Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Expiro. System is quickly deteriorating.


  • This topic is locked This topic is locked
48 replies to this topic

#1 BCMusic

BCMusic

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:12:03 AM

Posted 17 July 2013 - 06:29 PM

I was advised to start a topic in this forum. Please refer to my previous thread located here for more information regarding what has already been done.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Steve at 18:13:39 on 2013-07-17
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8166.4641 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Windows\SysWOW64\lkads.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
C:\Users\Steve\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
L:\Program Files\Everything\Everything.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3287530&octid=CT3287530&SearchSource=61&CUI=UN76344863515266245&UM=2&UP=SP8498ED51-0E6B-42A6-ADAD-0E2B6B6CF902
uProxyOverride = localhost; 127.0.0.1; <local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
 
\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [AdobeBridge] <no file>
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Fences.lnk - C:\Program Files (x86)\Stardock\Fences\Fences.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: Sothink Flash Downloader For IE - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0F94449D-BCDB-4474-BD68-41DC433DD645} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{7D9E303D-7A1F-4CB8-BE5D-3D2305EDDCB2} : DHCPNameServer = 192.168.1.1
AppInit_DLLs= 0
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings 
 
--verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0qoy15yt.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-27 12:36; mozilla_cc@internetdownloadmanager.com; C:\Users\Steve\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2013-05-28 07:40; {ec9032c7-c20a-464f-7b0e-13a3a9e97385}; C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0qoy15yt.default\extensions
 
\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
FF - ExtSQL: 2013-06-11 01:25; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0qoy15yt.default\extensions
 
\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2013-07-02 19:00; r2d2b2g@mozilla.org; C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0qoy15yt.default\extensions\r2d2b2g@mozilla.org
FF - ExtSQL: 2013-07-11 10:06; {BAEBEF65-9289-47c5-8524-C345CC5D860D}; C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0qoy15yt.default\extensions
 
\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-4-5 56208]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-6-14 65024]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2013-2-6 57952]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-7-6 2304912]
R2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 53960]
R2 nimDNSResponder;NI mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2012-5-31 258776]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-5-12 413472]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-14 4153184]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;C:\Windows\System32\drivers\BUSB2902.sys [2009-10-30 460864]
R3 bomebus;Bome's Virtual MIDI Port Bus Service;C:\Windows\System32\drivers\bomebus.sys [2013-4-28 34376]
R3 bomemidi;Bome's Virtual MIDI Port;C:\Windows\System32\drivers\bomemidi.sys [2013-4-28 30792]
R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;C:\Windows\System32\drivers\busbwdm.sys [2009-10-30 49728]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-3-26 56960]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-3-26 79104]
R3 GMFilter Filter;GMFilter Filter;C:\Windows\System32\drivers\GMFilter.sys [2013-4-8 52080]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RDID1093;UM-1G;C:\Windows\System32\drivers\Rdwm1093.sys [2013-3-27 81920]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-26 471144]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-7-12 31232]
S1 wipckggp;wipckggp;C:\Windows\System32\drivers\wipckggp.sys [2013-7-16 49872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-4-4 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-4-4 9096]
S3 GPCIDrv;GPCIDrv;C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [2010-2-4 14376]
S3 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-5-15 166576]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-5-2 121416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-12 20992]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-14 59392]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-7-12 754584]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-27 1255736]
S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2013-2-6 137096]
S4 MassCoreNICSrv;Merging Technologies MassCore NIC service;C:\Program Files (x86)\Common Files\Merging Technologies\VS3\MassCoreNICSrv.exe [2013-4-15 43880]
S4 MTSSrv;Merging Technologies Security Server;C:\Program Files (x86)\Common Files\Merging Technologies\VS3\MTSSrv.exe [2013-4-15 300288]
S4 MTUSBSyncSrv;Merging Technologies USB Sync service;C:\Program Files (x86)\Common Files\Merging Technologies\MTUSBSync\MTUSBSyncSrv.exe [2013-4-15 29536]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 76488]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\System32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2013-07-17 02:47:11 49872 ----a-w- C:\Windows\System32\drivers\wipckggp.sys
2013-07-17 02:16:33 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66083D5C-9118-4D18-ABA8-6DABEC218C67}\offreg.dll
2013-07-17 02:15:56 941720 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{40A66D19-4D27-4831-8976-
 
1081D6A2E24E}\gapaengine.dll
2013-07-17 02:15:53 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66083D5C-9118-4D18-ABA8-
 
6DABEC218C67}\mpengine.dll
2013-07-17 02:14:30 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-07-17 02:14:20 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-07-16 09:44:46 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5372B891-FAE0-4BED-89FC-B64396562F6E}\mpengine.dll
2013-07-14 19:22:39 -------- d-----w- C:\Users\Steve\AppData\Roaming\TeamViewer
2013-07-14 18:13:05 -------- d-----w- C:\Program Files (x86)\TeamViewer
2013-07-14 14:43:15 -------- d-----w- C:\Windows\DA909E623B454BA18B58FCAEBA4BCEC9.TMP
2013-07-12 14:37:04 -------- d-----w- C:\Users\Steve\Darwinbots2
2013-07-12 13:00:32 -------- d-----w- C:\Users\Steve\AppData\Roaming\Tunngle
2013-07-12 13:00:32 -------- d-----w- C:\ProgramData\Tunngle
2013-07-12 13:00:31 31232 ----a-w- C:\Windows\System32\drivers\tap0901t.sys
2013-07-12 09:38:21 -------- d-----w- C:\Users\Steve\AppData\Roaming\WinPatrol
2013-07-12 09:38:17 -------- d-----w- C:\Program Files (x86)\BillP Studios
2013-07-12 09:37:01 -------- d-----w- C:\Program Files (x86)\ShellXView
2013-07-12 02:00:32 -------- d-----w- C:\Program Files (x86)\Fiddler2
2013-07-11 15:16:28 -------- d-----w- C:\cURL
2013-07-11 15:00:50 -------- d-----w- C:\Program Files (x86)\Common Files\SourceTec
2013-07-11 15:00:46 -------- d-----w- C:\Program Files (x86)\SourceTec
2013-07-10 05:59:08 -------- d-----w- C:\Program Files (x86)\Reveal Sound
2013-07-10 01:27:57 -------- d-----w- C:\Program Files\Speccy
2013-07-10 01:04:39 -------- d-----w- C:\Program Files (x86)\Autoruns
2013-07-09 06:52:35 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2013-07-09 04:56:05 -------- d-----w- C:\Program Files (x86)\MSI Kombustor 2.5
2013-07-09 04:50:48 -------- d-----w- C:\ProgramData\SystemRequirementsLab
2013-07-07 06:42:45 -------- d-----w- C:\Program Files (x86)\Geeks3D
2013-07-06 04:47:33 -------- d-----w- C:\Users\Steve\AppData\Local\Iron_Spine_Productions
2013-07-05 22:09:57 -------- d-----w- C:\Users\Steve\AppData\Roaming\MKKE
2013-07-05 03:39:23 -------- d-----w- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2013-07-05 03:12:37 -------- d-----w- C:\Users\Steve\AppData\Local\Skyrim
2013-07-05 03:12:31 -------- d-----w- C:\ProgramData\Steam
2013-07-04 20:36:30 -------- d-----w- C:\Users\Steve\AppData\Roaming\SpinTires
2013-07-04 07:56:20 -------- d-----w- C:\Program Files (x86)\PE Explorer
2013-07-04 07:42:42 -------- d-----w- C:\Program Files (x86)\AAMS
2013-07-03 00:00:12 -------- d-----w- C:\Users\Steve\.android
2013-07-01 20:46:26 -------- d-----w- C:\Program Files (x86)\Inkscape
2013-06-30 20:35:18 -------- d-----w- C:\Program Files (x86)\Windows Grep
2013-06-30 16:48:16 -------- d-----w- C:\Users\Steve\AppData\Local\Sony
2013-06-30 16:48:16 -------- d-----w- C:\Program Files\Sony
2013-06-30 16:48:16 -------- d-----w- C:\Program Files (x86)\Sony
2013-06-30 16:39:55 -------- d-----w- C:\Users\Steve\AppData\Roaming\avidemux
2013-06-29 09:45:35 -------- d-----w- C:\Program Files (x86)\Axialis
2013-06-29 09:32:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\Axialis
2013-06-29 09:32:07 -------- d-----w- C:\Users\Steve\AppData\Local\Axialis
2013-06-28 04:23:47 -------- d-----w- C:\Users\Steve\AppData\Roaming\Rovio
2013-06-27 06:34:22 -------- d-----w- C:\Program Files (x86)\Plugin Alliance
2013-06-27 06:34:18 -------- d-----w- C:\Program Files\Brainworx Music
2013-06-27 06:34:15 -------- d-----w- C:\Program Files (x86)\Brainworx Music
2013-06-27 01:46:36 -------- d-----w- C:\Users\Steve\AppData\Roaming\National Instruments
2013-06-27 01:45:05 -------- d-----w- C:\Users\Steve\AppData\Local\National Instruments
2013-06-27 01:40:36 -------- d-----w- C:\Program Files (x86)\HI-TECH Software
2013-06-27 01:39:19 557328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\dao\dao360.dll
2013-06-27 01:37:41 -------- d-----w- C:\Windows\System32\cvirte
2013-06-27 01:37:39 -------- d-----w- C:\Windows\SysWow64\cvirte
2013-06-27 01:37:30 -------- d-----w- C:\Program Files\National Instruments
2013-06-27 01:36:00 -------- d-----w- C:\Program Files (x86)\National Instruments
2013-06-27 01:33:52 -------- d-----w- C:\ProgramData\National Instruments
2013-06-27 00:01:19 -------- d-----w- C:\Users\Steve\AppData\Local\Unity
2013-06-26 21:29:48 -------- d-----w- C:\Program Files\Nomad Factory
2013-06-26 17:25:25 -------- d-----w- C:\Users\Steve\AppData\Roaming\Avid
2013-06-26 15:06:16 -------- d-----w- C:\Program Files (x86)\Common Files\Avid
2013-06-26 15:04:48 -------- d-----w- C:\Program Files\Avid
2013-06-25 19:57:59 -------- dc-h--w- C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2013-06-25 19:56:11 -------- dc-h--w- C:\ProgramData\{78F6A1FC-ADDE-4028-A231-7B924CE455BD}
2013-06-24 18:55:50 -------- d-----w- C:\Users\Steve\AppData\Roaming\MultiExtractor
2013-06-24 18:55:49 -------- d-----w- C:\Program Files (x86)\MultiExtractor
2013-06-24 18:51:46 -------- d-----w- C:\Program Files\OverTone Plugins PTC-2A
2013-06-24 17:39:55 -------- d-----w- C:\Windows\SysWow64\Adobe
2013-06-23 12:20:28 -------- d-----w- C:\Program Files (x86)\Avidemux 2.6
2013-06-23 11:59:24 -------- d-----w- C:\Users\Steve\AppData\Roaming\Microsoft FxCop
2013-06-23 11:32:50 1075424 ----a-w- C:\ProgramData\Microsoft\WDExpress\11.0\1033\ResourceCache.dll
2013-06-23 11:32:34 -------- d-----w- C:\Program Files (x86)\NuGet
2013-06-23 11:31:33 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2013-06-23 11:30:24 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft
2013-06-23 11:28:09 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 11.0
2013-06-23 11:26:09 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2013-06-23 11:00:18 -------- d-----w- C:\Users\Steve\locales
2013-06-23 10:57:24 -------- d-----w- C:\Program Files (x86)\MGII4.3.3
2013-06-23 10:56:58 -------- d-----w- C:\Program Files (x86)\Songtrix
2013-06-23 01:30:48 -------- d-----w- C:\Program Files (x86)\EMI
2013-06-22 21:35:51 -------- d-----w- C:\Program Files (x86)\FeedReader
2013-06-22 21:35:18 -------- d-----w- C:\Users\Steve\Lokale Einstellungen
2013-06-21 21:47:09 -------- d-----w- C:\Program Files\NTCore
2013-06-21 17:13:15 -------- d-----w- C:\Program Files (x86)\FXpansion
2013-06-21 16:58:48 -------- d-----w- C:\ProgramData\Digidesign
2013-06-21 08:00:59 -------- d-----w- C:\Users\Steve\AppData\Roaming\Trillium Lane
2013-06-21 08:00:02 -------- d-----w- C:\Program Files (x86)\Common Files\PACE Anti-Piracy
2013-06-21 07:57:53 -------- d-----w- C:\Users\Steve\AvidLogFiles
2013-06-21 07:30:36 -------- d-----w- C:\ProgramData\DigiDriver
2013-06-21 07:29:56 -------- d-----w- C:\Program Files (x86)\Avid
2013-06-21 07:18:33 -------- d-----w- C:\ProgramData\PACE
2013-06-21 07:18:30 -------- d-----w- C:\Program Files (x86)\Common Files\PACE
2013-06-21 07:15:14 23824 ----a-w- C:\Windows\System32\drivers\diginet.sys
2013-06-20 08:01:09 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-19 10:44:30 -------- d-----w- C:\Users\Steve\AppData\Local\Origin
2013-06-19 07:26:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\OBS
2013-06-19 07:26:05 -------- d-----w- C:\Program Files (x86)\OBS
2013-06-18 18:13:57 -------- d-----w- C:\Users\Steve\AppData\Roaming\Mixbus
2013-06-18 18:13:28 -------- d-----w- C:\Windows\jack
2013-06-18 18:13:18 -------- d-----w- C:\Users\Steve\AppData\Local\Mixbus
2013-06-18 18:13:17 -------- d-----w- C:\Windows\SysWow64\jack
2013-06-18 18:13:17 -------- d-----w- C:\Program Files (x86)\Mixbus
2013-06-18 18:13:17 -------- d-----w- C:\Program Files (x86)\Jackdmp_v1.9
2013-06-18 18:13:15 -------- d-----w- C:\ProgramData\Mixbus
2013-06-18 18:13:15 -------- d-----w- C:\Program Files (x86)\Jack
.
==================== Find3M  ====================
.
2013-07-17 02:47:11 127488 ----a-w- C:\Windows\SysWow64\svchost.exe
2013-07-14 22:41:38 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2013-07-06 08:51:16 219648 ----a-w- C:\Windows\SysWow64\control.exe
2013-07-06 08:49:41 1507840 ----a-w- C:\Windows\SysWow64\mmc.exe
2013-07-06 08:48:49 116224 ----a-w- C:\Windows\winhlp32.exe
2013-07-06 08:48:10 192512 ----a-w- C:\Windows\SysWow64\odbcad32.exe
2013-07-06 08:48:09 261632 ----a-w- C:\Windows\SysWow64\charmap.exe
2013-07-06 08:48:09 195072 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe
2013-07-06 08:48:09 1156096 ----a-w- C:\Windows\SysWow64\mstsc.exe
2013-07-06 08:48:08 882688 ----a-w- C:\Windows\SysWow64\calc.exe
2013-06-13 02:48:23 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-13 02:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-12 09:17:40 207872 ----a-w- C:\Windows\SysWow64\mobsync.exe
2013-06-12 09:17:19 752640 ----a-w- C:\Windows\SysWow64\osk.exe
2013-06-12 09:17:19 736256 ----a-w- C:\Windows\SysWow64\Magnify.exe
2013-06-12 09:17:19 1503744 ----a-w- C:\Windows\SysWow64\Utilman.exe
2013-06-12 06:27:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 06:27:10 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-12 06:27:07 9089416 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-10 08:02:55 151040 ----a-w- C:\Windows\SysWow64\rundll32.exe
2013-06-09 04:49:02 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-06-09 04:49:02 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-06-09 04:48:39 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 18:17:04 7444480 ----a-w- C:\Windows\SysWow64\PSP Xenon.dll
2013-06-04 18:15:08 745984 ----a-w- C:\Windows\SysWow64\PSP StereoController.dll
2013-06-04 18:15:08 663040 ----a-w- C:\Windows\SysWow64\PSP StereoEnhancer.dll
2013-06-04 18:15:08 645120 ----a-w- C:\Windows\SysWow64\PSP PseudoStereo.dll
2013-06-04 18:15:08 638464 ----a-w- C:\Windows\SysWow64\PSP StereoAnalyser.dll
2013-06-04 18:14:08 9477120 ----a-w- C:\Windows\SysWow64\PSP ClassicQex.dll
2013-06-04 18:14:08 7633920 ----a-w- C:\Windows\SysWow64\PSP preQursor.dll
2013-06-04 18:14:08 7138304 ----a-w- C:\Windows\SysWow64\PSP McQ.dll
2013-06-04 18:14:08 5129728 ----a-w- C:\Windows\SysWow64\PSP RetroQ.dll
2013-06-04 18:14:08 3877376 ----a-w- C:\Windows\SysWow64\PSP ConsoleQ.dll
2013-06-04 18:14:07 3622912 ----a-w- C:\Windows\SysWow64\PSP ClassicQ.dll
2013-06-04 17:58:17 5204992 ----a-w- C:\Windows\SysWow64\PSP MicroComp.dll
2013-06-04 17:58:17 4583424 ----a-w- C:\Windows\SysWow64\PSP MasterComp.dll
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-23 11:18:31 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2013-05-18 08:12:42 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-17 08:05:29 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-05-17 08:05:29 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-12 20:43:36 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-05-12 20:34:14 6491936 ----a-w- C:\Windows\System32\nvcpl.dll
2013-05-12 20:34:14 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-05-12 20:34:12 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-05-12 20:34:12 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-05-12 20:34:11 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 19:55:24 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-05-08 14:13:10 3165737 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-29 18:00:00 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2013-04-29 18:00:00 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2009-09-27 16:39:26 369152 --sh--w- C:\Windows\SysWOW64\avisynth.dll
2005-07-14 19:31:20 32256 --sh--w- C:\Windows\SysWOW64\AVSredirect.dll
2004-02-22 17:11:08 719872 --sh--w- C:\Windows\SysWOW64\devil.dll
2006-05-03 18:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2004-01-25 07:00:00 70656 --sh--w- C:\Windows\SysWOW64\i420vfw.dll
2007-02-21 19:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 21:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-07 06:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
2012-10-06 02:54:00 188416 --sha-r- C:\Windows\SysWOW64\winDCE32.dll
2004-01-25 07:00:00 70656 --sh--w- C:\Windows\SysWOW64\yv12vfw.dll
.
============= FINISH: 18:14:47.07 ===============
 

 



BC AdBot (Login to Remove)

 


