0994 4376 Actual detected object count: 0
20:34:12.0667 4720 Deinitialize success

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:50 AM

Posted 29 April 2012 - 04:16 AM

We need to see an offline Master Boot Record

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.[/list]
Posted Image
m0le is a proud member of UNITE

#7 pwoz

pwoz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 29 April 2012 - 08:14 AM

Scan result of Farbar Recovery Scan Tool Version: 27-04-2012
Ran by SYSTEM at 29-04-2012 08:01:14
Running from I:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-01-31] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
HKU\Paul\...\Run: [Pidgin] "C:\Program Files (x86)\Pidgin\pidgin.exe" [49340 2011-12-14] (The Pidgin developer community)
HKU\Paul\...\Run: [NCsoft] [x]
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

==================== Services (Whitelisted) ======

2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1063848 2010-12-11] (Acronis)
3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2012-04-01] (Adobe Systems)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-20] (Adobe Systems Incorporated)
4 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-02-02] (Acronis)
2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
4 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [135584 2011-12-09] (Futuremark Corporation)
4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-02-20] (Hi-Rez Studios)
2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65824 2006-10-26] (Microsoft Corporation)
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [158856 2012-04-05] (Skype Technologies)

========================== Drivers (Whitelisted) =============

3 afcdp; C:\Windows\System32\Drivers\afcdp.sys [285280 2012-02-02] (Acronis)
3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11174400 2012-04-05] (Advanced Micro Devices, Inc.)
3 atikmdag; C:\Windows\System32\Drivers\atikmdag.sys [11174400 2012-04-05] (Advanced Micro Devices, Inc.)
0 snapman; C:\Windows\System32\Drivers\snapman.sys [277088 2012-02-02] (Acronis)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2012-04-01] (Duplex Secure Ltd.)
0 tdrpman273; C:\Windows\System32\DRIVERS\tdrpm273.sys [1263200 2012-02-02] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [943712 2012-02-02] (Acronis)
3 ALSysIO; \??\C:\Users\Paul\AppData\Local\Temp\ALSysIO64.sys [x]
3 GPU-Z; \??\C:\Users\Paul\AppData\Local\Temp\GPU-Z.sys [x]
2 MySQL55; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="E:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 [x]
3 RTCore64; \??\E:\Program Files (x86)\MSI Afterburner\RTCore64.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-29 08:01 - 2012-02-15 12:04 - 0000000 ____D C:\FRST
2012-04-28 17:33 - 2012-04-08 06:32 - 0128864 ____A C:\Users\Paul\Desktop\report.txt
2012-04-28 16:49 - 2012-04-28 16:41 - 0002386 ____A C:\Users\Paul\Desktop\aswMBR.txt
2012-04-28 16:49 - 2011-01-19 19:01 - 0000512 ____A C:\Users\Paul\Desktop\MBR.dat
2012-04-28 16:42 - 2012-02-03 08:20 - 4731392 ____A (AVAST Software) C:\Users\Paul\Desktop\aswMBR.exe
2012-04-27 16:32 - 2012-04-08 16:19 - 0042450 ____A C:\Users\Paul\Desktop\DxDiag.txt
2012-04-27 15:43 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-27 15:43 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-27 15:43 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-27 15:41 - 2012-04-27 15:45 - 1139200 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-04-27 15:41 - 2011-05-03 21:22 - 0778752 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2012-04-27 15:41 - 2011-05-03 21:22 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2012-04-27 15:41 - 2011-05-03 21:19 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2012-04-27 15:41 - 2011-05-03 20:32 - 0197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2012-04-27 15:41 - 2011-05-03 20:28 - 0164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2012-04-27 15:41 - 2011-03-24 19:29 - 0343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2012-04-27 15:41 - 2011-03-24 19:29 - 0325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2012-04-27 15:41 - 2011-03-24 19:29 - 0025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2012-04-27 15:41 - 2011-03-24 19:28 - 0052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2012-04-27 15:41 - 2011-03-10 22:41 - 0166272 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2012-04-27 15:41 - 2011-03-10 20:37 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2012-04-27 15:41 - 2011-02-23 22:15 - 1465344 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-04-27 15:41 - 2011-02-23 21:38 - 0870912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-04-27 15:41 - 2010-11-20 05:27 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-04-27 15:41 - 2010-11-20 05:27 - 0591872 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2012-04-27 15:41 - 2010-11-20 05:27 - 0075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2012-04-27 15:41 - 2010-11-20 05:25 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-04-27 15:41 - 2010-11-20 05:25 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-04-27 15:41 - 2010-11-20 04:21 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-04-27 15:41 - 2010-11-20 04:21 - 0427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2012-04-27 15:41 - 2010-11-20 04:19 - 0059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2012-04-27 15:41 - 2010-11-20 04:18 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-04-27 15:41 - 2010-11-20 03:37 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2012-04-27 15:41 - 2010-11-20 02:44 - 0098816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2012-04-27 15:41 - 2010-11-18 18:34 - 0148352 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2012-04-27 15:41 - 2009-07-13 17:52 - 0027008 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2012-04-27 15:41 - 2009-07-13 17:47 - 0027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2012-04-27 15:41 - 2009-07-13 17:45 - 0189824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2012-04-27 15:41 - 2009-07-13 17:41 - 2223616 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2012-04-27 15:41 - 2009-07-13 17:41 - 0491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2012-04-27 15:41 - 2009-07-13 17:41 - 0476160 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-04-27 15:41 - 2009-07-13 17:41 - 0113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2012-04-27 15:41 - 2009-07-13 17:40 - 2565632 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2012-04-27 15:41 - 2009-07-13 17:39 - 2315776 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2012-04-27 15:41 - 2009-07-13 17:39 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-04-27 15:41 - 2009-07-13 17:16 - 0288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-04-27 15:41 - 2009-07-13 17:16 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2012-04-27 15:41 - 2009-07-13 17:15 - 1699328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2012-04-27 15:41 - 2009-07-13 17:15 - 1401344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2012-04-27 15:41 - 2009-07-13 17:15 - 0337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2012-04-27 15:41 - 2009-07-13 17:14 - 1549312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2012-04-27 15:41 - 2009-07-13 17:14 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-04-27 15:41 - 2009-07-13 16:06 - 0007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2012-04-27 15:41 - 2009-07-13 15:21 - 1659776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-04-27 15:41 - 2009-07-13 15:19 - 0410496 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2012-04-27 15:41 - 2009-07-13 15:19 - 0107904 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2012-04-27 15:41 - 2009-06-10 13:21 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2012-04-27 15:41 - 2009-06-10 13:15 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-04-27 15:41 - 2009-06-10 13:14 - 0031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2012-04-27 15:41 - 2009-06-10 12:38 - 0096768 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2012-04-27 15:41 - 2009-06-10 12:31 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-04-27 15:41 - 2006-07-24 08:50 - 0666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2012-04-27 11:00 - 2009-07-13 20:54 - 0000000 ____D C:\Program Files\DIPS64
2012-04-27 10:59 - 2012-04-13 19:14 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-04-27 10:59 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\ATI
2012-04-27 10:59 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\ATI
2012-04-25 15:46 - 2012-03-27 18:09 - 0045155 ____A C:\Users\Paul\Desktop\wowprofcost.rar
2012-04-25 15:45 - 2012-04-28 16:49 - 0036352 ____A C:\Users\Paul\Desktop\Chris Wozniak Resume.doc
2012-04-25 15:26 - 2012-02-12 12:49 - 0000775 ____A C:\Users\Paul\Desktop\MSI Afterburner.lnk
2012-04-25 15:26 - 2009-07-13 17:15 - 0000000 ____D C:\Windows\SysWOW64\directx
2012-04-24 15:45 - 2012-04-28 17:32 - 2074160 ____A (Kaspersky Lab ZAO) C:\Users\Paul\Desktop\TDSSKiller.exe
2012-04-23 19:34 - 2012-04-27 15:41 - 0128122 ____A C:\TDSSKiller.2.7.32.0_23.04.2012_22.34.04_log.txt
2012-04-23 19:33 - 2012-02-01 17:26 - 0000000 ____D C:\Users\Paul\Desktop\tdsskiller
2012-04-22 16:00 - 2012-04-22 08:55 - 0001600 ____A C:\Users\Paul\Desktop\MonoDevelop.exe - Shortcut.lnk
2012-04-22 07:24 - 2012-02-16 06:57 - 0000000 ____D C:\Users\Paul\AppData\Local\NCSoft
2012-04-22 06:04 - 2012-04-18 18:09 - 0000000 ____D C:\Program Files (x86)\NCSoft
2012-04-22 06:04 - 2012-04-13 09:20 - 0002148 ____A C:\Users\Paul\Desktop\City of Heroes.lnk
2012-04-22 06:04 - 2012-02-01 14:54 - 0002028 ____A C:\Users\Public\Desktop\NCsoft Launcher.lnk
2012-04-22 06:03 - 2012-02-01 14:49 - 0000000 ____D C:\Users\Paul\AppData\Roaming\GetRightToGo
2012-04-22 05:05 - 2012-02-02 08:07 - 0018772 ____A C:\Users\Paul\Desktop\escjett.png
2012-04-21 11:57 - 2012-02-09 18:16 - 0019776 ____A C:\Users\Paul\Desktop\gas savings.png
2012-04-20 19:33 - 2012-04-09 15:59 - 0036207 ____A C:\Users\Paul\Desktop\555704_431597843521892_181805898501089_1851725_341562356_n.jpg
2012-04-20 16:35 - 2012-04-18 16:01 - 0001268 ____A C:\Users\Paul\Desktop\Mids' Hero & Villain Designer.lnk
2012-04-20 16:35 - 2012-02-01 13:34 - 0000000 ____D C:\Program Files (x86)\Titan Network
2012-04-19 16:47 - 2012-04-25 15:26 - 0002224 ____A C:\Users\Paul\Desktop\MySQL Workbench 5.2 CE.lnk
2012-04-18 18:09 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MySQL
2012-04-18 18:06 - 2012-02-13 06:45 - 0000000 ____D C:\Users\All Users\MySQL
2012-04-18 18:06 - 2012-02-13 06:45 - 0000000 ____D C:\ProgramData\MySQL
2012-04-18 18:06 - 2012-02-07 10:59 - 0000000 ____D C:\Program Files (x86)\MySQL
2012-04-18 16:02 - 2012-04-28 16:49 - 27990911 ____A C:\Users\Paul\Desktop\mb_manual_ga-z68ap-d3_e.pdf
2012-04-18 16:01 - 2012-04-18 16:02 - 1137924 ____A C:\Users\Paul\Desktop\mb_manual_smart-response_e.pdf
2012-04-15 08:39 - 2012-02-01 13:04 - 0000000 ____D C:\Users\Paul\AppData\Roaming\MySQL
2012-04-15 08:37 - 2009-07-13 17:39 - 0000238 ____A C:\Windows\ODBCINST.INI
2012-04-15 07:40 - 2012-03-05 11:15 - 0000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2012-04-15 07:40 - 2012-03-05 11:15 - 0000000 ____D C:\Users\All Users\Skype
2012-04-15 07:40 - 2012-03-05 11:15 - 0000000 ____D C:\ProgramData\Skype
2012-04-15 07:40 - 2012-02-10 11:28 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-15 07:40 - 2012-02-01 13:37 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-04-14 18:18 - 2012-02-12 11:12 - 0000000 ____D C:\Users\Paul\AppData\Roaming\AVG2012
