Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Red flag in aswMBR IRP_MJ_CREATE... what to do?


  • This topic is locked This topic is locked
51 replies to this topic

#1 nexus666

nexus666

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 28 September 2013 - 07:59 PM

Hi.  I just got this computer a week ago and none of the other programs I have seem to find anything, but in aswMBR it finds this :  \Driver\iaStorA[0xfffffa8003ee6900] -> IRP_MJ_CREATE -> 0xfffffa8003c522c0 

 

Is it a malware?  Should I click fix mbr?  I'm not sure what program to use to remove this.  I've tried to scan with : Mbam, Hitmanpro, Avast but none of them seem to find anything.  

 

I also scanned with tdsskiller and it found 3 PUPs on a deep reboot scan, but I think 2 were from the start menu hijack I installed so I could get a start menu like win7.  Could this have had malware?  Not sure what to do next to remove or check further.  Thanks

 

 

aswMBR log:  

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-29 05:07:45
-----------------------------
05:07:45.550    OS Version: Windows x64 6.2.9200 
05:07:45.550    Number of processors: 4 586 0x3A09
05:07:45.550    ComputerName: WINTERMUTE  UserName: Zero-One
05:07:45.800    Initialze error 1 
05:07:46.191    AVAST engine defs: 13092800
05:07:49.793    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003d
05:07:49.809    Disk 0 Vendor: SAMSUNG_MZMTD128HAFV-000L1 DXT43L0Q Size: 122104MB BusType: 11
05:07:49.809    Disk 0 MBR read successfully
05:07:49.809    Disk 0 MBR scan
05:07:49.825    Disk 0 unknown MBR code
05:07:49.825    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
05:07:49.840    Disk 0 scanning C:\windows\system32\drivers
05:07:49.840    Service scanning
05:07:50.575    Modules scanning
05:07:50.575    Disk 0 trace - called modules:
05:07:50.575    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8003c1e2c0]<<sptd.sys storport.sys hal.dll iaStorA.sys 
05:07:50.590    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005760060]
05:07:50.590    3 CLASSPNP.SYS[fffff8800172be0a] -> nt!IofCallDriver -> \Device\0000003d[0xfffffa8003ee6060]
05:07:50.606    \Driver\iaStorA[0xfffffa8003eebe60] -> IRP_MJ_CREATE -> 0xfffffa8003c1e2c0
05:07:50.606    AVAST engine scan C:\windows
05:07:50.622    AVAST engine scan C:\windows\system32
05:07:50.622    AVAST engine scan C:\windows\system32\drivers
05:07:50.622    AVAST engine scan C:\Users\Zero-One
05:07:50.637    AVAST engine scan C:\ProgramData
05:07:50.637    Scan finished successfully
05:08:06.710    Disk 0 MBR has been saved successfully to "C:\Users\Zero-One\Documents\MBR.dat"
05:08:06.710    The log file has been saved successfully to "C:\Users\Zero-One\Documents\aswMBR.txt"

Edited by nexus666, 28 September 2013 - 08:00 PM.


BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 AM

Posted 01 October 2013 - 09:39 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
Are you using any type of CD Emulation programs by chance?
----------------------------
 

Please download DDS from either of these links
 
LINK 1
LINK 2
 
and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:
 
DDS.txt
 
Attach.txt
----------
 

81mYIKe.jpgAdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 nexus666

nexus666
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 02 October 2013 - 03:27 AM

adwcleaner finds nothing but chrome preferences

 

# AdwCleaner v3.006 - Report created 02/10/2013 at 01:24:02
# Updated 01/10/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Zero-One - WINTERMUTE
# Running from : C:\Users\Zero-One\Downloads\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16688
 
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\Zero-One\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R1].txt - [612 octets] - [02/10/2013 01:24:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [671 octets] ##########


#4 nexus666

nexus666
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 02 October 2013 - 03:36 AM

here is the attach.txt log:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 9/27/2013 2:13:57 PM
System Uptime: 10/1/2013 10:25:52 PM (3 hours ago)
.
Motherboard: LENOVO |  | Yoga2
Processor: Intel® Core™ i3-3229Y CPU @ 1.40GHz | U3E1 | 1401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 102 GiB total, 0.329 GiB free.
D: is FIXED (NTFS) - 4 GiB total, 2.317 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Microsoft Bluetooth Enumerator
Device ID: BTH\MS_BTHBRB\8&7DA446C&0&1
Manufacturer: Microsoft
Name: Microsoft Bluetooth Enumerator
PNP Device ID: BTH\MS_BTHBRB\8&7DA446C&0&1
Service: BthEnum
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Microsoft Bluetooth LE Enumerator
Device ID: BTH\MS_BTHLE\8&7DA446C&0&0
Manufacturer: Microsoft
Name: Microsoft Bluetooth LE Enumerator
PNP Device ID: BTH\MS_BTHLE\8&7DA446C&0&0
Service: BthLEEnum
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Lenovo EasyCamera
Device ID: USB\VID_04F2&PID_B35E&MI_00\7&38823332&0&0000
Manufacturer: Chicony
Name: Lenovo EasyCamera
PNP Device ID: USB\VID_04F2&PID_B35E&MI_00\7&38823332&0&0000
Service: rtsuvc
.
==== System Restore Points ===================
.
RP3: 9/28/2013 11:36:22 PM - Installed DirectX
RP4: 10/1/2013 11:04:57 PM - Installed DirectX
.
==== Installed Programs ======================
.
µTorrent
«CYPHER: Cyberpunk Text Adventure» 1.0
7-Zip 9.20 (x64 edition)
AIMP3
Audacity 2.0.4
avast! Free Antivirus
Botanicula
Castle of Illusion
CCleaner
Classic Shell
Comodo Dragon
Conexant HD Audio
Cool Edit Pro 2.1
DuckTales Remastered
Element4l
Energy Management
Giana Sisters Twisted Dreams - Rise of the Owlverlord
Google Chrome
Intel® Dynamic Platform and Thermal Framework
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Java 7 Update 40
Java Auto Updater
Leisure Suit Larry Reloaded
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo Transition
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Motion Control
Realtek USB Card Reader
REALTEK Wireless LAN and Bluetooth Driver
Revo Uninstaller 1.95
Shadowrun Returns
Shared C Run-time for x64
Sonic Ep 1
Sonic the Hedgehog 4 - Episode II © SEGA version 1
Space Hulk
SUPERAntiSpyware
Synaptics Pointing Device Driver
Trillian
VLC media player 2.1.0
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)
.
==== Event Viewer Messages From Past Week ========
.
9/30/2013 7:48:03 AM, Error: Service Control Manager [7034]  - The ymc service terminated unexpectedly.  It has done this 1 time(s).
9/30/2013 10:58:28 AM, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
9/28/2013 12:49:41 AM, Error: Service Control Manager [7034]  - The VeriFaceSrv service terminated unexpectedly.  It has done this 1 time(s).
10/1/2013 7:52:16 PM, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.
10/1/2013 7:52:16 PM, Error: Schannel [36884]  - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate.
10/1/2013 5:49:55 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {0041494D-5033-4472-6F70-546172676574}. The error: "740" Happened while starting this command: C:\PROGRA~2\AIMP3\AIMP3.exe -Embedding
10/1/2013 10:25:53 PM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
.
==== End Of File ===========================

Edited by nexus666, 02 October 2013 - 03:41 AM.


#5 nexus666

nexus666
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 02 October 2013 - 03:42 AM

 
I should mention that I disabled the bluetooth in device manager since i do not have any bluetooth devices. not sure if thats related to the errors.  I also have disabled several seemingly unnecessary startup programs which came with the pc. 
 