#2 BCMusic

BCMusic
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:12:03 AM

Posted 17 July 2013 - 06:33 PM

I was advised to start a topic in this forum. Please refer to my previous thread located here for more information regarding what has already been done.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Steve at 18:13:39 on 2013-07-17
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8166.4641 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Windows\SysWOW64\lkads.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
C:\Users\Steve\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
L:\Program Files\Everything\Everything.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3287530&octid=CT3287530&SearchSource=61&CUI=UN76344863515266245&UM=2&UP=SP8498ED51-0E6B-42A6-ADAD-0E2B6B6CF902
uProxyOverride = localhost; 127.0.0.1; <local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
 
\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [AdobeBridge] <no file>
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Fences.lnk - C:\Program Files (x86)\Stardock\Fences\Fences.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: Sothink Flash Downloader For IE - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0F94449D-BCDB-4474-BD68-41DC433DD645} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{7D9E303D-7A1F-4CB8-BE5D-3D2305EDDCB2} : DHCPNameServer = 192.168.1.1
AppInit_DLLs= 0
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings 
 
--verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0qoy15yt.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-27 12:36; mozilla_cc@internetdownloadmanager.com; C:\Users\Steve\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2013-05-28 07:40; {ec9032c7-c20a-464f-7b0e-13a3a9e97385}; C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0qoy15yt.default\extensions
 
\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
FF - ExtSQL: 2013-06-11 01:25; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0qoy15yt.default\extensions
 
\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2013-07-02 19:00; r2d2b2g@mozilla.org; C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0qoy15yt.default\extensions\r2d2b2g@mozilla.org
FF - ExtSQL: 2013-07-11 10:06; {BAEBEF65-9289-47c5-8524-C345CC5D860D}; C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0qoy15yt.default\extensions
 
\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-4-5 56208]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-6-14 65024]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2013-2-6 57952]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-7-6 2304912]
R2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 53960]
R2 nimDNSResponder;NI mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2012-5-31 258776]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-5-12 413472]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-14 4153184]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;C:\Windows\System32\drivers\BUSB2902.sys [2009-10-30 460864]
R3 bomebus;Bome's Virtual MIDI Port Bus Service;C:\Windows\System32\drivers\bomebus.sys [2013-4-28 34376]
R3 bomemidi;Bome's Virtual MIDI Port;C:\Windows\System32\drivers\bomemidi.sys [2013-4-28 30792]
R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;C:\Windows\System32\drivers\busbwdm.sys [2009-10-30 49728]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-3-26 56960]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-3-26 79104]
R3 GMFilter Filter;GMFilter Filter;C:\Windows\System32\drivers\GMFilter.sys [2013-4-8 52080]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RDID1093;UM-1G;C:\Windows\System32\drivers\Rdwm1093.sys [2013-3-27 81920]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-26 471144]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-7-12 31232]
S1 wipckggp;wipckggp;C:\Windows\System32\drivers\wipckggp.sys [2013-7-16 49872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-4-4 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-4-4 9096]
S3 GPCIDrv;GPCIDrv;C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [2010-2-4 14376]
S3 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-5-15 166576]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-5-2 121416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-12 20992]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-14 59392]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-7-12 754584]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-27 1255736]
S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2013-2-6 137096]
S4 MassCoreNICSrv;Merging Technologies MassCore NIC service;C:\Program Files (x86)\Common Files\Merging Technologies\VS3\MassCoreNICSrv.exe [2013-4-15 43880]
S4 MTSSrv;Merging Technologies Security Server;C:\Program Files (x86)\Common Files\Merging Technologies\VS3\MTSSrv.exe [2013-4-15 300288]
S4 MTUSBSyncSrv;Merging Technologies USB Sync service;C:\Program Files (x86)\Common Files\Merging Technologies\MTUSBSync\MTUSBSyncSrv.exe [2013-4-15 29536]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 76488]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\System32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2013-07-17 02:47:11 49872 ----a-w- C:\Windows\System32\drivers\wipckggp.sys
2013-07-17 02:16:33 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66083D5C-9118-4D18-ABA8-6DABEC218C67}\offreg.dll
2013-07-17 02:15:56 941720 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{40A66D19-4D27-4831-8976-
 
1081D6A2E24E}\gapaengine.dll
2013-07-17 02:15:53 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66083D5C-9118-4D18-ABA8-
 
6DABEC218C67}\mpengine.dll
2013-07-17 02:14:30 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-07-17 02:14:20 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-07-16 09:44:46 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5372B891-FAE0-4BED-89FC-B64396562F6E}\mpengine.dll
2013-07-14 19:22:39 -------- d-----w- C:\Users\Steve\AppData\Roaming\TeamViewer
2013-07-14 18:13:05 -------- d-----w- C:\Program Files (x86)\TeamViewer
2013-07-14 14:43:15 -------- d-----w- C:\Windows\DA909E623B454BA18B58FCAEBA4BCEC9.TMP
2013-07-12 14:37:04 -------- d-----w- C:\Users\Steve\Darwinbots2
2013-07-12 13:00:32 -------- d-----w- C:\Users\Steve\AppData\Roaming\Tunngle
2013-07-12 13:00:32 -------- d-----w- C:\ProgramData\Tunngle
2013-07-12 13:00:31 31232 ----a-w- C:\Windows\System32\drivers\tap0901t.sys
2013-07-12 09:38:21 -------- d-----w- C:\Users\Steve\AppData\Roaming\WinPatrol
2013-07-12 09:38:17 -------- d-----w- C:\Program Files (x86)\BillP Studios
2013-07-12 09:37:01 -------- d-----w- C:\Program Files (x86)\ShellXView
2013-07-12 02:00:32 -------- d-----w- C:\Program Files (x86)\Fiddler2
2013-07-11 15:16:28 -------- d-----w- C:\cURL
2013-07-11 15:00:50 -------- d-----w- C:\Program Files (x86)\Common Files\SourceTec
2013-07-11 15:00:46 -------- d-----w- C:\Program Files (x86)\SourceTec
2013-07-10 05:59:08 -------- d-----w- C:\Program Files (x86)\Reveal Sound
2013-07-10 01:27:57 -------- d-----w- C:\Program Files\Speccy
2013-07-10 01:04:39 -------- d-----w- C:\Program Files (x86)\Autoruns
2013-07-09 06:52:35 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2013-07-09 04:56:05 -------- d-----w- C:\Program Files (x86)\MSI Kombustor 2.5
2013-07-09 04:50:48 -------- d-----w- C:\ProgramData\SystemRequirementsLab
2013-07-07 06:42:45 -------- d-----w- C:\Program Files (x86)\Geeks3D
2013-07-06 04:47:33 -------- d-----w- C:\Users\Steve\AppData\Local\Iron_Spine_Productions
2013-07-05 22:09:57 -------- d-----w- C:\Users\Steve\AppData\Roaming\MKKE
2013-07-05 03:39:23 -------- d-----w- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2013-07-05 03:12:37 -------- d-----w- C:\Users\Steve\AppData\Local\Skyrim
2013-07-05 03:12:31 -------- d-----w- C:\ProgramData\Steam
2013-07-04 20:36:30 -------- d-----w- C:\Users\Steve\AppData\Roaming\SpinTires
2013-07-04 07:56:20 -------- d-----w- C:\Program Files (x86)\PE Explorer
2013-07-04 07:42:42 -------- d-----w- C:\Program Files (x86)\AAMS
2013-07-03 00:00:12 -------- d-----w- C:\Users\Steve\.android
2013-07-01 20:46:26 -------- d-----w- C:\Program Files (x86)\Inkscape
2013-06-30 20:35:18 -------- d-----w- C:\Program Files (x86)\Windows Grep
2013-06-30 16:48:16 -------- d-----w- C:\Users\Steve\AppData\Local\Sony
2013-06-30 16:48:16 -------- d-----w- C:\Program Files\Sony
2013-06-30 16:48:16 -------- d-----w- C:\Program Files (x86)\Sony
2013-06-30 16:39:55 -------- d-----w- C:\Users\Steve\AppData\Roaming\avidemux
2013-06-29 09:45:35 -------- d-----w- C:\Program Files (x86)\Axialis
2013-06-29 09:32:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\Axialis
2013-06-29 09:32:07 -------- d-----w- C:\Users\Steve\AppData\Local\Axialis
2013-06-28 04:23:47 -------- d-----w- C:\Users\Steve\AppData\Roaming\Rovio
2013-06-27 06:34:22 -------- d-----w- C:\Program Files (x86)\Plugin Alliance
2013-06-27 06:34:18 -------- d-----w- C:\Program Files\Brainworx Music
2013-06-27 06:34:15 -------- d-----w- C:\Program Files (x86)\Brainworx Music
2013-06-27 01:46:36 -------- d-----w- C:\Users\Steve\AppData\Roaming\National Instruments
2013-06-27 01:45:05 -------- d-----w- C:\Users\Steve\AppData\Local\National Instruments
2013-06-27 01:40:36 -------- d-----w- C:\Program Files (x86)\HI-TECH Software
2013-06-27 01:39:19 557328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\dao\dao360.dll
2013-06-27 01:37:41 -------- d-----w- C:\Windows\System32\cvirte
2013-06-27 01:37:39 -------- d-----w- C:\Windows\SysWow64\cvirte
2013-06-27 01:37:30 -------- d-----w- C:\Program Files\National Instruments
2013-06-27 01:36:00 -------- d-----w- C:\Program Files (x86)\National Instruments
2013-06-27 01:33:52 -------- d-----w- C:\ProgramData\National Instruments
2013-06-27 00:01:19 -------- d-----w- C:\Users\Steve\AppData\Local\Unity
2013-06-26 21:29:48 -------- d-----w- C:\Program Files\Nomad Factory
2013-06-26 17:25:25 -------- d-----w- C:\Users\Steve\AppData\Roaming\Avid
2013-06-26 15:06:16 -------- d-----w- C:\Program Files (x86)\Common Files\Avid
2013-06-26 15:04:48 -------- d-----w- C:\Program Files\Avid
2013-06-25 19:57:59 -------- dc-h--w- C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2013-06-25 19:56:11 -------- dc-h--w- C:\ProgramData\{78F6A1FC-ADDE-4028-A231-7B924CE455BD}
2013-06-24 18:55:50 -------- d-----w- C:\Users\Steve\AppData\Roaming\MultiExtractor
2013-06-24 18:55:49 -------- d-----w- C:\Program Files (x86)\MultiExtractor
2013-06-24 18:51:46 -------- d-----w- C:\Program Files\OverTone Plugins PTC-2A
2013-06-24 17:39:55 -------- d-----w- C:\Windows\SysWow64\Adobe
2013-06-23 12:20:28 -------- d-----w- C:\Program Files (x86)\Avidemux 2.6
2013-06-23 11:59:24 -------- d-----w- C:\Users\Steve\AppData\Roaming\Microsoft FxCop
2013-06-23 11:32:50 1075424 ----a-w- C:\ProgramData\Microsoft\WDExpress\11.0\1033\ResourceCache.dll
2013-06-23 11:32:34 -------- d-----w- C:\Program Files (x86)\NuGet
2013-06-23 11:31:33 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2013-06-23 11:30:24 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft
2013-06-23 11:28:09 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 11.0
2013-06-23 11:26:09 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2013-06-23 11:00:18 -------- d-----w- C:\Users\Steve\locales
2013-06-23 10:57:24 -------- d-----w- C:\Program Files (x86)\MGII4.3.3
2013-06-23 10:56:58 -------- d-----w- C:\Program Files (x86)\Songtrix
2013-06-23 01:30:48 -------- d-----w- C:\Program Files (x86)\EMI
2013-06-22 21:35:51 -------- d-----w- C:\Program Files (x86)\FeedReader
2013-06-22 21:35:18 -------- d-----w- C:\Users\Steve\Lokale Einstellungen
2013-06-21 21:47:09 -------- d-----w- C:\Program Files\NTCore
2013-06-21 17:13:15 -------- d-----w- C:\Program Files (x86)\FXpansion
2013-06-21 16:58:48 -------- d-----w- C:\ProgramData\Digidesign
2013-06-21 08:00:59 -------- d-----w- C:\Users\Steve\AppData\Roaming\Trillium Lane
2013-06-21 08:00:02 -------- d-----w- C:\Program Files (x86)\Common Files\PACE Anti-Piracy
2013-06-21 07:57:53 -------- d-----w- C:\Users\Steve\AvidLogFiles
2013-06-21 07:30:36 -------- d-----w- C:\ProgramData\DigiDriver
2013-06-21 07:29:56 -------- d-----w- C:\Program Files (x86)\Avid
2013-06-21 07:18:33 -------- d-----w- C:\ProgramData\PACE
2013-06-21 07:18:30 -------- d-----w- C:\Program Files (x86)\Common Files\PACE
2013-06-21 07:15:14 23824 ----a-w- C:\Windows\System32\drivers\diginet.sys
2013-06-20 08:01:09 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-19 10:44:30 -------- d-----w- C:\Users\Steve\AppData\Local\Origin
2013-06-19 07:26:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\OBS
2013-06-19 07:26:05 -------- d-----w- C:\Program Files (x86)\OBS
2013-06-18 18:13:57 -------- d-----w- C:\Users\Steve\AppData\Roaming\Mixbus
2013-06-18 18:13:28 -------- d-----w- C:\Windows\jack
2013-06-18 18:13:18 -------- d-----w- C:\Users\Steve\AppData\Local\Mixbus
2013-06-18 18:13:17 -------- d-----w- C:\Windows\SysWow64\jack
2013-06-18 18:13:17 -------- d-----w- C:\Program Files (x86)\Mixbus
2013-06-18 18:13:17 -------- d-----w- C:\Program Files (x86)\Jackdmp_v1.9
2013-06-18 18:13:15 -------- d-----w- C:\ProgramData\Mixbus
2013-06-18 18:13:15 -------- d-----w- C:\Program Files (x86)\Jack
.
==================== Find3M  ====================
.
2013-07-17 02:47:11 127488 ----a-w- C:\Windows\SysWow64\svchost.exe
2013-07-14 22:41:38 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2013-07-06 08:51:16 219648 ----a-w- C:\Windows\SysWow64\control.exe
2013-07-06 08:49:41 1507840 ----a-w- C:\Windows\SysWow64\mmc.exe
2013-07-06 08:48:49 116224 ----a-w- C:\Windows\winhlp32.exe
2013-07-06 08:48:10 192512 ----a-w- C:\Windows\SysWow64\odbcad32.exe
2013-07-06 08:48:09 261632 ----a-w- C:\Windows\SysWow64\charmap.exe
2013-07-06 08:48:09 195072 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe
2013-07-06 08:48:09 1156096 ----a-w- C:\Windows\SysWow64\mstsc.exe
2013-07-06 08:48:08 882688 ----a-w- C:\Windows\SysWow64\calc.exe
2013-06-13 02:48:23 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-13 02:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-12 09:17:40 207872 ----a-w- C:\Windows\SysWow64\mobsync.exe
2013-06-12 09:17:19 752640 ----a-w- C:\Windows\SysWow64\osk.exe
2013-06-12 09:17:19 736256 ----a-w- C:\Windows\SysWow64\Magnify.exe
2013-06-12 09:17:19 1503744 ----a-w- C:\Windows\SysWow64\Utilman.exe
2013-06-12 06:27:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 06:27:10 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-12 06:27:07 9089416 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-10 08:02:55 151040 ----a-w- C:\Windows\SysWow64\rundll32.exe
2013-06-09 04:49:02 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-06-09 04:49:02 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-06-09 04:48:39 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 18:17:04 7444480 ----a-w- C:\Windows\SysWow64\PSP Xenon.dll
2013-06-04 18:15:08 745984 ----a-w- C:\Windows\SysWow64\PSP StereoController.dll
2013-06-04 18:15:08 663040 ----a-w- C:\Windows\SysWow64\PSP StereoEnhancer.dll
2013-06-04 18:15:08 645120 ----a-w- C:\Windows\SysWow64\PSP PseudoStereo.dll
2013-06-04 18:15:08 638464 ----a-w- C:\Windows\SysWow64\PSP StereoAnalyser.dll
2013-06-04 18:14:08 9477120 ----a-w- C:\Windows\SysWow64\PSP ClassicQex.dll
2013-06-04 18:14:08 7633920 ----a-w- C:\Windows\SysWow64\PSP preQursor.dll
2013-06-04 18:14:08 7138304 ----a-w- C:\Windows\SysWow64\PSP McQ.dll
2013-06-04 18:14:08 5129728 ----a-w- C:\Windows\SysWow64\PSP RetroQ.dll
2013-06-04 18:14:08 3877376 ----a-w- C:\Windows\SysWow64\PSP ConsoleQ.dll
2013-06-04 18:14:07 3622912 ----a-w- C:\Windows\SysWow64\PSP ClassicQ.dll
2013-06-04 17:58:17 5204992 ----a-w- C:\Windows\SysWow64\PSP MicroComp.dll
2013-06-04 17:58:17 4583424 ----a-w- C:\Windows\SysWow64\PSP MasterComp.dll
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-23 11:18:31 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2013-05-18 08:12:42 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-17 08:05:29 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-05-17 08:05:29 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-12 20:43:36 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-05-12 20:34:14 6491936 ----a-w- C:\Windows\System32\nvcpl.dll
2013-05-12 20:34:14 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-05-12 20:34:12 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-05-12 20:34:12 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-05-12 20:34:11 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 19:55:24 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-05-08 14:13:10 3165737 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-29 18:00:00 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2013-04-29 18:00:00 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2009-09-27 16:39:26 369152 --sh--w- C:\Windows\SysWOW64\avisynth.dll
2005-07-14 19:31:20 32256 --sh--w- C:\Windows\SysWOW64\AVSredirect.dll
2004-02-22 17:11:08 719872 --sh--w- C:\Windows\SysWOW64\devil.dll
2006-05-03 18:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2004-01-25 07:00:00 70656 --sh--w- C:\Windows\SysWOW64\i420vfw.dll
2007-02-21 19:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 21:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-07 06:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
2012-10-06 02:54:00 188416 --sha-r- C:\Windows\SysWOW64\winDCE32.dll
2004-01-25 07:00:00 70656 --sh--w- C:\Windows\SysWOW64\yv12vfw.dll
.
============= FINISH: 18:14:47.07 ===============
 

 



#3 BCMusic

BCMusic
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:12:03 AM

Posted 17 July 2013 - 06:36 PM

So sorry for the double posts. Chrome was throwing server errors at me. Please delete this one.



