Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need to Check if I am Still Infected Please Help if Possible


  • This topic is locked This topic is locked
3 replies to this topic

#1 kingtwothree

kingtwothree

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 06 April 2014 - 07:45 PM

Mod Edit:Moved to proper forum location ~~boopme

Mod Edit:  Merged later OTL post from AII - Hamluis.
 

I was infected by a RAT last week,and after researching and putting in some work I thought I removed the problem from my computer.  I knew there was a problem because I monitored the activity through wireshark and saw the botnet's traffic.  There isnt that traffic now but I still see some strange things in my Comodo firewall traffic.  Here are my logs please let me know if I am still infected.
OTL logfile created on: 4/6/2014 8:11:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\one23\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.71 Gb Total Physical Memory | 6.09 Gb Available Physical Memory | 79.03% Memory free
12.21 Gb Paging File | 10.43 Gb Available in Paging File | 85.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 137.66 Gb Total Space | 58.74 Gb Free Space | 42.67% Space Free | Partition Type: NTFS
Drive D: | 781.94 Gb Total Space | 781.75 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive E: | 3.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 7.45 Gb Total Space | 4.25 Gb Free Space | 57.04% Space Free | Partition Type: FAT32
Drive G: | 372.61 Gb Total Space | 228.88 Gb Free Space | 61.43% Space Free | Partition Type: NTFS
Drive H: | 93.13 Gb Total Space | 81.09 Gb Free Space | 87.08% Space Free | Partition Type: FAT32
 