 
here is the dds.txt log:
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16688  BrowserJavaVersion: 10.40.2
Run by Zero-One at 1:28:28 on 2013-10-02
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3975.2304 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\dwm.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\CxAudMsg64.exe
C:\windows\system32\DptfParticipantProcessorService.exe
C:\windows\system32\DptfPolicyConfigTDPService.exe
C:\windows\system32\DptfPolicyLpmService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskhostex.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe
C:\ProgramData\YogaSmartSwicth\yogaserver.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Zero-One\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Users\Zero-One\Downloads\AdwCleaner (1).exe
C:\windows\syswow64\wwahost.exe
C:\windows\SysWOW64\ctfmon.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo13.msn.com
uDefault_Page_URL = hxxp://lenovo13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MOTION~1.LNK - C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{37BB2632-EB18-44B0-810E-3CB2B8158B5A} : DHCPNameServer = 150.202.1.3
TCP: Interfaces\{441731C8-0CF7-4130-8FAE-2B41F14B2E19} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{441731C8-0CF7-4130-8FAE-2B41F14B2E19}\341626C65675966496 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{441731C8-0CF7-4130-8FAE-2B41F14B2E19}\34963736F60353732353 : DHCPNameServer = 192.168.7.254
TCP: Interfaces\{441731C8-0CF7-4130-8FAE-2B41F14B2E19}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{441731C8-0CF7-4130-8FAE-2B41F14B2E19}\B616E67716C6A69647D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
TCP: Interfaces\{441731C8-0CF7-4130-8FAE-2B41F14B2E19}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{441731C8-0CF7-4130-8FAE-2B41F14B2E19}\E4544574541425D27457563747 : DHCPNameServer = 10.0.0.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [DptfPolicyLpmServiceHelper] C:\windows\System32\DptfPolicyLpmServiceHelper.exe
x64-Run: [SynLenovoGestureMgr] "C:\Program Files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" /m
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [BtServer] "C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe"
x64-Run: [Lenovo Transition] C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe -HIDE
x64-Run: [yogaserver] C:\ProgramData\YogaSmartSwicth\yogaserver.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\windows\System32\Drivers\aswRvrt.sys [2013-9-28 65336]
R0 aswVmm;aswVmm;C:\windows\System32\Drivers\aswVmm.sys [2013-9-28 204880]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-8-21 647736]
R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2013-8-21 39008]
R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswSnx.sys [2013-9-28 1030952]
R1 aswSP;aswSP;C:\windows\System32\Drivers\aswSP.sys [2013-9-28 378944]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\Drivers\aswFsBlk.sys [2013-9-28 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-9-28 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-28 46808]
R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2013-8-21 205560]
R2 DptfParticipantProcessorService;Intel® Dynamic Platform and Thermal Framework Processor Participant Service Application;C:\windows\System32\DptfParticipantProcessorService.exe [2013-2-4 31632]
R2 DptfPolicyConfigTDPService;Intel® Dynamic Platform and Thermal Framework Config TDP Service Application;C:\windows\System32\DptfPolicyConfigTDPService.exe [2013-2-4 33168]
R2 DptfPolicyLpmService;Intel® Dynamic Platform and Thermal Framework Low Power Mode Service Application;C:\windows\System32\DptfPolicyLpmService.exe [2013-2-4 39824]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-21 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-8-21 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-27 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-27 701512]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-8-21 364416]
R2 ymc;ymc;C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [2013-8-21 27216]
R3 acpials;ALS Sensor Filter;C:\windows\System32\Drivers\acpials.sys [2012-7-25 9728]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]
R3 DptfDevPch;DptfDevPch;C:\windows\System32\Drivers\DptfDevPch.sys [2013-2-4 97680]
R3 DptfDevProc;DptfDevProc;C:\windows\System32\Drivers\DptfDevProc.sys [2013-2-4 229776]
R3 DptfManager;DptfManager;C:\windows\System32\Drivers\DptfManager.sys [2013-2-4 363920]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-4-26 342528]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-9-27 25928]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2013-8-21 326368]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\windows\System32\Drivers\RtkBtfilter.sys [2013-8-21 696976]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\windows\System32\Drivers\rtwlanu.sys [2013-8-21 1584200]
R3 SensorsAlsDriver;UMDF Reflector service for SensorsAlsDriver;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
R3 SensorsHIDClassDriver;UMDF Reflector service for SensorsHIDClassDriver;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
R3 SensorsServiceDriver;UMDF Reflector service for SensorsServiceDriver;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2013-4-26 33008]
S3 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-8-1 2095808]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-8-21 169752]
S3 rtsuvc;Lenovo EasyCamera;C:\windows\System32\Drivers\rtsuvc.sys [2013-8-21 8243144]
S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2013-8-21 102376]
.
=============== Created Last 30 ================
.
2013-10-02 08:24:00 -------- d-----w- C:\AdwCleaner
2013-10-01 15:27:27 -------- d-----w- C:\Users\Zero-One\AppData\Local\Mozilla
2013-09-30 05:23:58 -------- d-----w- C:\Users\Zero-One\AppData\Roaming\Playstos srl
2013-09-30 01:49:25 -------- d-----w- C:\Users\Zero-One\AppData\Local\Diagnostics
2013-09-29 12:16:47 -------- d-----w- C:\TDSSKiller_Quarantine
2013-09-29 07:45:46 -------- d-----w- C:\Users\Zero-One\AppData\Roaming\Wayforward Technologies
2013-09-29 07:45:29 -------- d-----w- C:\ProgramData\Steam
2013-09-29 07:28:51 -------- d-----w- C:\Users\Zero-One\AppData\Local\.inapptracking
2013-09-29 06:47:56 -------- d-----w- C:\ProgramData\SUPERSetup
2013-09-29 06:36:59 2401112 ----a-w- C:\windows\System32\D3DX9_43.dll
2013-09-29 06:20:21 -------- d--h--w- C:\windows\msdownld.tmp
2013-09-29 06:19:51 -------- d-----w- C:\windows\SysWow64\directx
2013-09-29 04:47:52 -------- d-----w- C:\Users\Zero-One\AppData\Roaming\Full Control
2013-09-29 04:47:52 -------- d-----w- C:\Users\Zero-One\AppData\Local\SKIDROW
2013-09-29 03:12:43 -------- d-----w- C:\Users\Zero-One\AppData\Roaming\uTorrent
2013-09-29 02:37:56 -------- d-----w- C:\Users\Zero-One\AppData\Roaming\AIMP3
2013-09-29 02:37:53 -------- d-----w- C:\Program Files (x86)\AIMP3
2013-09-29 02:23:12 -------- d-----w- C:\Program Files (x86)\Audacity
2013-09-28 14:24:57 540688 ----a-w- C:\windows\System32\d3dx10_39.dll
2013-09-28 13:54:36 -------- d-----w- C:\Temp
2013-09-28 13:52:46 -------- d-----w- C:\Program Files (x86)\coolpro2
2013-09-28 13:39:02 -------- d-----w- C:\Users\Zero-One\AppData\Local\DOSBox
2013-09-28 12:45:50 -------- d-----w- C:\ProgramData\Oracle
2013-09-28 12:44:21 868264 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-09-28 12:44:21 790440 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-09-28 12:44:18 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-28 12:20:37 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2013-09-28 12:20:37 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-09-28 12:17:58 -------- d-----w- C:\ProgramData\Battle.net
2013-09-28 12:14:38 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74
2013-09-28 12:03:48 -------- d-----w- C:\Users\Zero-One\AppData\Local\Conexant
2013-09-28 10:52:57 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-09-28 10:52:51 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-09-28 10:52:51 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-09-28 10:52:51 204880 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-09-28 10:52:51 1030952 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-09-28 10:52:13 41664 ----a-w- C:\windows\avastSS.scr
2013-09-28 10:51:28 -------- d-----w- C:\Program Files\AVAST Software
2013-09-28 10:50:56 -------- d-----w- C:\ProgramData\AVAST Software
2013-09-28 10:16:37 -------- d-----w- C:\Users\Zero-One\AppData\Local\Harebrained Schemes
2013-09-28 10:16:37 -------- d-----w- C:\Users\Zero-One\AppData\Local\EMU
2013-09-28 10:01:18 -------- d-----w- C:\Games
2013-09-28 09:58:26 -------- d-----w- C:\Program Files (x86)\Alcohol Soft
2013-09-28 09:54:51 564824 ----a-w- C:\windows\System32\drivers\sptd.sys
2013-09-28 09:17:39 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{236F74FE-90A2-4A50-8C71-6AF0042E9D72}\mpengine.dll
2013-09-28 09:17:20 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-09-28 09:07:52 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-09-28 09:07:49 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-09-28 09:05:39 -------- d-----w- C:\Users\Zero-One\AppData\Roaming\Trillian
2013-09-28 08:52:22 566784 ----a-w- C:\windows\System32\wvc.dll
2013-09-28 08:52:22 462336 ----a-w- C:\windows\System32\sysmon.ocx
2013-09-28 08:52:22 437248 ----a-w- C:\windows\SysWow64\wvc.dll
2013-09-28 08:52:22 399360 ----a-w- C:\windows\SysWow64\sysmon.ocx
2013-09-28 08:52:22 1374208 ----a-w- C:\windows\System32\wdc.dll
2013-09-28 08:52:22 1245696 ----a-w- C:\windows\SysWow64\wdc.dll
2013-09-28 08:48:50 -------- d-----w- C:\Program Files\HitmanPro
2013-09-28 08:48:33 -------- d-----w- C:\ProgramData\HitmanPro
2013-09-28 08:16:28 -------- d-----w- C:\Users\Zero-One\AppData\Roaming\SUPERAntiSpyware.com
2013-09-28 08:16:07 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-09-28 08:16:07 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-09-28 08:13:31 -------- d-----w- C:\windows\System32\MRT
2013-09-28 08:12:02 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-09-28 08:12:00 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-09-28 08:06:30 4917760 ----a-w- C:\windows\System32\sppsvc.exe
2013-09-28 08:04:58 911032 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-09-28 08:03:59 723968 ----a-w- C:\windows\System32\BFE.DLL
2013-09-28 07:58:55 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-09-28 07:58:55 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-09-28 07:58:54 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-09-28 07:58:54 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-09-28 07:58:54 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-09-28 07:58:54 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-09-28 07:58:54 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-09-28 07:58:36 997632 ----a-w- C:\windows\System32\drivers\ndis.sys
2013-09-28 07:58:00 1314816 ----a-w- C:\windows\System32\rpcrt4.dll
2013-09-28 07:57:59 694272 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-09-28 07:32:37 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-09-28 07:32:32 144896 ----a-w- C:\windows\System32\tssdisai.dll
2013-09-28 07:31:57 -------- d-----w- C:\Users\Zero-One\AppData\Local\ElevatedDiagnostics
2013-09-28 07:17:19 -------- d-----w- C:\Program Files\Classic Shell
2013-09-28 07:01:03 -------- d-----w- C:\Users\Zero-One\AppData\Local\Comodo
2013-09-28 07:01:00 57096 ----a-w- C:\windows\System32\certsentry.dll
2013-09-28 07:01:00 48392 ----a-w- C:\windows\SysWow64\certsentry.dll
2013-09-28 07:00:50 -------- d-----w- C:\Program Files (x86)\Comodo
2013-09-28 07:00:13 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2013-09-28 07:00:13 1060864 ----a-w- C:\windows\SysWow64\mfc71.dll
2013-09-28 06:57:13 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-09-27 21:53:50 -------- d-----w- C:\Users\Zero-One\AppData\Local\Google
2013-09-27 21:53:25 -------- d-----w- C:\Users\Zero-One\AppData\Local\Deployment
2013-09-27 21:53:25 -------- d-----w- C:\Users\Zero-One\AppData\Local\Apps
2013-09-27 21:52:10 -------- d-----w- C:\Users\Zero-One\AppData\Roaming\Malwarebytes
2013-09-27 21:52:02 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-27 21:52:01 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-09-27 21:52:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-27 21:51:47 -------- d-----w- C:\Users\Zero-One\AppData\Local\Programs
2013-09-27 21:49:10 -------- d-----w- C:\Program Files\CCleaner
2013-09-27 21:40:00 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-09-27 21:16:16 -------- d-----w- C:\Users\Zero-One\AppData\Roaming\Intel Corporation
2013-09-27 21:15:14 -------- d-----w- C:\Users\Zero-One\AppData\Local\MotionControl
2013-09-27 21:15:03 -------- d-----w- C:\Users\Zero-One\AppData\Local\Absolute_Software
2013-09-27 21:14:47 -------- d-----r- C:\Users\Zero-One\Searches
2013-09-27 21:14:46 -------- d-----r- C:\Users\Zero-One\Contacts
2013-09-27 21:14:06 -------- d-----w- C:\Users\Zero-One\AppData\Local\VirtualStore
2013-09-27 21:14:00 -------- d-----w- C:\Users\Zero-One\AppData\Local\Packages
.
==================== Find3M  ====================
.
2013-09-18 23:26:35 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-18 23:26:35 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-08-21 20:36:33 888320 ----a-w- C:\windows\System32\autochk.exe
2013-08-21 20:36:33 793088 ----a-w- C:\windows\SysWow64\autochk.exe
2013-08-21 20:36:33 542208 ----a-w- C:\windows\System32\untfs.dll
2013-08-21 20:36:33 482816 ----a-w- C:\windows\SysWow64\untfs.dll
2013-08-21 20:36:21 411880 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2013-08-21 20:34:47 733184 ----a-w- C:\windows\System32\win32spl.dll
2013-08-21 20:33:39 70144 ----a-w- C:\windows\System32\appinfo.dll
2013-08-21 20:33:39 112872 ----a-w- C:\windows\System32\consent.exe
2013-08-21 20:12:14 66560 ----a-w- C:\windows\System32\drivers\UMDF\LenovoVhid.dll
2013-08-21 20:12:14 1511280 ----a-w- C:\windows\System32\WudfUpdate_01011.dll
2013-08-21 20:12:13 19872 ----a-w- C:\windows\System32\LenovoSDKEmSubSystem.dll
2013-08-21 20:12:06 39008 ----a-w- C:\windows\System32\drivers\LhdX64.sys
2013-08-21 20:12:06 33560 ----a-w- C:\windows\System32\drivers\AcpiVpc.sys
2013-08-21 04:12:06 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-08-21 04:11:59 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-08-21 04:11:59 53760 ----a-w- C:\windows\System32\UXInit.dll
2013-08-21 04:11:04 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-08-21 04:11:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-08-21 02:34:51 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-08-21 02:06:11 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-08-21 02:06:06 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2013-08-21 02:05:25 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-08-21 02:05:25 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-08-21 01:43:54 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-08-20 23:52:56 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2013-08-16 05:41:13 58200 ----a-w- C:\windows\System32\drivers\dam.sys
2013-08-16 05:39:26 2371728 ----a-w- C:\windows\System32\WSService.dll
2013-08-16 05:32:48 209200 ----a-w- C:\windows\System32\NotificationUI.exe
2013-08-16 05:22:22 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-08-16 05:20:30 105984 ----a-w- C:\windows\System32\WinSetupUI.dll
2013-08-15 22:43:21 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-08-15 22:43:07 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-08-15 22:43:07 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03 562688 ----a-w- C:\windows\SysWow64\WSShared.dll
2013-08-15 22:43:03 159232 ----a-w- C:\windows\SysWow64\WSSync.dll
2013-08-15 22:43:02 83968 ----a-w- C:\windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02 167424 ----a-w- C:\windows\SysWow64\WSClient.dll
2013-08-15 22:43:02 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52 76800 ----a-w- C:\windows\SysWow64\setupcln.dll
2013-08-15 22:42:47 91648 ----a-w- C:\windows\SysWow64\sppc.dll
2013-08-10 05:21:51 448512 ----a-w- C:\windows\System32\SettingSync.dll
2013-08-10 05:21:51 128512 ----a-w- C:\windows\System32\SettingSyncInfo.dll
2013-08-10 03:58:51 356352 ----a-w- C:\windows\SysWow64\SettingSync.dll
2013-08-03 04:30:14 4038144 ----a-w- C:\windows\System32\win32k.sys
2013-08-02 06:28:29 10116608 ----a-w- C:\windows\System32\twinui.dll
2013-08-02 06:26:53 2304512 ----a-w- C:\windows\System32\authui.dll
2013-08-02 05:08:18 8858112 ----a-w- C:\windows\SysWow64\twinui.dll
2013-08-02 05:06:50 2035712 ----a-w- C:\windows\SysWow64\authui.dll
2013-08-01 10:41:31 2233688 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-07-27 03:58:39 2207232 ----a-w- C:\windows\SysWow64\PrintConfig.dll
2013-07-24 23:10:08 158208 ----a-w- C:\windows\SysWow64\mbsmsapi.dll
2013-07-24 23:06:39 225280 ----a-w- C:\windows\System32\mbsmsapi.dll
2013-07-13 06:18:21 337408 ----a-w- C:\windows\System32\wintrust.dll
2013-07-13 06:16:06 68096 ----a-w- C:\windows\System32\cryptsvc.dll
2013-07-13 06:16:06 1889280 ----a-w- C:\windows\System32\crypt32.dll
2013-07-13 06:15:53 98304 ----a-w- C:\windows\System32\apprepsync.dll
2013-07-13 06:15:53 124416 ----a-w- C:\windows\System32\apprepapi.dll
2013-07-13 04:24:58 261120 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-07-13 04:23:11 1568256 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-07-13 04:23:03 87040 ----a-w- C:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23:03 74240 ----a-w- C:\windows\SysWow64\apprepsync.dll
2013-07-09 08:04:07 120144 ----a-w- C:\windows\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21 439488 ----a-w- C:\windows\System32\WerFault.exe
2013-07-09 04:25:45 385768 ----a-w- C:\windows\SysWow64\WerFault.exe
2013-07-09 03:57:19 245760 ----a-w- C:\windows\SysWow64\LocationApi.dll
2013-07-08 22:46:00 543744 ----a-w- C:\windows\System32\wwanmm.dll
2013-07-08 22:46:00 414208 ----a-w- C:\windows\System32\wwanconn.dll
2013-07-08 22:46:00 370688 ----a-w- C:\windows\System32\Wwanadvui.dll
2013-07-08 22:45:16 312832 ----a-w- C:\windows\System32\LocationApi.dll
2013-07-06 00:16:17 1025024 ----a-w- C:\windows\System32\localspl.dll
.
============= FINISH:  1:29:17.38 ===============