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 18 July 2013 - 02:02 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 BCMusic

BCMusic
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:12:03 AM

Posted 18 July 2013 - 08:05 AM

TB-Psychotic

 

Thank you for assisting me with this issue. I would first like to post a couple relevant replies of mine from a previous thread in the "Am I Infected" forum so that you can better understand the issue and assist me accordingly. I am doing this so that there will be enough information about what is going on.

 

 

Apologies if my thread title is a bit alarmist. I understand that others have problems that need attention, however I also understand that some problems are simply more severe than others. This virus is infecting a bunch of my programs as well as opening connections to random .RU TLDs. I ran OmniPeek yesterday to check my network activity and noticed some very suspicious connections coming from my computer to randomly-named Russian servers. I just ran it again while I type and see no such connections at this time. I downloaded Microsoft Security Essentials and it detected right away many infected applications. I also run WinPatrol and am being notified every time a program has become infected. Running WinPatrol and MSE seems to have sped the virus up somehow and it is literally out of control. MSE is cleaning/quarantining crucial system applications (explorer, svchost, etc.) and I am scared of what it's doing. MSE and WinPatrol go nuts every time I click OK on a dialog box so I've not touched anything since.

 

 

I am in desperate need of help, so I am bumping this thread with an update.

 

I believe this virus has infected msiexec as I can't install anything with an MSI extension. Not sure about EXE files, but if me not being able to run SystemChecker is any indication, then that is also true as well. So far I have found that It has affected WinRAR, 7Zip, and according to MSE, it has also infected critical system files such as svchost, explorer, and a number of other critical/non-critical system files. If MSE has detected that explorer.exe and others are indeed infected and have been cleaned/quarantined, then upon restarting the system like it has advised me to do, wouldn't it make the system unusable?

 

 

MBAR log:

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
 
Database version: v2013.07.18.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Steve :: STEVE-PC [administrator]
 
7/18/2013 7:37:49 AM
mbar-log-2013-07-18 (07-37-49).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 325276
Time elapsed: 14 minute(s), 40 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS|DeleteFlag (Trojan.ZeroAccess) -> Data: 1 -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
c:\Windows\SysWOW64\svchost.exe (FakeMS) -> No action taken.
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 18 July 2013 - 08:33 AM

You have a really nasty virus that infects critical system files.

Expiro is a pain - hopefully, we get it removed.

 

 

Fix with Malwarebytes Anti-Rootkit

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.

When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.

Send the mbar-log.txt along with an update on machine behavior.

 

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 BCMusic

BCMusic
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:12:03 AM

Posted 18 July 2013 - 09:14 AM

Marius,

 

I am posting this from another computer. The infected PC will not boot after using MBAR. After the Starting Windows splash screen goes away, I only see a cursor  and it just sits there. I would like to add that I do not have any form of repair/recovery discs at my disposal. If it comes to that, the only way I would be able to access the system is through a Linux LiveUSB (my disc drives do not work at the moment.) I have a 4GB flash drive in case it helps.



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 18 July 2013 - 09:29 AM

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 BCMusic

BCMusic
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:12:03 AM

Posted 18 July 2013 - 10:03 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by SYSTEM on 18-07-2013 09:40:34
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [ (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [1563720 2013-06-01] (Malwarebytes Corporation)
HKLM-x32\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [] -  [x]
HKU\Steve\...\Run: [Steam] - "C:\Program Files (x86)\Steam\steam.exe" -silent [1673128 2013-07-12] (Valve Corporation)
HKU\Steve\...\Run: [AdobeBridge] -  [x]
HKU\Steve\...\Run: [Spotify Web Helper] - "C:\Users\Steve\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-07-10] (Spotify Ltd)
HKU\Steve\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [423144 2013-04-26] (BillP Studios)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
AlternateShell: 
 
==================== Services (Whitelisted) =================
 
S4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137096 2013-02-06] ()
S2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-12] (Brio)
S2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)
S2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)
S4 MassCoreNICSrv; C:\Program Files (x86)\Common Files\Merging Technologies\VS3\MassCoreNICSrv.exe [43880 2013-04-15] (Merging Technologies S.A.)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S4 MTSSrv; C:\Program Files (x86)\Common Files\Merging Technologies\VS3\MTSSrv.exe [300288 2013-06-14] (CHAOS!)
S4 MTUSBSyncSrv; C:\Program Files (x86)\Common Files\Merging Technologies\MTUSBSync\MTUSBSyncSrv.exe [29536 2013-04-15] (Merging Technologies S.A.)
S2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)
S2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)
S2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-08] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [754584 2013-06-24] (Tunngle.net GmbH)
S2 WinDefend; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57952 2013-02-06] (Advanced Micro Devices)
S2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57952 2013-02-06] (Advanced Micro Devices)
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
S3 bomebus; C:\Windows\System32\DRIVERS\bomebus.sys [34376 2010-10-12] (Bome Software)
S3 bomemidi; C:\Windows\System32\drivers\bomemidi.sys [30792 2010-10-12] (Bome Software)
S3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 GMFilter Filter; C:\Windows\System32\Drivers\GMFilter.sys [52080 2007-08-21] (Game)
S3 GMFilter Filter; C:\Windows\SysWow64\Drivers\GMFilter.sys [27648 2007-08-21] (Game)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-07-18] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-07-18] ()
S3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-07-18] (Malwarebytes Corporation)
S3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-07-18] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RDID1093; C:\Windows\System32\Drivers\rdwm1093.sys [81920 2009-09-17] (Roland Corporation)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-07-04] ()
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-07-04] ()
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]
S1 wipckggp; \??\C:\Windows\system32\drivers\wipckggp.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-18 09:40 - 2013-07-18 09:40 - 00000000 ____D C:\FRST
2013-07-18 05:38 - 2013-07-18 05:38 - 00162008 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-07-18 05:38 - 2013-07-18 05:38 - 00036680 _____ C:\Windows\System32\Drivers\mbamchameleon.sys
2013-07-18 04:37 - 2013-07-18 05:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-18 04:34 - 2013-07-18 04:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-18 04:33 - 2013-07-18 05:54 - 00000000 ____D C:\Users\Steve\Desktop\mbar
2013-07-18 04:32 - 2013-07-18 04:32 - 13399154 _____ C:\Users\Steve\Downloads\mbar-1.06.0.1004.zip
2013-07-17 15:14 - 2013-07-17 15:24 - 00031565 _____ C:\Users\Steve\Desktop\dds.txt
2013-07-17 15:14 - 2013-07-17 15:20 - 00008330 _____ C:\Users\Steve\Desktop\attach.txt
2013-07-17 15:10 - 2013-07-17 15:11 - 00688992 ____R (Swearware) C:\Users\Steve\Downloads\dds.com
2013-07-17 13:56 - 2013-07-17 14:21 - 00166638 _____ C:\Users\Steve\Desktop\Rkill.txt
2013-07-17 13:56 - 2013-07-17 13:56 - 00000000 ____D C:\Users\Steve\Desktop\rkill
2013-07-17 04:51 - 2013-07-17 04:51 - 01836672 _____ (Bleeping Computer, LLC) C:\Users\Steve\Downloads\rkill.exe
2013-07-17 04:51 - 2013-07-17 04:51 - 00003377 _____ C:\Users\Steve\Desktop\vir.txt
2013-07-17 04:50 - 2013-07-17 04:50 - 00662345 _____ C:\Users\Steve\Downloads\adwcleaner.exe
2013-07-16 18:17 - 2013-07-16 18:17 - 46593440 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\EIE10_EN-US_MSE_Win764.EXE
2013-07-16 18:15 - 2013-07-16 18:15 - 00001945 _____ C:\Windows\epplauncher.mif
2013-07-16 18:14 - 2013-07-16 18:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-16 18:14 - 2013-07-16 18:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-16 18:13 - 2013-07-16 18:13 - 13475464 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\mseinstall.exe
2013-07-16 03:43 - 2013-07-16 03:43 - 45605943 _____ C:\Users\Steve\Downloads\10071_b2671_trunk-cuda_r58311_w64.7z
2013-07-15 08:10 - 2013-07-15 02:26 - 01770496 _____ C:\Users\Steve\Desktop\Borderlands 2 Verification Tool.exe
2013-07-15 08:09 - 2013-07-15 08:09 - 00895871 _____ C:\Users\Steve\Downloads\Borderlands.2.Updater-ONLiNE.rar
2013-07-14 18:04 - 2013-07-14 18:04 - 00031320 _____ C:\Users\Steve\Downloads\000000004839.mid
2013-07-14 11:22 - 2013-07-14 11:26 - 00000000 ____D C:\Users\Steve\AppData\Roaming\TeamViewer
2013-07-14 10:13 - 2013-07-14 10:13 - 00001166 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-07-14 10:13 - 2013-07-14 10:13 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-07-14 10:08 - 2013-07-14 10:08 - 05451264 _____ (TeamViewer GmbH) C:\Users\Steve\Downloads\TeamViewer_Setup_en.exe
2013-07-14 06:43 - 2013-07-14 06:43 - 00000000 ____D C:\Windows\DA909E623B454BA18B58FCAEBA4BCEC9.TMP
2013-07-13 08:10 - 2013-07-13 08:10 - 00071170 _____ C:\Users\Steve\Downloads\RAM Example.ms9
2013-07-12 11:29 - 2013-07-12 11:31 - 00006591 _____ C:\Users\Steve\Desktop\netstat.txt
2013-07-12 11:08 - 2013-07-12 11:08 - 00007692 _____ C:\Windows\hworks64.INI
2013-07-12 01:38 - 2013-07-12 01:38 - 00000000 ____D C:\Users\Steve\AppData\Roaming\WinPatrol
2013-07-12 01:38 - 2013-07-12 01:38 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-07-12 01:37 - 2013-07-12 01:41 - 00000000 ____D C:\Program Files (x86)\ShellXView
2013-07-12 01:36 - 2013-07-12 01:36 - 00064685 _____ C:\Users\Steve\Downloads\shexview.zip
2013-07-11 07:16 - 2013-07-16 10:22 - 00000000 ____D C:\cURL
2013-07-11 07:16 - 2013-07-11 07:16 - 00650592 _____ C:\Users\Steve\Downloads\curl-7.31.0-win64-ssl-sspi.zip
2013-07-11 07:02 - 2013-07-11 07:02 - 00073203 _____ C:\Users\Steve\Downloads\swfcatcherChrome.crx
2013-07-11 07:00 - 2013-07-11 07:01 - 00000000 ____D C:\Program Files (x86)\SourceTec
2013-07-10 11:57 - 2013-07-10 11:57 - 07401344 _____ C:\Users\Steve\Downloads\npp.6.4.2.Installer.exe
2013-07-10 00:05 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 00:05 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 00:05 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 00:05 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 00:05 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 00:05 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 00:05 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 00:05 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 00:05 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 00:05 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 00:05 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 00:05 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 00:05 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 00:05 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 00:05 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 00:05 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 00:05 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 00:05 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 00:05 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 00:05 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 00:05 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 17:27 - 2013-07-09 17:27 - 05126104 _____ (Piriform Ltd) C:\Users\Steve\Downloads\spsetup122.exe
2013-07-09 17:27 - 2013-07-09 17:27 - 00000796 _____ C:\Users\Public\Desktop\Speccy.lnk
2013-07-09 17:27 - 2013-07-09 17:27 - 00000000 ____D C:\Program Files\Speccy
2013-07-09 17:04 - 2013-07-09 17:04 - 00550151 _____ C:\Users\Steve\Downloads\Autoruns.zip
2013-07-09 17:04 - 2013-07-09 17:04 - 00000000 ____D C:\Program Files (x86)\Autoruns
2013-07-09 17:00 - 2013-07-09 17:00 - 00127860 _____ C:\Users\Steve\Downloads\memtest86+-4.20.usb.installer.zip
2013-07-09 13:18 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-09 13:18 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-09 13:18 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 13:18 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-09 13:18 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 13:18 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 13:18 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-09 06:42 - 2013-07-09 06:42 - 00001009 _____ C:\Users\Public\Desktop\Reaktor 5.lnk
2013-07-08 23:20 - 2013-07-08 23:20 - 00000982 _____ C:\Users\Public\Desktop\Borderlands 2.lnk
2013-07-08 22:52 - 2013-07-08 22:52 - 00001090 _____ C:\Users\Steve\Desktop\MSI Afterburner.lnk
2013-07-08 22:52 - 2013-07-08 22:52 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-07-08 22:48 - 2013-07-08 22:49 - 15569364 _____ C:\Users\Steve\Downloads\MSIAfterburnerSetup300Beta10.zip
2013-07-08 20:57 - 2013-07-08 20:57 - 01344480 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Steve\Downloads\GPU-Z.0.7.2.exe
2013-07-08 20:56 - 2013-07-17 09:16 - 00000000 ____D C:\Program Files (x86)\MSI Kombustor 2.5
2013-07-08 20:56 - 2013-07-08 20:56 - 00001096 _____ C:\Users\Steve\Desktop\MSI Kombustor 2.5.lnk
2013-07-08 20:54 - 2013-07-08 20:55 - 14184772 _____ (MSI Co., LTD                                                ) C:\Users\Steve\Downloads\MSI_Kombustor_Setup_2.5.2.exe
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\Windows\Sun
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-07-07 16:36 - 2013-07-07 16:36 - 01066858 _____ C:\Users\Steve\Downloads\p64v2511.zip
2013-07-07 16:34 - 2013-07-07 16:34 - 00000930 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2013-07-07 16:33 - 2013-07-07 16:33 - 01117848 _____ (                                                            ) C:\Users\Steve\Downloads\hwmonitor_1.23-setup.exe
2013-07-06 22:42 - 2013-07-06 22:42 - 03931189 _____ (Geeks3D.com                                                 ) C:\Users\Steve\Downloads\FurMark_1.9.2.exe
2013-07-06 22:42 - 2013-07-06 22:42 - 00000000 ____D C:\Program Files (x86)\Geeks3D
2013-07-05 20:52 - 2013-07-05 20:52 - 00178234 _____ C:\Users\Steve\Downloads\coalesce-r89_b114.zip
2013-07-05 20:47 - 2013-07-05 20:47 - 00000000 ____D C:\Users\Steve\AppData\Local\Iron_Spine_Productions
2013-07-05 14:10 - 2013-07-05 14:10 - 00001053 _____ C:\Users\Steve\Desktop\Mortal Kombat Komplete Edition.lnk
2013-07-05 14:09 - 2013-07-05 14:10 - 00000000 ____D C:\Users\Steve\AppData\Roaming\MKKE
2013-07-04 23:23 - 2013-07-04 23:25 - 00000361 _____ C:\Users\Steve\d3d_antilag.log
2013-07-04 23:21 - 2013-07-04 23:21 - 00008211 _____ C:\Users\Steve\Downloads\FPS Limiter-34-V1-01.rar
2013-07-04 19:39 - 2013-07-17 21:47 - 00000000 ____D C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2013-07-04 19:38 - 2015-07-24 18:24 - 00000000 ____D C:\Users\Steve\Downloads\Guru3D.com
2013-07-04 19:38 - 2013-07-04 19:38 - 02841613 _____ (Igor Pavlov) C:\Users\Steve\Downloads\RivaTuner224c-[Guru3D.com].exe
2013-07-04 19:12 - 2013-07-04 19:12 - 00001009 _____ C:\Users\Steve\Desktop\Play The Elder Scrolls V Skyrim.lnk
2013-07-04 19:12 - 2013-07-04 19:12 - 00000000 ____D C:\Users\Steve\AppData\Local\Skyrim
2013-07-04 19:12 - 2013-07-04 19:12 - 00000000 ____D C:\ProgramData\Steam
2013-07-03 23:56 - 2013-07-03 23:56 - 00000000 ____D C:\Program Files (x86)\PE Explorer
2013-07-02 16:00 - 2013-07-02 16:00 - 00000000 ____D C:\Users\Steve\.android
2013-07-02 15:52 - 2013-07-02 15:53 - 50859583 _____ C:\Users\Steve\Downloads\r2d2b2g-windows.xpi
2013-07-01 13:41 - 2013-07-01 13:41 - 00000750 _____ C:\Users\Steve\AppData\Local\recently-used.xbel
2013-07-01 12:47 - 2013-07-01 12:47 - 00000000 ____D C:\Users\Steve\Downloads\InkscapePortable
2013-07-01 12:46 - 2013-07-01 12:46 - 00000000 ____D C:\Program Files (x86)\Inkscape
2013-07-01 12:44 - 2013-07-01 12:45 - 39289640 _____ (PortableApps.com) C:\Users\Steve\Downloads\InkscapePortable_0.48.4-1.paf.exe
2013-06-30 12:35 - 2013-06-30 12:40 - 00000000 ____D C:\Program Files (x86)\Windows Grep
2013-06-30 12:34 - 2013-06-30 12:35 - 00742893 _____ (                                                            ) C:\Users\Steve\Downloads\WindowsGrep23.exe
2013-06-30 08:51 - 2013-06-30 08:51 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Publish Providers
2013-06-30 08:48 - 2013-06-30 08:51 - 00000000 ____D C:\Users\Steve\AppData\Local\Sony
2013-06-30 08:48 - 2013-06-30 08:48 - 00001038 _____ C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk
2013-06-30 08:48 - 2013-06-30 08:48 - 00000000 ____D C:\ProgramData\Sony
2013-06-30 08:48 - 2013-06-30 08:48 - 00000000 ____D C:\Program Files\Sony
2013-06-30 08:48 - 2013-06-30 08:48 - 00000000 ____D C:\Program Files (x86)\Sony
2013-06-30 08:47 - 2013-06-30 09:20 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Sony
2013-06-30 08:39 - 2013-06-30 08:44 - 00000000 ____D C:\Users\Steve\AppData\Roaming\avidemux
2013-06-29 01:45 - 2013-06-29 01:45 - 00000000 ____D C:\Program Files (x86)\Axialis
2013-06-29 01:32 - 2013-06-29 01:50 - 00000000 ____D C:\Users\Steve\AppData\Local\Axialis
2013-06-29 01:32 - 2013-06-29 01:32 - 00000000 ___RD C:\Users\Steve\Documents\Axialis Librarian
2013-06-29 01:32 - 2013-06-29 01:32 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Axialis
2013-06-28 08:44 - 2013-06-28 08:44 - 00001296 _____ C:\Users\Steve\Desktop\BFBC2.lnk
2013-06-27 20:23 - 2013-06-27 20:23 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Rovio
2013-06-26 17:40 - 2013-06-26 17:40 - 00000000 ____D C:\ProgramData\Macrovision
2013-06-26 17:40 - 2013-06-26 17:40 - 00000000 ____D C:\Program Files (x86)\HI-TECH Software
2013-06-26 17:39 - 2013-06-26 17:39 - 00000000 ____D C:\Users\Public\Documents\National Instruments
2013-06-26 17:37 - 2013-06-26 17:37 - 00000000 ____D C:\Windows\SysWOW64\cvirte
2013-06-26 17:37 - 2013-06-26 17:37 - 00000000 ____D C:\Windows\System32\cvirte
2013-06-26 17:37 - 2013-06-26 17:37 - 00000000 ____D C:\Program Files\National Instruments
2013-06-26 17:36 - 2013-06-26 17:40 - 00000000 ____D C:\Program Files (x86)\National Instruments
2013-06-26 17:33 - 2013-06-26 17:43 - 00000000 ____D C:\ProgramData\National Instruments
2013-06-26 16:01 - 2013-06-26 16:01 - 00643592 _____ (Unity Technologies ApS) C:\Users\Steve\Downloads\UnityWebPlayer.exe
2013-06-26 16:01 - 2013-06-26 16:01 - 00000000 ____D C:\Users\Steve\AppData\Local\Unity
2013-06-25 11:59 - 2013-06-25 11:59 - 00001014 _____ C:\Users\Public\Desktop\Kontakt 5.lnk
2013-06-25 11:57 - 2013-06-25 11:57 - 00001059 _____ C:\Users\Public\Desktop\Service Center.lnk
2013-06-25 11:57 - 2013-06-25 11:57 - 00000000 __HDC C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2013-06-25 11:56 - 2013-06-25 11:59 - 00000000 __HDC C:\ProgramData\{78F6A1FC-ADDE-4028-A231-7B924CE455BD}
2013-06-25 10:14 - 2013-06-25 11:09 - 482726384 _____ C:\Users\Steve\Downloads\K503.rar
2013-06-24 10:55 - 2013-06-24 10:56 - 00000000 ____D C:\Program Files (x86)\MultiExtractor
2013-06-24 10:55 - 2013-06-24 10:55 - 00000000 ____D C:\Users\Steve\AppData\Roaming\MultiExtractor
2013-06-24 09:39 - 2013-06-24 09:39 - 07872648 _____ (Adobe Systems Inc.) C:\Users\Steve\Downloads\Shockwave_Installer_Slim.exe
2013-06-24 09:39 - 2013-06-24 09:39 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-06-24 06:20 - 2013-07-17 17:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-23 15:47 - 2013-06-23 15:51 - 00001456 _____ C:\Users\Steve\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-06-23 04:20 - 2013-06-23 04:20 - 00001041 _____ C:\Users\Public\Desktop\Avidemux 2.6 (32-bit).lnk
2013-06-23 04:20 - 2013-06-23 04:20 - 00000000 ____D C:\Program Files (x86)\Avidemux 2.6
2013-06-23 04:19 - 2013-06-23 04:19 - 22805174 _____ C:\Users\Steve\Downloads\avidemux_2.6.4_win32.exe
2013-06-23 03:59 - 2013-06-23 03:59 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft FxCop
2013-06-23 03:43 - 2013-06-23 03:43 - 00407941 _____ C:\Users\Steve\Downloads\MidiServices.zip
2013-06-23 03:39 - 2013-06-23 03:39 - 01181112 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\patch_KB2781514.exe
2013-06-23 03:32 - 2013-06-23 03:32 - 00000000 ____D C:\Program Files (x86)\NuGet
2013-06-23 03:31 - 2013-06-23 03:31 - 00000000 ____D C:\Windows\symbols
2013-06-23 03:28 - 2013-06-23 03:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2013-06-23 03:19 - 2013-06-23 03:23 - 637313024 _____ C:\Users\Steve\Downloads\VS2012_WDX_ENU.iso
2013-06-23 03:15 - 2013-06-23 03:15 - 00889416 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\dotNetFx40_Full_setup.exe
2013-06-23 03:00 - 2013-06-23 03:00 - 00000000 ____D C:\Users\Steve\locales
2013-06-23 02:57 - 2011-01-03 18:52 - 00000000 ____D C:\Program Files (x86)\MGII4.3.3
2013-06-23 02:56 - 2013-06-23 02:56 - 03912250 _____ C:\Users\Steve\Downloads\Windows.zip
2013-06-22 17:30 - 2013-06-24 10:57 - 00000000 ____D C:\Program Files (x86)\EMI
2013-06-21 16:05 - 2013-06-21 16:21 - 1832799715 _____ C:\Users\Steve\Downloads\Pro_Tools_10.3.5_Win.zip
2013-06-21 13:48 - 2013-06-21 13:48 - 00748246 _____ (                                                            ) C:\Users\Steve\Downloads\reshack_setup.exe
2013-06-21 13:48 - 2013-06-21 13:48 - 00000000 ____D C:\Program Files (x86)\Resource Hacker
2013-06-21 13:47 - 2013-06-21 13:47 - 00000000 ____D C:\Users\Public\Documents\Explorer Suite Signatures
2013-06-21 13:47 - 2013-06-21 13:47 - 00000000 ____D C:\Program Files\NTCore
2013-06-21 13:46 - 2013-06-21 13:46 - 03613174 _____ (                                                            ) C:\Users\Steve\Downloads\ExplorerSuite.exe
2013-06-21 09:32 - 2013-06-21 09:32 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-21 08:58 - 2013-06-21 08:58 - 00000000 ____D C:\ProgramData\Digidesign
2013-06-21 00:04 - 2013-06-21 07:11 - 00000000 ____D C:\Windows\System32\Tasks\Leader Technologies
2013-06-21 00:04 - 2013-06-21 00:04 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Leadertech
2013-06-21 00:00 - 2013-06-21 00:00 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Trillium Lane
2013-06-20 23:30 - 2013-06-20 23:30 - 00000000 ____D C:\ProgramData\DigiDriver
2013-06-20 23:29 - 2013-06-21 16:49 - 00000000 ____D C:\Program Files (x86)\Avid
2013-06-20 23:18 - 2013-06-20 23:18 - 00000000 ____D C:\ProgramData\PACE
2013-06-20 23:15 - 2013-03-02 23:57 - 00023824 _____ (Avid Technology, Inc.) C:\Windows\System32\Drivers\diginet.sys
2013-06-20 22:57 - 2013-06-21 07:58 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Download Manager
2013-06-20 13:12 - 2013-06-20 13:12 - 00000000 ____D C:\Users\Steve\Documents\discoDSP
2013-06-20 11:06 - 2013-06-20 11:16 - 00000000 ____D C:\Users\Steve\Documents\BFBC2
2013-06-20 00:01 - 2013-06-12 18:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-20 00:01 - 2013-06-12 18:43 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-20 00:01 - 2013-06-12 18:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-20 00:01 - 2013-06-12 18:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-20 00:00 - 2013-06-20 00:01 - 00004802 _____ C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 02:44 - 2013-06-19 02:44 - 00000000 ____D C:\Users\Steve\AppData\Local\Origin
2013-06-19 02:43 - 2013-06-19 02:43 - 00000534 _____ C:\Users\Public\Desktop\Origin.lnk
2013-06-19 02:42 - 2013-06-19 02:42 - 16959688 _____ (Electronic Arts, Inc.) C:\Users\Steve\Downloads\OriginThinSetup.exe
2013-06-19 02:31 - 2013-06-19 02:31 - 00272409 _____ C:\Windows\SysWOW64\TmpA327115376
2013-06-18 23:26 - 2013-07-17 09:20 - 00000000 ____D C:\Program Files (x86)\OBS
2013-06-18 23:26 - 2013-06-18 23:26 - 00000939 _____ C:\Users\Steve\Desktop\OBS.lnk
2013-06-18 23:26 - 2013-06-18 23:26 - 00000000 ____D C:\Users\Steve\AppData\Roaming\OBS
2013-06-18 23:24 - 2013-06-18 23:24 - 06815170 _____ C:\Users\Steve\Downloads\OBS_0_522b_Installer.exe
2013-06-18 10:22 - 2013-06-18 10:22 - 00000218 _____ C:\Users\Steve\.recently-used.xbel
2013-06-18 10:16 - 2013-06-18 10:16 - 00000000 ____D C:\Users\Steve\AppData\Roaming\gtk-2.0
2013-06-18 10:14 - 2013-06-18 10:22 - 00000000 ____D C:\Users\Steve\Documents\Test
 