Computer Name: LAB123 | User Name: one23 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/03 00:00:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\one23\Desktop\OTL.exe
PRC - [2014/01/25 02:22:56 | 000,279,000 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe
PRC - [2013/11/11 08:23:02 | 002,098,880 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2013/10/11 12:21:54 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
PRC - [2013/10/11 10:35:22 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
PRC - [2012/10/08 11:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/25 12:22:39 | 006,812,400 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2014/03/25 12:22:18 | 002,264,280 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2012/07/25 21:46:56 | 002,366,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 20:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 20:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 20:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 20:07:30 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/07/25 20:07:27 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 20:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 20:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 20:05:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 20:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 20:05:11 | 000,174,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/07/25 20:05:08 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/01/25 02:22:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/11/11 08:23:02 | 002,098,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2013/10/11 12:21:54 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
SRV - [2013/10/11 10:35:22 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2012/10/08 11:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/06 20:09:03 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/03 09:51:22 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/25 12:22:53 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2014/01/25 02:22:44 | 004,221,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/08/31 03:02:26 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2013/05/07 00:00:16 | 000,040,224 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysNative\Drivers\CFRMD.sys -- (CFRMD)
DRV:64bit: - [2012/10/08 11:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/07/30 03:02:08 | 000,023,408 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys -- (RadioHIDMini)
DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 22:00:58 | 000,445,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/07/25 22:00:58 | 000,337,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 22:00:58 | 000,212,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 22:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/25 22:00:55 | 000,120,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/07/25 22:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 22:00:55 | 000,028,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/07/25 22:00:54 | 000,056,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/07/25 22:00:52 | 003,295,984 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 22:00:49 | 000,539,376 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 21:59:35 | 000,193,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/07/25 21:59:35 | 000,148,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/07/25 21:59:32 | 000,055,024 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/07/25 21:58:00 | 000,068,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 21:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 21:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 21:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 20:17:38 | 000,027,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 19:28:27 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/07/25 19:28:02 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\acpials.sys -- (acpials)
DRV:64bit: - [2012/07/25 19:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 19:27:31 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 19:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/02 07:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2218410941-3676213390-633495507-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKU\S-1-5-21-2218410941-3676213390-633495507-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2218410941-3676213390-633495507-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 62 A6 33 E9 51 CF 01  [binary data]
IE - HKU\S-1-5-21-2218410941-3676213390-633495507-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2218410941-3676213390-633495507-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2218410941-3676213390-633495507-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
O1 HOSTS File: ([2012/07/25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\WINDOWS\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKLM..\RunOnce: [*CA]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.135 167.206.245.136 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{310ADF44-C833-47C4-A1F7-2C80551EE64A}: DhcpNameServer = 167.206.245.135 167.206.245.136 192.168.1.1
O20:64bit: - AppInit_DLLs: (C:\WINDOWS\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/26 01:23:07 | 000,000,128 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2012/09/05 16:17:15 | 000,000,031 | RH-- | M] () - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/09/05 17:17:18 | 000,000,031 | RH-- | M] () - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/06 20:10:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\one23\Desktop\OTL.exe
[2014/04/06 16:12:33 | 000,000,000 | -H-D | C] -- C:\VTRoot
[2014/04/06 15:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2014/04/06 15:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2014/04/06 15:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2014/04/06 15:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/04/06 15:54:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\NV
[2014/04/06 15:54:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\NV
[2014/04/06 15:54:33 | 003,293,544 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvsvc64.dll
[2014/04/06 15:54:33 | 000,866,664 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nv3dappshext.dll
[2014/04/06 15:54:33 | 000,063,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvshext.dll
[2014/04/06 15:54:33 | 000,055,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nv3dappshextr.dll
[2014/04/06 15:54:32 | 006,200,680 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcpl.dll
[2014/04/06 15:54:32 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvsvcr.dll
[2014/04/06 15:54:32 | 000,118,120 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvmctray.dll
[2014/04/06 15:54:10 | 000,064,000 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2014/04/06 15:54:10 | 000,060,416 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2014/04/06 15:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2014/04/06 15:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/04/06 15:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2014/04/06 15:26:12 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Roaming\Macromedia
[2014/04/06 14:44:05 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2014/04/06 14:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2014/04/06 14:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2014/04/06 14:42:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COMODO
[2014/04/06 14:40:44 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Local\Comodo
[2014/04/06 14:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2014/04/06 14:40:43 | 000,000,000 | ---D | C] -- C:\first_launch
[2014/04/06 14:40:42 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\SysNative\certsentry.dll
[2014/04/06 14:40:42 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\SysWow64\certsentry.dll
[2014/04/06 14:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2014/04/06 14:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2014/04/06 14:22:28 | 000,000,000 | ---D | C] -- C:\Windows.old