#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 AM

Posted 02 October 2013 - 06:52 AM

ttLR1ki.jpg

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 nexus666

nexus666
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 02 October 2013 - 07:18 AM

OTL logfile created on: 10/2/2013 5:03:16 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zero-One\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16688)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.88 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 46.42% Memory free
6.70 Gb Paging File | 4.77 Gb Available in Paging File | 71.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101.78 Gb Total Space | 0.95 Gb Free Space | 0.94% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 2.32 Gb Free Space | 57.91% Space Free | Partition Type: NTFS
 
Computer Name: WINTERMUTE | User Name: Zero-One | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zero-One\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe (Lenovo)
PRC - C:\ProgramData\YogaSmartSwicth\yogaserver.exe ()
PRC - C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo)
PRC - C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Classic Shell\ClassicShellService.exe (IvoSoft)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Lenovo\Lenovo Transition\GuiSys.dll ()
MOD - C:\ProgramData\YogaSmartSwicth\yogaserver.exe ()
MOD - C:\Program Files (x86)\Lenovo\Lenovo Transition\SimpRes.dll ()
MOD - C:\Program Files (x86)\Lenovo\Lenovo Transition\LangHlpr.dll ()
MOD - C:\Program Files (x86)\Trillian\libpng15.dll ()
MOD - C:\Program Files (x86)\Trillian\libungif.dll ()
MOD - C:\Program Files (x86)\Trillian\zlib1.dll ()
MOD - c:\Program Files (x86)\Trillian\languages\en\buddy.dll ()
MOD - c:\Program Files (x86)\Trillian\languages\en\talk.dll ()
MOD - c:\Program Files (x86)\Trillian\languages\en\trillian.dll ()
MOD - c:\Program Files (x86)\Trillian\languages\en\events.dll ()
MOD - c:\Program Files (x86)\Trillian\languages\en\toolkit.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (DptfPolicyLpmService) -- C:\Windows\SysNative\DptfPolicyLpmService.exe (Intel Corporation)
SRV:64bit: - (DptfPolicyConfigTDPService) -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe (Intel Corporation)
SRV:64bit: - (DptfParticipantProcessorService) -- C:\Windows\SysNative\DptfParticipantProcessorService.exe (Intel Corporation)
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (ClassicShellService) -- C:\Program Files\Classic Shell\ClassicShellService.exe (IvoSoft)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV - (ymc) -- C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe (Lenovo)
SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\Drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\Drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\Drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\Drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\Drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (RtlWlanu) -- C:\Windows\SysNative\Drivers\rtwlanu.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\Drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\Drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (DptfManager) -- C:\Windows\SysNative\Drivers\DptfManager.sys (Intel Corporation)
DRV:64bit: - (DptfDevProc) -- C:\Windows\SysNative\Drivers\DptfDevProc.sys (Intel Corporation)
DRV:64bit: - (DptfDevPch) -- C:\Windows\SysNative\Drivers\DptfDevPch.sys (Intel Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (RtkBtFilter) -- C:\Windows\SysNative\Drivers\RtkBtfilter.sys (Realtek Semiconductor Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\Drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (AX88772) -- C:\Windows\SysNative\Drivers\ax88772.sys (ASIX Electronics Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\Drivers\wsvd.sys ("CyberLink)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\Drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\Drivers\e1i63x64.sys (Intel Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8C2D798B-D06F-49F1-A62D-FF51CDFD44EA}
IE:64bit: - HKLM\..\SearchScopes\{8C2D798B-D06F-49F1-A62D-FF51CDFD44EA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8C2D798B-D06F-49F1-A62D-FF51CDFD44EA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {8C2D798B-D06F-49F1-A62D-FF51CDFD44EA}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Nitro PDF plugin for Firefox and Chrome (Enabled) = C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
CHR - Extension: Google Docs = C:\Users\Zero-One\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Zero-One\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Zero-One\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Zero-One\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: Google Search = C:\Users\Zero-One\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Zero-One\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Zero-One\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Zero-One\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/07/25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BtServer] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe (Realtek Semiconductor Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\DptfPolicyLpmServiceHelper.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo Transition] C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtsFT] C:\windows\RTFTrack.exe (Realtek semiconductor)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [SynLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)
O4:64bit: - HKLM..\Run: [yogaserver] C:\ProgramData\YogaSmartSwicth\yogaserver.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37BB2632-EB18-44B0-810E-3CB2B8158B5A}: DhcpNameServer = 150.202.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{441731C8-0CF7-4130-8FAE-2B41F14B2E19}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{55d23427-2824-11e3-be7d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55d23427-2824-11e3-be7d-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\setup.exe" 
O33 - MountPoints2\{af889cf4-29f4-11e3-be86-b2354ae40686}\Shell - "" = AutoRun
O33 - MountPoints2\{af889cf4-29f4-11e3-be86-b2354ae40686}\Shell\AutoRun\command - "" = "G:\LaunchU3.exe" -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/02 01:28:29 | 000,000,000 | R--D | C] -- C:\Users\Zero-One\Desktop\Administrative Tools
[2013/10/02 01:24:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/02 01:00:41 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\Kyrandia Trilogy
[2013/10/01 08:27:27 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\Mozilla
[2013/10/01 08:27:27 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\Mozilla
[2013/10/01 04:30:45 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Documents\Giana Sisters - Rise of the Owlverlord
[2013/10/01 03:28:40 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\TRST
[2013/10/01 03:27:14 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\Dive - Compiled (2013) [2CD]
[2013/10/01 03:06:29 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\StarTrek.TNG.x264.ac3.Season4-MEECH
[2013/10/01 02:48:22 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\new hardcore
[2013/10/01 00:57:15 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\Dark Skies 2013 BRRip XviD juggs
[2013/09/30 22:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Forest Games
[2013/09/30 03:03:01 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Documents\Aarklash Legacy
[2013/09/30 01:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aarklash. Legacy
[2013/09/29 22:23:58 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\Playstos srl
[2013/09/29 18:49:25 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\Diagnostics
[2013/09/29 18:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/09/29 18:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/09/29 05:21:44 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\RK_Quarantine
[2013/09/29 05:16:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/09/29 02:49:22 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\Freejack.1992.DVDRip.XviD.AC3-MAJESTiC
[2013/09/29 02:49:06 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\1408 2007 BRRip {MnM-RG H264}
[2013/09/29 02:49:02 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\A.Good.Day.To.Die.Hard.2013.720p.WEB-DL.X264-WEBiOS [PublicHD]
[2013/09/29 02:48:29 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\Evolution (2001)
[2013/09/29 02:47:22 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\Soldiers Girl
[2013/09/29 02:47:20 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\Soldier (1998)
[2013/09/29 02:46:29 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\Conspiracy Theory (1997)
[2013/09/29 02:43:31 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\Robin Hood Prince of Thieves 1991 Extended BDRip 720p DTS HighCode
[2013/09/29 02:42:43 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\The Purge (2013)
[2013/09/29 02:40:29 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\Alien.Nation.1988.iNT.DVDRip.XViD-vRs
[2013/09/29 01:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leisure Suit Larry Reloaded
[2013/09/29 01:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2013/09/29 00:45:46 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\Wayforward Technologies
[2013/09/29 00:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2013/09/29 00:28:51 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\.inapptracking
[2013/09/29 00:27:37 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Documents\My Games
[2013/09/28 23:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2013/09/28 23:37:12 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_7.dll
[2013/09/28 23:37:12 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_7.dll
[2013/09/28 23:37:12 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_5.dll
[2013/09/28 23:37:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_5.dll
[2013/09/28 23:37:10 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_7.dll
[2013/09/28 23:37:10 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_7.dll
[2013/09/28 23:37:07 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_43.dll
[2013/09/28 23:37:07 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_43.dll
[2013/09/28 23:37:05 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_43.dll
[2013/09/28 23:37:05 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_43.dll
[2013/09/28 23:37:03 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_43.dll
[2013/09/28 23:37:03 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_43.dll
[2013/09/28 23:37:01 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_43.dll
[2013/09/28 23:37:01 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_43.dll
[2013/09/28 23:36:59 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_43.dll
[2013/09/28 23:36:59 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_43.dll
[2013/09/28 23:36:56 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_6.dll
[2013/09/28 23:36:56 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_6.dll
[2013/09/28 23:36:56 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_4.dll
[2013/09/28 23:36:56 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_4.dll
[2013/09/28 23:36:54 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_6.dll
[2013/09/28 23:36:54 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_6.dll
[2013/09/28 23:36:52 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_7.dll
[2013/09/28 23:36:52 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_7.dll
[2013/09/28 23:36:50 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_5.dll
[2013/09/28 23:36:50 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_5.dll
[2013/09/28 23:36:50 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_3.dll
[2013/09/28 23:36:50 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_3.dll
[2013/09/28 23:36:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_5.dll
[2013/09/28 23:36:48 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_5.dll
[2013/09/28 23:36:45 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_42.dll
[2013/09/28 23:36:45 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_42.dll
[2013/09/28 23:36:44 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_42.dll
[2013/09/28 23:36:44 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_42.dll
[2013/09/28 23:36:43 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_42.dll
[2013/09/28 23:36:43 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_42.dll
[2013/09/28 23:36:43 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_42.dll
[2013/09/28 23:36:43 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_42.dll
[2013/09/28 23:36:42 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_42.dll
[2013/09/28 23:36:42 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_42.dll
[2013/09/28 23:36:41 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_3.dll
[2013/09/28 23:36:41 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_3.dll
[2013/09/28 23:36:41 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_2.dll
[2013/09/28 23:36:41 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_2.dll
[2013/09/28 23:36:40 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_3.dll
[2013/09/28 23:36:40 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_3.dll
[2013/09/28 23:36:40 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_5.dll
[2013/09/28 23:36:40 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_5.dll
[2013/09/28 23:36:39 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_2.dll
[2013/09/28 23:36:39 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll
[2013/09/28 23:36:39 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_1.dll
[2013/09/28 23:36:39 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll
[2013/09/28 23:36:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_2.dll
[2013/09/28 23:36:38 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_2.dll
[2013/09/28 23:19:51 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx
[2013/09/28 21:47:52 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\Full Control
[2013/09/28 21:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Control Studios
[2013/09/28 20:05:56 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Desktop\Liebe - 2013 - Airport
[2013/09/28 19:37:56 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\AIMP3
[2013/09/28 19:37:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIMP3
[2013/09/28 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\Audacity
[2013/09/28 19:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013/09/28 07:25:05 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_41.dll
[2013/09/28 07:25:05 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_41.dll
[2013/09/28 07:25:05 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_41.dll
[2013/09/28 07:25:05 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_41.dll
[2013/09/28 07:25:04 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_41.dll
[2013/09/28 07:25:04 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_41.dll