==================== One Month Modified Files and Folders =======
 
2015-07-24 18:24 - 2013-07-04 19:38 - 00000000 ____D C:\Users\Steve\Downloads\Guru3D.com
2013-07-18 06:03 - 2012-10-12 01:32 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-18 05:56 - 2013-04-26 05:57 - 00119296 _____ C:\Windows\SysWOW64\zlib.dll
2013-07-18 05:55 - 2012-10-12 01:46 - 00172208 _____ C:\Windows\PFRO.log
2013-07-18 05:54 - 2013-07-18 04:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-18 05:54 - 2013-07-18 04:33 - 00000000 ____D C:\Users\Steve\Desktop\mbar
2013-07-18 05:38 - 2013-07-18 05:38 - 00162008 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-07-18 05:38 - 2013-07-18 05:38 - 00036680 _____ C:\Windows\System32\Drivers\mbamchameleon.sys
2013-07-18 05:27 - 2013-05-20 00:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-18 05:12 - 2012-10-12 01:33 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-18 04:47 - 2012-10-12 01:18 - 01501151 _____ C:\Windows\WindowsUpdate.log
2013-07-18 04:34 - 2013-07-18 04:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-18 04:32 - 2013-07-18 04:32 - 13399154 _____ C:\Users\Steve\Downloads\mbar-1.06.0.1004.zip
2013-07-18 02:53 - 2013-03-28 20:53 - 00000356 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-07-17 23:54 - 2009-07-13 20:45 - 00019792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 23:54 - 2009-07-13 20:45 - 00019792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 21:57 - 2013-04-05 03:53 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.2
2013-07-17 21:49 - 2013-06-22 13:35 - 00000000 ____D C:\Program Files (x86)\FeedReader
2013-07-17 21:49 - 2013-04-01 10:16 - 00000000 ____D C:\Program Files (x86)\Exam Formatter
2013-07-17 21:48 - 2013-04-21 12:04 - 00000000 ____D C:\Program Files (x86)\HD Tune Pro
2013-07-17 21:47 - 2013-07-04 19:39 - 00000000 ____D C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2013-07-17 21:47 - 2013-05-27 09:36 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2013-07-17 21:13 - 2013-04-28 06:39 - 00000000 ____D C:\Program Files\GAMES
2013-07-17 21:13 - 2013-04-25 20:39 - 00000000 ____D C:\Program Files\Fragmentarium
2013-07-17 21:13 - 2013-04-21 00:01 - 00000000 ____D C:\Program Files (x86)\Tunatic
2013-07-17 21:13 - 2013-04-05 09:25 - 00000000 ____D C:\Program Files (x86)\Tricky Truck
2013-07-17 21:13 - 2013-04-02 23:58 - 00000000 ____D C:\Program Files (x86)\Vector Magic
2013-07-17 21:13 - 2013-04-02 09:02 - 00000000 ____D C:\Program Files (x86)\Beat Hazard Ultra
2013-07-17 21:13 - 2013-04-02 08:46 - 00000000 ____D C:\Program Files (x86)\Spotydl
2013-07-17 21:13 - 2013-03-30 03:54 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2013-07-17 21:13 - 2013-03-26 22:29 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2013-07-17 20:46 - 2013-05-28 13:33 - 00000000 ____D C:\Program Files\JBridge
2013-07-17 20:46 - 2013-05-05 15:36 - 00000000 ____D C:\Program Files\Window Detective
2013-07-17 19:12 - 2012-10-12 01:33 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-17 17:37 - 2013-06-24 06:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-17 15:24 - 2013-07-17 15:14 - 00031565 _____ C:\Users\Steve\Desktop\dds.txt
2013-07-17 15:20 - 2013-07-17 15:14 - 00008330 _____ C:\Users\Steve\Desktop\attach.txt
2013-07-17 15:11 - 2013-07-17 15:10 - 00688992 ____R (Swearware) C:\Users\Steve\Downloads\dds.com
2013-07-17 14:21 - 2013-07-17 13:56 - 00166638 _____ C:\Users\Steve\Desktop\Rkill.txt
2013-07-17 13:56 - 2013-07-17 13:56 - 00000000 ____D C:\Users\Steve\Desktop\rkill
2013-07-17 11:21 - 2013-07-17 11:21 - 01376768 _____ C:\Users\Steve\Downloads\7z920-x64.msi
2013-07-17 09:20 - 2013-06-18 23:26 - 00000000 ____D C:\Program Files (x86)\OBS
2013-07-17 09:20 - 2013-05-22 02:15 - 00000000 ____D C:\Program Files (x86)\GeoControl2
2013-07-17 09:16 - 2013-07-08 20:56 - 00000000 ____D C:\Program Files (x86)\MSI Kombustor 2.5
2013-07-17 04:56 - 2013-07-17 04:55 - 00891022 _____ C:\Users\Steve\Downloads\SecurityCheck.exe
2013-07-17 04:51 - 2013-07-17 04:51 - 01836672 _____ (Bleeping Computer, LLC) C:\Users\Steve\Downloads\rkill.exe
2013-07-17 04:51 - 2013-07-17 04:51 - 00003377 _____ C:\Users\Steve\Desktop\vir.txt
2013-07-17 04:50 - 2013-07-17 04:50 - 00662345 _____ C:\Users\Steve\Downloads\adwcleaner.exe
2013-07-16 18:47 - 2013-06-14 06:37 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-16 18:40 - 2013-03-27 02:55 - 00007603 _____ C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
2013-07-16 18:34 - 2013-05-01 09:19 - 00000000 ____D C:\Users\Steve\Documents\Visual Studio 2012
2013-07-16 18:30 - 2013-04-14 21:32 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-07-16 18:17 - 2013-07-16 18:17 - 46593440 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\EIE10_EN-US_MSE_Win764.EXE
2013-07-16 18:15 - 2013-07-16 18:15 - 00001945 _____ C:\Windows\epplauncher.mif
2013-07-16 18:14 - 2013-07-16 18:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-16 18:14 - 2013-07-16 18:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-16 18:13 - 2013-07-16 18:13 - 13475464 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\mseinstall.exe
2013-07-16 10:22 - 2013-07-11 07:16 - 00000000 ____D C:\cURL
2013-07-16 03:43 - 2013-07-16 03:43 - 45605943 _____ C:\Users\Steve\Downloads\10071_b2671_trunk-cuda_r58311_w64.7z
2013-07-15 11:04 - 2013-03-27 01:54 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-15 06:26 - 2013-04-14 21:00 - 00000132 _____ C:\Users\Steve\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-07-14 14:41 - 2012-10-12 01:25 - 00069960 _____ C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-14 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2013-07-14 14:39 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-14 14:39 - 2009-07-13 20:51 - 00034117 _____ C:\Windows\setupact.log
2013-07-14 11:26 - 2013-07-14 11:22 - 00000000 ____D C:\Users\Steve\AppData\Roaming\TeamViewer
2013-07-14 10:13 - 2013-07-14 10:13 - 00001166 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-07-14 10:13 - 2013-07-14 10:13 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-07-14 10:08 - 2013-07-14 10:08 - 05451264 _____ (TeamViewer GmbH) C:\Users\Steve\Downloads\TeamViewer_Setup_en.exe
2013-07-14 06:43 - 2013-07-14 06:43 - 00000000 ____D C:\Windows\DA909E623B454BA18B58FCAEBA4BCEC9.TMP
2013-07-14 06:42 - 2013-03-26 22:34 - 00471823 _____ C:\Windows\DirectX.log
2013-07-14 01:58 - 2013-06-04 06:11 - 00000000 ____D C:\Program Files\Recuva
2013-07-13 11:55 - 2012-10-12 01:20 - 00000000 ____D C:\users\Steve
2013-07-13 10:57 - 2013-05-01 15:56 - 00002054 _____ C:\Users\Steve\Desktop\Blender.lnk
2013-07-13 08:10 - 2013-07-13 08:10 - 00071170 _____ C:\Users\Steve\Downloads\RAM Example.ms9
2013-07-12 19:07 - 2012-10-12 01:33 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 19:07 - 2012-10-12 01:33 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 11:31 - 2013-07-12 11:29 - 00006591 _____ C:\Users\Steve\Desktop\netstat.txt
2013-07-12 11:08 - 2013-07-12 11:08 - 00007692 _____ C:\Windows\hworks64.INI
2013-07-12 01:45 - 2013-03-28 03:11 - 00000000 ____D C:\Users\Steve\AppData\Local\Conduit
2013-07-12 01:41 - 2013-07-12 01:37 - 00000000 ____D C:\Program Files (x86)\ShellXView
2013-07-12 01:38 - 2013-07-12 01:38 - 00000000 ____D C:\Users\Steve\AppData\Roaming\WinPatrol
2013-07-12 01:38 - 2013-07-12 01:38 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-07-12 01:38 - 2013-03-28 00:09 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-12 01:36 - 2013-07-12 01:36 - 00064685 _____ C:\Users\Steve\Downloads\shexview.zip
2013-07-11 18:53 - 2013-07-11 18:01 - 00000000 ____D C:\Users\Steve\Documents\Fiddler2
2013-07-11 18:00 - 2013-07-11 18:00 - 00767312 _____ (Telerik) C:\Users\Steve\Downloads\fiddler4setup.exe
2013-07-11 18:00 - 2013-07-11 18:00 - 00000000 ____D C:\Program Files (x86)\Fiddler2
2013-07-11 17:37 - 2013-07-11 17:37 - 00018065 _____ C:\Users\Steve\Downloads\httparchive_schema.sql
2013-07-11 07:25 - 2013-07-11 07:25 - 00000000 ____D C:\Users\Steve\Desktop\darkambient.wav
2013-07-11 07:16 - 2013-07-11 07:16 - 00650592 _____ C:\Users\Steve\Downloads\curl-7.31.0-win64-ssl-sspi.zip
2013-07-11 07:02 - 2013-07-11 07:02 - 00073203 _____ C:\Users\Steve\Downloads\swfcatcherChrome.crx
2013-07-11 07:01 - 2013-07-11 07:00 - 00000000 ____D C:\Program Files (x86)\SourceTec
2013-07-10 20:05 - 2013-03-26 21:06 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Spotify
2013-07-10 11:58 - 2013-04-14 21:32 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Notepad++
2013-07-10 11:57 - 2013-07-10 11:57 - 07401344 _____ C:\Users\Steve\Downloads\npp.6.4.2.Installer.exe
2013-07-10 07:24 - 2013-03-27 23:42 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-10 05:36 - 2013-03-26 21:06 - 00000000 ____D C:\Users\Steve\AppData\Local\Spotify
2013-07-10 05:05 - 2013-05-07 00:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 05:05 - 2013-05-07 00:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 04:28 - 2009-07-13 23:46 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 04:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 04:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 00:07 - 2013-05-20 00:40 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-09 17:27 - 2013-07-09 17:27 - 05126104 _____ (Piriform Ltd) C:\Users\Steve\Downloads\spsetup122.exe
2013-07-09 17:27 - 2013-07-09 17:27 - 00000796 _____ C:\Users\Public\Desktop\Speccy.lnk
2013-07-09 17:27 - 2013-07-09 17:27 - 00000000 ____D C:\Program Files\Speccy
2013-07-09 17:04 - 2013-07-09 17:04 - 00550151 _____ C:\Users\Steve\Downloads\Autoruns.zip
2013-07-09 17:04 - 2013-07-09 17:04 - 00000000 ____D C:\Program Files (x86)\Autoruns
2013-07-09 17:02 - 2013-04-28 06:32 - 00000000 ____D C:\Windows\pss
2013-07-09 17:01 - 2013-07-09 17:01 - 00000000 ____D C:\Users\Steve\Desktop\FRST
2013-07-09 17:00 - 2013-07-09 17:00 - 00127860 _____ C:\Users\Steve\Downloads\memtest86+-4.20.usb.installer.zip
2013-07-09 06:42 - 2013-07-09 06:42 - 00001009 _____ C:\Users\Public\Desktop\Reaktor 5.lnk
2013-07-09 06:42 - 2013-05-30 08:11 - 00000000 __HDC C:\ProgramData\{F92C204F-6C39-4D56-B100-EC929C871966}
2013-07-09 06:40 - 2013-05-24 01:06 - 00000000 ____D C:\Program Files (x86)\VSTPlugIns
2013-07-09 01:06 - 2013-03-28 20:49 - 00000000 ____D C:\Users\Steve\AppData\Roaming\vlc
2013-07-08 22:52 - 2013-07-08 22:52 - 00001090 _____ C:\Users\Steve\Desktop\MSI Afterburner.lnk
2013-07-08 22:52 - 2013-07-08 22:52 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-07-08 22:49 - 2013-07-08 22:48 - 15569364 _____ C:\Users\Steve\Downloads\MSIAfterburnerSetup300Beta10.zip
2013-07-08 20:57 - 2013-07-08 20:57 - 01344480 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Steve\Downloads\GPU-Z.0.7.2.exe
2013-07-08 20:56 - 2013-07-08 20:56 - 00001096 _____ C:\Users\Steve\Desktop\MSI Kombustor 2.5.lnk
2013-07-08 20:55 - 2013-07-08 20:54 - 14184772 _____ (MSI Co., LTD                                                ) C:\Users\Steve\Downloads\MSI_Kombustor_Setup_2.5.2.exe
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\Windows\Sun
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-07-08 20:50 - 2012-10-12 01:37 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-07-07 16:34 - 2013-07-07 16:34 - 00000930 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2013-07-07 16:34 - 2013-03-26 22:28 - 00000000 ____D C:\Program Files\CPUID
2013-07-07 16:33 - 2013-07-07 16:33 - 01117848 _____ (                                                            ) C:\Users\Steve\Downloads\hwmonitor_1.23-setup.exe
2013-07-07 16:32 - 2013-03-26 22:36 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-07-06 22:42 - 2013-07-06 22:42 - 03931189 _____ (Geeks3D.com                                                 ) C:\Users\Steve\Downloads\FurMark_1.9.2.exe