2012-04-14 18:14 - 2012-04-27 10:59 - 0000000 ____D C:\Users\All Users\AVG2012
2012-04-14 18:14 - 2012-04-27 10:59 - 0000000 ____D C:\ProgramData\AVG2012
2012-04-14 18:14 - 2012-04-13 12:48 - 0000000 ____D C:\Program Files (x86)\AVG
2012-04-14 18:14 - - 0000000 ___HD C:\$AVG
2012-04-14 18:12 - 2012-02-24 06:18 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-14 18:12 - 2012-02-24 06:18 - 0000000 ____D C:\ProgramData\MFAData
2012-04-14 18:06 - 2012-04-02 15:12 - 0007706 ____A C:\Users\Paul\Desktop\hijackthis.log
2012-04-14 05:16 - 2012-03-15 06:33 - 0017987 ____A C:\Users\Paul\Desktop\good playlist.m3u
2012-04-14 05:15 - 2012-04-23 19:33 - 0000000 ____D C:\Users\Paul\Desktop\foobar2000
2012-04-14 05:15 - 2012-04-14 05:16 - 0080580 ____A C:\Users\Paul\Desktop\good playlist.txt
2012-04-13 19:20 - 2009-06-10 12:30 - 0000000 ____D C:\Windows\pss
2012-04-13 15:12 - 2012-04-13 15:12 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-13 15:12 - 2012-04-13 15:12 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-13 15:12 - 2012-02-01 13:53 - 0000000 ____D C:\Program Files (x86)\Java
2012-04-13 15:12 - 2010-11-20 04:18 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-13 15:12 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\Sun
2012-04-13 15:12 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\Sun
2012-04-13 15:12 - 2009-07-13 19:20 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-13 12:52 - 2012-04-27 10:59 - 0000000 ____D C:\Program Files (x86)\AMD AVT
2012-04-13 12:52 - - 0000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-04-13 12:51 - 2012-04-09 15:23 - 0000000 ____D C:\Program Files\ATI Technologies
2012-04-13 10:28 - 2012-04-08 09:03 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-04-11 03:29 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-11 03:29 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-11 03:29 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-11 03:29 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-11 03:29 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-11 03:29 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-11 03:29 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-11 03:29 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-11 03:29 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-11 03:29 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-11 03:29 - 2012-02-01 13:59 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-11 03:29 - 2012-02-01 13:59 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-11 03:29 - 2012-02-01 13:59 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-11 03:29 - 2012-02-01 13:59 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-11 03:29 - 2012-02-01 13:59 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-11 03:29 - 2012-02-01 13:59 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-11 03:29 - 2012-02-01 13:59 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-11 03:29 - 2012-02-01 13:59 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-11 03:29 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-11 03:29 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-11 03:29 - 2010-11-20 05:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-11 03:29 - 2010-11-20 04:21 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-11 03:29 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-11 03:29 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-11 03:29 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-11 03:29 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-11 03:28 - 2009-07-13 17:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-11 03:28 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-11 03:28 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-11 03:28 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-11 03:28 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-11 03:28 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-11 03:28 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-09 16:52 - 2012-03-12 06:23 - 0003408 ____A C:\Users\Paul\Desktop\unigine_20120409_1952.html
2012-04-09 16:42 - 2012-04-27 15:45 - 0000000 ____D C:\Users\Paul\Heaven
2012-04-09 16:41 - 2012-04-21 15:51 - 0003072 ____A C:\Users\Paul\AppData\Local\file__0.localstorage
2012-04-09 16:40 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Unigine
2012-04-09 16:40 - 2009-07-13 20:54 - 0001955 ____A C:\Users\Public\Desktop\Heaven DX11 Benchmark 3.0.lnk
2012-04-09 16:37 - 2012-04-09 16:52 - 247453906 ____A (Unigine Corp. ) C:\Users\Paul\Desktop\Unigine_Heaven-3.0.exe
2012-04-09 15:23 - 2012-02-07 11:09 - 0000000 ____D C:\Program Files\ATI
2012-04-09 14:54 - 2012-02-22 18:00 - 0000450 ____A C:\Users\Paul\Desktop\3d mark 11.txt
2012-04-08 18:24 - 2009-07-13 15:19 - 0023680 ____A (ASUSTeK Computer Inc.) C:\Windows\System32\Drivers\IOMap64.sys
2012-04-08 18:22 - 2012-02-02 09:03 - 0000740 ____A C:\Users\Public\Desktop\ASUS GPU Tweak.lnk
2012-04-08 18:20 - 2012-04-02 16:30 - 0000000 ____D C:\Windows\Downloaded Installations
2012-04-08 16:17 - 2012-04-27 15:45 - 5500531 ____A C:\Users\Paul\Desktop\DSC_0203.JPG
2012-04-08 13:49 - 2012-04-22 07:24 - 0000000 ____D C:\Users\Paul\AppData\Local\OCCT
2012-04-08 13:47 - 2012-04-19 16:47 - 0000000 ____D C:\Users\Paul\Desktop\OCCTPT4.2.0
2012-04-08 09:03 - 2012-02-01 18:44 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-08 07:41 - 2012-04-28 07:00 - 0000000 ____D C:\Windows\Minidump
2012-04-08 07:41 - 2009-07-13 21:32 - 409611258 ____A C:\Windows\MEMORY.DMP
2012-04-08 07:41 - - 0274424 ____A C:\Windows\Minidump\040812-11606-01.dmp
2012-04-08 06:32 - 2012-02-09 13:32 - 0001010 ____A C:\Users\Paul\Desktop\RealTemp.lnk
2012-04-08 06:30 - 2012-04-08 05:25 - 0001135 ____A C:\Users\Paul\Desktop\cpuz_x64.lnk
2012-04-08 05:25 - 2012-02-16 06:57 - 0000000 ____D C:\Users\Paul\Desktop\cpu-z_1.60-64bits-en
2012-04-05 21:22 - 2012-04-05 17:09 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-04-05 19:34 - 2009-07-13 16:28 - 0187392 ____A C:\Windows\System32\clinfo.exe
2012-04-05 18:23 - 2012-04-05 17:11 - 0245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-04-05 18:23 - 2012-04-05 17:11 - 0245896 ____A C:\Windows\System32\atiapfxx.blb
2012-04-05 18:22 - 2012-04-05 18:23 - 0159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-04-05 18:16 - 2012-04-05 18:20 - 0442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-04-05 18:16 - 2012-04-05 18:14 - 0236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-04-05 18:16 - 2012-04-05 17:54 - 0503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-04-05 18:14 - 2012-04-05 18:16 - 0059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-04-05 18:14 - 2012-04-05 17:16 - 0120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-04-05 18:14 - 2012-04-05 17:06 - 0021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-04-05 18:14 - 2009-07-13 17:14 - 0043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-04-05 18:13 - 2012-04-05 18:21 - 6800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-04-05 18:10 - 2012-04-05 18:14 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-04-05 17:50 - 2012-04-05 17:06 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-04-05 17:35 - 2012-04-05 17:34 - 1120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 1831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-04-05 17:34 - 2012-04-05 17:29 - 4731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-04-05 17:30 - 2012-04-05 18:23 - 0044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-04-05 17:30 - 2012-04-05 17:29 - 0051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-04-05 17:30 - 2012-04-05 17:25 - 0046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-04-05 17:30 - 2009-05-12 01:05 - 0044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-04-05 17:29 - 2012-04-05 17:30 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-04-05 17:29 - 2012-04-05 17:23 - 2631008 ____A C:\Windows\System32\atiumd6a.cap
2012-04-05 17:25 - 2012-04-05 17:30 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-04-05 17:23 - 2012-04-05 17:09 - 7431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-04-05 17:21 - 2012-04-05 17:34 - 2664704 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-04-05 17:17 - 2009-07-13 12:49 - 0071680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdave64.dll
2012-04-05 17:16 - 2012-03-05 14:15 - 0067584 ____A (Advanced Micro Devices, Inc. ) C:\Windows\atisamu32.dll
2012-04-05 17:16 - 2011-12-05 19:10 - 0072704 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atisamu64.dll
2012-04-05 17:16 - 2009-07-13 13:04 - 0072704 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2012-04-05 17:11 - 2012-04-05 18:16 - 0017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-04-05 17:11 - 2012-04-05 18:14 - 0360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-04-05 17:11 - 2012-04-05 17:10 - 0014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-04-05 17:11 - 2009-07-13 17:38 - 0514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-04-05 17:10 - 2012-04-05 21:22 - 0343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-04-05 17:10 - 2012-04-05 18:13 - 0033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-04-05 17:09 - 2012-04-05 18:14 - 0044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-04-05 17:09 - 2012-04-05 17:22 - 0041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-04-05 17:09 - 2010-11-20 05:32 - 0053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-04-05 17:06 - 2012-04-05 17:11 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-04-05 17:06 - 2012-03-15 14:09 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-04-05 17:06 - 2012-03-15 14:08 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-04-05 17:06 - 2012-01-10 23:40 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-04-02 16:42 - 2012-04-29 04:58 - 0000000 ____D C:\Users\Paul\AppData\Local\IsolatedStorage
2012-04-02 16:42 - 2012-04-09 16:41 - 0000000 ____D C:\Users\Paul\AppData\Local\Futuremark_Corporation
2012-04-02 16:30 - 2012-02-16 06:46 - 0000000 ____D C:\Program Files (x86)\Futuremark
2012-04-02 16:30 - - 0001809 ____A C:\Users\Public\Desktop\3DMark 11.lnk
2012-04-02 16:29 - 2012-02-02 09:25 - 0000000 ____D C:\Program Files\Futuremark
2012-04-02 15:17 - 2010-11-20 05:27 - 0110592 ____A C:\Windows\System32\rtvcvfw32.dll
2012-04-02 15:12 - 2012-04-14 05:15 - 1053664 ____A (techPowerUp (www.techpowerup.com)) C:\Users\Paul\Desktop\GPU-Z.0.6.0.exe
2012-04-02 15:07 - 2012-02-07 11:09 - 0000000 ____D C:\Program Files (x86)\ATI Technologies
2012-04-01 16:59 - 2012-02-25 13:47 - 0000000 ____D C:\Users\Paul\Desktop\Intersection
2012-04-01 16:39 - 2012-04-01 17:04 - 56069992 ____A C:\Users\Paul\Desktop\Intersection.rar
2012-04-01 06:51 - 2010-11-20 04:18 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-04-01 06:51 - 2009-07-13 17:15 - 0016384 ____A C:\Windows\SysWOW64\FileOps.exe
2012-04-01 06:50 - 2012-04-01 06:50 - 0000000 ____D C:\Users\All Users\Adobe Systems
2012-04-01 06:50 - 2012-04-01 06:50 - 0000000 ____D C:\ProgramData\Adobe Systems
2012-04-01 06:50 - 2012-02-01 13:01 - 0000000 ____D C:\Adobe
2012-04-01 06:50 - - 0000000 ____D C:\Users\Public\Documents\Adobe PDF
2012-04-01 06:44 - 2012-04-14 18:18 - 0000000 ____D C:\Users\Paul\AppData\Roaming\DAEMON Tools Lite
2012-04-01 06:44 - 2012-04-14 18:18 - 0000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-04-01 06:44 - 2012-04-14 18:18 - 0000000 ____D C:\ProgramData\DAEMON Tools Lite
2012-03-30 03:45 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-30 03:45 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