[2013/09/28 07:25:04 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_4.dll
[2013/09/28 07:25:04 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_4.dll
[2013/09/28 07:25:03 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_4.dll
[2013/09/28 07:25:03 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_4.dll
[2013/09/28 07:25:03 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_6.dll
[2013/09/28 07:25:03 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_6.dll
[2013/09/28 07:25:02 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_40.dll
[2013/09/28 07:25:02 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_40.dll
[2013/09/28 07:25:02 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_40.dll
[2013/09/28 07:25:02 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_40.dll
[2013/09/28 07:25:01 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_40.dll
[2013/09/28 07:25:01 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_40.dll
[2013/09/28 07:24:57 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_39.dll
[2013/09/28 07:24:57 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_39.dll
[2013/09/28 07:24:57 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_39.dll
[2013/09/28 07:24:57 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_39.dll
[2013/09/28 07:24:56 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_39.dll
[2013/09/28 07:24:56 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_39.dll
[2013/09/28 07:24:56 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_1.dll
[2013/09/28 07:24:56 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_1.dll
[2013/09/28 07:24:56 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_0.dll
[2013/09/28 07:24:56 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_0.dll
[2013/09/28 07:24:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_1.dll
[2013/09/28 07:24:55 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_1.dll
[2013/09/28 07:24:55 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_4.dll
[2013/09/28 07:24:55 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_4.dll
[2013/09/28 07:24:54 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_38.dll
[2013/09/28 07:24:54 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_38.dll
[2013/09/28 07:24:54 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_38.dll
[2013/09/28 07:24:54 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_38.dll
[2013/09/28 07:24:53 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_38.dll
[2013/09/28 07:24:53 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_38.dll
[2013/09/28 07:24:52 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_0.dll
[2013/09/28 07:24:52 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_0.dll
[2013/09/28 07:24:52 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_0.dll
[2013/09/28 07:24:52 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_0.dll
[2013/09/28 07:24:51 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_37.dll
[2013/09/28 07:24:51 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_37.dll
[2013/09/28 07:24:51 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_37.dll
[2013/09/28 07:24:51 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_37.dll
[2013/09/28 07:24:51 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_3.dll
[2013/09/28 07:24:51 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_3.dll
[2013/09/28 07:24:50 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_37.dll
[2013/09/28 07:24:50 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_37.dll
[2013/09/28 07:24:49 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_10.dll
[2013/09/28 07:24:49 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_10.dll
[2013/09/28 07:24:48 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_36.dll
[2013/09/28 07:24:48 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_36.dll
[2013/09/28 07:24:48 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_36.dll
[2013/09/28 07:24:48 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_36.dll
[2013/09/28 07:24:47 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_36.dll
[2013/09/28 07:24:47 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_36.dll
[2013/09/28 07:24:46 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_35.dll
[2013/09/28 07:24:46 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_35.dll
[2013/09/28 07:24:46 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_35.dll
[2013/09/28 07:24:46 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_35.dll
[2013/09/28 07:24:46 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_9.dll
[2013/09/28 07:24:46 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_9.dll
[2013/09/28 07:24:45 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_35.dll
[2013/09/28 07:24:45 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_35.dll
[2013/09/28 07:24:44 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_8.dll
[2013/09/28 07:24:44 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_8.dll
[2013/09/28 07:24:44 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_2.dll
[2013/09/28 07:24:44 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_2.dll
[2013/09/28 07:24:43 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_34.dll
[2013/09/28 07:24:43 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_34.dll
[2013/09/28 07:24:43 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_34.dll
[2013/09/28 07:24:43 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_34.dll
[2013/09/28 07:24:43 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_34.dll
[2013/09/28 07:24:43 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_34.dll
[2013/09/28 07:24:42 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_3.dll
[2013/09/28 07:24:42 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_3.dll
[2013/09/28 07:24:41 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_33.dll
[2013/09/28 07:24:41 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_33.dll
[2013/09/28 07:24:41 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_33.dll
[2013/09/28 07:24:41 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_33.dll
[2013/09/28 07:24:41 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_7.dll
[2013/09/28 07:24:41 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_7.dll
[2013/09/28 07:24:40 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_33.dll
[2013/09/28 07:24:40 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_33.dll
[2013/09/28 07:24:39 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_6.dll
[2013/09/28 07:24:39 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_5.dll
[2013/09/28 07:24:39 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_6.dll
[2013/09/28 07:24:39 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_5.dll
[2013/09/28 07:24:38 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10.dll
[2013/09/28 07:24:38 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10.dll
[2013/09/28 07:24:37 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_32.dll
[2013/09/28 07:24:37 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_32.dll
[2013/09/28 07:24:37 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_4.dll
[2013/09/28 07:24:37 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_4.dll
[2013/09/28 07:24:37 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_1.dll
[2013/09/28 07:24:37 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_1.dll
[2013/09/28 07:24:36 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_31.dll
[2013/09/28 07:24:36 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll
[2013/09/28 07:24:35 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_3.dll
[2013/09/28 07:24:35 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_3.dll
[2013/09/28 07:24:35 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_2.dll
[2013/09/28 07:24:35 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_2.dll
[2013/09/28 07:24:34 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_2.dll
[2013/09/28 07:24:34 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_2.dll
[2013/09/28 07:24:34 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_1.dll
[2013/09/28 07:24:34 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_1.dll
[2013/09/28 07:24:32 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_1.dll
[2013/09/28 07:24:32 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_1.dll
[2013/09/28 07:24:28 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_30.dll
[2013/09/28 07:24:28 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_30.dll
[2013/09/28 07:24:27 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_0.dll
[2013/09/28 07:24:27 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_0.dll
[2013/09/28 07:24:27 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_0.dll
[2013/09/28 07:24:27 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_0.dll
[2013/09/28 07:24:26 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_29.dll
[2013/09/28 07:24:26 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll
[2013/09/28 07:24:25 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_28.dll
[2013/09/28 07:24:25 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_27.dll
[2013/09/28 07:24:25 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_28.dll
[2013/09/28 07:24:25 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_27.dll
[2013/09/28 07:24:24 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_26.dll
[2013/09/28 07:24:24 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_26.dll
[2013/09/28 07:24:23 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_25.dll
[2013/09/28 07:24:23 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_25.dll
[2013/09/28 07:24:22 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_24.dll
[2013/09/28 07:24:22 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_24.dll
[2013/09/28 07:08:59 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Documents\BotaniculaSaves
[2013/09/28 06:54:36 | 000,000,000 | ---D | C] -- C:\Temp
[2013/09/28 06:54:27 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\Syntrillium
[2013/09/28 06:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Edit Pro 2.1
[2013/09/28 06:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\coolpro2
[2013/09/28 06:39:02 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\DOSBox
[2013/09/28 06:35:13 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sonic Ep 1
[2013/09/28 06:21:09 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\vlc
[2013/09/28 06:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CYPHER - Cyberpunk Text Adventure
[2013/09/28 05:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Element4l
[2013/09/28 05:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/09/28 05:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/09/28 05:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/09/28 05:44:21 | 000,868,264 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013/09/28 05:44:21 | 000,790,440 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013/09/28 05:44:21 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/09/28 05:44:18 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/09/28 05:44:18 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/09/28 05:44:18 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/09/28 05:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/28 05:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/09/28 05:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2013/09/28 05:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013/09/28 05:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013/09/28 05:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013/09/28 05:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
[2013/09/28 05:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74
[2013/09/28 05:03:48 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\Conexant
[2013/09/28 03:52:58 | 000,378,944 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/09/28 03:52:58 | 000,033,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/09/28 03:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/09/28 03:52:57 | 000,072,016 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/09/28 03:52:57 | 000,064,288 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/09/28 03:52:51 | 001,030,952 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/09/28 03:52:51 | 000,287,840 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/09/28 03:52:51 | 000,080,816 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/09/28 03:52:13 | 000,041,664 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2013/09/28 03:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/09/28 03:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/09/28 03:16:37 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\Harebrained Schemes
[2013/09/28 03:16:37 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\EMU
[2013/09/28 03:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadowrun Returns
[2013/09/28 03:01:18 | 000,000,000 | ---D | C] -- C:\Games
[2013/09/28 02:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2013/09/28 02:54:51 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\windows\SysNative\drivers\sptd.sys
[2013/09/28 02:05:39 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\Trillian
[2013/09/28 02:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian
[2013/09/28 01:54:58 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.dll
[2013/09/28 01:54:52 | 008,858,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll
[2013/09/28 01:54:52 | 001,125,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msctf.dll
[2013/09/28 01:54:50 | 002,304,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/09/28 01:54:50 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/09/28 01:54:50 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSync.dll
[2013/09/28 01:54:50 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013/09/28 01:54:49 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSync.dll
[2013/09/28 01:54:49 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mbsmsapi.dll
[2013/09/28 01:54:49 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mbsmsapi.dll
[2013/09/28 01:54:49 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSyncInfo.dll
[2013/09/28 01:52:22 | 001,374,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wdc.dll
[2013/09/28 01:52:22 | 001,245,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wdc.dll
[2013/09/28 01:52:22 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wvc.dll
[2013/09/28 01:52:22 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sysmon.ocx
[2013/09/28 01:52:22 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wvc.dll
[2013/09/28 01:52:22 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sysmon.ocx
[2013/09/28 01:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/09/28 01:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/09/28 01:16:28 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\SUPERAntiSpyware.com