2013-07-06 22:42 - 2013-07-06 22:42 - 00000000 ____D C:\Program Files (x86)\Geeks3D
2013-07-06 04:46 - 2013-03-31 06:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 14:10 - 2013-07-05 14:10 - 00001053 _____ C:\Users\Steve\Desktop\Mortal Kombat Komplete Edition.lnk
2013-07-05 14:10 - 2013-07-05 14:09 - 00000000 ____D C:\Users\Steve\AppData\Roaming\MKKE
2013-07-04 23:25 - 2013-07-04 23:23 - 00000361 _____ C:\Users\Steve\d3d_antilag.log
2013-07-04 23:21 - 2013-07-04 23:21 - 00008211 _____ C:\Users\Steve\Downloads\FPS Limiter-34-V1-01.rar
2013-07-04 19:38 - 2013-07-04 19:38 - 02841613 _____ (Igor Pavlov) C:\Users\Steve\Downloads\RivaTuner224c-[Guru3D.com].exe
2013-07-04 19:12 - 2013-07-04 19:12 - 00001009 _____ C:\Users\Steve\Desktop\Play The Elder Scrolls V Skyrim.lnk
2013-07-04 19:12 - 2013-07-04 19:12 - 00000000 ____D C:\Users\Steve\AppData\Local\Skyrim
2013-07-04 19:12 - 2013-07-04 19:12 - 00000000 ____D C:\ProgramData\Steam
2013-07-03 23:56 - 2013-07-03 23:56 - 00000000 ____D C:\Program Files (x86)\PE Explorer
2013-07-02 16:04 - 2013-03-31 06:23 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Mozilla
2013-07-02 16:04 - 2013-03-31 06:23 - 00000000 ____D C:\Users\Steve\AppData\Local\Mozilla
2013-07-02 16:00 - 2013-07-02 16:00 - 00000000 ____D C:\Users\Steve\.android
2013-07-01 13:41 - 2013-07-01 13:41 - 00000750 _____ C:\Users\Steve\AppData\Local\recently-used.xbel
2013-07-01 12:47 - 2013-07-01 12:47 - 00000000 ____D C:\Users\Steve\Downloads\InkscapePortable
2013-07-01 12:46 - 2013-07-01 12:46 - 00000000 ____D C:\Program Files (x86)\Inkscape
2013-07-01 12:45 - 2013-07-01 12:44 - 39289640 _____ (PortableApps.com) C:\Users\Steve\Downloads\InkscapePortable_0.48.4-1.paf.exe
2013-06-30 12:40 - 2013-06-30 12:35 - 00000000 ____D C:\Program Files (x86)\Windows Grep
2013-06-30 12:35 - 2013-06-30 12:34 - 00742893 _____ (                                                            ) C:\Users\Steve\Downloads\WindowsGrep23.exe
2013-06-30 09:20 - 2013-06-30 08:47 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Sony
2013-06-30 08:51 - 2013-06-30 08:51 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Publish Providers
2013-06-30 08:51 - 2013-06-30 08:48 - 00000000 ____D C:\Users\Steve\AppData\Local\Sony
2013-06-30 08:48 - 2013-06-30 08:48 - 00001038 _____ C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk
2013-06-30 08:48 - 2013-06-30 08:48 - 00000000 ____D C:\ProgramData\Sony
2013-06-30 08:48 - 2013-06-30 08:48 - 00000000 ____D C:\Program Files\Sony
2013-06-30 08:48 - 2013-06-30 08:48 - 00000000 ____D C:\Program Files (x86)\Sony
2013-06-30 08:44 - 2013-06-30 08:39 - 00000000 ____D C:\Users\Steve\AppData\Roaming\avidemux
2013-06-28 08:44 - 2013-06-28 08:44 - 00001296 _____ C:\Users\Steve\Desktop\BFBC2.lnk
2013-06-27 20:23 - 2013-06-27 20:23 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Rovio
2013-06-26 17:47 - 2013-06-26 17:47 - 00000000 ____D C:\Users\Steve\Documents\National Instruments
2013-06-26 17:46 - 2013-06-26 17:46 - 00003550 _____ C:\Windows\System32\Tasks\NIUpdateServiceCheckTask
2013-06-26 17:46 - 2013-06-26 17:46 - 00000000 ____D C:\Users\Steve\AppData\Roaming\National Instruments
2013-06-26 17:45 - 2013-06-26 17:45 - 00000000 ____D C:\Users\Steve\AppData\Local\National Instruments
2013-06-26 17:43 - 2013-06-26 17:33 - 00000000 ____D C:\ProgramData\National Instruments
2013-06-26 17:40 - 2013-06-26 17:40 - 00000000 ____D C:\ProgramData\Macrovision
2013-06-26 17:40 - 2013-06-26 17:40 - 00000000 ____D C:\Program Files (x86)\HI-TECH Software
2013-06-26 17:40 - 2013-06-26 17:36 - 00000000 ____D C:\Program Files (x86)\National Instruments
2013-06-26 17:39 - 2013-06-26 17:39 - 00000000 ____D C:\Users\Public\Documents\National Instruments
2013-06-26 17:39 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-26 17:37 - 2013-06-26 17:37 - 00000000 ____D C:\Windows\SysWOW64\cvirte
2013-06-26 17:37 - 2013-06-26 17:37 - 00000000 ____D C:\Windows\System32\cvirte
2013-06-26 17:37 - 2013-06-26 17:37 - 00000000 ____D C:\Program Files\National Instruments
2013-06-26 16:01 - 2013-06-26 16:01 - 00643592 _____ (Unity Technologies ApS) C:\Users\Steve\Downloads\UnityWebPlayer.exe
2013-06-26 16:01 - 2013-06-26 16:01 - 00000000 ____D C:\Users\Steve\AppData\Local\Unity
2013-06-26 13:29 - 2013-06-26 13:29 - 00000000 ____D C:\Program Files\Nomad Factory
2013-06-24 10:57 - 2013-06-22 17:30 - 00000000 ____D C:\Program Files (x86)\EMI
2013-06-24 10:56 - 2013-06-24 10:55 - 00000000 ____D C:\Program Files (x86)\MultiExtractor
2013-06-24 10:55 - 2013-06-24 10:55 - 00000000 ____D C:\Users\Steve\AppData\Roaming\MultiExtractor
2013-06-24 09:39 - 2013-06-24 09:39 - 07872648 _____ (Adobe Systems Inc.) C:\Users\Steve\Downloads\Shockwave_Installer_Slim.exe
2013-06-24 09:39 - 2013-06-24 09:39 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-06-23 15:51 - 2013-06-23 15:47 - 00001456 _____ C:\Users\Steve\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-06-23 15:46 - 2012-10-12 01:21 - 00000000 ____D C:\Users\Steve\AppData\Local\VirtualStore
2013-06-23 15:42 - 2013-04-05 16:57 - 00000000 ____D C:\Users\Steve\Documents\Adobe
2013-06-23 15:42 - 2013-03-27 23:40 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Adobe
2013-06-23 04:20 - 2013-06-23 04:20 - 00001041 _____ C:\Users\Public\Desktop\Avidemux 2.6 (32-bit).lnk
2013-06-23 04:20 - 2013-06-23 04:20 - 00000000 ____D C:\Program Files (x86)\Avidemux 2.6
2013-06-23 04:19 - 2013-06-23 04:19 - 22805174 _____ C:\Users\Steve\Downloads\avidemux_2.6.4_win32.exe
2013-06-23 03:59 - 2013-06-23 03:59 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft FxCop
2013-06-23 03:43 - 2013-06-23 03:43 - 00407941 _____ C:\Users\Steve\Downloads\MidiServices.zip
2013-06-23 03:39 - 2013-06-23 03:39 - 01181112 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\patch_KB2781514.exe
2013-06-23 03:32 - 2013-06-23 03:32 - 00000000 ____D C:\Program Files (x86)\NuGet
2013-06-23 03:31 - 2013-06-23 03:31 - 00000000 ____D C:\Windows\symbols
2013-06-23 03:30 - 2013-06-23 03:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2013-06-23 03:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-06-23 03:27 - 2013-05-01 08:27 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-23 03:23 - 2013-06-23 03:19 - 637313024 _____ C:\Users\Steve\Downloads\VS2012_WDX_ENU.iso
2013-06-23 03:15 - 2013-06-23 03:15 - 00889416 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\dotNetFx40_Full_setup.exe
2013-06-21 13:48 - 2013-06-21 13:48 - 00748246 _____ (                                                            ) C:\Users\Steve\Downloads\reshack_setup.exe
2013-06-21 13:48 - 2013-06-21 13:48 - 00000000 ____D C:\Program Files (x86)\Resource Hacker
2013-06-21 13:47 - 2013-06-21 13:47 - 00000000 ____D C:\Users\Public\Documents\Explorer Suite Signatures
2013-06-21 13:47 - 2013-06-21 13:47 - 00000000 ____D C:\Program Files\NTCore
2013-06-21 13:46 - 2013-06-21 13:46 - 03613174 _____ (                                                            ) C:\Users\Steve\Downloads\ExplorerSuite.exe
2013-06-21 09:33 - 2013-03-27 23:40 - 00000000 ____D C:\Users\Steve\AppData\Local\Adobe
2013-06-21 09:32 - 2013-06-21 09:32 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-21 09:32 - 2013-03-27 23:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-21 09:32 - 2013-03-27 23:40 - 00000000 ____D C:\ProgramData\Adobe
2013-06-21 09:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-06-21 09:13 - 2013-06-21 09:13 - 00000000 ____D C:\Program Files (x86)\FXpansion
2013-06-21 09:11 - 2013-06-21 09:11 - 00001445 _____ C:\Users\Steve\Downloads\FXPansion.VST.to.RTAS.Adapter.v2.11-AiR.torrent
2013-06-21 09:04 - 2013-05-24 10:23 - 00000000 ____D C:\Users\Steve\AppData\Local\PACE Anti-Piracy
2013-06-21 08:58 - 2013-06-21 08:58 - 00000000 ____D C:\ProgramData\Digidesign
2013-06-21 07:58 - 2013-06-20 22:57 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Download Manager
2013-06-21 07:44 - 2013-03-27 01:49 - 00000804 _____ C:\Users\Steve\Desktop\Battlefield 3.lnk
2013-06-21 07:18 - 2012-05-10 06:14 - 00000000 ___HD C:\Users\Steve\AppData\Local\2ZR5neNN3T4oT
2013-06-21 07:11 - 2013-06-21 00:04 - 00000000 ____D C:\Windows\System32\Tasks\Leader Technologies
2013-06-21 00:04 - 2013-06-21 00:04 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Leadertech
2013-06-21 00:01 - 2013-04-29 10:53 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Waves Audio
2013-06-21 00:00 - 2013-06-21 00:00 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Trillium Lane
2013-06-21 00:00 - 2013-05-24 10:23 - 00000000 ____D C:\Users\Steve\AppData\Roaming\PACE Anti-Piracy
2013-06-21 00:00 - 2013-05-24 10:23 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-06-20 23:49 - 2013-06-20 23:44 - 14314689 _____ C:\Users\Steve\Downloads\Patch VR.rar
2013-06-20 23:30 - 2013-06-20 23:30 - 00000000 ____D C:\ProgramData\DigiDriver
2013-06-20 23:18 - 2013-06-20 23:18 - 00000000 ____D C:\ProgramData\PACE
2013-06-20 23:18 - 2013-03-27 01:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-20 13:12 - 2013-06-20 13:12 - 00000000 ____D C:\Users\Steve\Documents\discoDSP
2013-06-20 11:16 - 2013-06-20 11:06 - 00000000 ____D C:\Users\Steve\Documents\BFBC2
2013-06-20 00:01 - 2013-06-20 00:00 - 00004802 _____ C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-20 00:01 - 2012-10-12 01:37 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 03:16 - 2013-03-27 02:00 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-19 02:44 - 2013-06-19 02:44 - 00000000 ____D C:\Users\Steve\AppData\Local\Origin
2013-06-19 02:44 - 2013-03-27 01:58 - 00000000 ____D C:\ProgramData\Origin
2013-06-19 02:43 - 2013-06-19 02:43 - 00000534 _____ C:\Users\Public\Desktop\Origin.lnk
2013-06-19 02:42 - 2013-06-19 02:42 - 16959688 _____ (Electronic Arts, Inc.) C:\Users\Steve\Downloads\OriginThinSetup.exe
2013-06-19 02:31 - 2013-06-19 02:31 - 00272409 _____ C:\Windows\SysWOW64\TmpA327115376
2013-06-19 02:31 - 2013-06-14 06:39 - 00000000 ____D C:\Program Files (x86)\Steinberg
2013-06-19 02:31 - 2013-04-29 13:11 - 00000000 ____D C:\Program Files (x86)\GB3
2013-06-19 02:30 - 2012-10-12 01:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-06-19 02:29 - 2013-04-03 11:50 - 00000000 ____D C:\Program Files (x86)\AMD
2013-06-19 02:26 - 2012-10-12 01:31 - 00000000 ____D C:\Users\Steve\AppData\Local\Deployment
2013-06-18 23:26 - 2013-06-18 23:26 - 00000939 _____ C:\Users\Steve\Desktop\OBS.lnk
2013-06-18 23:26 - 2013-06-18 23:26 - 00000000 ____D C:\Users\Steve\AppData\Roaming\OBS
2013-06-18 23:24 - 2013-06-18 23:24 - 06815170 _____ C:\Users\Steve\Downloads\OBS_0_522b_Installer.exe
2013-06-18 10:22 - 2013-06-18 10:22 - 00000218 _____ C:\Users\Steve\.recently-used.xbel
2013-06-18 10:22 - 2013-06-18 10:14 - 00000000 ____D C:\Users\Steve\Documents\Test
2013-06-18 10:16 - 2013-06-18 10:16 - 00000000 ____D C:\Users\Steve\AppData\Roaming\gtk-2.0
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8165.8 MB
Available physical RAM: 7294.01 MB
Total Pagefile: 8163.95 MB
Available Pagefile: 7286.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100.54 GB) (Free:13.25 GB) NTFS (Disk=0 Partition=3)
Drive d: (Everything) (Fixed) (Total:642 GB) (Free:7.68 GB) NTFS (Disk=0 Partition=2)
Drive f: (FRST) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Windows) (Fixed) (Total:188.97 GB) (Free:120.99 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 000E710D)
Partition 1: (Active) - (Size=189 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=642 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=101 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00001511)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
 
 
LastRegBack: 2013-07-13 10:47
 
==================== End Of Log ============================


#10 BCMusic

BCMusic
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:12:03 AM

Posted 18 July 2013 - 01:44 PM

Bump.