============ 3 Months Modified Files and Folders =============

2012-04-29 08:01 - 2012-04-29 08:01 - 0000000 ____D C:\FRST
2012-04-29 04:58 - 2012-02-01 13:01 - 1865970 ____A C:\Windows\WindowsUpdate.log
2012-04-29 04:54 - 2012-02-01 13:13 - 0000000 ____D C:\Users\Paul\AppData\Roaming\.purple
2012-04-29 04:54 - 2009-07-13 21:13 - 0779722 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-29 04:19 - 2012-02-01 13:09 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-284609420-2979562961-783762858-1002UA.job
2012-04-29 04:12 - 2012-03-30 03:45 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-29 03:58 - 2009-07-13 20:45 - 0014848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-29 03:58 - 2009-07-13 20:45 - 0014848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-29 03:51 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-29 03:51 - 2009-07-13 20:51 - 0038308 ____A C:\Windows\setupact.log
2012-04-28 17:34 - 2012-04-28 17:33 - 0128864 ____A C:\Users\Paul\Desktop\report.txt
2012-04-28 17:33 - 2012-04-24 15:45 - 2074160 ____A (Kaspersky Lab ZAO) C:\Users\Paul\Desktop\TDSSKiller.exe
2012-04-28 17:32 - 2012-04-23 19:33 - 0000000 ____D C:\Users\Paul\Desktop\tdsskiller
2012-04-28 17:21 - 2012-04-15 07:40 - 0000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2012-04-28 16:49 - 2012-04-28 16:49 - 0002386 ____A C:\Users\Paul\Desktop\aswMBR.txt
2012-04-28 16:49 - 2012-04-28 16:49 - 0000512 ____A C:\Users\Paul\Desktop\MBR.dat
2012-04-28 16:41 - 2012-04-28 16:42 - 4731392 ____A (AVAST Software) C:\Users\Paul\Desktop\aswMBR.exe
2012-04-28 14:29 - 2012-02-01 16:59 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-28 13:19 - 2012-02-01 13:09 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-284609420-2979562961-783762858-1002Core.job
2012-04-28 07:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-04-27 16:32 - 2012-04-27 16:32 - 0042450 ____A C:\Users\Paul\Desktop\DxDiag.txt
2012-04-27 15:45 - 2012-02-01 13:01 - 0000174 ___SH C:\Users\Paul\Start Menu\Programs\Startup\desktop.ini
2012-04-27 15:45 - 2012-02-01 13:01 - 0000174 ___SH C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-27 15:45 - 2009-07-13 20:45 - 0420256 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-27 15:43 - 2012-02-07 11:04 - 0773446 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-27 11:00 - 2012-04-27 11:00 - 0000000 ____D C:\Program Files\DIPS64
2012-04-27 10:59 - 2012-04-27 10:59 - 0000000 ____D C:\Users\All Users\ATI
2012-04-27 10:59 - 2012-04-27 10:59 - 0000000 ____D C:\ProgramData\ATI
2012-04-27 10:59 - 2012-04-27 10:59 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-04-27 10:58 - 2012-04-13 12:51 - 0000000 ____D C:\Program Files\ATI Technologies
2012-04-25 15:46 - 2012-04-25 15:46 - 0045155 ____A C:\Users\Paul\Desktop\wowprofcost.rar
2012-04-25 15:46 - 2012-02-01 13:24 - 0000000 ____D C:\Users\Paul\AppData\Roaming\gtk-2.0
2012-04-25 15:45 - 2012-04-25 15:45 - 0036352 ____A C:\Users\Paul\Desktop\Chris Wozniak Resume.doc
2012-04-25 15:26 - 2012-04-25 15:26 - 0000775 ____A C:\Users\Paul\Desktop\MSI Afterburner.lnk
2012-04-25 15:26 - 2012-04-25 15:26 - 0000000 ____D C:\Windows\SysWOW64\directx
2012-04-24 03:30 - 2012-03-09 05:41 - 0007602 ____A C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
2012-04-23 19:34 - 2012-04-23 19:34 - 0128122 ____A C:\TDSSKiller.2.7.32.0_23.04.2012_22.34.04_log.txt
2012-04-23 19:33 - 2010-12-31 22:14 - 0002254 ____A C:\Users\Paul\Desktop\eula.txt
2012-04-22 16:00 - 2012-04-22 16:00 - 0001600 ____A C:\Users\Paul\Desktop\MonoDevelop.exe - Shortcut.lnk
2012-04-22 08:55 - 2012-04-20 16:35 - 0001268 ____A C:\Users\Paul\Desktop\Mids' Hero & Villain Designer.lnk
2012-04-22 08:36 - 2012-02-01 13:01 - 0000000 ____D C:\Users\Paul\AppData\Local\VirtualStore
2012-04-22 08:32 - 2012-04-22 06:04 - 0002148 ____A C:\Users\Paul\Desktop\City of Heroes.lnk
2012-04-22 07:24 - 2012-04-22 07:24 - 0000000 ____D C:\Users\Paul\AppData\Local\NCSoft
2012-04-22 06:04 - 2012-04-22 06:04 - 0002028 ____A C:\Users\Public\Desktop\NCsoft Launcher.lnk
2012-04-22 06:04 - 2012-04-22 06:04 - 0000000 ____D C:\Program Files (x86)\NCSoft
2012-04-22 06:04 - 2012-04-22 06:03 - 0000000 ____D C:\Users\Paul\AppData\Roaming\GetRightToGo
2012-04-22 06:04 - 2012-02-01 13:34 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-22 05:05 - 2012-04-22 05:05 - 0018772 ____A C:\Users\Paul\Desktop\escjett.png
2012-04-21 19:24 - 2012-02-07 11:10 - 0000000 ____D C:\Users\Paul\AppData\Roaming\MonoDevelop-2.8
2012-04-21 18:46 - 2012-02-07 11:09 - 0000000 ____D C:\Program Files (x86)\MonoDevelop
2012-04-21 15:51 - 2012-02-02 09:10 - 0000000 ____D C:\Users\Paul\AppData\Local\Eclipse
2012-04-21 15:51 - 2012-02-02 08:04 - 0000000 ____D C:\eclipse
2012-04-21 15:20 - 2012-02-05 07:50 - 0000000 ____D C:\Users\Paul\Desktop\PeerBlock
2012-04-21 15:20 - 2012-02-05 07:43 - 0000000 ____D C:\Users\Paul\AppData\Roaming\uTorrent
2012-04-21 11:57 - 2012-04-21 11:57 - 0019776 ____A C:\Users\Paul\Desktop\gas savings.png
2012-04-20 19:33 - 2012-04-20 19:33 - 0036207 ____A C:\Users\Paul\Desktop\555704_431597843521892_181805898501089_1851725_341562356_n.jpg
2012-04-20 16:35 - 2012-04-20 16:35 - 0000000 ____D C:\Program Files (x86)\Titan Network
2012-04-20 03:01 - 2012-03-30 03:45 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-20 03:01 - 2012-02-01 14:33 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-19 16:47 - 2012-04-19 16:47 - 0002224 ____A C:\Users\Paul\Desktop\MySQL Workbench 5.2 CE.lnk
2012-04-19 03:01 - 2012-02-01 14:08 - 0109816 ____A C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-18 18:09 - 2012-04-18 18:09 - 0000000 ____D C:\Program Files\MySQL
2012-04-18 18:09 - 2012-04-18 18:06 - 0000000 ____D C:\Program Files (x86)\MySQL
2012-04-18 18:09 - 2012-04-15 08:37 - 0000238 ____A C:\Windows\ODBCINST.INI
2012-04-18 18:06 - 2012-04-18 18:06 - 0000000 ____D C:\Users\All Users\MySQL
2012-04-18 18:06 - 2012-04-18 18:06 - 0000000 ____D C:\ProgramData\MySQL
2012-04-18 16:02 - 2012-04-18 16:02 - 27990911 ____A C:\Users\Paul\Desktop\mb_manual_ga-z68ap-d3_e.pdf
2012-04-18 16:01 - 2012-04-18 16:01 - 1137924 ____A C:\Users\Paul\Desktop\mb_manual_smart-response_e.pdf
2012-04-16 02:56 - 2009-07-13 21:08 - 0032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-15 09:35 - 2012-02-04 13:54 - 0001024 ____A C:\Windows\System32\AutoPartNt.let
2012-04-15 09:34 - 2012-02-04 13:54 - 3696480 ____A (Acronis) C:\Windows\System32\AutoPartNt.exe
2012-04-15 08:39 - 2012-04-15 08:39 - 0000000 ____D C:\Users\Paul\AppData\Roaming\MySQL
2012-04-15 07:40 - 2012-04-15 07:40 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-15 07:40 - 2012-04-15 07:40 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-04-15 07:40 - 2012-04-15 07:40 - 0000000 ____D C:\Users\All Users\Skype
2012-04-15 07:40 - 2012-04-15 07:40 - 0000000 ____D C:\ProgramData\Skype
2012-04-15 04:00 - 2012-04-14 18:14 - 0000000 ____D C:\Users\All Users\AVG2012
2012-04-15 04:00 - 2012-04-14 18:14 - 0000000 ____D C:\ProgramData\AVG2012
2012-04-15 04:00 - 2012-02-01 18:37 - 0015362 ____A C:\Windows\PFRO.log
2012-04-14 20:06 - 2012-04-14 18:12 - 0000000 ____D C:\Users\All Users\MFAData
2012-04-14 20:06 - 2012-04-14 18:12 - 0000000 ____D C:\ProgramData\MFAData
2012-04-14 20:05 - 2012-04-14 18:14 - 0000000 ___HD C:\$AVG
2012-04-14 18:18 - 2012-04-14 18:18 - 0000000 ____D C:\Users\Paul\AppData\Roaming\AVG2012
2012-04-14 18:14 - 2012-04-14 18:14 - 0000000 ____D C:\Program Files (x86)\AVG
2012-04-14 18:06 - 2012-04-14 18:06 - 0007706 ____A C:\Users\Paul\Desktop\hijackthis.log
2012-04-14 15:48 - 2012-04-14 05:15 - 0000000 ____D C:\Users\Paul\Desktop\foobar2000
2012-04-14 05:16 - 2012-04-14 05:16 - 0017987 ____A C:\Users\Paul\Desktop\good playlist.m3u
2012-04-14 05:15 - 2012-04-14 05:15 - 0080580 ____A C:\Users\Paul\Desktop\good playlist.txt
2012-04-13 19:20 - 2012-04-13 19:20 - 0000000 ____D C:\Windows\pss
2012-04-13 19:14 - 2012-02-05 07:43 - 0000000 ____D C:\Windows\System32\appmgmt
2012-04-13 19:14 - 2012-02-02 07:35 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-13 15:12 - 2012-04-13 15:12 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-13 15:12 - 2012-04-13 15:12 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-13 15:12 - 2012-04-13 15:12 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-13 15:12 - 2012-04-13 15:12 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-13 15:12 - 2012-04-13 15:12 - 0000000 ____D C:\Users\All Users\Sun
2012-04-13 15:12 - 2012-04-13 15:12 - 0000000 ____D C:\ProgramData\Sun
2012-04-13 15:12 - 2012-04-13 15:12 - 0000000 ____D C:\Program Files (x86)\Java
2012-04-13 12:52 - 2012-04-13 12:52 - 0000000 ____D C:\Program Files\Common Files\ATI Technologies
2012-04-13 12:52 - 2012-04-13 12:52 - 0000000 ____D C:\Program Files (x86)\AMD AVT
2012-04-13 12:52 - 2012-03-11 05:15 - 0000000 ____D C:\Users\All Users\AMD
2012-04-13 12:52 - 2012-03-11 05:15 - 0000000 ____D C:\ProgramData\AMD
2012-04-13 12:48 - 2012-04-02 15:07 - 0000000 ____D C:\Program Files (x86)\ATI Technologies
2012-04-13 10:28 - 2012-04-13 10:28 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-04-13 09:20 - 2012-02-01 17:01 - 0002391 ____A C:\Users\Paul\Desktop\Chrome.lnk
2012-04-11 03:28 - 2012-02-01 13:52 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-10 17:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\LiveKernelReports
2012-04-09 16:53 - 2012-04-09 16:42 - 0000000 ____D C:\Users\Paul\Heaven
2012-04-09 16:52 - 2012-04-09 16:52 - 0003408 ____A C:\Users\Paul\Desktop\unigine_20120409_1952.html
2012-04-09 16:42 - 2012-02-01 13:01 - 0000000 ____D C:\users\Paul
2012-04-09 16:41 - 2012-04-09 16:41 - 0003072 ____A C:\Users\Paul\AppData\Local\file__0.localstorage
2012-04-09 16:41 - 2012-04-09 16:40 - 0001955 ____A C:\Users\Public\Desktop\Heaven DX11 Benchmark 3.0.lnk
2012-04-09 16:40 - 2012-04-09 16:40 - 0000000 ____D C:\Program Files\Unigine
2012-04-09 16:39 - 2012-04-09 16:37 - 247453906 ____A (Unigine Corp. ) C:\Users\Paul\Desktop\Unigine_Heaven-3.0.exe