[2013/09/28 01:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/09/28 01:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/09/28 01:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/09/28 01:13:31 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2013/09/28 01:12:02 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/09/28 01:12:00 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/09/28 01:11:57 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/09/28 01:11:08 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
[2013/09/28 01:11:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/09/28 01:11:08 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/09/28 01:11:08 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll
[2013/09/28 01:11:08 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/09/28 01:11:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/09/28 01:11:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/09/28 01:11:07 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/09/28 01:11:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/09/28 01:11:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll
[2013/09/28 01:11:06 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/09/28 01:06:29 | 002,371,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSService.dll
[2013/09/28 01:06:29 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppobjs.dll
[2013/09/28 01:06:29 | 000,209,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\NotificationUI.exe
[2013/09/28 01:06:27 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSShared.dll
[2013/09/28 01:06:27 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSShared.dll
[2013/09/28 01:06:27 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinSetupUI.dll
[2013/09/28 01:06:26 | 001,621,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2013/09/28 01:06:26 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2013/09/28 01:06:26 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2013/09/28 01:06:26 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppwinob.dll
[2013/09/28 01:06:26 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUSettingsProvider.dll
[2013/09/28 01:06:26 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSClient.dll
[2013/09/28 01:06:26 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.dll
[2013/09/28 01:06:26 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSSync.dll
[2013/09/28 01:06:26 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storewuauth.dll
[2013/09/28 01:06:26 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSClient.dll
[2013/09/28 01:06:26 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/09/28 01:06:26 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSSync.dll
[2013/09/28 01:06:26 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013/09/28 01:06:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2013/09/28 01:06:26 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2013/09/28 01:06:26 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/09/28 01:06:26 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppc.dll
[2013/09/28 01:06:26 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2013/09/28 01:06:26 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sppc.dll
[2013/09/28 01:06:26 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2013/09/28 01:06:26 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\setupcln.dll
[2013/09/28 01:06:26 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2013/09/28 01:06:26 | 000,058,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dam.sys
[2013/09/28 01:06:26 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2013/09/28 01:06:26 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2013/09/28 01:06:26 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2013/09/28 01:06:26 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2013/09/28 01:06:26 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2013/09/28 01:06:25 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setupcln.dll
[2013/09/28 01:04:57 | 000,247,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdFilter.sys
[2013/09/28 01:04:57 | 000,036,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdBoot.sys
[2013/09/28 01:04:49 | 002,219,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmcore.dll
[2013/09/28 01:04:48 | 002,391,280 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2013/09/28 01:04:48 | 001,842,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dwmcore.dll
[2013/09/28 01:04:47 | 006,987,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/09/28 01:04:47 | 002,106,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe
[2013/09/28 01:04:46 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samsrv.dll
[2013/09/28 01:04:45 | 001,527,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfcore.dll
[2013/09/28 01:04:45 | 001,453,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfcore.dll
[2013/09/28 01:04:44 | 001,403,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi
[2013/09/28 01:04:44 | 001,271,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe
[2013/09/28 01:04:44 | 001,217,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi
[2013/09/28 01:04:44 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/09/28 01:04:43 | 001,093,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe
[2013/09/28 01:04:43 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfasfsrcsnk.dll
[2013/09/28 01:04:43 | 000,583,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mscms.dll
[2013/09/28 01:04:43 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/09/28 01:04:43 | 000,213,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\UCX01000.SYS
[2013/09/28 01:04:42 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfasfsrcsnk.dll
[2013/09/28 01:04:42 | 000,337,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBXHCI.SYS
[2013/09/28 01:04:42 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DeviceSetupManager.dll
[2013/09/28 01:04:42 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samlib.dll
[2013/09/28 01:04:42 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MbaeParserTask.exe
[2013/09/28 01:04:41 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vdsutil.dll
[2013/09/28 01:04:41 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthAvrcpTg.sys
[2013/09/28 01:04:02 | 002,273,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msftedit.dll
[2013/09/28 01:04:01 | 002,839,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msftedit.dll
[2013/09/28 01:04:00 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2013/09/28 01:04:00 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2013/09/28 01:03:59 | 001,300,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2013/09/28 01:03:59 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanconn.dll
[2013/09/28 01:03:59 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/09/28 01:03:58 | 000,439,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WerFault.exe
[2013/09/28 01:03:58 | 000,385,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WerFault.exe
[2013/09/28 01:03:58 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wwanadvui.dll
[2013/09/28 01:03:58 | 000,327,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Classpnp.sys
[2013/09/28 01:03:58 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/09/28 01:03:58 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wcmsvc.dll
[2013/09/28 01:03:58 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinSCard.dll
[2013/09/28 01:03:58 | 000,195,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdbus.sys
[2013/09/28 01:03:58 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmmbase.dll
[2013/09/28 01:03:58 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winmmbase.dll
[2013/09/28 01:03:58 | 000,125,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpsd.sys
[2013/09/28 01:03:58 | 000,120,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\msgpioclx.sys
[2013/09/28 01:03:58 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmm.dll
[2013/09/28 01:03:58 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\wfplwfs.sys
[2013/09/28 01:03:58 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wcmcsp.dll
[2013/09/28 01:03:57 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/09/28 01:03:57 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/09/28 01:03:57 | 000,543,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanmm.dll
[2013/09/28 01:03:57 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/09/28 01:03:57 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\LocationApi.dll
[2013/09/28 01:03:57 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\LocationApi.dll
[2013/09/28 01:03:57 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[2013/09/28 01:03:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\openfiles.exe
[2013/09/28 01:03:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\openfiles.exe
[2013/09/28 00:58:00 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2013/09/28 00:54:51 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2013/09/28 00:54:51 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2013/09/28 00:54:50 | 001,889,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/09/28 00:54:49 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/09/28 00:54:49 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apprepapi.dll
[2013/09/28 00:54:49 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\apprepsync.dll
[2013/09/28 00:54:49 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apprepapi.dll
[2013/09/28 00:54:49 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apprepsync.dll
[2013/09/28 00:54:40 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/09/28 00:54:34 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/09/28 00:54:34 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/09/28 00:54:20 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\esent.dll
[2013/09/28 00:54:20 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\esent.dll
[2013/09/28 00:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/09/28 00:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/09/28 00:32:32 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tssdisai.dll
[2013/09/28 00:31:57 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\ElevatedDiagnostics
[2013/09/28 00:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
[2013/09/28 00:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Shell
[2013/09/28 00:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/09/28 00:01:03 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\Comodo
[2013/09/28 00:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013/09/28 00:01:00 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\windows\SysNative\certsentry.dll
[2013/09/28 00:01:00 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\windows\SysWow64\certsentry.dll
[2013/09/28 00:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013/09/28 00:00:13 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc71.dll
[2013/09/27 14:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/09/27 14:53:50 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\Google
[2013/09/27 14:53:25 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\Deployment
[2013/09/27 14:53:25 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\Apps
[2013/09/27 14:52:10 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\Malwarebytes
[2013/09/27 14:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/27 14:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/27 14:52:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/09/27 14:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/27 14:51:47 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\Programs
[2013/09/27 14:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/09/27 14:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/09/27 14:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/09/27 14:40:00 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/09/27 14:37:48 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\Macromedia
[2013/09/27 14:16:16 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\Intel Corporation
[2013/09/27 14:15:14 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\MotionControl
[2013/09/27 14:15:03 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\Absolute_Software
[2013/09/27 14:14:47 | 000,000,000 | R--D | C] -- C:\Users\Zero-One\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/09/27 14:14:47 | 000,000,000 | R--D | C] -- C:\Users\Zero-One\Searches
[2013/09/27 14:14:46 | 000,000,000 | R--D | C] -- C:\Users\Zero-One\Contacts
[2013/09/27 14:14:46 | 000,000,000 | -H-D | C] -- C:\Users\Zero-One\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/09/27 14:14:45 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\Adobe
[2013/09/27 14:14:07 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\Documents\My Bluetooth
[2013/09/27 14:14:06 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\VirtualStore
[2013/09/27 14:14:00 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\Packages
[2013/09/27 14:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Zero-One\AppData\Local\Temporary Internet Files
[2013/09/27 14:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Zero-One\Templates
[2013/09/27 14:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Zero-One\Start Menu
[2013/09/27 14:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Zero-One\SendTo
[2013/09/27 14:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Zero-One\Recent
[2013/09/27 14:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Zero-One\PrintHood
[2013/09/27 14:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Zero-One\NetHood
[2013/09/27 14:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Zero-One\Documents\My Videos
[2013/09/27 14:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Zero-One\Local Settings
[2013/09/27 14:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Zero-One\AppData\Local\History
[2013/09/27 14:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Zero-One\Cookies
[2013/09/27 14:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Zero-One\Application Data
[2013/09/27 14:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Zero-One\AppData\Local\Application Data
[2013/09/27 14:13:57 | 000,000,000 | --SD | C] -- C:\Users\Zero-One\AppData\Roaming\Microsoft
[2013/09/27 14:13:57 | 000,000,000 | R--D | C] -- C:\Users\Zero-One\Videos
[2013/09/27 14:13:57 | 000,000,000 | R--D | C] -- C:\Users\Zero-One\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/09/27 14:13:57 | 000,000,000 | R--D | C] -- C:\Users\Zero-One\Saved Games
[2013/09/27 14:13:57 | 000,000,000 | R--D | C] -- C:\Users\Zero-One\Pictures
[2013/09/27 14:13:57 | 000,000,000 | R--D | C] -- C:\Users\Zero-One\Music
[2013/09/27 14:13:57 | 000,000,000 | R--D | C] -- C:\Users\Zero-One\Links
[2013/09/27 14:13:57 | 000,000,000 | R--D | C] -- C:\Users\Zero-One\Favorites
[2013/09/27 14:13:57 | 000,000,000 | R--D | C] -- C:\Users\Zero-One\Downloads
[2013/09/27 14:13:57 | 000,000,000 | R--D | C] -- C:\Users\Zero-One\Documents
[2013/09/27 14:13:57 | 000,000,000 | R--D | C] -- C:\Users\Zero-One\Desktop