 

Also, a question. If you notice the log posted above, you'll see that the files svchost.exe and explorer.exe are labeled as "MISSING." Did Microsoft Security Essentials really delete system files like that? Why on earth would it do that without giving a warning as to the consequences of such an action? I, myself, know that such files should not be removed, but I'm confused as to why MSE marked them for deletion upon restart, knowing full well what would happen. Shouldn't MSE simply mark them for removal and replacement after a restart? I digress. My biggest concern is why MSE did that in the first place. Did they do so on the reliance that the user would pop in their recovery/installation media? MSE should inform users of that before prompting for a restart. /rant


Edited by BCMusic, 18 July 2013 - 01:47 PM.


#11 BCMusic

BCMusic
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:12:03 AM

Posted 18 July 2013 - 09:54 PM

So while i've been waiting over 12 hours for a response, I thought I'd do an extensive browsing of the web to try and figure out how to replace these missing files (explorer and svchost) without a repair disc. Apparently they can be found in the directory "C:\Windows\winsxs" inside certain folders.

 

For example, explorer.exe 64bit would be found in the folder:

wow64_microsoft-windows-explorer_*randomnumbersandletters*_6.1.7601.21669_none_*randomnumbersandletters*

and

amd64_microsoft-windows-explorer_*randomnumbersandletters*_6.1.7601.21669_none_*randomnumbersandletters*

There are 10 folders that look identical to the ones above except for the random letters/numbers and version.

 

For svchost.exe 64bit, it would be found in the folder:

amd64_microsoft-windows-services-svchost_*randomnumbersandletters*__6.1.7600.16385_none_*randomnumbersandletters*

There is only one folder with svchost.

 

So my question is, is it safe to copy the explorer.exe and svchost.exe files from the correct directories back to the SysWOW64 folder?

 

 

 

NOTE: I understand that there are 2 different types of explorer.exe. One for the desktop environment and the other for system browsing, at least to my understanding.


Edited by BCMusic, 18 July 2013 - 09:56 PM.


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 19 July 2013 - 12:11 AM

That´s the problem of todays antivirus programs - they delete infected files blindly, making the system unbootable! ;)

Sorry that you had to wait, but I´m a volunteer in here and we have a huge time zone difference, so please be patient.

 

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    Replace: C:\Windows\explorer.exe C:\Windows\SysWOW64\explorer.exe
    Replace: C:\Windows\System32\svchost.exe C:\Windows\SysWOW64\svchost.exe
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 BCMusic

BCMusic
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:12:03 AM

Posted 19 July 2013 - 12:22 AM

No worries. Here's your log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-07-2013 02
Ran by SYSTEM at 2013-07-19 00:21:06 Run:1
Running from F:\
Boot Mode: Recovery
==============================================
 
C:\Windows\SysWOW64\explorer.exe => Moved successfully.
C:\Windows\explorer.exe copied successfully to C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\svchost.exe => Moved successfully.
C:\Windows\System32\svchost.exe copied successfully to C:\Windows\SysWOW64\svchost.exe
 
==== End of Fixlog ====


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 19 July 2013 - 12:30 AM

Create and post up a new frst log, then. We replaced the missing files but have to take out other things.

I´m online and will reply immediately.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 BCMusic

BCMusic
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:12:03 AM

Posted 19 July 2013 - 12:45 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02

Ran by SYSTEM on 19-07-2013 00:31:43
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [ (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [1563720 2013-06-01] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [] -  [x]
HKU\Steve\...\Run: [Steam] - "C:\Program Files (x86)\Steam\steam.exe" -silent [1673128 2013-07-12] (Valve Corporation)
HKU\Steve\...\Run: [AdobeBridge] -  [x]
HKU\Steve\...\Run: [Spotify Web Helper] - "C:\Users\Steve\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-07-10] (Spotify Ltd)
HKU\Steve\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [423144 2013-04-26] (BillP Studios)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
AlternateShell: 
 
==================== Services (Whitelisted) =================
 
S4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137096 2013-02-06] ()
S2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-12] (Brio)
S2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)
S2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)
S4 MassCoreNICSrv; C:\Program Files (x86)\Common Files\Merging Technologies\VS3\MassCoreNICSrv.exe [43880 2013-04-15] (Merging Technologies S.A.)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S4 MTSSrv; C:\Program Files (x86)\Common Files\Merging Technologies\VS3\MTSSrv.exe [300288 2013-06-14] (CHAOS!)
S4 MTUSBSyncSrv; C:\Program Files (x86)\Common Files\Merging Technologies\MTUSBSync\MTUSBSyncSrv.exe [29536 2013-04-15] (Merging Technologies S.A.)
S2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)
S2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)
S2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-05-08] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [754584 2013-06-24] (Tunngle.net GmbH)
S2 WinDefend; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57952 2013-02-06] (Advanced Micro Devices)
S2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57952 2013-02-06] (Advanced Micro Devices)
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
S3 bomebus; C:\Windows\System32\DRIVERS\bomebus.sys [34376 2010-10-12] (Bome Software)
S3 bomemidi; C:\Windows\System32\drivers\bomemidi.sys [30792 2010-10-12] (Bome Software)
S3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 GMFilter Filter; C:\Windows\System32\Drivers\GMFilter.sys [52080 2007-08-21] (Game)
S3 GMFilter Filter; C:\Windows\SysWow64\Drivers\GMFilter.sys [27648 2007-08-21] (Game)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-07-18] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-07-18] ()
S3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-07-18] (Malwarebytes Corporation)
S3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-07-18] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RDID1093; C:\Windows\System32\Drivers\rdwm1093.sys [81920 2009-09-17] (Roland Corporation)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-07-04] ()
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-07-04] ()
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]
S1 wipckggp; \??\C:\Windows\system32\drivers\wipckggp.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-18 22:16 - 2011-02-24 22:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-07-18 22:13 - 2009-07-13 17:39 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2013-07-18 09:40 - 2013-07-18 09:40 - 00000000 ____D C:\FRST
2013-07-18 05:38 - 2013-07-18 05:38 - 00162008 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-07-18 05:38 - 2013-07-18 05:38 - 00036680 _____ C:\Windows\System32\Drivers\mbamchameleon.sys
2013-07-18 04:37 - 2013-07-18 05:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-18 04:34 - 2013-07-18 04:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-18 04:33 - 2013-07-18 05:54 - 00000000 ____D C:\Users\Steve\Desktop\mbar
2013-07-18 04:32 - 2013-07-18 04:32 - 13399154 _____ C:\Users\Steve\Downloads\mbar-1.06.0.1004.zip
2013-07-17 15:14 - 2013-07-17 15:24 - 00031565 _____ C:\Users\Steve\Desktop\dds.txt
2013-07-17 15:14 - 2013-07-17 15:20 - 00008330 _____ C:\Users\Steve\Desktop\attach.txt
2013-07-17 15:10 - 2013-07-17 15:11 - 00688992 ____R (Swearware) C:\Users\Steve\Downloads\dds.com
2013-07-17 13:56 - 2013-07-17 14:21 - 00166638 _____ C:\Users\Steve\Desktop\Rkill.txt
2013-07-17 13:56 - 2013-07-17 13:56 - 00000000 ____D C:\Users\Steve\Desktop\rkill
2013-07-17 04:51 - 2013-07-17 04:51 - 01836672 _____ (Bleeping Computer, LLC) C:\Users\Steve\Downloads\rkill.exe
2013-07-17 04:51 - 2013-07-17 04:51 - 00003377 _____ C:\Users\Steve\Desktop\vir.txt
2013-07-17 04:50 - 2013-07-17 04:50 - 00662345 _____ C:\Users\Steve\Downloads\adwcleaner.exe
2013-07-16 18:17 - 2013-07-16 18:17 - 46593440 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\EIE10_EN-US_MSE_Win764.EXE
2013-07-16 18:15 - 2013-07-16 18:15 - 00001945 _____ C:\Windows\epplauncher.mif
2013-07-16 18:14 - 2013-07-16 18:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-16 18:14 - 2013-07-16 18:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-16 18:13 - 2013-07-16 18:13 - 13475464 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\mseinstall.exe
2013-07-16 03:43 - 2013-07-16 03:43 - 45605943 _____ C:\Users\Steve\Downloads\10071_b2671_trunk-cuda_r58311_w64.7z
2013-07-15 08:10 - 2013-07-15 02:26 - 01770496 _____ C:\Users\Steve\Desktop\Borderlands 2 Verification Tool.exe
2013-07-15 08:09 - 2013-07-15 08:09 - 00895871 _____ C:\Users\Steve\Downloads\Borderlands.2.Updater-ONLiNE.rar
2013-07-14 18:04 - 2013-07-14 18:04 - 00031320 _____ C:\Users\Steve\Downloads\000000004839.mid
2013-07-14 11:22 - 2013-07-14 11:26 - 00000000 ____D C:\Users\Steve\AppData\Roaming\TeamViewer
2013-07-14 10:13 - 2013-07-14 10:13 - 00001166 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-07-14 10:13 - 2013-07-14 10:13 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-07-14 10:08 - 2013-07-14 10:08 - 05451264 _____ (TeamViewer GmbH) C:\Users\Steve\Downloads\TeamViewer_Setup_en.exe
2013-07-14 06:43 - 2013-07-14 06:43 - 00000000 ____D C:\Windows\DA909E623B454BA18B58FCAEBA4BCEC9.TMP
2013-07-13 08:10 - 2013-07-13 08:10 - 00071170 _____ C:\Users\Steve\Downloads\RAM Example.ms9
2013-07-12 11:29 - 2013-07-12 11:31 - 00006591 _____ C:\Users\Steve\Desktop\netstat.txt
2013-07-12 11:08 - 2013-07-12 11:08 - 00007692 _____ C:\Windows\hworks64.INI
2013-07-12 01:38 - 2013-07-12 01:38 - 00000000 ____D C:\Users\Steve\AppData\Roaming\WinPatrol
2013-07-12 01:38 - 2013-07-12 01:38 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-07-12 01:37 - 2013-07-12 01:41 - 00000000 ____D C:\Program Files (x86)\ShellXView
2013-07-12 01:36 - 2013-07-12 01:36 - 00064685 _____ C:\Users\Steve\Downloads\shexview.zip
2013-07-11 07:16 - 2013-07-16 10:22 - 00000000 ____D C:\cURL
2013-07-11 07:16 - 2013-07-11 07:16 - 00650592 _____ C:\Users\Steve\Downloads\curl-7.31.0-win64-ssl-sspi.zip
2013-07-11 07:02 - 2013-07-11 07:02 - 00073203 _____ C:\Users\Steve\Downloads\swfcatcherChrome.crx
2013-07-11 07:00 - 2013-07-11 07:01 - 00000000 ____D C:\Program Files (x86)\SourceTec
2013-07-10 11:57 - 2013-07-10 11:57 - 07401344 _____ C:\Users\Steve\Downloads\npp.6.4.2.Installer.exe
2013-07-10 00:05 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 00:05 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 00:05 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 00:05 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 00:05 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 00:05 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 00:05 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 00:05 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 00:05 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 00:05 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 00:05 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 00:05 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 00:05 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 00:05 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 00:05 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 00:05 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 00:05 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 00:05 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 00:05 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 00:05 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 00:05 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 00:05 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 17:27 - 2013-07-09 17:27 - 05126104 _____ (Piriform Ltd) C:\Users\Steve\Downloads\spsetup122.exe
2013-07-09 17:27 - 2013-07-09 17:27 - 00000796 _____ C:\Users\Public\Desktop\Speccy.lnk
2013-07-09 17:27 - 2013-07-09 17:27 - 00000000 ____D C:\Program Files\Speccy
2013-07-09 17:04 - 2013-07-09 17:04 - 00550151 _____ C:\Users\Steve\Downloads\Autoruns.zip
2013-07-09 17:04 - 2013-07-09 17:04 - 00000000 ____D C:\Program Files (x86)\Autoruns
2013-07-09 17:00 - 2013-07-09 17:00 - 00127860 _____ C:\Users\Steve\Downloads\memtest86+-4.20.usb.installer.zip
2013-07-09 13:18 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-09 13:18 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-09 13:18 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 13:18 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-09 13:18 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 13:18 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 13:18 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-09 06:42 - 2013-07-09 06:42 - 00001009 _____ C:\Users\Public\Desktop\Reaktor 5.lnk
2013-07-08 23:20 - 2013-07-08 23:20 - 00000982 _____ C:\Users\Public\Desktop\Borderlands 2.lnk
2013-07-08 22:52 - 2013-07-08 22:52 - 00001090 _____ C:\Users\Steve\Desktop\MSI Afterburner.lnk
2013-07-08 22:52 - 2013-07-08 22:52 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-07-08 22:48 - 2013-07-08 22:49 - 15569364 _____ C:\Users\Steve\Downloads\MSIAfterburnerSetup300Beta10.zip
2013-07-08 20:57 - 2013-07-08 20:57 - 01344480 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Steve\Downloads\GPU-Z.0.7.2.exe
2013-07-08 20:56 - 2013-07-17 09:16 - 00000000 ____D C:\Program Files (x86)\MSI Kombustor 2.5
2013-07-08 20:56 - 2013-07-08 20:56 - 00001096 _____ C:\Users\Steve\Desktop\MSI Kombustor 2.5.lnk
2013-07-08 20:54 - 2013-07-08 20:55 - 14184772 _____ (MSI Co., LTD                                                ) C:\Users\Steve\Downloads\MSI_Kombustor_Setup_2.5.2.exe
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\Windows\Sun
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-07-07 16:36 - 2013-07-07 16:36 - 01066858 _____ C:\Users\Steve\Downloads\p64v2511.zip
2013-07-07 16:34 - 2013-07-07 16:34 - 00000930 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2013-07-07 16:33 - 2013-07-07 16:33 - 01117848 _____ (                                                            ) C:\Users\Steve\Downloads\hwmonitor_1.23-setup.exe
2013-07-06 22:42 - 2013-07-06 22:42 - 03931189 _____ (Geeks3D.com                                                 ) C:\Users\Steve\Downloads\FurMark_1.9.2.exe
2013-07-06 22:42 - 2013-07-06 22:42 - 00000000 ____D C:\Program Files (x86)\Geeks3D
2013-07-05 20:52 - 2013-07-05 20:52 - 00178234 _____ C:\Users\Steve\Downloads\coalesce-r89_b114.zip
2013-07-05 20:47 - 2013-07-05 20:47 - 00000000 ____D C:\Users\Steve\AppData\Local\Iron_Spine_Productions
2013-07-05 14:10 - 2013-07-05 14:10 - 00001053 _____ C:\Users\Steve\Desktop\Mortal Kombat Komplete Edition.lnk
2013-07-05 14:09 - 2013-07-05 14:10 - 00000000 ____D C:\Users\Steve\AppData\Roaming\MKKE
2013-07-04 23:23 - 2013-07-04 23:25 - 00000361 _____ C:\Users\Steve\d3d_antilag.log
2013-07-04 23:21 - 2013-07-04 23:21 - 00008211 _____ C:\Users\Steve\Downloads\FPS Limiter-34-V1-01.rar
2013-07-04 19:39 - 2013-07-17 21:47 - 00000000 ____D C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2013-07-04 19:38 - 2015-07-24 18:24 - 00000000 ____D C:\Users\Steve\Downloads\Guru3D.com
2013-07-04 19:38 - 2013-07-04 19:38 - 02841613 _____ (Igor Pavlov) C:\Users\Steve\Downloads\RivaTuner224c-[Guru3D.com].exe
2013-07-04 19:12 - 2013-07-04 19:12 - 00001009 _____ C:\Users\Steve\Desktop\Play The Elder Scrolls V Skyrim.lnk
2013-07-04 19:12 - 2013-07-04 19:12 - 00000000 ____D C:\Users\Steve\AppData\Local\Skyrim
2013-07-04 19:12 - 2013-07-04 19:12 - 00000000 ____D C:\ProgramData\Steam
2013-07-03 23:56 - 2013-07-03 23:56 - 00000000 ____D C:\Program Files (x86)\PE Explorer
2013-07-02 16:00 - 2013-07-02 16:00 - 00000000 ____D C:\Users\Steve\.android
2013-07-02 15:52 - 2013-07-02 15:53 - 50859583 _____ C:\Users\Steve\Downloads\r2d2b2g-windows.xpi
2013-07-01 13:41 - 2013-07-01 13:41 - 00000750 _____ C:\Users\Steve\AppData\Local\recently-used.xbel
2013-07-01 12:47 - 2013-07-01 12:47 - 00000000 ____D C:\Users\Steve\Downloads\InkscapePortable
2013-07-01 12:46 - 2013-07-01 12:46 - 00000000 ____D C:\Program Files (x86)\Inkscape
2013-07-01 12:44 - 2013-07-01 12:45 - 39289640 _____ (PortableApps.com) C:\Users\Steve\Downloads\InkscapePortable_0.48.4-1.paf.exe
2013-06-30 12:35 - 2013-06-30 12:40 - 00000000 ____D C:\Program Files (x86)\Windows Grep
2013-06-30 12:34 - 2013-06-30 12:35 - 00742893 _____ (                                                            ) C:\Users\Steve\Downloads\WindowsGrep23.exe
2013-06-30 08:51 - 2013-06-30 08:51 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Publish Providers
2013-06-30 08:48 - 2013-06-30 08:51 - 00000000 ____D C:\Users\Steve\AppData\Local\Sony
2013-06-30 08:48 - 2013-06-30 08:48 - 00001038 _____ C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk
2013-06-30 08:48 - 2013-06-30 08:48 - 00000000 ____D C:\ProgramData\Sony
2013-06-30 08:48 - 2013-06-30 08:48 - 00000000 ____D C:\Program Files\Sony
2013-06-30 08:48 - 2013-06-30 08:48 - 00000000 ____D C:\Program Files (x86)\Sony
2013-06-30 08:47 - 2013-06-30 09:20 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Sony
2013-06-30 08:39 - 2013-06-30 08:44 - 00000000 ____D C:\Users\Steve\AppData\Roaming\avidemux
2013-06-29 01:45 - 2013-06-29 01:45 - 00000000 ____D C:\Program Files (x86)\Axialis
2013-06-29 01:32 - 2013-06-29 01:50 - 00000000 ____D C:\Users\Steve\AppData\Local\Axialis
2013-06-29 01:32 - 2013-06-29 01:32 - 00000000 ___RD C:\Users\Steve\Documents\Axialis Librarian
2013-06-29 01:32 - 2013-06-29 01:32 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Axialis
2013-06-28 08:44 - 2013-06-28 08:44 - 00001296 _____ C:\Users\Steve\Desktop\BFBC2.lnk
2013-06-27 20:23 - 2013-06-27 20:23 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Rovio
2013-06-26 17:40 - 2013-06-26 17:40 - 00000000 ____D C:\ProgramData\Macrovision
2013-06-26 17:40 - 2013-06-26 17:40 - 00000000 ____D C:\Program Files (x86)\HI-TECH Software
2013-06-26 17:39 - 2013-06-26 17:39 - 00000000 ____D C:\Users\Public\Documents\National Instruments
2013-06-26 17:37 - 2013-06-26 17:37 - 00000000 ____D C:\Windows\SysWOW64\cvirte
2013-06-26 17:37 - 2013-06-26 17:37 - 00000000 ____D C:\Windows\System32\cvirte
2013-06-26 17:37 - 2013-06-26 17:37 - 00000000 ____D C:\Program Files\National Instruments
2013-06-26 17:36 - 2013-06-26 17:40 - 00000000 ____D C:\Program Files (x86)\National Instruments
2013-06-26 17:33 - 2013-06-26 17:43 - 00000000 ____D C:\ProgramData\National Instruments
2013-06-26 16:01 - 2013-06-26 16:01 - 00643592 _____ (Unity Technologies ApS) C:\Users\Steve\Downloads\UnityWebPlayer.exe
2013-06-26 16:01 - 2013-06-26 16:01 - 00000000 ____D C:\Users\Steve\AppData\Local\Unity
2013-06-25 11:59 - 2013-06-25 11:59 - 00001014 _____ C:\Users\Public\Desktop\Kontakt 5.lnk
2013-06-25 11:57 - 2013-06-25 11:57 - 00001059 _____ C:\Users\Public\Desktop\Service Center.lnk
2013-06-25 11:57 - 2013-06-25 11:57 - 00000000 __HDC C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2013-06-25 11:56 - 2013-06-25 11:59 - 00000000 __HDC C:\ProgramData\{78F6A1FC-ADDE-4028-A231-7B924CE455BD}
2013-06-25 10:14 - 2013-06-25 11:09 - 482726384 _____ C:\Users\Steve\Downloads\K503.rar
2013-06-24 10:55 - 2013-06-24 10:56 - 00000000 ____D C:\Program Files (x86)\MultiExtractor
2013-06-24 10:55 - 2013-06-24 10:55 - 00000000 ____D C:\Users\Steve\AppData\Roaming\MultiExtractor
2013-06-24 09:39 - 2013-06-24 09:39 - 07872648 _____ (Adobe Systems Inc.) C:\Users\Steve\Downloads\Shockwave_Installer_Slim.exe
2013-06-24 09:39 - 2013-06-24 09:39 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-06-24 06:20 - 2013-07-17 17:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-23 15:47 - 2013-06-23 15:51 - 00001456 _____ C:\Users\Steve\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-06-23 04:20 - 2013-06-23 04:20 - 00001041 _____ C:\Users\Public\Desktop\Avidemux 2.6 (32-bit).lnk
2013-06-23 04:20 - 2013-06-23 04:20 - 00000000 ____D C:\Program Files (x86)\Avidemux 2.6
2013-06-23 04:19 - 2013-06-23 04:19 - 22805174 _____ C:\Users\Steve\Downloads\avidemux_2.6.4_win32.exe
2013-06-23 03:59 - 2013-06-23 03:59 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft FxCop
2013-06-23 03:43 - 2013-06-23 03:43 - 00407941 _____ C:\Users\Steve\Downloads\MidiServices.zip
2013-06-23 03:39 - 2013-06-23 03:39 - 01181112 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\patch_KB2781514.exe
2013-06-23 03:32 - 2013-06-23 03:32 - 00000000 ____D C:\Program Files (x86)\NuGet
2013-06-23 03:31 - 2013-06-23 03:31 - 00000000 ____D C:\Windows\symbols
2013-06-23 03:28 - 2013-06-23 03:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2013-06-23 03:19 - 2013-06-23 03:23 - 637313024 _____ C:\Users\Steve\Downloads\VS2012_WDX_ENU.iso
2013-06-23 03:15 - 2013-06-23 03:15 - 00889416 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\dotNetFx40_Full_setup.exe
2013-06-23 03:00 - 2013-06-23 03:00 - 00000000 ____D C:\Users\Steve\locales
2013-06-23 02:57 - 2011-01-03 18:52 - 00000000 ____D C:\Program Files (x86)\MGII4.3.3
2013-06-23 02:56 - 2013-06-23 02:56 - 03912250 _____ C:\Users\Steve\Downloads\Windows.zip
2013-06-22 17:30 - 2013-06-24 10:57 - 00000000 ____D C:\Program Files (x86)\EMI
2013-06-21 16:05 - 2013-06-21 16:21 - 1832799715 _____ C:\Users\Steve\Downloads\Pro_Tools_10.3.5_Win.zip
2013-06-21 13:48 - 2013-06-21 13:48 - 00748246 _____ (                                                            ) C:\Users\Steve\Downloads\reshack_setup.exe
2013-06-21 13:48 - 2013-06-21 13:48 - 00000000 ____D C:\Program Files (x86)\Resource Hacker
2013-06-21 13:47 - 2013-06-21 13:47 - 00000000 ____D C:\Users\Public\Documents\Explorer Suite Signatures
2013-06-21 13:47 - 2013-06-21 13:47 - 00000000 ____D C:\Program Files\NTCore
2013-06-21 13:46 - 2013-06-21 13:46 - 03613174 _____ (                                                            ) C:\Users\Steve\Downloads\ExplorerSuite.exe
2013-06-21 09:32 - 2013-06-21 09:32 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-21 08:58 - 2013-06-21 08:58 - 00000000 ____D C:\ProgramData\Digidesign
2013-06-21 00:04 - 2013-06-21 07:11 - 00000000 ____D C:\Windows\System32\Tasks\Leader Technologies
2013-06-21 00:04 - 2013-06-21 00:04 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Leadertech
2013-06-21 00:00 - 2013-06-21 00:00 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Trillium Lane
2013-06-20 23:30 - 2013-06-20 23:30 - 00000000 ____D C:\ProgramData\DigiDriver
2013-06-20 23:29 - 2013-06-21 16:49 - 00000000 ____D C:\Program Files (x86)\Avid
2013-06-20 23:18 - 2013-06-20 23:18 - 00000000 ____D C:\ProgramData\PACE
2013-06-20 23:15 - 2013-03-02 23:57 - 00023824 _____ (Avid Technology, Inc.) C:\Windows\System32\Drivers\diginet.sys
2013-06-20 22:57 - 2013-06-21 07:58 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Download Manager
2013-06-20 13:12 - 2013-06-20 13:12 - 00000000 ____D C:\Users\Steve\Documents\discoDSP
2013-06-20 11:06 - 2013-06-20 11:16 - 00000000 ____D C:\Users\Steve\Documents\BFBC2
2013-06-20 00:01 - 2013-06-12 18:47 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-20 00:01 - 2013-06-12 18:43 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-20 00:01 - 2013-06-12 18:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-20 00:01 - 2013-06-12 18:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-20 00:00 - 2013-06-20 00:01 - 00004802 _____ C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-19 02:44 - 2013-06-19 02:44 - 00000000 ____D C:\Users\Steve\AppData\Local\Origin
2013-06-19 02:43 - 2013-06-19 02:43 - 00000534 _____ C:\Users\Public\Desktop\Origin.lnk
2013-06-19 02:42 - 2013-06-19 02:42 - 16959688 _____ (Electronic Arts, Inc.) C:\Users\Steve\Downloads\OriginThinSetup.exe
2013-06-19 02:31 - 2013-06-19 02:31 - 00272409 _____ C:\Windows\SysWOW64\TmpA327115376
2013-06-18 23:26 - 2013-07-17 09:20 - 00000000 ____D C:\Program Files (x86)\OBS
2013-06-18 23:26 - 2013-06-18 23:26 - 00000939 _____ C:\Users\Steve\Desktop\OBS.lnk
2013-06-18 23:26 - 2013-06-18 23:26 - 00000000 ____D C:\Users\Steve\AppData\Roaming\OBS
2013-06-18 23:24 - 2013-06-18 23:24 - 06815170 _____ C:\Users\Steve\Downloads\OBS_0_522b_Installer.exe
2013-06-18 10:22 - 2013-06-18 10:22 - 00000218 _____ C:\Users\Steve\.recently-used.xbel
2013-06-18 10:16 - 2013-06-18 10:16 - 00000000 ____D C:\Users\Steve\AppData\Roaming\gtk-2.0
2013-06-18 10:14 - 2013-06-18 10:22 - 00000000 ____D C:\Users\Steve\Documents\Test
 