2012-04-09 15:59 - 2012-04-09 14:54 - 0000450 ____A C:\Users\Paul\Desktop\3d mark 11.txt
2012-04-09 15:23 - 2012-04-09 15:23 - 0000000 ____D C:\Program Files\ATI
2012-04-08 18:22 - 2012-04-08 18:22 - 0000740 ____A C:\Users\Public\Desktop\ASUS GPU Tweak.lnk
2012-04-08 18:20 - 2012-04-08 18:20 - 0000000 ____D C:\Windows\Downloaded Installations
2012-04-08 16:19 - 2012-04-08 16:17 - 5500531 ____A C:\Users\Paul\Desktop\DSC_0203.JPG
2012-04-08 13:49 - 2012-04-08 13:49 - 0000000 ____D C:\Users\Paul\AppData\Local\OCCT
2012-04-08 13:47 - 2012-04-08 13:47 - 0000000 ____D C:\Users\Paul\Desktop\OCCTPT4.2.0
2012-04-08 09:03 - 2012-04-08 09:03 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-08 07:41 - 2012-04-08 07:41 - 409611258 ____A C:\Windows\MEMORY.DMP
2012-04-08 07:41 - 2012-04-08 07:41 - 0274424 ____A C:\Windows\Minidump\040812-11606-01.dmp
2012-04-08 07:41 - 2012-04-08 07:41 - 0000000 ____D C:\Windows\Minidump
2012-04-08 07:36 - 2012-02-09 13:20 - 0000000 ____D C:\Users\Paul\Desktop\Prime 95
2012-04-08 06:32 - 2012-04-08 06:32 - 0001010 ____A C:\Users\Paul\Desktop\RealTemp.lnk
2012-04-08 06:30 - 2012-04-08 06:30 - 0001135 ____A C:\Users\Paul\Desktop\cpuz_x64.lnk
2012-04-08 05:25 - 2012-04-08 05:25 - 0000000 ____D C:\Users\Paul\Desktop\cpu-z_1.60-64bits-en
2012-04-05 21:22 - 2012-04-05 21:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-04-05 19:34 - 2012-04-05 19:34 - 0187392 ____A C:\Windows\System32\clinfo.exe
2012-04-05 18:23 - 2012-04-05 18:23 - 0245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-04-05 18:23 - 2012-04-05 18:23 - 0245896 ____A C:\Windows\System32\atiapfxx.blb
2012-04-05 18:22 - 2012-04-05 18:22 - 0159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-04-05 18:21 - 2012-03-08 21:16 - 0909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-04-05 18:20 - 2012-03-08 21:14 - 1067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 0503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-04-05 18:16 - 2012-04-05 18:16 - 0442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-04-05 18:16 - 2012-04-05 18:16 - 0236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-04-05 18:14 - 2012-04-05 18:14 - 0120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 0059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 0043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-04-05 18:14 - 2012-04-05 18:14 - 0021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-04-05 18:13 - 2012-04-05 18:13 - 6800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-04-05 18:10 - 2012-04-05 18:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-04-05 18:00 - 2012-03-08 19:47 - 0064000 ____A (AMD) C:\Windows\System32\coinst.dll
2012-04-05 17:54 - 2012-03-08 20:45 - 7479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-04-05 17:50 - 2012-04-05 17:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-04-05 17:35 - 2012-04-05 17:35 - 1120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 4731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-04-05 17:34 - 2012-04-05 17:34 - 1831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-04-05 17:34 - 2012-03-08 20:23 - 6203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 0051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 0046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 0044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-04-05 17:30 - 2012-04-05 17:30 - 0044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-04-05 17:29 - 2012-04-05 17:29 - 2631008 ____A C:\Windows\System32\atiumd6a.cap
2012-04-05 17:29 - 2012-04-05 17:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-04-05 17:25 - 2012-04-05 17:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-04-05 17:23 - 2012-04-05 17:23 - 7431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-04-05 17:22 - 2012-03-08 20:23 - 4795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-04-05 17:21 - 2012-04-05 17:21 - 2664704 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-04-05 17:17 - 2012-04-05 17:17 - 0071680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdave64.dll
2012-04-05 17:16 - 2012-04-05 17:16 - 0072704 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2012-04-05 17:16 - 2012-04-05 17:16 - 0072704 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atisamu64.dll
2012-04-05 17:16 - 2012-04-05 17:16 - 0067584 ____A (Advanced Micro Devices, Inc. ) C:\Windows\atisamu32.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-04-05 17:11 - 2012-04-05 17:11 - 0014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-04-05 17:10 - 2012-04-05 17:10 - 0343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-04-05 17:10 - 2012-04-05 17:10 - 0033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 0053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 0044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-04-05 17:09 - 2012-04-05 17:09 - 0041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-04-05 17:09 - 2012-03-08 19:57 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-04-05 17:09 - 2012-03-08 19:56 - 0032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-04-05 17:06 - 2012-04-05 17:06 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-04-02 16:42 - 2012-04-02 16:42 - 0000000 ____D C:\Users\Paul\AppData\Local\IsolatedStorage
2012-04-02 16:42 - 2012-04-02 16:42 - 0000000 ____D C:\Users\Paul\AppData\Local\Futuremark_Corporation
2012-04-02 16:30 - 2012-04-02 16:30 - 0001809 ____A C:\Users\Public\Desktop\3DMark 11.lnk
2012-04-02 16:30 - 2012-04-02 16:30 - 0000000 ____D C:\Program Files (x86)\Futuremark
2012-04-02 16:30 - 2012-02-01 18:48 - 0335055 ____A C:\Windows\DirectX.log
2012-04-02 16:29 - 2012-04-02 16:29 - 0000000 ____D C:\Program Files\Futuremark
2012-04-02 15:23 - 2012-02-10 11:28 - 0000000 ____D C:\Program Files (x86)\Origin
2012-04-02 15:12 - 2012-04-02 15:12 - 1053664 ____A (techPowerUp (www.techpowerup.com)) C:\Users\Paul\Desktop\GPU-Z.0.6.0.exe
2012-04-01 17:09 - 2012-02-02 07:35 - 0000000 ____D C:\Users\Paul\AppData\Local\Adobe
2012-04-01 17:04 - 2012-04-01 16:59 - 0000000 ____D C:\Users\Paul\Desktop\Intersection
2012-04-01 16:57 - 2012-04-01 16:39 - 56069992 ____A C:\Users\Paul\Desktop\Intersection.rar
2012-04-01 08:21 - 2012-02-01 13:12 - 0000000 ____D C:\Users\Paul\AppData\Roaming\Adobe
2012-04-01 06:51 - 2012-04-01 06:51 - 0000000 ____D C:\Windows\SysWOW64\Adobe
2012-04-01 06:51 - 2012-04-01 06:50 - 0000000 ____D C:\Adobe
2012-04-01 06:50 - 2012-04-01 06:50 - 0000000 ____D C:\Users\Public\Documents\Adobe PDF
2012-04-01 06:50 - 2012-04-01 06:50 - 0000000 ____D C:\Users\All Users\Adobe Systems
2012-04-01 06:50 - 2012-04-01 06:50 - 0000000 ____D C:\ProgramData\Adobe Systems
2012-04-01 06:50 - 2012-02-02 07:35 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-01 06:50 - 2012-02-02 07:35 - 0000000 ____D C:\ProgramData\Adobe
2012-04-01 06:48 - 2012-04-01 06:44 - 0000000 ____D C:\Users\Paul\AppData\Roaming\DAEMON Tools Lite
2012-04-01 06:45 - 2012-02-01 13:43 - 0564792 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
2012-04-01 06:44 - 2012-04-01 06:44 - 0000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-04-01 06:44 - 2012-04-01 06:44 - 0000000 ____D C:\ProgramData\DAEMON Tools Lite
2012-03-27 18:09 - 2012-03-27 18:08 - 0001135 ____A C:\Users\Paul\Desktop\Website.lnk
2012-03-25 09:09 - 2012-02-01 14:13 - 0000000 ____D C:\Users\Paul\AppData\Roaming\Apple Computer
2012-03-17 04:09 - 2012-02-01 13:04 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-15 22:45 - 2012-03-15 22:45 - 0204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
2012-03-15 22:45 - 2012-03-15 22:45 - 0204952 ____A C:\Windows\System32\ativvsvl.dat
2012-03-15 22:45 - 2012-03-15 22:45 - 0157144 ____A C:\Windows\SysWOW64\ativvsva.dat
2012-03-15 22:45 - 2012-03-15 22:45 - 0157144 ____A C:\Windows\System32\ativvsva.dat
2012-03-15 14:09 - 2012-03-15 14:09 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-03-15 14:09 - 2012-03-15 14:09 - 0074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-03-15 14:09 - 2012-03-15 14:09 - 0064000 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-03-15 14:09 - 2012-03-15 14:09 - 0063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-03-15 14:09 - 2012-03-15 14:09 - 0056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-03-15 14:08 - 2012-03-15 14:08 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-03-15 06:33 - 2012-03-15 06:33 - 0000000 ____D C:\Users\Paul\Desktop\gibbed
2012-03-12 06:23 - 2012-03-12 06:23 - 0323584 ____A C:\Users\Paul\Desktop\umodel.exe
2012-03-11 11:55 - 2012-03-06 04:01 - 0000000 ____D C:\Users\All Users\EA Logs
2012-03-11 11:55 - 2012-03-06 04:01 - 0000000 ____D C:\ProgramData\EA Logs
2012-03-06 04:01 - 2012-03-06 04:01 - 0000000 ____D C:\Users\All Users\EA Core
2012-03-06 04:01 - 2012-03-06 04:01 - 0000000 ____D C:\ProgramData\EA Core
2012-03-06 04:01 - 2012-02-10 11:28 - 0000000 ____D C:\Users\All Users\Electronic Arts
2012-03-06 04:01 - 2012-02-10 11:28 - 0000000 ____D C:\ProgramData\Electronic Arts
2012-03-05 22:53 - 2012-04-27 15:43 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-27 15:43 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-27 15:43 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-05 14:15 - 2012-03-05 14:15 - 0038159 ____A C:\Windows\atiogl.xml
2012-03-05 11:15 - 2012-03-05 11:15 - 0896384 ____A C:\Users\Paul\Desktop\VirtualEdge__ Offer Letter Print.pdf
2012-03-05 11:15 - 2012-03-05 11:15 - 0000000 ____D C:\Users\Paul\AppData\Roaming\PDF Writer
2012-03-05 11:15 - 2012-03-05 11:15 - 0000000 ____D C:\Users\Paul\AppData\Local\PDF Writer
2012-03-05 11:15 - 2012-03-05 11:15 - 0000000 ____D C:\Users\All Users\PDF Writer
2012-03-05 11:15 - 2012-03-05 11:15 - 0000000 ____D C:\ProgramData\PDF Writer
2012-03-05 11:12 - 2012-03-05 11:12 - 0000000 ____D C:\Program Files\Common Files\Bullzip
2012-03-04 21:48 - 2012-03-15 08:46 - 1210880 ____A C:\Users\Paul\Desktop\Mass Effect 3 Checksum Fixer.exe