[2013/09/27 14:13:57 | 000,000,000 | R--D | C] -- C:\Users\Zero-One\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/09/27 14:13:57 | 000,000,000 | R--D | C] -- C:\Users\Zero-One\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/09/27 14:13:57 | 000,000,000 | -HSD | C] -- C:\Users\Zero-One\Documents\My Pictures
[2013/09/27 14:13:57 | 000,000,000 | -HSD | C] -- C:\Users\Zero-One\Documents\My Music
[2013/09/27 14:13:57 | 000,000,000 | -HSD | C] -- C:\Users\Zero-One\My Documents
[2013/09/27 14:13:57 | 000,000,000 | -H-D | C] -- C:\Users\Zero-One\AppData
[2013/09/27 14:13:57 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\Temp
[2013/09/27 14:13:57 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Local\Microsoft
[2013/09/27 14:13:57 | 000,000,000 | ---D | C] -- C:\Users\Zero-One\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/02 04:58:00 | 000,000,924 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/02 04:40:04 | 000,850,046 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/10/02 04:40:04 | 000,726,114 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/10/02 04:40:04 | 000,135,646 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/10/02 04:34:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/02 04:32:53 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/02 04:32:19 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/10/02 04:32:17 | 3334,696,960 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/02 01:21:52 | 000,001,627 | ---- | M] () -- C:\Users\Zero-One\Documents\ax_files.xml
[2013/10/01 23:04:39 | 000,000,583 | ---- | M] () -- C:\Users\Public\Desktop\Castle of Illusion.lnk
[2013/10/01 16:54:22 | 000,001,477 | ---- | M] () -- C:\Users\Zero-One\Documents\urban legends - comments.rtf
[2013/10/01 16:47:49 | 000,001,298 | ---- | M] () -- C:\Users\Zero-One\Documents\small mercy - comments.rtf
[2013/10/01 06:13:17 | 000,002,387 | ---- | M] () -- C:\Users\Zero-One\Documents\10.1.rtf
[2013/10/01 05:13:08 | 000,000,713 | ---- | M] () -- C:\Users\Public\Desktop\Sonic the Hedgehog 4 - Episode II.lnk
[2013/09/30 23:05:21 | 000,002,512 | ---- | M] () -- C:\Users\Zero-One\Documents\biblio.rtf
[2013/09/30 22:18:42 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\Giana Sisters Twisted Dreams - Rise of the Owlverlord.lnk
[2013/09/30 01:23:45 | 000,001,636 | ---- | M] () -- C:\Users\Public\Desktop\Aarklash. Legacy.lnk
[2013/09/29 05:08:06 | 000,000,512 | ---- | M] () -- C:\Users\Zero-One\Documents\MBR.dat
[2013/09/29 01:53:57 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\Leisure Suit Larry Reloaded.lnk
[2013/09/29 00:43:23 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\DuckTales Remastered.lnk
[2013/09/28 21:45:14 | 000,001,559 | ---- | M] () -- C:\Users\Public\Desktop\Space Hulk.lnk
[2013/09/28 19:35:27 | 020,833,324 | ---- | M] () -- C:\Users\Zero-One\Desktop\fens.wav
[2013/09/28 19:23:26 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[2013/09/28 06:54:17 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\Cool Edit Pro 2.1.lnk
[2013/09/28 06:35:14 | 000,001,626 | ---- | M] () -- C:\Users\Zero-One\Desktop\Sonic Ep 1.lnk
[2013/09/28 06:16:17 | 000,000,355 | ---- | M] () -- C:\Users\Zero-One\Desktop\Computer - Shortcut.lnk
[2013/09/28 05:54:54 | 000,001,579 | ---- | M] () -- C:\Users\Public\Desktop\Element4l.lnk
[2013/09/28 05:44:08 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/09/28 05:44:06 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013/09/28 05:44:06 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013/09/28 05:44:06 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/09/28 05:44:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/09/28 05:44:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/09/28 05:43:38 | 000,001,603 | ---- | M] () -- C:\Users\Public\Desktop\Botanicula.lnk
[2013/09/28 05:14:39 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2013/09/28 04:38:42 | 000,035,822 | ---- | M] () -- C:\Users\Zero-One\Documents\cc_20130928_043836.reg
[2013/09/28 03:52:51 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2013/09/28 03:04:24 | 000,001,651 | ---- | M] () -- C:\Users\Public\Desktop\Shadowrun Returns.lnk
[2013/09/28 02:54:56 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\windows\SysNative\drivers\sptd.sys
[2013/09/28 02:05:39 | 000,001,090 | ---- | M] () -- C:\Users\Zero-One\Desktop\Trillian.lnk
[2013/09/28 01:49:47 | 000,281,088 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/09/28 01:05:00 | 000,007,605 | ---- | M] () -- C:\Users\Zero-One\AppData\Local\Resmon.ResmonCfg
[2013/09/28 00:49:41 | 000,002,560 | ---- | M] () -- C:\windows\SysNative\VfService.trf
[2013/09/28 00:32:51 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/09/28 00:05:24 | 000,002,290 | ---- | M] () -- C:\Users\Zero-One\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/28 00:02:35 | 000,002,266 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/28 00:01:03 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/09/28 00:01:00 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\windows\SysNative\certsentry.dll
[2013/09/28 00:01:00 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\windows\SysWow64\certsentry.dll
[2013/09/28 00:00:13 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mfc71.dll
[2013/09/27 14:52:02 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/27 14:49:11 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/09/27 14:40:00 | 000,001,275 | ---- | M] () -- C:\Users\Zero-One\Desktop\Revo Uninstaller.lnk
[2013/09/27 14:37:41 | 000,001,435 | ---- | M] () -- C:\Users\Zero-One\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/27 14:15:01 | 000,000,000 | ---- | M] () -- C:\Users\Zero-One\AppData\Roaming\AbsoluteReminder.xml
[2013/09/18 16:26:35 | 000,694,232 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/09/18 16:26:35 | 000,078,296 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/17 06:53:04 | 780,657,302 | R--- | M] () -- C:\Users\Zero-One\Desktop\Lathe_of_Heaven.avi
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/10/01 23:04:39 | 000,000,595 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Castle of Illusion.lnk
[2013/10/01 23:04:39 | 000,000,583 | ---- | C] () -- C:\Users\Public\Desktop\Castle of Illusion.lnk
[2013/10/01 21:09:31 | 000,002,387 | ---- | C] () -- C:\Users\Zero-One\Documents\10.1.rtf
[2013/10/01 16:54:21 | 000,001,477 | ---- | C] () -- C:\Users\Zero-One\Documents\urban legends - comments.rtf
[2013/10/01 16:23:09 | 000,001,298 | ---- | C] () -- C:\Users\Zero-One\Documents\small mercy - comments.rtf
[2013/10/01 03:31:04 | 021,295,984 | ---- | C] () -- C:\Users\Zero-One\Desktop\140 - D - blue_tente-the_lost_angel_(photographer_remix)-tbm.mp3
[2013/10/01 03:30:57 | 022,262,647 | ---- | C] () -- C:\Users\Zero-One\Desktop\137 - Eb - Talla 2XLC Feat. Skye-Rise  Photographer Remix.mp3
[2013/10/01 03:30:54 | 013,915,692 | ---- | C] () -- C:\Users\Zero-One\Desktop\131 - Gb - beat service   on the edge (original mix).mp3
[2013/10/01 03:30:40 | 020,933,275 | ---- | C] () -- C:\Users\Zero-One\Desktop\Liquid Sun_DJmixed.com- Keoki_13_The Beginning (A New Hope) [Club Mix].mp3
[2013/10/01 03:29:44 | 010,277,252 | ---- | C] () -- C:\Users\Zero-One\Desktop\01_HALO_IN_REVERSE_King_O.mp3
[2013/10/01 03:29:18 | 013,668,789 | ---- | C] () -- C:\Users\Zero-One\Desktop\Sa†an - Grave Poetry.mp3
[2013/10/01 03:29:13 | 014,693,473 | ---- | C] () -- C:\Users\Zero-One\Desktop\pretty addicted - lipstick mess.mp3
[2013/10/01 03:29:08 | 018,522,820 | ---- | C] () -- C:\Users\Zero-One\Desktop\Joop - The Future (Original Mix).mp3
[2013/10/01 03:28:56 | 011,877,892 | ---- | C] () -- C:\Users\Zero-One\Desktop\01 Black Celebration.mp3
[2013/10/01 03:05:54 | 010,717,144 | ---- | C] () -- C:\Users\Zero-One\Desktop\dys7   zombie (in your head) (p. epifantsev) - [MP3JUICES.COM].mp3
[2013/10/01 03:05:34 | 591,808,967 | ---- | C] () -- C:\Users\Zero-One\Desktop\Kyrandia Trilogy.7z
[2013/09/30 23:35:23 | 000,000,725 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic the Hedgehog 4 - Episode II.lnk
[2013/09/30 23:35:23 | 000,000,713 | ---- | C] () -- C:\Users\Public\Desktop\Sonic the Hedgehog 4 - Episode II.lnk
[2013/09/30 23:05:21 | 000,002,512 | ---- | C] () -- C:\Users\Zero-One\Documents\biblio.rtf
[2013/09/30 22:18:42 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\Giana Sisters Twisted Dreams - Rise of the Owlverlord.lnk
[2013/09/30 01:23:45 | 000,001,636 | ---- | C] () -- C:\Users\Public\Desktop\Aarklash. Legacy.lnk
[2013/09/29 05:08:06 | 000,000,512 | ---- | C] () -- C:\Users\Zero-One\Documents\MBR.dat
[2013/09/29 02:42:17 | 780,657,302 | R--- | C] () -- C:\Users\Zero-One\Desktop\Lathe_of_Heaven.avi
[2013/09/29 02:42:10 | 696,406,203 | R--- | C] () -- C:\Users\Zero-One\Desktop\History.Ch.Pirates.of.the.Caribbean.The.True.Story.PDTV.x264.AAC.MVGroup.org.mp4
[2013/09/29 02:40:22 | 021,064,311 | ---- | C] () -- C:\Users\Zero-One\Desktop\Valen - Limitless(3).mp3
[2013/09/29 01:53:57 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\Leisure Suit Larry Reloaded.lnk
[2013/09/29 00:43:23 | 000,000,775 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DuckTales Remastered.lnk
[2013/09/29 00:43:23 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\DuckTales Remastered.lnk
[2013/09/28 21:45:14 | 000,001,559 | ---- | C] () -- C:\Users\Public\Desktop\Space Hulk.lnk
[2013/09/28 19:35:25 | 020,833,324 | ---- | C] () -- C:\Users\Zero-One\Desktop\fens.wav
[2013/09/28 19:23:26 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013/09/28 19:23:26 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk
[2013/09/28 06:54:17 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\Cool Edit Pro 2.1.lnk
[2013/09/28 06:51:12 | 366,157,824 | ---- | C] () -- C:\Users\Zero-One\Desktop\Star Trek Enterprise - S01E08 Breaking the Ice.avi
[2013/09/28 06:51:03 | 368,150,528 | ---- | C] () -- C:\Users\Zero-One\Desktop\Star Trek Enterprise - S01E07 - The Andorian Incident.avi
[2013/09/28 06:50:54 | 366,135,296 | ---- | C] () -- C:\Users\Zero-One\Desktop\Star Trek Enterprise - S01E06 Terra Nova.avi
[2013/09/28 06:50:45 | 366,132,878 | ---- | C] () -- C:\Users\Zero-One\Desktop\Star Trek Enterprise - S01E05 - Unexpected.avi
[2013/09/28 06:50:35 | 366,131,040 | ---- | C] () -- C:\Users\Zero-One\Desktop\Star Trek Enterprise - S01E04 - Strange New World.avi
[2013/09/28 06:50:25 | 363,507,712 | ---- | C] () -- C:\Users\Zero-One\Desktop\Star Trek Enterprise - S01E09 Civilization.avi
[2013/09/28 06:35:14 | 000,001,626 | ---- | C] () -- C:\Users\Zero-One\Desktop\Sonic Ep 1.lnk
[2013/09/28 06:28:59 | 1568,419,840 | R--- | C] () -- C:\Users\Zero-One\Desktop\The.Last.Stand.2013.ENG.HDRip.1.46GB.-Lum1x-.avi
[2013/09/28 06:16:17 | 000,000,355 | ---- | C] () -- C:\Users\Zero-One\Desktop\Computer - Shortcut.lnk
[2013/09/28 05:54:54 | 000,001,579 | ---- | C] () -- C:\Users\Public\Desktop\Element4l.lnk
[2013/09/28 05:43:38 | 000,001,603 | ---- | C] () -- C:\Users\Public\Desktop\Botanicula.lnk
[2013/09/28 05:14:39 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2013/09/28 04:38:40 | 000,035,822 | ---- | C] () -- C:\Users\Zero-One\Documents\cc_20130928_043836.reg
[2013/09/28 03:52:51 | 000,204,880 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/09/28 03:52:51 | 000,065,336 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/09/28 03:52:51 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2013/09/28 03:14:40 | 000,001,627 | ---- | C] () -- C:\Users\Zero-One\Documents\ax_files.xml
[2013/09/28 03:04:24 | 000,001,651 | ---- | C] () -- C:\Users\Public\Desktop\Shadowrun Returns.lnk
[2013/09/28 02:05:39 | 000,001,090 | ---- | C] () -- C:\Users\Zero-One\Desktop\Trillian.lnk
[2013/09/28 02:05:38 | 000,001,120 | ---- | C] () -- C:\Users\Zero-One\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
[2013/09/28 01:54:49 | 000,386,923 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013/09/28 01:49:45 | 000,281,088 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/09/28 01:06:25 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/09/28 01:05:00 | 000,007,605 | ---- | C] () -- C:\Users\Zero-One\AppData\Local\Resmon.ResmonCfg
[2013/09/28 00:32:51 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/09/28 00:17:29 | 000,000,910 | ---- | C] () -- C:\Users\Zero-One\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Win8 Start Button.lnk
[2013/09/28 00:02:35 | 000,002,290 | ---- | C] () -- C:\Users\Zero-One\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/28 00:02:35 | 000,002,266 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/28 00:01:03 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/09/27 14:53:59 | 000,000,924 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/27 14:53:59 | 000,000,920 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/27 14:52:02 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/27 14:49:11 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/09/27 14:40:00 | 000,001,275 | ---- | C] () -- C:\Users\Zero-One\Desktop\Revo Uninstaller.lnk
[2013/09/27 14:37:41 | 000,001,435 | ---- | C] () -- C:\Users\Zero-One\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/27 14:15:01 | 000,000,000 | ---- | C] () -- C:\Users\Zero-One\AppData\Roaming\AbsoluteReminder.xml
[2013/09/27 14:14:45 | 000,001,441 | ---- | C] () -- C:\Users\Zero-One\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/09/27 14:13:57 | 000,000,352 | ---- | C] () -- C:\Users\Zero-One\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/09/27 14:13:57 | 000,000,334 | ---- | C] () -- C:\Users\Zero-One\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/08/21 12:59:32 | 000,866,452 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/08/21 12:59:28 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2013/08/21 12:59:28 | 000,036,864 | ---- | C] () -- C:\windows\runSW.exe
[2013/08/21 12:57:07 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/04/26 18:53:26 | 000,598,384 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2013/04/26 18:53:07 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/04/26 18:53:03 | 000,754,652 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2013/02/04 00:52:12 | 000,004,362 | ---- | C] () -- C:\windows\SysWow64\DptfInvalidPolicyRemover.ini
[2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/07/25 13:22:56 | 000,267,284 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/07/25 13:22:54 | 000,963,376 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/06/19 18:52:42 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2013/09/28 07:24:14 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/01 23:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/01 22:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/10/01 06:01:39 | 000,000,000 | ---D | M] -- C:\Users\Zero-One\AppData\Roaming\AIMP3
[2013/09/28 19:35:31 | 000,000,000 | ---D | M] -- C:\Users\Zero-One\AppData\Roaming\Audacity
[2013/09/28 21:47:52 | 000,000,000 | ---D | M] -- C:\Users\Zero-One\AppData\Roaming\Full Control
[2013/09/29 22:23:58 | 000,000,000 | ---D | M] -- C:\Users\Zero-One\AppData\Roaming\Playstos srl
[2013/09/28 02:05:39 | 000,000,000 | ---D | M] -- C:\Users\Zero-One\AppData\Roaming\Trillian
[2013/09/29 00:45:46 | 000,000,000 | ---D | M] -- C:\Users\Zero-One\AppData\Roaming\Wayforward Technologies
 