==================== One Month Modified Files and Folders =======
 
2015-07-24 18:24 - 2013-07-04 19:38 - 00000000 ____D C:\Users\Steve\Downloads\Guru3D.com
2013-07-18 06:03 - 2012-10-12 01:32 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-18 05:56 - 2013-04-26 05:57 - 00119296 _____ C:\Windows\SysWOW64\zlib.dll
2013-07-18 05:55 - 2012-10-12 01:46 - 00172208 _____ C:\Windows\PFRO.log
2013-07-18 05:54 - 2013-07-18 04:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-18 05:54 - 2013-07-18 04:33 - 00000000 ____D C:\Users\Steve\Desktop\mbar
2013-07-18 05:38 - 2013-07-18 05:38 - 00162008 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-07-18 05:38 - 2013-07-18 05:38 - 00036680 _____ C:\Windows\System32\Drivers\mbamchameleon.sys
2013-07-18 05:27 - 2013-05-20 00:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-18 05:12 - 2012-10-12 01:33 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-18 04:47 - 2012-10-12 01:18 - 01501151 _____ C:\Windows\WindowsUpdate.log
2013-07-18 04:34 - 2013-07-18 04:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-18 04:32 - 2013-07-18 04:32 - 13399154 _____ C:\Users\Steve\Downloads\mbar-1.06.0.1004.zip
2013-07-18 02:53 - 2013-03-28 20:53 - 00000356 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-07-17 23:54 - 2009-07-13 20:45 - 00019792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 23:54 - 2009-07-13 20:45 - 00019792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 21:57 - 2013-04-05 03:53 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.2
2013-07-17 21:49 - 2013-06-22 13:35 - 00000000 ____D C:\Program Files (x86)\FeedReader
2013-07-17 21:49 - 2013-04-01 10:16 - 00000000 ____D C:\Program Files (x86)\Exam Formatter
2013-07-17 21:48 - 2013-04-21 12:04 - 00000000 ____D C:\Program Files (x86)\HD Tune Pro
2013-07-17 21:47 - 2013-07-04 19:39 - 00000000 ____D C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2013-07-17 21:47 - 2013-05-27 09:36 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2013-07-17 21:13 - 2013-04-28 06:39 - 00000000 ____D C:\Program Files\GAMES
2013-07-17 21:13 - 2013-04-25 20:39 - 00000000 ____D C:\Program Files\Fragmentarium
2013-07-17 21:13 - 2013-04-21 00:01 - 00000000 ____D C:\Program Files (x86)\Tunatic
2013-07-17 21:13 - 2013-04-05 09:25 - 00000000 ____D C:\Program Files (x86)\Tricky Truck
2013-07-17 21:13 - 2013-04-02 23:58 - 00000000 ____D C:\Program Files (x86)\Vector Magic
2013-07-17 21:13 - 2013-04-02 09:02 - 00000000 ____D C:\Program Files (x86)\Beat Hazard Ultra
2013-07-17 21:13 - 2013-04-02 08:46 - 00000000 ____D C:\Program Files (x86)\Spotydl
2013-07-17 21:13 - 2013-03-30 03:54 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2013-07-17 21:13 - 2013-03-26 22:29 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2013-07-17 20:46 - 2013-05-28 13:33 - 00000000 ____D C:\Program Files\JBridge
2013-07-17 20:46 - 2013-05-05 15:36 - 00000000 ____D C:\Program Files\Window Detective
2013-07-17 19:12 - 2012-10-12 01:33 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-17 17:37 - 2013-06-24 06:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-17 15:24 - 2013-07-17 15:14 - 00031565 _____ C:\Users\Steve\Desktop\dds.txt
2013-07-17 15:20 - 2013-07-17 15:14 - 00008330 _____ C:\Users\Steve\Desktop\attach.txt
2013-07-17 15:11 - 2013-07-17 15:10 - 00688992 ____R (Swearware) C:\Users\Steve\Downloads\dds.com
2013-07-17 14:21 - 2013-07-17 13:56 - 00166638 _____ C:\Users\Steve\Desktop\Rkill.txt
2013-07-17 13:56 - 2013-07-17 13:56 - 00000000 ____D C:\Users\Steve\Desktop\rkill
2013-07-17 11:21 - 2013-07-17 11:21 - 01376768 _____ C:\Users\Steve\Downloads\7z920-x64.msi
2013-07-17 09:20 - 2013-06-18 23:26 - 00000000 ____D C:\Program Files (x86)\OBS
2013-07-17 09:20 - 2013-05-22 02:15 - 00000000 ____D C:\Program Files (x86)\GeoControl2
2013-07-17 09:16 - 2013-07-08 20:56 - 00000000 ____D C:\Program Files (x86)\MSI Kombustor 2.5
2013-07-17 04:56 - 2013-07-17 04:55 - 00891022 _____ C:\Users\Steve\Downloads\SecurityCheck.exe
2013-07-17 04:51 - 2013-07-17 04:51 - 01836672 _____ (Bleeping Computer, LLC) C:\Users\Steve\Downloads\rkill.exe
2013-07-17 04:51 - 2013-07-17 04:51 - 00003377 _____ C:\Users\Steve\Desktop\vir.txt
2013-07-17 04:50 - 2013-07-17 04:50 - 00662345 _____ C:\Users\Steve\Downloads\adwcleaner.exe
2013-07-16 18:47 - 2013-06-14 06:37 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-16 18:40 - 2013-03-27 02:55 - 00007603 _____ C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
2013-07-16 18:34 - 2013-05-01 09:19 - 00000000 ____D C:\Users\Steve\Documents\Visual Studio 2012
2013-07-16 18:30 - 2013-04-14 21:32 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-07-16 18:17 - 2013-07-16 18:17 - 46593440 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\EIE10_EN-US_MSE_Win764.EXE
2013-07-16 18:15 - 2013-07-16 18:15 - 00001945 _____ C:\Windows\epplauncher.mif
2013-07-16 18:14 - 2013-07-16 18:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-16 18:14 - 2013-07-16 18:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-16 18:13 - 2013-07-16 18:13 - 13475464 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\mseinstall.exe
2013-07-16 10:22 - 2013-07-11 07:16 - 00000000 ____D C:\cURL
2013-07-16 03:43 - 2013-07-16 03:43 - 45605943 _____ C:\Users\Steve\Downloads\10071_b2671_trunk-cuda_r58311_w64.7z
2013-07-15 11:04 - 2013-03-27 01:54 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-15 06:26 - 2013-04-14 21:00 - 00000132 _____ C:\Users\Steve\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-07-14 14:41 - 2012-10-12 01:25 - 00069960 _____ C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-14 14:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2013-07-14 14:39 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-14 14:39 - 2009-07-13 20:51 - 00034117 _____ C:\Windows\setupact.log
2013-07-14 11:26 - 2013-07-14 11:22 - 00000000 ____D C:\Users\Steve\AppData\Roaming\TeamViewer
2013-07-14 10:13 - 2013-07-14 10:13 - 00001166 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-07-14 10:13 - 2013-07-14 10:13 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-07-14 10:08 - 2013-07-14 10:08 - 05451264 _____ (TeamViewer GmbH) C:\Users\Steve\Downloads\TeamViewer_Setup_en.exe
2013-07-14 06:43 - 2013-07-14 06:43 - 00000000 ____D C:\Windows\DA909E623B454BA18B58FCAEBA4BCEC9.TMP
2013-07-14 06:42 - 2013-03-26 22:34 - 00471823 _____ C:\Windows\DirectX.log
2013-07-14 01:58 - 2013-06-04 06:11 - 00000000 ____D C:\Program Files\Recuva
2013-07-13 11:55 - 2012-10-12 01:20 - 00000000 ____D C:\users\Steve
2013-07-13 10:57 - 2013-05-01 15:56 - 00002054 _____ C:\Users\Steve\Desktop\Blender.lnk
2013-07-13 08:10 - 2013-07-13 08:10 - 00071170 _____ C:\Users\Steve\Downloads\RAM Example.ms9
2013-07-12 19:07 - 2012-10-12 01:33 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 19:07 - 2012-10-12 01:33 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 11:31 - 2013-07-12 11:29 - 00006591 _____ C:\Users\Steve\Desktop\netstat.txt
2013-07-12 11:08 - 2013-07-12 11:08 - 00007692 _____ C:\Windows\hworks64.INI
2013-07-12 01:45 - 2013-03-28 03:11 - 00000000 ____D C:\Users\Steve\AppData\Local\Conduit
2013-07-12 01:41 - 2013-07-12 01:37 - 00000000 ____D C:\Program Files (x86)\ShellXView
2013-07-12 01:38 - 2013-07-12 01:38 - 00000000 ____D C:\Users\Steve\AppData\Roaming\WinPatrol
2013-07-12 01:38 - 2013-07-12 01:38 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-07-12 01:38 - 2013-03-28 00:09 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-12 01:36 - 2013-07-12 01:36 - 00064685 _____ C:\Users\Steve\Downloads\shexview.zip
2013-07-11 18:53 - 2013-07-11 18:01 - 00000000 ____D C:\Users\Steve\Documents\Fiddler2
2013-07-11 18:00 - 2013-07-11 18:00 - 00767312 _____ (Telerik) C:\Users\Steve\Downloads\fiddler4setup.exe
2013-07-11 18:00 - 2013-07-11 18:00 - 00000000 ____D C:\Program Files (x86)\Fiddler2
2013-07-11 17:37 - 2013-07-11 17:37 - 00018065 _____ C:\Users\Steve\Downloads\httparchive_schema.sql
2013-07-11 07:25 - 2013-07-11 07:25 - 00000000 ____D C:\Users\Steve\Desktop\darkambient.wav
2013-07-11 07:16 - 2013-07-11 07:16 - 00650592 _____ C:\Users\Steve\Downloads\curl-7.31.0-win64-ssl-sspi.zip
2013-07-11 07:02 - 2013-07-11 07:02 - 00073203 _____ C:\Users\Steve\Downloads\swfcatcherChrome.crx
2013-07-11 07:01 - 2013-07-11 07:00 - 00000000 ____D C:\Program Files (x86)\SourceTec
2013-07-10 20:05 - 2013-03-26 21:06 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Spotify
2013-07-10 11:58 - 2013-04-14 21:32 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Notepad++
2013-07-10 11:57 - 2013-07-10 11:57 - 07401344 _____ C:\Users\Steve\Downloads\npp.6.4.2.Installer.exe
2013-07-10 07:24 - 2013-03-27 23:42 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-10 05:36 - 2013-03-26 21:06 - 00000000 ____D C:\Users\Steve\AppData\Local\Spotify
2013-07-10 05:05 - 2013-05-07 00:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 05:05 - 2013-05-07 00:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 04:28 - 2009-07-13 23:46 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 04:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 04:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 00:07 - 2013-05-20 00:40 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-09 17:27 - 2013-07-09 17:27 - 05126104 _____ (Piriform Ltd) C:\Users\Steve\Downloads\spsetup122.exe
2013-07-09 17:27 - 2013-07-09 17:27 - 00000796 _____ C:\Users\Public\Desktop\Speccy.lnk
2013-07-09 17:27 - 2013-07-09 17:27 - 00000000 ____D C:\Program Files\Speccy
2013-07-09 17:04 - 2013-07-09 17:04 - 00550151 _____ C:\Users\Steve\Downloads\Autoruns.zip
2013-07-09 17:04 - 2013-07-09 17:04 - 00000000 ____D C:\Program Files (x86)\Autoruns
2013-07-09 17:02 - 2013-04-28 06:32 - 00000000 ____D C:\Windows\pss
2013-07-09 17:01 - 2013-07-09 17:01 - 00000000 ____D C:\Users\Steve\Desktop\FRST
2013-07-09 17:00 - 2013-07-09 17:00 - 00127860 _____ C:\Users\Steve\Downloads\memtest86+-4.20.usb.installer.zip
2013-07-09 06:42 - 2013-07-09 06:42 - 00001009 _____ C:\Users\Public\Desktop\Reaktor 5.lnk
2013-07-09 06:42 - 2013-05-30 08:11 - 00000000 __HDC C:\ProgramData\{F92C204F-6C39-4D56-B100-EC929C871966}
2013-07-09 06:40 - 2013-05-24 01:06 - 00000000 ____D C:\Program Files (x86)\VSTPlugIns
2013-07-09 01:06 - 2013-03-28 20:49 - 00000000 ____D C:\Users\Steve\AppData\Roaming\vlc
2013-07-08 22:52 - 2013-07-08 22:52 - 00001090 _____ C:\Users\Steve\Desktop\MSI Afterburner.lnk
2013-07-08 22:52 - 2013-07-08 22:52 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-07-08 22:49 - 2013-07-08 22:48 - 15569364 _____ C:\Users\Steve\Downloads\MSIAfterburnerSetup300Beta10.zip
2013-07-08 20:57 - 2013-07-08 20:57 - 01344480 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Steve\Downloads\GPU-Z.0.7.2.exe
2013-07-08 20:56 - 2013-07-08 20:56 - 00001096 _____ C:\Users\Steve\Desktop\MSI Kombustor 2.5.lnk
2013-07-08 20:55 - 2013-07-08 20:54 - 14184772 _____ (MSI Co., LTD                                                ) C:\Users\Steve\Downloads\MSI_Kombustor_Setup_2.5.2.exe
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\Windows\Sun
2013-07-08 20:50 - 2013-07-08 20:50 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-07-08 20:50 - 2012-10-12 01:37 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-07-07 16:34 - 2013-07-07 16:34 - 00000930 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2013-07-07 16:34 - 2013-03-26 22:28 - 00000000 ____D C:\Program Files\CPUID
2013-07-07 16:33 - 2013-07-07 16:33 - 01117848 _____ (                                                            ) C:\Users\Steve\Downloads\hwmonitor_1.23-setup.exe
2013-07-07 16:32 - 2013-03-26 22:36 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-07-06 22:42 - 2013-07-06 22:42 - 03931189 _____ (Geeks3D.com                                                 ) C:\Users\Steve\Downloads\FurMark_1.9.2.exe
2013-07-06 22:42 - 2013-07-06 22:42 - 00000000 ____D C:\Program Files (x86)\Geeks3D