2012-03-02 20:27 - 2012-03-02 18:14 - 0000000 ____D C:\Users\Paul\AppData\Roaming\Mobipocket
2012-03-02 17:25 - 2012-02-04 18:19 - 0000000 ____D C:\Users\Paul\AppData\Roaming\vlc
2012-03-02 12:17 - 2012-03-02 12:17 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-03-02 12:04 - 2012-02-10 11:28 - 0000000 ____D C:\Users\All Users\Origin
2012-03-02 12:04 - 2012-02-10 11:28 - 0000000 ____D C:\ProgramData\Origin
2012-03-02 10:50 - 2012-03-02 10:48 - 0000000 ____D C:\Users\Paul\Desktop\TreeSizeFree
2012-03-02 10:47 - 2012-02-10 11:28 - 0000000 ____D C:\Program Files (x86)\Origin Games
2012-03-01 09:38 - 2012-02-10 11:28 - 0001050 ____A C:\Windows\KB893803v2.log
2012-02-29 22:46 - 2012-04-11 03:28 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-11 03:28 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-11 03:28 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-11 03:28 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-11 03:28 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-11 03:28 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-11 03:28 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 11:04 - 2012-02-29 11:04 - 0191610 ____A C:\Users\Paul\Desktop\Deity.jpg
2012-02-29 08:51 - 2012-02-01 14:54 - 0000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2012-02-27 23:34 - 2012-04-11 03:29 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-11 03:29 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-11 03:29 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-11 03:29 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-11 03:29 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-11 03:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-11 03:29 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-11 03:29 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-11 03:29 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-11 03:29 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-11 03:29 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-11 03:29 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-11 03:29 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-11 03:29 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-11 03:29 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-11 03:29 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-11 03:29 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-11 03:29 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-11 03:29 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-11 03:29 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-11 03:29 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-11 03:29 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-11 03:29 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-11 03:29 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-11 03:29 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-11 03:29 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-25 13:47 - 2012-02-25 13:47 - 0365348 ____A C:\Users\Paul\Desktop\i think i lose.jpg
2012-02-24 20:41 - 2012-02-24 20:42 - 0774175 ____A C:\Users\Paul\Desktop\Wu Zetian_0000 BC-4000.Civ5Save
2012-02-24 08:36 - 2012-02-24 08:36 - 0134388 ____A C:\Users\Paul\Desktop\oh.jpg
2012-02-24 06:18 - 2012-02-24 06:18 - 0000000 ____D C:\Users\Paul\AppData\Roaming\Malwarebytes
2012-02-24 06:18 - 2012-02-24 06:18 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-24 06:18 - 2012-02-24 06:18 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-24 06:18 - 2012-02-24 06:18 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-23 07:18 - 2012-02-01 13:18 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 18:00 - 2012-02-22 18:00 - 0412825 ____A C:\Users\Paul\Desktop\2012-02-22_00003.jpg
2012-02-22 18:00 - 2012-02-22 18:00 - 0409680 ____A C:\Users\Paul\Desktop\2012-02-22_00002.jpg
2012-02-22 17:59 - 2012-02-22 17:59 - 0413024 ____A C:\Users\Paul\Desktop\2012-02-22_00001.jpg
2012-02-17 08:25 - 2012-02-17 08:23 - 7646724 ____A C:\Users\Paul\Desktop\09 Starstruck.m4a
2012-02-16 23:05 - 2012-03-15 08:46 - 0115736 ____A (feudalnate) C:\Users\Paul\Desktop\PackageIO.dll
2012-02-16 22:38 - 2012-03-17 04:03 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-17 04:03 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-17 04:03 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-17 04:03 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 06:57 - 2012-02-16 06:57 - 0002172 ____A C:\Users\Paul\Desktop\Civ 4 BTS.lnk
2012-02-16 06:57 - 2012-02-15 13:23 - 0000000 ____D C:\Users\Paul\AppData\Local\My Games
2012-02-16 06:46 - 2012-02-16 06:46 - 0000000 ____D C:\Users\Paul\AppData\Roaming\InstallShield
2012-02-16 06:46 - 2012-02-16 06:46 - 0000000 ____D C:\Program Files (x86)\Firaxis Games
2012-02-15 12:04 - 2012-02-15 11:56 - 0000000 ____D C:\Fraps
2012-02-15 11:56 - 2012-02-15 11:56 - 0000562 ____A C:\Users\Paul\Desktop\Fraps.lnk
2012-02-15 07:29 - 2012-02-01 14:21 - 0000000 ____D C:\Users\Paul\AppData\Local\Microsoft Help
2012-02-14 19:03 - 2012-02-14 19:03 - 0054272 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-02-14 19:03 - 2012-02-14 19:03 - 0048128 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-02-13 06:45 - 2012-02-01 14:21 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-02-13 06:45 - 2012-02-01 14:21 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-13 06:44 - 2012-02-13 06:44 - 0000000 ____D C:\Windows\PCHEALTH
2012-02-13 06:44 - 2012-02-13 06:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-02-13 06:44 - 2012-02-13 06:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2012-02-13 06:44 - 2012-02-13 06:43 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-02-13 06:44 - 2009-07-13 23:46 - 0000000 ____D C:\Windows\ShellNew
2012-02-13 06:44 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-02-13 06:44 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-02-13 06:43 - 2012-02-13 06:43 - 0000000 __RHD C:\MSOCache
2012-02-13 06:43 - 2012-02-13 06:43 - 0000000 ____D C:\Program Files\Microsoft Office
2012-02-13 06:43 - 2012-02-13 06:43 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-02-13 06:43 - 2009-07-13 18:34 - 0000478 ____N C:\Windows\win.ini
2012-02-12 12:49 - 2012-01-30 12:30 - 0000000 ____D C:\Users\Paul\Desktop\MPC-HomeCinema.1.6.0.4014.x64
2012-02-12 11:12 - 2012-02-12 11:12 - 0000000 ____D C:\Users\Paul\AppData\Roaming\ATI
2012-02-12 11:12 - 2012-02-12 11:12 - 0000000 ____D C:\Users\Paul\AppData\Local\ATI
2012-02-10 11:28 - 2012-02-10 11:28 - 0000979 ____A C:\Users\Public\Desktop\Origin.lnk
2012-02-10 11:28 - 2012-02-10 11:28 - 0000000 ____D C:\Users\Paul\AppData\Roaming\Origin
2012-02-10 11:28 - 2012-02-10 11:28 - 0000000 ____D C:\Users\Paul\AppData\Local\Origin
2012-02-09 22:36 - 2012-03-17 04:03 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-17 04:03 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 18:16 - 2012-02-09 18:16 - 0000973 ____A C:\Users\Paul\Desktop\FurMark.lnk
2012-02-09 13:32 - 2012-02-09 13:32 - 0000000 ____D C:\Users\Paul\Desktop\Real Temp
2012-02-09 13:15 - 2012-02-01 13:01 - 0000000 ____D C:\Users\Paul\AppData\LocalLow
2012-02-09 13:09 - 2012-02-09 13:09 - 0000045 ____A C:\Windows\SysWOW64\initdebug.nfo
2012-02-07 11:11 - 2012-02-07 11:11 - 0000000 ____D C:\Users\Paul\AppData\Roaming\stetic
2012-02-07 11:10 - 2012-02-07 11:10 - 0000000 ____D C:\Users\Paul\AppData\Local\MonoDevelop-2.8
2012-02-07 11:09 - 2012-02-07 11:09 - 0000000 ____D C:\Program Files\Microsoft Windows Performance Toolkit
2012-02-07 11:09 - 2012-02-07 11:09 - 0000000 ____D C:\Program Files\Microsoft SDKs
2012-02-07 11:09 - 2012-02-07 11:09 - 0000000 ____D C:\Program Files\Microsoft Help Viewer
2012-02-07 11:09 - 2012-02-07 11:09 - 0000000 ____D C:\Program Files\Debugging Tools for Windows (x64)
2012-02-07 11:09 - 2012-02-07 11:09 - 0000000 ____D C:\Program Files\Application Verifier (x64)
2012-02-07 11:09 - 2012-02-07 11:09 - 0000000 ____D C:\Program Files (x86)\Application Verifier
2012-02-07 11:08 - 2012-02-07 11:08 - 0000000 ____D C:\Windows\symbols
2012-02-07 11:08 - 2012-02-07 11:08 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-02-07 10:59 - 2012-02-07 10:59 - 0000000 ____D C:\Program Files (x86)\MSECache
2012-02-04 13:54 - 2012-02-02 09:01 - 0000000 ____D C:\Users\All Users\Acronis
2012-02-04 13:54 - 2012-02-02 09:01 - 0000000 ____D C:\ProgramData\Acronis
2012-02-04 13:53 - 2012-02-02 09:01 - 0000000 ____D C:\Users\Paul\AppData\Roaming\Acronis
2012-02-03 08:20 - 2012-02-03 08:20 - 11578722 ____A C:\Users\Paul\Desktop\6806922559_8f01d2f8a3_o.jpg
2012-02-02 20:34 - 2012-03-17 04:03 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 09:25 - 2009-07-13 23:47 - 0000000 ____D C:\Program Files\Windows Journal
2012-02-02 09:25 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-02-02 09:25 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-02-02 09:25 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-02-02 09:25 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-02-02 09:25 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-02-02 09:25 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-02-02 09:25 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-02-02 09:25 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-02-02 09:25 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-02-02 09:24 - 2009-07-13 18:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-02-02 09:24 - 2009-07-13 18:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-02-02 09:19 - 2012-02-02 09:19 - 0000000 ____D C:\Windows\System32\SPReview
2012-02-02 09:19 - 2012-02-02 09:19 - 0000000 ____D C:\Windows\System32\EventProviders
2012-02-02 09:03 - 2012-02-02 09:03 - 1263200 ____A (Acronis) C:\Windows\System32\Drivers\tdrpm273.sys
2012-02-02 09:03 - 2012-02-02 09:03 - 0943712 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-02-02 09:03 - 2012-02-02 09:03 - 0285280 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
2012-02-02 09:03 - 2012-02-02 09:03 - 0277088 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