========== Purity Check ==========
 
 
 
< End of report >


#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 AM

Posted 02 October 2013 - 11:14 AM

n3uobiT.jpg  Download CKScanner by askey127 from Here & save it to your Desktop.

  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 nexus666

nexus666
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 02 October 2013 - 06:45 PM

not sure if these are threats... just game audio and graphic files i think.  no executable risks 
 
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\games\aarklash legacy\data\3d\vfx\texture\area\ground_crack.dds
c:\games\aarklash legacy\data\sounds\ambient\wind\wind_foliagecracks_oneshot_01.ogg
c:\games\aarklash legacy\data\sounds\ambient\wind\wind_foliagecracks_oneshot_02.ogg
c:\games\aarklash legacy\data\sounds\ambient\wind\wind_foliagecracks_oneshot_03.ogg
c:\games\aarklash legacy\data\sounds\ambient\wind\wind_foliagecracks_oneshot_04.ogg
c:\games\aarklash legacy\data\sounds\units\midnor_golem\midnor_golem_chest_woodcrack_01.ogg
c:\games\aarklash legacy\data\sounds\units\midnor_golem\midnor_golem_chest_woodcrack_02.ogg
c:\games\aarklash legacy\data\sounds\units\midnor_golem\midnor_golem_chest_woodcrack_03.ogg
c:\games\aarklash legacy\data\sounds\units\midnor_golem\midnor_golem_chest_woodcrack_04.ogg
c:\games\aarklash legacy\data\sounds\units\midnor_golem\midnor_golem_chest_woodcrack_05.ogg
c:\games\aarklash legacy\data\sounds\units\midnor_golem\midnor_golem_chest_woodcrack_06.ogg
c:\games\aarklash legacy\data\sounds\units\midnor_golem\midnor_golem_chest_woodcrack_07.ogg
c:\games\aarklash legacy\data\sounds\units\midnor_golem\midnor_golem_chest_woodcrack_08.ogg
c:\games\aarklash legacy\data\sounds\units\midnor_golem\midnor_golem_chest_woodcrack_09.ogg
c:\games\shadowrun returns\shadowrun_data\streamingassets\contentpacks\dead_man_switch\data\props\hive_floor_cementcracked01.pb.bytes
c:\games\shadowrun returns\shadowrun_data\streamingassets\contentpacks\dead_man_switch\data\props\hive_floor_cementcracked02.pb.bytes
c:\games\shadowrun returns\shadowrun_data\streamingassets\contentpacks\dead_man_switch\data\props\hive_floor_cementcracked03.pb.bytes
c:\games\shadowrun returns\shadowrun_data\streamingassets\contentpacks\dead_man_switch\data\props\hive_floor_cementcracked04.pb.bytes
c:\games\shadowrun returns\shadowrun_data\streamingassets\contentpacks\dead_man_switch\data\props\hive_floor_cementcracked05.pb.bytes
c:\games\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\office_decor_wallcrack01.pb.bytes
c:\games\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\office_ground_groundcrack01.pb.bytes
c:\games\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\office_ground_groundcrack02.pb.bytes
c:\games\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\pikeplace_ground_cracks01.pb.bytes
c:\games\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\pikeplace_ground_cracks02.pb.bytes
c:\games\shadowrun returns\shadowrun_data\streamingassets\contentpacks\seattle\data\props\pikeplace_ground_cracks03.pb.bytes
scanner sequence 3.ZZ.11.TVABW0
 ----- EOF ----- 


#10 nexus666

nexus666
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 03 October 2013 - 04:27 AM

still dont know what to scan for to remove the aswmbr threat.... ???  what can i do



#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 AM

Posted 03 October 2013 - 06:41 AM

still dont know what to scan for to remove the aswmbr threat.

 

I don't believe that was a threat.  When TDSSKiller came back clean that was a good thing too.

 

I believe that there is some software that is being detected on your system by aswMBR but is not anything to worry about...probably some CD Emulation software.  

 

I am reviewing the OTL logs right now.  There should have been a log named Extras.txt created when you ran OTL...could you post that please?   :)


Edited by jeffce, 03 October 2013 - 06:43 AM.
Added Extra.txt request

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 AM

Posted 04 October 2013 - 11:00 AM

There should have been a log named Extras.txt created when you ran OTL...could you post that please?

 

:)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 nexus666

nexus666
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 05 October 2013 - 04:54 AM

OTL Extras logfile created on: 10/2/2013 5:03:16 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zero-One\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16688)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.88 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 46.42% Memory free
6.70 Gb Paging File | 4.77 Gb Available in Paging File | 71.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101.78 Gb Total Space | 0.95 Gb Free Space | 0.94% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 2.32 Gb Free Space | 57.91% Space Free | Partition Type: NTFS
 