2013-07-06 04:46 - 2013-03-31 06:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 14:10 - 2013-07-05 14:10 - 00001053 _____ C:\Users\Steve\Desktop\Mortal Kombat Komplete Edition.lnk
2013-07-05 14:10 - 2013-07-05 14:09 - 00000000 ____D C:\Users\Steve\AppData\Roaming\MKKE
2013-07-04 23:25 - 2013-07-04 23:23 - 00000361 _____ C:\Users\Steve\d3d_antilag.log
2013-07-04 23:21 - 2013-07-04 23:21 - 00008211 _____ C:\Users\Steve\Downloads\FPS Limiter-34-V1-01.rar
2013-07-04 19:38 - 2013-07-04 19:38 - 02841613 _____ (Igor Pavlov) C:\Users\Steve\Downloads\RivaTuner224c-[Guru3D.com].exe
2013-07-04 19:12 - 2013-07-04 19:12 - 00001009 _____ C:\Users\Steve\Desktop\Play The Elder Scrolls V Skyrim.lnk
2013-07-04 19:12 - 2013-07-04 19:12 - 00000000 ____D C:\Users\Steve\AppData\Local\Skyrim
2013-07-04 19:12 - 2013-07-04 19:12 - 00000000 ____D C:\ProgramData\Steam
2013-07-03 23:56 - 2013-07-03 23:56 - 00000000 ____D C:\Program Files (x86)\PE Explorer
2013-07-02 16:04 - 2013-03-31 06:23 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Mozilla
2013-07-02 16:04 - 2013-03-31 06:23 - 00000000 ____D C:\Users\Steve\AppData\Local\Mozilla
2013-07-02 16:00 - 2013-07-02 16:00 - 00000000 ____D C:\Users\Steve\.android
2013-07-01 13:41 - 2013-07-01 13:41 - 00000750 _____ C:\Users\Steve\AppData\Local\recently-used.xbel
2013-07-01 12:47 - 2013-07-01 12:47 - 00000000 ____D C:\Users\Steve\Downloads\InkscapePortable
2013-07-01 12:46 - 2013-07-01 12:46 - 00000000 ____D C:\Program Files (x86)\Inkscape
2013-07-01 12:45 - 2013-07-01 12:44 - 39289640 _____ (PortableApps.com) C:\Users\Steve\Downloads\InkscapePortable_0.48.4-1.paf.exe
2013-06-30 12:40 - 2013-06-30 12:35 - 00000000 ____D C:\Program Files (x86)\Windows Grep
2013-06-30 12:35 - 2013-06-30 12:34 - 00742893 _____ (                                                            ) C:\Users\Steve\Downloads\WindowsGrep23.exe
2013-06-30 09:20 - 2013-06-30 08:47 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Sony
2013-06-30 08:51 - 2013-06-30 08:51 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Publish Providers
2013-06-30 08:51 - 2013-06-30 08:48 - 00000000 ____D C:\Users\Steve\AppData\Local\Sony
2013-06-30 08:48 - 2013-06-30 08:48 - 00001038 _____ C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk
2013-06-30 08:48 - 2013-06-30 08:48 - 00000000 ____D C:\ProgramData\Sony
2013-06-30 08:48 - 2013-06-30 08:48 - 00000000 ____D C:\Program Files\Sony
2013-06-30 08:48 - 2013-06-30 08:48 - 00000000 ____D C:\Program Files (x86)\Sony
2013-06-30 08:44 - 2013-06-30 08:39 - 00000000 ____D C:\Users\Steve\AppData\Roaming\avidemux
2013-06-28 08:44 - 2013-06-28 08:44 - 00001296 _____ C:\Users\Steve\Desktop\BFBC2.lnk
2013-06-27 20:23 - 2013-06-27 20:23 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Rovio
2013-06-26 17:47 - 2013-06-26 17:47 - 00000000 ____D C:\Users\Steve\Documents\National Instruments
2013-06-26 17:46 - 2013-06-26 17:46 - 00003550 _____ C:\Windows\System32\Tasks\NIUpdateServiceCheckTask
2013-06-26 17:46 - 2013-06-26 17:46 - 00000000 ____D C:\Users\Steve\AppData\Roaming\National Instruments
2013-06-26 17:45 - 2013-06-26 17:45 - 00000000 ____D C:\Users\Steve\AppData\Local\National Instruments
2013-06-26 17:43 - 2013-06-26 17:33 - 00000000 ____D C:\ProgramData\National Instruments
2013-06-26 17:40 - 2013-06-26 17:40 - 00000000 ____D C:\ProgramData\Macrovision
2013-06-26 17:40 - 2013-06-26 17:40 - 00000000 ____D C:\Program Files (x86)\HI-TECH Software
2013-06-26 17:40 - 2013-06-26 17:36 - 00000000 ____D C:\Program Files (x86)\National Instruments
2013-06-26 17:39 - 2013-06-26 17:39 - 00000000 ____D C:\Users\Public\Documents\National Instruments
2013-06-26 17:39 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-26 17:37 - 2013-06-26 17:37 - 00000000 ____D C:\Windows\SysWOW64\cvirte
2013-06-26 17:37 - 2013-06-26 17:37 - 00000000 ____D C:\Windows\System32\cvirte
2013-06-26 17:37 - 2013-06-26 17:37 - 00000000 ____D C:\Program Files\National Instruments
2013-06-26 16:01 - 2013-06-26 16:01 - 00643592 _____ (Unity Technologies ApS) C:\Users\Steve\Downloads\UnityWebPlayer.exe
2013-06-26 16:01 - 2013-06-26 16:01 - 00000000 ____D C:\Users\Steve\AppData\Local\Unity
2013-06-26 13:29 - 2013-06-26 13:29 - 00000000 ____D C:\Program Files\Nomad Factory
2013-06-24 10:57 - 2013-06-22 17:30 - 00000000 ____D C:\Program Files (x86)\EMI
2013-06-24 10:56 - 2013-06-24 10:55 - 00000000 ____D C:\Program Files (x86)\MultiExtractor
2013-06-24 10:55 - 2013-06-24 10:55 - 00000000 ____D C:\Users\Steve\AppData\Roaming\MultiExtractor
2013-06-24 09:39 - 2013-06-24 09:39 - 07872648 _____ (Adobe Systems Inc.) C:\Users\Steve\Downloads\Shockwave_Installer_Slim.exe
2013-06-24 09:39 - 2013-06-24 09:39 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-06-23 15:51 - 2013-06-23 15:47 - 00001456 _____ C:\Users\Steve\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-06-23 15:46 - 2012-10-12 01:21 - 00000000 ____D C:\Users\Steve\AppData\Local\VirtualStore
2013-06-23 15:42 - 2013-04-05 16:57 - 00000000 ____D C:\Users\Steve\Documents\Adobe
2013-06-23 15:42 - 2013-03-27 23:40 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Adobe
2013-06-23 04:20 - 2013-06-23 04:20 - 00001041 _____ C:\Users\Public\Desktop\Avidemux 2.6 (32-bit).lnk
2013-06-23 04:20 - 2013-06-23 04:20 - 00000000 ____D C:\Program Files (x86)\Avidemux 2.6
2013-06-23 04:19 - 2013-06-23 04:19 - 22805174 _____ C:\Users\Steve\Downloads\avidemux_2.6.4_win32.exe
2013-06-23 03:59 - 2013-06-23 03:59 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft FxCop
2013-06-23 03:43 - 2013-06-23 03:43 - 00407941 _____ C:\Users\Steve\Downloads\MidiServices.zip
2013-06-23 03:39 - 2013-06-23 03:39 - 01181112 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\patch_KB2781514.exe
2013-06-23 03:32 - 2013-06-23 03:32 - 00000000 ____D C:\Program Files (x86)\NuGet
2013-06-23 03:31 - 2013-06-23 03:31 - 00000000 ____D C:\Windows\symbols
2013-06-23 03:30 - 2013-06-23 03:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2013-06-23 03:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-06-23 03:27 - 2013-05-01 08:27 - 00000000 ____D C:\ProgramData\Package Cache
2013-06-23 03:23 - 2013-06-23 03:19 - 637313024 _____ C:\Users\Steve\Downloads\VS2012_WDX_ENU.iso
2013-06-23 03:15 - 2013-06-23 03:15 - 00889416 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\dotNetFx40_Full_setup.exe
2013-06-21 13:48 - 2013-06-21 13:48 - 00748246 _____ (                                                            ) C:\Users\Steve\Downloads\reshack_setup.exe
2013-06-21 13:48 - 2013-06-21 13:48 - 00000000 ____D C:\Program Files (x86)\Resource Hacker
2013-06-21 13:47 - 2013-06-21 13:47 - 00000000 ____D C:\Users\Public\Documents\Explorer Suite Signatures
2013-06-21 13:47 - 2013-06-21 13:47 - 00000000 ____D C:\Program Files\NTCore
2013-06-21 13:46 - 2013-06-21 13:46 - 03613174 _____ (                                                            ) C:\Users\Steve\Downloads\ExplorerSuite.exe
2013-06-21 09:33 - 2013-03-27 23:40 - 00000000 ____D C:\Users\Steve\AppData\Local\Adobe
2013-06-21 09:32 - 2013-06-21 09:32 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-21 09:32 - 2013-03-27 23:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-21 09:32 - 2013-03-27 23:40 - 00000000 ____D C:\ProgramData\Adobe
2013-06-21 09:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-06-21 09:13 - 2013-06-21 09:13 - 00000000 ____D C:\Program Files (x86)\FXpansion
2013-06-21 09:11 - 2013-06-21 09:11 - 00001445 _____ C:\Users\Steve\Downloads\FXPansion.VST.to.RTAS.Adapter.v2.11-AiR.torrent
2013-06-21 09:04 - 2013-05-24 10:23 - 00000000 ____D C:\Users\Steve\AppData\Local\PACE Anti-Piracy
2013-06-21 08:58 - 2013-06-21 08:58 - 00000000 ____D C:\ProgramData\Digidesign
2013-06-21 07:58 - 2013-06-20 22:57 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Download Manager
2013-06-21 07:44 - 2013-03-27 01:49 - 00000804 _____ C:\Users\Steve\Desktop\Battlefield 3.lnk
2013-06-21 07:18 - 2012-05-10 06:14 - 00000000 ___HD C:\Users\Steve\AppData\Local\2ZR5neNN3T4oT
2013-06-21 07:11 - 2013-06-21 00:04 - 00000000 ____D C:\Windows\System32\Tasks\Leader Technologies
2013-06-21 00:04 - 2013-06-21 00:04 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Leadertech
2013-06-21 00:01 - 2013-04-29 10:53 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Waves Audio
2013-06-21 00:00 - 2013-06-21 00:00 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Trillium Lane
2013-06-21 00:00 - 2013-05-24 10:23 - 00000000 ____D C:\Users\Steve\AppData\Roaming\PACE Anti-Piracy
2013-06-21 00:00 - 2013-05-24 10:23 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-06-20 23:49 - 2013-06-20 23:44 - 14314689 _____ C:\Users\Steve\Downloads\Patch VR.rar
2013-06-20 23:30 - 2013-06-20 23:30 - 00000000 ____D C:\ProgramData\DigiDriver
2013-06-20 23:18 - 2013-06-20 23:18 - 00000000 ____D C:\ProgramData\PACE
2013-06-20 23:18 - 2013-03-27 01:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-20 13:12 - 2013-06-20 13:12 - 00000000 ____D C:\Users\Steve\Documents\discoDSP
2013-06-20 11:16 - 2013-06-20 11:06 - 00000000 ____D C:\Users\Steve\Documents\BFBC2
2013-06-20 00:01 - 2013-06-20 00:00 - 00004802 _____ C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-20 00:01 - 2012-10-12 01:37 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-19 03:16 - 2013-03-27 02:00 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-19 02:44 - 2013-06-19 02:44 - 00000000 ____D C:\Users\Steve\AppData\Local\Origin
2013-06-19 02:44 - 2013-03-27 01:58 - 00000000 ____D C:\ProgramData\Origin
2013-06-19 02:43 - 2013-06-19 02:43 - 00000534 _____ C:\Users\Public\Desktop\Origin.lnk
2013-06-19 02:42 - 2013-06-19 02:42 - 16959688 _____ (Electronic Arts, Inc.) C:\Users\Steve\Downloads\OriginThinSetup.exe
2013-06-19 02:31 - 2013-06-19 02:31 - 00272409 _____ C:\Windows\SysWOW64\TmpA327115376
2013-06-19 02:31 - 2013-06-14 06:39 - 00000000 ____D C:\Program Files (x86)\Steinberg
2013-06-19 02:31 - 2013-04-29 13:11 - 00000000 ____D C:\Program Files (x86)\GB3
2013-06-19 02:30 - 2012-10-12 01:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-06-19 02:29 - 2013-04-03 11:50 - 00000000 ____D C:\Program Files (x86)\AMD
2013-06-19 02:26 - 2012-10-12 01:31 - 00000000 ____D C:\Users\Steve\AppData\Local\Deployment
2013-06-18 23:26 - 2013-06-18 23:26 - 00000939 _____ C:\Users\Steve\Desktop\OBS.lnk
2013-06-18 23:26 - 2013-06-18 23:26 - 00000000 ____D C:\Users\Steve\AppData\Roaming\OBS
2013-06-18 23:24 - 2013-06-18 23:24 - 06815170 _____ C:\Users\Steve\Downloads\OBS_0_522b_Installer.exe
2013-06-18 10:22 - 2013-06-18 10:22 - 00000218 _____ C:\Users\Steve\.recently-used.xbel
2013-06-18 10:22 - 2013-06-18 10:14 - 00000000 ____D C:\Users\Steve\Documents\Test
2013-06-18 10:16 - 2013-06-18 10:16 - 00000000 ____D C:\Users\Steve\AppData\Roaming\gtk-2.0
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe
[2013-07-18 22:16] - [2011-02-24 22:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe
[2013-07-18 22:13] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
 
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8165.8 MB
Available physical RAM: 7313.78 MB
Total Pagefile: 8163.95 MB
Available Pagefile: 7313.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100.54 GB) (Free:13.24 GB) NTFS (Disk=0 Partition=3)
Drive d: (Everything) (Fixed) (Total:642 GB) (Free:7.68 GB) NTFS (Disk=0 Partition=2)
Drive f: (FRST) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Windows) (Fixed) (Total:188.97 GB) (Free:120.99 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 000E710D)
Partition 1: (Active) - (Size=189 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=642 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=101 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00001511)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
 
 
LastRegBack: 2013-07-13 10:47
 
==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users