2012-02-02 09:03 - 2012-02-02 09:03 - 0001956 ____A C:\Users\Public\Desktop\Acronis One-Click Backup.lnk
2012-02-02 09:03 - 2012-02-02 09:03 - 0000882 ____A C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
2012-02-02 09:03 - 2012-02-02 09:03 - 0000000 ____D C:\Program Files (x86)\Acronis
2012-02-02 08:20 - 2012-02-02 08:20 - 0000000 ____D C:\Program Files\Oracle
2012-02-02 08:18 - 2012-02-02 08:18 - 0188808 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-02-02 08:18 - 2012-02-02 08:18 - 0188808 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-02-02 08:07 - 2012-02-02 08:07 - 0000550 ____A C:\Users\Paul\Desktop\Eclipse.lnk
2012-02-02 07:35 - 2012-02-02 07:35 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-02-02 07:35 - 2012-02-02 07:35 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-02-02 05:44 - 2012-02-02 05:44 - 0000000 ____D C:\Windows\System32\Macromed
2012-02-02 05:44 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-02-01 18:49 - 2012-02-01 18:49 - 0000000 ____D C:\Users\Paul\AppData\Local\Chromium
2012-02-01 18:48 - 2012-02-01 14:54 - 0000000 ____D C:\Users\All Users\Hi-Rez Studios
2012-02-01 18:48 - 2012-02-01 14:54 - 0000000 ____D C:\ProgramData\Hi-Rez Studios
2012-02-01 18:44 - 2012-02-01 18:44 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf
2012-02-01 18:44 - 2012-02-01 18:44 - 0000000 ____D C:\Program Files\Microsoft IntelliPoint
2012-02-01 17:32 - 2012-02-01 17:32 - 0000000 ____D C:\Users\Paul\AppData\Roaming\JAM Software
2012-02-01 17:28 - 2012-02-01 17:28 - 0000000 ____D C:\Users\Paul\AppData\Local\Stefan_Jones
2012-02-01 17:26 - 2012-02-01 17:26 - 0000935 ____A C:\Users\Paul\Desktop\Steam.lnk
2012-02-01 17:14 - 2012-02-01 17:14 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-02-01 17:14 - 2012-02-01 17:14 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2012-02-01 14:57 - 2012-02-01 14:57 - 0001313 ____A C:\Windows\TSSysprep.log
2012-02-01 14:57 - 2009-07-13 21:01 - 0040833 ____A C:\Windows\SysWOW64\license.rtf
2012-02-01 14:57 - 2009-07-13 21:01 - 0040833 ____A C:\Windows\System32\license.rtf
2012-02-01 14:57 - 2009-07-13 20:46 - 0001774 ____A C:\Windows\DtcInstall.log
2012-02-01 14:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-02-01 14:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-01 14:56 - 2012-02-01 14:56 - 0000000 ____A C:\Windows\ativpsrm.bin
2012-02-01 14:55 - 2009-07-13 23:46 - 0000000 ____D C:\Windows\CSC
2012-02-01 14:54 - 2012-02-01 14:54 - 0002033 ____A C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2012-02-01 14:54 - 2012-02-01 14:54 - 0002024 ____A C:\Users\Public\Desktop\Tribes Ascend.lnk
2012-02-01 14:54 - 2009-07-13 21:38 - 0025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-02-01 14:54 - 2009-07-13 21:32 - 0028672 ____A C:\Windows\System32\config\BCD-Template
2012-02-01 14:49 - 2012-02-01 14:49 - 0000000 ____D C:\Users\Paul\AppData\Roaming\enchant
2012-02-01 14:33 - 2012-02-01 14:33 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-02-01 14:14 - 2012-02-01 14:14 - 0000000 ____D C:\Users\Paul\AppData\Local\Apple Computer
2012-02-01 14:13 - 2012-02-01 13:51 - 0000000 ____D C:\Users\All Users\Apple
2012-02-01 14:13 - 2012-02-01 13:51 - 0000000 ____D C:\ProgramData\Apple
2012-02-01 14:00 - 2012-02-01 13:53 - 0000000 ____D C:\Users\Paul\AppData\Roaming\Ventrilo
2012-02-01 13:59 - 2012-02-01 13:59 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-02-01 13:59 - 2012-02-01 13:59 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-02-01 13:59 - 2012-02-01 13:59 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-01 13:59 - 2012-02-01 13:59 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-02-01 13:59 - 2012-02-01 13:59 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-02-01 13:59 - 2012-02-01 13:59 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-02-01 13:59 - 2012-02-01 13:59 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-02-01 13:59 - 2012-02-01 13:59 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-02-01 13:59 - 2012-02-01 13:59 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-02-01 13:59 - 2012-02-01 13:59 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-02-01 13:59 - 2012-02-01 13:59 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-02-01 13:59 - 2012-02-01 13:59 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-02-01 13:59 - 2012-02-01 13:59 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-02-01 13:59 - 2012-02-01 13:59 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-02-01 13:59 - 2012-02-01 13:59 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-02-01 13:59 - 2012-02-01 13:59 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-02-01 13:59 - 2012-02-01 13:59 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-02-01 13:59 - 2012-02-01 13:59 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-02-01 13:59 - 2012-02-01 13:59 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-02-01 13:59 - 2012-02-01 13:59 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-02-01 13:59 - 2012-02-01 13:59 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-02-01 13:59 - 2012-02-01 13:59 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-02-01 13:59 - 2012-02-01 13:59 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-02-01 13:59 - 2012-02-01 13:59 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-02-01 13:59 - 2012-02-01 13:59 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-01 13:59 - 2012-02-01 13:57 - 0003849 ____A C:\Windows\IE9_main.log
2012-02-01 13:53 - 2012-02-01 13:53 - 0000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2012-02-01 13:53 - 2012-02-01 13:53 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-02-01 13:53 - 2012-02-01 13:53 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-02-01 13:53 - 2012-02-01 13:53 - 0000000 ____D C:\ProgramData\Apple Computer
2012-02-01 13:53 - 2012-02-01 13:53 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-02-01 13:53 - 2012-02-01 13:53 - 0000000 ____D C:\Program Files\iTunes
2012-02-01 13:53 - 2012-02-01 13:53 - 0000000 ____D C:\Program Files\iPod
2012-02-01 13:53 - 2012-02-01 13:53 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-02-01 13:52 - 2012-02-01 13:52 - 0000000 ____D C:\Users\Paul\AppData\Local\Apple
2012-02-01 13:52 - 2012-02-01 13:52 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-02-01 13:51 - 2012-02-01 13:51 - 0000000 ____D C:\Program Files\Bonjour
2012-02-01 13:51 - 2012-02-01 13:51 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-02-01 13:37 - 2012-02-01 13:37 - 0000000 ____D C:\Program Files (x86)\Renesas Electronics
2012-02-01 13:36 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-02-01 13:35 - 2012-02-01 13:34 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-02-01 13:34 - 2012-02-01 13:34 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-02-01 13:34 - 2012-02-01 13:34 - 0000000 ____D C:\Program Files\Realtek
2012-02-01 13:34 - 2012-02-01 13:34 - 0000000 ____D C:\Program Files (x86)\Intel
2012-02-01 13:34 - 2012-02-01 13:34 - 0000000 ____D C:\Intel
2012-02-01 13:17 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\restore
2012-02-01 13:13 - 2012-02-01 13:11 - 0000000 ____D C:\Program Files (x86)\Pidgin
2012-02-01 13:12 - 2012-02-01 13:12 - 0000000 ____D C:\Users\Paul\AppData\Roaming\Macromedia
2012-02-01 13:11 - 2012-02-01 13:09 - 0000000 ____D C:\Users\Paul\AppData\Local\Google
2012-02-01 13:04 - 2012-02-01 13:04 - 0000000 ____D C:\Users\Paul\AppData\Roaming\Mozilla
2012-02-01 13:04 - 2012-02-01 13:04 - 0000000 ____D C:\Users\Paul\AppData\Local\Mozilla
2012-02-01 13:01 - 2012-02-01 14:54 - 0000000 ____D C:\Windows\Panther
2012-02-01 13:01 - 2012-02-01 13:01 - 0000020 ___SH C:\Users\Paul\ntuser.ini
2012-02-01 13:01 - 2012-02-01 13:01 - 0000000 __SHD C:\Users\Paul\Templates
2012-02-01 13:01 - 2012-02-01 13:01 - 0000000 __SHD C:\Users\Paul\Start Menu
2012-02-01 13:01 - 2012-02-01 13:01 - 0000000 __SHD C:\Users\Paul\PrintHood
2012-02-01 13:01 - 2012-02-01 13:01 - 0000000 __SHD C:\Users\Paul\NetHood
2012-02-01 13:01 - 2012-02-01 13:01 - 0000000 __SHD C:\Users\Paul\My Documents
2012-02-01 13:01 - 2012-02-01 13:01 - 0000000 __SHD C:\Users\Paul\Documents\My Videos
2012-02-01 13:01 - 2012-02-01 13:01 - 0000000 __SHD C:\Users\Paul\Documents\My Pictures
2012-02-01 13:01 - 2012-02-01 13:01 - 0000000 __SHD C:\Users\Paul\Documents\My Music
2012-02-01 13:01 - 2012-02-01 13:01 - 0000000 __SHD C:\Users\Paul\AppData\Local\Temporary Internet Files
2012-02-01 13:01 - 2012-02-01 13:01 - 0000000 __SHD C:\Users\Paul\AppData\Local\History
2012-02-01 13:01 - 2012-02-01 13:01 - 0000000 __SHD C:\Recovery
2012-02-01 13:01 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-01-31 04:02 - 2012-01-31 04:02 - 0021504 ____A C:\Windows\System32\kdbsdk64.dll
2012-01-31 04:00 - 2012-01-31 04:00 - 0016896 ____A C:\Windows\SysWOW64\kdbsdk32.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8187.48 MB
Available physical RAM: 7368.9 MB
Total Pagefile: 8185.63 MB
Available Pagefile: 7364.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:111.69 GB) (Free:46.7 GB) NTFS
3 Drive d: (New Volume) (Fixed) (Total:698.64 GB) (Free:338.71 GB) NTFS
4 Drive e: (System Reserved) (Fixed) (Total:0.16 GB) (Free:0.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: () (Fixed) (Total:186.15 GB) (Free:158.05 GB) NTFS
7 Drive i: (MULTIBOOT) (Removable) (Total:7.54 GB) (Free:7.54 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 0 B
Disk 1 Online 698 GB 0 B
Disk 2 Online 186 GB 0 B
Disk 3 Online 7743 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 111 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 698 GB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D New Volume NTFS Partition 698 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 165 MB 1024 KB
Partition 2 Primary 186 GB 166 MB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E System Rese NTFS Partition 165 MB Healthy