Computer Name: WINTERMUTE | User Name: Zero-One | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0081B150-9FB6-4629-92CC-1BFAA6754205}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{023202DF-158D-4BF8-9178-C68436B7EBC6}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{02FA96E8-47A7-4DB5-9447-30BFFA0D8FC2}" = dir=in | name=skype | 
"{0430AA7A-0BBE-408D-A194-CA8DC233BD9F}" = dir=in | name=kindle | 
"{098C19CB-4CED-43CA-8C2F-7B1E52A78414}" = dir=out | name=zinio | 
"{09F10F67-B9DA-47B5-A8DB-2A37DAE92102}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{0A11F1EE-0E24-4BF4-96C0-1D83536327BC}" = dir=out | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.87_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/resources/app-name} | 
"{0CC65FCA-069E-459E-94B4-18D48746FB6A}" = dir=out | name=skype | 
"{11179D89-6EC6-4D3E-A773-D6EB453D8E7A}" = dir=out | name=encyclopaedia britannica | 
"{13714046-6F74-41FC-8EB5-AA54D2BF9FE3}" = dir=out | name=accuweather for windows 8 | 
"{13A936F6-A294-4BCB-9791-18523627874D}" = dir=out | name=merriam-webster dictionary | 
"{1DB91B7F-7697-4482-B33E-5636098E6DC2}" = dir=out | name=@{microsoft.bingfinance_2.0.0.275_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{27141110-D956-4026-8563-E8092BB95B4E}" = dir=out | name=lenovo support | 
"{2A43E719-D635-40FC-ACB8-ECAD00669038}" = dir=out | name=@{microsoft.bingmaps_1.6.1528.2509_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{2EE43F26-C094-4ED1-B42F-2C8D15A32069}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{31D6AE86-AA93-4E23-848F-A1CEB68FFF7F}" = dir=out | name=evernote | 
"{36925E2C-2A59-452A-B7EB-B20BA94270E2}" = dir=out | name=lenovo companion | 
"{3D11DA97-C378-4EAE-AA5D-4B541BCE861D}" = dir=out | name=violet storm lite | 
"{3F2DECF8-3D34-4CC9-87D9-6E52BE96B01E}" = dir=in | name=accuweather for windows 8 | 
"{4C456BE2-0F41-4EFE-A49B-CB40197BCA77}" = dir=in | name=onenote |  
"{5F95E0FD-29A7-4377-BF39-87A76B4E195A}" = dir=out | name=@{microsoft.bingtravel_2.0.0.274_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{66D251F7-D977-42F5-B2F2-E7A5D838992C}" = dir=out | name=@{microsoft.bingnews_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{704B6046-ABFA-4A6E-BFA9-89F20BBDB914}" = dir=in | name=evernote | 
"{71375749-9055-44E8-96CC-3B15894C7C6A}" = dir=out | name=onenote | 
"{73C748EE-6FBB-49FA-B3E6-567DD5D5C39E}" = dir=out | name=windows_ie_ac_001 | 
"{793752EF-0819-4559-99AD-8D7E8B2A4B0A}" = dir=out | name=@{microsoft.zunemusic_1.3.59.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8C06F7E1-619C-49FB-AEAE-F1C7C0D3D9F8}" = dir=out | name=@{microsoft.bingweather_2.0.0.288_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{8CDCD147-BDF7-467E-8BC5-D1E2DBDAD9EB}" = dir=in | name=rara.com | 
"{93EA2786-9809-4A24-BDAC-FAFD14CC785C}" = dir=out | name=@{microsoft.bingsports_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{9E10E9DA-B786-4900-AF6A-23DD46E2302C}" = dir=out | name=kindle | 
"{A259D9CB-91DC-4713-8947-0C58AFF82FEF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{A2E0C8AE-D930-430B-B8BF-F448709B28E0}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{A40C6014-C585-4558-A0DA-1D39B768A844}" = dir=in | name=ebay | 
"{B0300C5F-7100-49F8-9B66-2F7E38D40167}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{B7E3D49D-0CF6-473B-BD4A-688F357BAF57}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{BAAC2F16-2AD4-45A5-8215-38493B002E73}" = dir=out | name=rara.com | 
"{C4D95CD9-4C22-4BCD-9526-1C4CCC267388}" = dir=in | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.87_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/resources/app-name} | 
"{C51B7707-0748-4AF5-AE7B-CBE5EE5FBD30}" = dir=out | name=@{microsoft.zunevideo_1.3.59.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{D1F5B2D0-829F-4A3F-B6B7-EB91F8FE4236}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{D333A98D-7B6A-4798-BB09-8C99D045D092}" = dir=out | name=ebay | 
"{DEC14E25-DE85-4B65-86B9-DC22572E5B4D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EAC17E2D-38B2-4DD7-B386-BBA49403E88A}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{EC6379F3-F8BD-468E-B5E2-9F386EB6B20E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{FAEDF15A-19D6-4456-9788-71935EE2AA9E}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"TCP Query User{18C17719-E9C0-41C4-9F2D-80B36D3F7795}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{4D2E1361-D4CA-48AA-B7D3-4AC09288E9D9}C:\games\aarklash legacy\aarklash.exe" = protocol=6 | dir=in | app=c:\games\aarklash legacy\aarklash.exe | 
"TCP Query User{579711F6-06D7-43C4-A14E-08888DD413C9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{5C9D4281-E7E0-4362-B091-50801CD14314}C:\games\shadowrun returns\shadowrun.exe" = protocol=6 | dir=in | app=c:\games\shadowrun returns\shadowrun.exe | 
"TCP Query User{6FAC1316-2F25-4BFE-B3AF-415FBF89ED65}C:\games\giana sisters twisted dreams\gsgameexe_dx9.exe" = protocol=6 | dir=in | app=c:\games\giana sisters twisted dreams\gsgameexe_dx9.exe | 
"UDP Query User{3BDC2FD3-7E69-47C3-897E-0034B7FF0FFA}C:\games\shadowrun returns\shadowrun.exe" = protocol=17 | dir=in | app=c:\games\shadowrun returns\shadowrun.exe | 
"UDP Query User{435F1A88-FED0-41B9-9396-846385E89327}C:\games\aarklash legacy\aarklash.exe" = protocol=17 | dir=in | app=c:\games\aarklash legacy\aarklash.exe | 
"UDP Query User{5C59DD18-2BB4-44FC-8182-51A4206E7061}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{A8161E00-3F0B-4036-BF40-9A1D8370F924}C:\games\giana sisters twisted dreams\gsgameexe_dx9.exe" = protocol=17 | dir=in | app=c:\games\giana sisters twisted dreams\gsgameexe_dx9.exe | 
"UDP Query User{F109EC71-3608-4237-B853-1E61B989C529}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DC45D291-769A-4608-A688-77E6DBC03498}" = Classic Shell
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42" = Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)
"8A223E56FB1ED4F697B54E5BF96F1EB63B512684" = Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Lenovo Transition" = Lenovo Transition
"Motion Control" = Motion Control
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1E496A68-4943-424E-829D-5C3C85B7B8F2}" = Realtek USB Card Reader
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{28f90ef6-5415-4182-a638-3232ad7aa8eb}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{B6322D12-A133-4128-8306-DAFFF7231152}" = REALTEK Wireless LAN and Bluetooth Driver
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"AIMP3" = AIMP3
"Audacity_is1" = Audacity 2.0.4
"avast" = avast! Free Antivirus
"Botanicula_is1" = Botanicula
"Comodo Dragon" = Comodo Dragon
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"CYPHER - Cyberpunk Text Adventure_is1" = «CYPHER: Cyberpunk Text Adventure» 1.0
"Element4l_is1" = Element4l
"FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C" = Intel® Dynamic Platform and Thermal Framework
"Giana Sisters Twisted Dreams - Rise of the Owlverlord_is1" = Giana Sisters Twisted Dreams - Rise of the Owlverlord
"Google Chrome" = Google Chrome
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"Leisure Suit Larry Reloaded_is1" = Leisure Suit Larry Reloaded
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Q2FzdGxlb2ZJbGx1c2lvbg==_is1" = Castle of Illusion
"Revo Uninstaller" = Revo Uninstaller 1.95
"RHVja1RhbGVzUmVtYXN0ZXJlZA==_is1" = DuckTales Remastered
"Shadowrun Returns_is1" = Shadowrun Returns
"Sonic Ep 1" = Sonic Ep 1
"Sonic the Hedgehog 4 - Episode II © SEGA_is1" = Sonic the Hedgehog 4 - Episode II © SEGA version 1
"Space Hulk_is1" = Space Hulk
"Trillian" = Trillian
"VLC media player" = VLC media player 2.1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/28/2013 11:00:00 PM | Computer Name = Wintermute | Source = Application Error | ID = 1000
Description = Faulting application name: DOSBox.exe, version: 0.74.0.0, time stamp:
 0x4bea7d36  Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp:
 0x515fac6e  Exception code: 0xc0000005  Fault offset: 0x00051f81  Faulting process id:
 0x5358  Faulting application start time: 0x01cebcbff325bd71  Faulting application path:
 C:\Program Files (x86)\DOSBox-0.74\DOSBox.exe  Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
 Id: 3a386d72-28b3-11e3-be80-24fd52d9c9be  Faulting package full name:   Faulting package-relative
 application ID: 
 
Error - 9/29/2013 2:43:02 AM | Computer Name = Wintermute | Source = DptfEvent | ID = 1
Description = DptfPolicyLpmDll  DptfSetLpmMode:  DeviceIoControl() failed.
 
Error - 9/29/2013 3:02:11 AM | Computer Name = Wintermute | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "F:\ex\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component
 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error - 9/29/2013 8:05:06 AM | Computer Name = Wintermute | Source = DptfEvent | ID = 1
Description = DptfPolicyLpmDll  DptfSetLpmMode:  DeviceIoControl() failed.
 
Error - 9/29/2013 8:31:02 AM | Computer Name = Wintermute | Source = DptfEvent | ID = 1
Description = DptfPolicyLpmDll  DptfSetLpmMode:  DeviceIoControl() failed.
 
Error - 9/29/2013 8:38:23 PM | Computer Name = Wintermute | Source = DptfEvent | ID = 1
Description = DptfPolicyLpmDll  DptfSetLpmMode:  DeviceIoControl() failed.
 
Error - 9/30/2013 1:18:42 AM | Computer Name = Wintermute | Source = DptfEvent | ID = 1
Description = DptfPolicyLpmDll  DptfSetLpmMode:  DeviceIoControl() failed.
 
Error - 9/30/2013 1:19:47 AM | Computer Name = Wintermute | Source = DptfEvent | ID = 1
Description = DptfPolicyLpmDll  DptfSetLpmMode:  DeviceIoControl() failed.
 
Error - 9/30/2013 1:21:29 AM | Computer Name = Wintermute | Source = DptfEvent | ID = 1
Description = DptfPolicyLpmDll  DptfSetLpmMode:  DeviceIoControl() failed.
 
Error - 9/30/2013 1:54:13 AM | Computer Name = Wintermute | Source = DptfEvent | ID = 1
Description = DptfPolicyLpmDll  DptfSetLpmMode:  DeviceIoControl() failed.
 
[ System Events ]
Error - 9/28/2013 3:49:41 AM | Computer Name = Wintermute | Source = Service Control Manager | ID = 7034
Description = The VeriFaceSrv service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 9/28/2013 4:40:09 AM | Computer Name = Wintermute | Source = DCOM | ID = 10010
Description = 
 
Error - 9/28/2013 7:09:21 AM | Computer Name = Wintermute | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 9/28/2013 7:35:52 AM | Computer Name = Wintermute | Source = DCOM | ID = 10010
Description = 
 
Error - 9/28/2013 8:00:13 AM | Computer Name = Wintermute | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 9/28/2013 10:43:09 PM | Computer Name = Wintermute | Source = DCOM | ID = 10000
Description = 
 
Error - 9/28/2013 11:06:20 PM | Computer Name = Wintermute | Source = DCOM | ID = 10000
Description = 
 
Error - 9/29/2013 2:42:42 AM | Computer Name = Wintermute | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
 
< End of report >


#14 nexus666

nexus666
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 05 October 2013 - 04:55 AM

any idea why my cpu is being used 100% of the time?  in task manager no matter what is running it constantly uses the whole cpu... what would cause this?  i dont notice slowdowns but it is always soaking up the cpu no matter what



#15 nexus666

nexus666
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 05 October 2013 - 05:36 AM

i have to say also when i run aswmbr, it finishes almost instantly.  first computer ive seen do that.  its a ssd... but it finishes in less than 2 seconds. no other scans have been like that so that makes me wonder too






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users