======================================================================================================

Disk: 2
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G NTFS Partition 186 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7742 MB 1024 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I MULTIBOOT FAT32 Removable 7742 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-29 04:12

======================= End Of Log ==========================

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:50 AM

Posted 29 April 2012 - 05:26 PM

That looks okay too. Please run FixTDSS just in case.

I would like you to run this tool for me - fixTDSS

Download it to your desktop and start the program

Follow the prompts and OK any security prompts

When it is complete it will say the infection was cleared or no infection was found - let me know what it says
Posted Image
m0le is a proud member of UNITE

#9 pwoz

pwoz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 29 April 2012 - 05:58 PM

Suspicious use of kernel callback but MBR appears intact. Repair not done.
No infections were found.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:50 AM

Posted 29 April 2012 - 06:01 PM

Possible infection of drivers. Please run OTL

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Please copy the following into the Custom Scans box at the bottom

    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    
  • Now click the Run Scan button on the toolbar.
  • Let it run until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it

Post the log in the next reply.
Posted Image
m0le is a proud member of UNITE

#11 pwoz

pwoz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 29 April 2012 - 06:08 PM

OTL logfile created on: 04/29/2012 18:04:17 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Paul\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

8.00 Gb Total Physical Memory | 6.67 Gb Available Physical Memory | 83.47% Memory free
11.99 Gb Paging File | 10.15 Gb Available in Paging File | 84.61% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 46.46 Gb Free Space | 41.59% Space Free | Partition Type: NTFS
Drive E: | 698.64 Gb Total Space | 338.71 Gb Free Space | 48.48% Space Free | Partition Type: NTFS
Drive F: | 165.00 Mb Total Space | 136.86 Mb Free Space | 82.94% Space Free | Partition Type: NTFS
Drive G: | 186.15 Gb Total Space | 158.05 Gb Free Space | 84.90% Space Free | Partition Type: NTFS
Drive H: | 7.54 Gb Total Space | 7.54 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Paul\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\ASGT.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MySQL55) -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (ASGT) -- C:\Windows\SysWOW64\ASGT.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (RTCore64) -- E:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 49 11 75 9F 1E CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 07:09:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/01 16:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
[2012/04/27 06:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\n48w8or9.default\extensions
[2012/04/13 18:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/17 07:09:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/04/13 18:12:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\PAUL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N48W8OR9.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\PAUL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N48W8OR9.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\PAUL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N48W8OR9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/17 07:09:13 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/29 08:36:35 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2012/01/29 08:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 08:36:35 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2012/01/29 08:36:35 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012/01/29 08:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/01/29 08:36:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2012/01/29 08:36:35 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Paul\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Paul\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Paul\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [NCsoft] File not found
O4 - HKCU..\Run: [Pidgin] C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD9B520E-4C86-414C-BB1E-4DC67065293A}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/04 17:56:25 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/29 12:00:59 | 000,000,000 | ---D | M] - E:\Autorun -- [ NTFS ]
O33 - MountPoints2\{72f957d9-855f-11e1-a190-6cf049091be4}\Shell - "" = AutoRun
O33 - MountPoints2\{72f957d9-855f-11e1-a190-6cf049091be4}\Shell\AutoRun\command - "" = K:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/29 18:03:31 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2012/04/29 11:01:10 | 000,000,000 | ---D | C] -- C:\FRST
[2012/04/28 19:42:21 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Paul\Desktop\aswMBR.exe
[2012/04/27 18:43:25 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/27 18:43:25 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/27 18:43:25 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/27 18:41:39 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/04/27 18:41:39 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/04/27 18:41:39 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/04/27 18:41:39 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/04/27 18:41:39 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/04/27 18:41:39 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/04/27 18:41:39 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/04/27 18:41:35 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/04/27 18:41:35 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/04/27 18:41:35 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/04/27 18:41:34 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/04/27 18:41:34 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/04/27 18:41:34 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/04/27 18:41:34 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/04/27 18:41:34 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/04/27 18:41:34 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/04/27 18:41:34 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/04/27 18:41:34 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/04/27 18:41:34 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/04/27 18:41:34 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/04/27 18:41:34 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/04/27 18:41:34 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/04/27 18:41:34 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/04/27 18:41:34 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/04/27 18:41:33 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/04/27 18:41:33 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/04/27 18:41:33 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/04/27 18:41:33 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/04/27 18:41:33 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/04/27 18:41:33 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/04/27 18:41:33 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/04/27 18:41:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/04/27 18:41:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/04/27 14:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\DIPS64
[2012/04/27 13:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/04/27 13:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/04/27 13:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/04/26 20:29:41 | 000,000,000 | ---D | C] -- E:\My Documents\Guild Wars 2
[2012/04/25 18:26:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/04/25 18:26:32 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2012/04/24 18:45:52 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Paul\Desktop\TDSSKiller.exe
[2012/04/23 22:33:31 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\tdsskiller
[2012/04/22 10:24:56 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\NCSoft
[2012/04/22 09:04:48 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCsoft
[2012/04/22 09:04:25 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\assembly
[2012/04/22 09:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft
[2012/04/22 09:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSoft
[2012/04/22 09:03:58 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\GetRightToGo
[2012/04/21 22:24:18 | 000,000,000 | ---D | C] -- E:\My Documents\Projects
[2012/04/21 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MonoDevelop
[2012/04/20 19:35:50 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Titan Network
[2012/04/20 19:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Titan Network
[2012/04/18 21:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
[2012/04/18 21:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2012/04/18 21:08:41 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\temp
[2012/04/18 21:06:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
[2012/04/18 21:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MySQL
[2012/04/18 21:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MySQL
[2012/04/15 11:39:13 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\MySQL
[2012/04/15 10:40:20 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Skype
[2012/04/15 10:40:18 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/04/15 10:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/15 10:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/04/15 10:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/04/14 21:18:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/04/14 21:18:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\AVG2012
[2012/04/14 21:14:59 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/04/14 21:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/04/14 21:14:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/04/14 21:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/04/14 08:15:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\foobar2000
[2012/04/13 22:20:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/04/13 18:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/04/13 18:12:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/13 18:12:19 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/13 18:12:19 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/13 18:12:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/13 18:12:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/13 18:12:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/04/13 15:52:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/04/13 15:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/04/13 15:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/04/13 15:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/04/13 07:14:47 | 000,000,000 | ---D | C] -- E:\My Documents\credit rating
[2012/04/11 06:29:11 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/11 06:29:10 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/11 06:29:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/11 06:29:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/11 06:29:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/11 06:29:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/11 06:29:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/11 06:29:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/11 06:29:09 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/11 06:29:09 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/11 06:29:09 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/11 06:28:33 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/11 06:28:33 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/11 06:28:33 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/09 19:42:42 | 000,000,000 | ---D | C] -- C:\Users\Paul\Heaven
[2012/04/09 19:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
[2012/04/09 19:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Unigine
[2012/04/09 19:37:36 | 247,453,906 | ---- | C] (Unigine Corp. ) -- C:\Users\Paul\Desktop\Unigine_Heaven-3.0.exe
[2012/04/09 18:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/04/08 21:24:13 | 000,023,680 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\IOMap64.sys
[2012/04/08 21:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2012/04/08 21:22:16 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
[2012/04/08 21:20:41 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/04/08 16:49:20 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\OCCT
[2012/04/08 16:49:18 | 000,000,000 | ---D | C] -- E:\My Documents\OCCT
[2012/04/08 16:47:41 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\OCCTPT4.2.0
[2012/04/08 10:41:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/04/08 08:25:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\cpu-z_1.60-64bits-en
[2012/04/06 00:22:40 | 011,174,400 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2012/04/05 21:22:00 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2012/04/05 21:16:52 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2012/04/05 21:16:46 | 000,503,808 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/04/05 21:16:02 | 000,236,544 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/04/05 21:14:44 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/04/05 21:14:30 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/04/05 21:14:26 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2012/04/05 21:14:20 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2012/04/05 21:13:42 | 006,800,896 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2012/04/05 21:10:50 | 026,181,632 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2012/04/05 20:50:56 | 019,753,984 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2012/04/05 20:35:24 | 001,120,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2012/04/05 20:34:50 | 001,831,424 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2012/04/05 20:34:34 | 004,731,904 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2012/04/05 20:30:16 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2012/04/05 20:30:14 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2012/04/05 20:30:08 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2012/04/05 20:30:06 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2012/04/05 20:29:54 | 016,090,624 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2012/04/05 20:25:30 | 013,764,096 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2012/04/05 20:23:24 | 007,431,680 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2012/04/05 20:17:04 | 000,071,680 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdave64.dll
[2012/04/05 20:16:58 | 000,072,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdave32.dll
[2012/04/05 20:16:48 | 000,072,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atisamu64.dll
[2012/04/05 20:16:42 | 000,067,584 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\atisamu32.dll
[2012/04/05 20:11:28 | 000,514,560 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2012/04/05 20:11:20 | 000,360,448 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2012/04/05 20:11:06 | 000,017,408 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2012/04/05 20:11:04 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2012/04/05 20:11:04 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2012/04/05 20:11:00 | 000,041,984 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2012/04/05 20:10:52 | 000,033,280 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2012/04/05 20:10:44 | 000,343,040 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2012/04/05 20:09:48 | 000,041,984 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2012/04/05 20:09:42 | 000,044,544 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2012/04/05 20:09:02 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2012/04/05 20:06:08 | 000,054,784 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2012/04/05 20:06:08 | 000,054,784 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2012/04/05 20:06:04 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2012/04/05 20:06:04 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2012/04/02 19:44:32 | 000,000,000 | ---D | C] -- E:\My Documents\3DMark 11
[2012/04/02 19:42:59 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\IsolatedStorage
[2012/04/02 19:42:58 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Futuremark_Corporation
[2012/04/02 19:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2012/04/02 19:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[2012/04/02 19:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Futuremark
[2012/04/02 18:12:55 | 001,053,664 | ---- | C] (techPowerUp (www.techpowerup.com)) -- C:\Users\Paul\Desktop\GPU-Z.0.6.0.exe
[2012/04/02 18:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/04/01 20:08:23 | 000,000,000 | ---D | C] -- E:\My Documents\Intersection
[2012/04/01 19:59:33 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Intersection
[2012/04/01 12:18:00 | 000,000,000 | ---D | C] -- E:\My Documents\Grocery Idea
[2012/04/01 09:51:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/04/01 09:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2012/04/01 09:50:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2012/04/01 09:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2012/04/01 09:50:30 | 000,000,000 | ---D | C] -- C:\Adobe
[2012/04/01 09:44:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\DAEMON Tools Lite
[2012/04/01 09:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite

========== Files - Modified Within 30 Days ==========

[2012/04/29 18:03:34 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 18:03:34 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 18:03:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2012/04/29 18:02:23 | 000,779,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/29 18:02:23 | 000,660,536 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/29 18:02:23 | 000,121,174 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/29 17:56:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/29 17:19:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-284609420-2979562961-783762858-1002UA.job
[2012/04/29 17:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/29 16:19:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-284609420-2979562961-783762858-1002Core.job
[2012/04/28 20:33:30 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Paul\Desktop\TDSSKiller.exe
[2012/04/28 19:49:13 | 000,000,512 | ---- | M] () -- C:\Users\Paul\Desktop\MBR.dat
[2012/04/28 19:41:57 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Paul\Desktop\aswMBR.exe
[2012/04/27 18:45:05 | 000,420,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/27 18:43:19 | 000,773,446 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/25 18:46:21 | 000,045,155 | ---- | M] () -- C:\Users\Paul\Desktop\wowprofcost.rar
[2012/04/25 18:26:32 | 000,000,775 | ---- | M] () -- C:\Users\Paul\Desktop\MSI Afterburner.lnk
[2012/04/24 06:30:13 | 000,007,602 | ---- | M] () -- C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
[2012/04/22 19:00:56 | 000,001,600 | ---- | M] () -- C:\Users\Paul\Desktop\MonoDevelop.exe - Shortcut.lnk
[2012/04/22 11:55:21 | 000,001,268 | ---- | M] () -- C:\Users\Paul\Desktop\Mids' Hero & Villain Designer.lnk
[2012/04/22 11:32:50 | 000,002,148 | ---- | M] () -- C:\Users\Paul\Desktop\City of Heroes.lnk
[2012/04/22 09:04:22 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2012/04/22 08:05:52 | 000,018,772 | ---- | M] () -- C:\Users\Paul\Desktop\escjett.png
[2012/04/21 14:57:20 | 000,019,776 | ---- | M] () -- C:\Users\Paul\Desktop\gas savings.png
[2012/04/20 22:33:39 | 000,036,207 | ---- | M] () -- C:\Users\Paul\Desktop\555704_431597843521892_181805898501089_1851725_341562356_n.jpg
[2012/04/20 06:01:10 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/20 06:01:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/19 19:47:30 | 000,002,224 | ---- | M] () -- C:\Users\Paul\Desktop\MySQL Workbench 5.2 CE.lnk
[2012/04/18 21:09:20 | 000,000,238 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012/04/18 19:02:59 | 027,990,911 | ---- | M] () -- C:\Users\Paul\Desktop\mb_manual_ga-z68ap-d3_e.pdf
[2012/04/18 19:01:42 | 001,137,924 | ---- | M] () -- C:\Users\Paul\Desktop\mb_manual_smart-response_e.pdf
[2012/04/15 12:35:31 | 000,001,024 | ---- | M] () -- C:\Windows\SysNative\AutoPartNt.let
[2012/04/15 12:34:44 | 003,696,480 | ---- | M] (Acronis) -- C:\Windows\SysNative\AutoPartNt.exe
[2012/04/15 10:40:18 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/14 08:16:20 | 000,017,987 | ---- | M] () -- C:\Users\Paul\Desktop\good playlist.m3u
[2012/04/13 18:12:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/13 18:12:17 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/13 18:12:17 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/13 18:12:17 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/13 13:28:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/04/13 12:20:19 | 000,002,391 | ---- | M] () -- C:\Users\Paul\Desktop\Chrome.lnk
[2012/04/10 21:27:47 | 000,001,133 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/04/09 19:52:49 | 000,003,408 | ---- | M] () -- C:\Users\Paul\Desktop\unigine_20120409_1952.html
[2012/04/09 19:41:40 | 000,003,072 | ---- | M] () -- C:\Users\Paul\AppData\Local\file__0.localstorage
[2012/04/09 19:41:22 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Heaven DX11 Benchmark 3.0.lnk
[2012/04/09 19:39:50 | 247,453,906 | ---- | M] (Unigine Corp. ) -- C:\Users\Paul\Desktop\Unigine_Heaven-3.0.exe
[2012/04/08 21:22:18 | 000,000,740 | ---- | M] () -- C:\Users\Public\Desktop\ASUS GPU Tweak.lnk
[2012/04/08 19:19:08 | 005,500,531 | ---- | M] () -- C:\Users\Paul\Desktop\DSC_0203.JPG
[2012/04/08 12:03:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/04/08 10:41:03 | 409,611,258 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/08 09:32:12 | 000,001,010 | ---- | M] () -- C:\Users\Paul\Desktop\RealTemp.lnk
[2012/04/08 09:30:14 | 000,001,135 | ---- | M] () -- C:\Users\Paul\Desktop\cpuz_x64.lnk
[2012/04/06 00:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2012/04/05 22:34:26 | 000,187,392 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
[2012/04/05 21:23:06 | 000,245,896 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/04/05 21:23:06 | 000,245,896 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/04/05 21:22:00 | 000,159,744 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2012/04/05 21:21:52 | 000,909,312 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2012/04/05 21:20:04 | 001,067,520 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2012/04/05 21:16:52 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2012/04/05 21:16:46 | 000,503,808 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/04/05 21:16:02 | 000,236,544 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/04/05 21:14:44 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/04/05 21:14:30 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/04/05 21:14:26 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2012/04/05 21:14:20 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2012/04/05 21:13:42 | 006,800,896 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2012/04/05 21:10:50 | 026,181,632 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2012/04/05 21:00:10 | 000,064,000 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2012/04/05 20:54:46 | 007,479,296 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2012/04/05 20:50:56 | 019,753,984 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2012/04/05 20:35:24 | 001,120,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2012/04/05 20:34:50 | 001,831,424 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2012/04/05 20:34:34 | 004,731,904 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2012/04/05 20:34:04 | 006,203,392 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2012/04/05 20:30:16 | 000,051,200 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2012/04/05 20:30:14 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2012/04/05 20:30:08 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2012/04/05 20:30:06 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2012/04/05 20:29:54 | 016,090,624 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2012/04/05 20:29:34 | 002,631,008 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/04/05 20:25:30 | 013,764,096 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2012/04/05 20:23:24 | 007,431,680 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2012/04/05 20:22:54 | 004,795,904 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2012/04/05 20:21:42 | 002,664,704 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/04/05 20:17:04 | 000,071,680 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdave64.dll
[2012/04/05 20:16:58 | 000,072,704 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdave32.dll
[2012/04/05 20:16:48 | 000,072,704 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atisamu64.dll
[2012/04/05 20:16:42 | 000,067,584 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\atisamu32.dll
[2012/04/05 20:11:28 | 000,514,560 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2012/04/05 20:11:20 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2012/04/05 20:11:06 | 000,017,408 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2012/04/05 20:11:04 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2012/04/05 20:11:04 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2012/04/05 20:11:00 | 000,041,984 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2012/04/05 20:10:52 | 000,033,280 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2012/04/05 20:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2012/04/05 20:09:56 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2012/04/05 20:09:48 | 000,041,984 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2012/04/05 20:09:42 | 000,044,544 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2012/04/05 20:09:34 | 000,032,256 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2012/04/05 20:09:02 | 000,053,248 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2012/04/05 20:06:08 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2012/04/05 20:06:08 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2012/04/05 20:06:04 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2012/04/05 20:06:04 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2012/04/02 19:30:03 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2012/04/02 18:12:48 | 001,053,664 | ---- | M] (techPowerUp (www.techpowerup.com)) -- C:\Users\Paul\Desktop\GPU-Z.0.6.0.exe
[2012/04/01 19:57:28 | 056,069,992 | ---- | M] () -- C:\Users\Paul\Desktop\Intersection.rar
[2012/04/01 09:45:11 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys

========== Files Created - No Company Name ==========

[2012/04/28 19:49:13 | 000,000,512 | ---- | C] () -- C:\Users\Paul\Desktop\MBR.dat
[2012/04/25 18:46:20 | 000,045,155 | ---- | C] () -- C:\Users\Paul\Desktop\wowprofcost.rar
[2012/04/25 18:26:32 | 000,000,775 | ---- | C] () -- C:\Users\Paul\Desktop\MSI Afterburner.lnk
[2012/04/22 19:00:56 | 000,001,600 | ---- | C] () -- C:\Users\Paul\Desktop\MonoDevelop.exe - Shortcut.lnk
[2012/04/22 09:04:48 | 000,002,148 | ---- | C] () -- C:\Users\Paul\Desktop\City of Heroes.lnk
[2012/04/22 09:04:22 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2012/04/22 08:05:52 | 000,018,772 | ---- | C] () -- C:\Users\Paul\Desktop\escjett.png
[2012/04/21 14:57:20 | 000,019,776 | ---- | C] () -- C:\Users\Paul\Desktop\gas savings.png
[2012/04/20 22:33:42 | 000,036,207 | ---- | C] () -- C:\Users\Paul\Desktop\555704_431597843521892_181805898501089_1851725_341562356_n.jpg
[2012/04/20 19:35:50 | 000,001,268 | ---- | C] () -- C:\Users\Paul\Desktop\Mids' Hero & Villain Designer.lnk
[2012/04/19 19:47:30 | 000,002,224 | ---- | C] () -- C:\Users\Paul\Desktop\MySQL Workbench 5.2 CE.lnk
[2012/04/18 19:02:10 | 027,990,911 | ---- | C] () -- C:\Users\Paul\Desktop\mb_manual_ga-z68ap-d3_e.pdf
[2012/04/18 19:01:45 | 001,137,924 | ---- | C] () -- C:\Users\Paul\Desktop\mb_manual_smart-response_e.pdf
[2012/04/15 11:37:17 | 000,000,238 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/04/15 10:40:18 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/14 08:16:20 | 000,017,987 | ---- | C] () -- C:\Users\Paul\Desktop\good playlist.m3u
[2012/04/13 13:28:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/04/10 21:27:47 | 000,001,133 | ---- | C] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/04/09 19:52:49 | 000,003,408 | ---- | C] () -- C:\Users\Paul\Desktop\unigine_20120409_1952.html
[2012/04/09 19:41:40 | 000,003,072 | ---- | C] () -- C:\Users\Paul\AppData\Local\file__0.localstorage
[2012/04/09 19:40:42 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Heaven DX11 Benchmark 3.0.lnk
[2012/04/08 21:22:18 | 000,000,740 | ---- | C] () -- C:\Users\Public\Desktop\ASUS GPU Tweak.lnk
[2012/04/08 19:17:27 | 005,500,531 | ---- | C] () -- C:\Users\Paul\Desktop\DSC_0203.JPG
[2012/04/08 12:03:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/04/08 10:41:03 | 409,611,258 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/08 09:32:12 | 000,001,010 | ---- | C] () -- C:\Users\Paul\Desktop\RealTemp.lnk
[2012/04/08 09:30:14 | 000,001,135 | ---- | C] () -- C:\Users\Paul\Desktop\cpuz_x64.lnk
[2012/04/05 22:34:26 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2012/04/05 21:23:06 | 000,245,896 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/04/05 21:23:06 | 000,245,896 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/04/05 20:29:34 | 002,631,008 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/04/05 20:21:42 | 002,664,704 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/04/02 19:30:03 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2012/04/02 18:17:26 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\rtvcvfw32.dll
[2012/04/01 19:39:46 | 056,069,992 | ---- | C] () -- C:\Users\Paul\Desktop\Intersection.rar
[2012/04/01 09:51:00 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2012/04/01 09:50:44 | 000,001,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2012/04/01 09:50:44 | 000,001,753 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2012/04/01 09:50:38 | 000,001,724 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2012/04/01 09:50:31 | 000,001,706 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2012/03/16 01:45:18 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/16 01:45:18 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 08:41:13 | 000,007,602 | ---- | C] () -- C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
[2012/02/07 14:04:29 | 000,773,446 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/01 17:56:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/01 16:53:26 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/17 11:24:10 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\ASGT.exe
[2011/09/19 08:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011/09/13 04:36:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/04/29 18:04:14 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\.purple
[2012/02/04 16:53:20 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Acronis
[2012/04/14 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\AVG2012
[2012/04/01 09:48:12 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DAEMON Tools Lite
[2012/02/01 17:49:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\enchant
[2012/04/22 09:04:50 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GetRightToGo
[2012/04/25 18:46:14 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\gtk-2.0
[2012/02/01 20:32:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\JAM Software
[2012/03/02 23:27:24 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mobipocket
[2012/04/21 22:24:29 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MonoDevelop-2.8
[2012/04/15 11:39:13 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MySQL
[2012/02/10 14:28:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Origin
[2012/03/05 14:15:11 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PDF Writer
[2012/02/07 14:11:00 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\stetic
[2012/04/21 18:20:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\uTorrent
[2012/04/16 05:56:53 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 01:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< End of report >

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:50 AM

Posted 29 April 2012 - 06:12 PM

Okay, there's nothing wrong on the OTL scan for those drivers.

Everything looks A1 with respect to the nastiest infections so I think we'll run MBAM next up

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#13 pwoz

pwoz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 29 April 2012 - 07:12 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.29.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Paul :: PAUL-PC [administrator]

04/29/2012 18:18:47
mbam-log-2012-04-29 (18-18-47).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 716609
Time elapsed: 47 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:50 AM

Posted 29 April 2012 - 07:37 PM

One last crack at finding something suspicious by running the ESET online scanner

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#15 pwoz

pwoz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 29 April 2012 - 08:47 PM

No log. Said no threats found.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users