[2014/04/06 13:47:57 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/06 13:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/06 13:47:15 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2014/04/06 13:47:15 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2014/04/06 13:47:15 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2014/04/06 13:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/06 13:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/06 13:46:59 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Local\Programs
[2014/04/06 13:34:01 | 000,000,000 | R--D | C] -- C:\Users\one23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/04/06 13:34:01 | 000,000,000 | R--D | C] -- C:\Users\one23\Searches
[2014/04/06 13:34:01 | 000,000,000 | R--D | C] -- C:\Users\one23\Contacts
[2014/04/06 13:34:01 | 000,000,000 | R--D | C] -- C:\Users\one23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/04/06 13:34:01 | 000,000,000 | -H-D | C] -- C:\Users\one23\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/04/06 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Roaming\Adobe
[2014/04/06 13:33:24 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Local\VirtualStore
[2014/04/06 13:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache
[2014/04/06 13:33:18 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Local\Packages
[2014/04/06 13:33:14 | 000,000,000 | --SD | C] -- C:\Users\one23\AppData\Roaming\Microsoft
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Videos
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Saved Games
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Pictures
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Music
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Links
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Favorites
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Downloads
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Documents
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Desktop
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\AppData\Local\Temporary Internet Files
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Templates
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Start Menu
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\SendTo
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Recent
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\PrintHood
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\NetHood
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Documents\My Videos
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Documents\My Pictures
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Documents\My Music
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\My Documents
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Local Settings
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\AppData\Local\History
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Cookies
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Application Data
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\AppData\Local\Application Data
[2014/04/06 13:33:14 | 000,000,000 | -H-D | C] -- C:\Users\one23\AppData
[2014/04/06 13:33:14 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Local\Temp
[2014/04/06 13:33:14 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Local\Microsoft
[2014/04/06 13:33:14 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/04/06 13:27:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2014/04/06 13:23:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/04/06 00:57:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2014/04/05 03:18:36 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/04/03 21:01:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/03 07:22:13 | 000,000,000 | R--D | C] -- C:\Sandbox
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/06 20:09:03 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/06 20:08:58 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/06 16:47:53 | 000,803,370 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/04/06 16:47:53 | 000,684,122 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/04/06 16:47:53 | 000,124,968 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/04/06 16:43:22 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/04/06 16:43:20 | 2326,601,727 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/06 16:42:53 | 000,003,060 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\fvstore.dat
[2014/04/06 16:09:28 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2014/04/06 15:44:19 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/06 15:25:30 | 000,001,431 | ---- | M] () -- C:\Users\one23\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/06 14:44:18 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
[2014/04/06 14:44:18 | 000,000,600 | ---- | M] () -- C:\Users\Public\Desktop\Shared Space.lnk
[2014/04/06 14:42:18 | 000,002,020 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2014/04/06 14:42:18 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2014/04/06 14:40:44 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2014/04/06 14:40:42 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\SysNative\certsentry.dll
[2014/04/06 14:40:42 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\SysWow64\certsentry.dll
[2014/04/06 13:24:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2014/04/06 13:23:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_SensorsAlsDriver_01_11_00.Wdf
[2014/04/03 09:51:22 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2014/04/03 00:00:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\one23\Desktop\OTL.exe
[2014/03/25 12:22:53 | 000,023,168 | ---- | M] (COMODO) -- C:\WINDOWS\SysNative\drivers\cmderd.sys
[2014/03/25 12:22:37 | 000,043,216 | ---- | M] (COMODO) -- C:\WINDOWS\SysNative\cmdcsr.dll
[2014/03/25 12:22:36 | 000,363,504 | ---- | M] (COMODO) -- C:\WINDOWS\SysWow64\guard32.dll
[2014/03/25 12:22:35 | 000,453,680 | ---- | M] (COMODO) -- C:\WINDOWS\SysNative\guard64.dll
[2014/03/25 12:22:29 | 000,352,984 | ---- | M] (COMODO) -- C:\WINDOWS\SysNative\cmdvrt64.dll
[2014/03/25 12:22:28 | 000,045,784 | ---- | M] (COMODO) -- C:\WINDOWS\SysNative\cmdkbd64.dll
[2014/03/25 12:22:25 | 000,284,888 | ---- | M] (COMODO) -- C:\WINDOWS\SysWow64\cmdvrt32.dll
[2014/03/25 12:22:23 | 000,040,664 | ---- | M] (COMODO) -- C:\WINDOWS\SysWow64\cmdkbd32.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/06 16:12:31 | 000,003,060 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\fvstore.dat
[2014/04/06 15:54:32 | 003,536,817 | ---- | C] () -- C:\WINDOWS\SysNative\nvcoproc.bin
[2014/04/06 15:25:30 | 000,001,431 | ---- | C] () -- C:\Users\one23\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/06 14:44:19 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2014/04/06 14:44:18 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
[2014/04/06 14:44:18 | 000,000,600 | ---- | C] () -- C:\Users\Public\Desktop\Shared Space.lnk
[2014/04/06 14:42:18 | 000,002,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2014/04/06 14:42:18 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2014/04/06 14:40:44 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2014/04/06 13:47:25 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/06 13:33:58 | 000,001,437 | ---- | C] () -- C:\Users\one23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/04/06 13:33:14 | 000,000,352 | ---- | C] () -- C:\Users\one23\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/04/06 13:33:14 | 000,000,334 | ---- | C] () -- C:\Users\one23\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/04/06 13:24:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2014/04/06 13:23:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_SensorsAlsDriver_01_11_00.Wdf
[2014/04/06 13:23:09 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2014/01/25 02:22:44 | 000,299,520 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2014/01/25 02:22:38 | 000,182,272 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/01/25 02:22:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012/07/25 17:48:53 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012/07/25 13:22:56 | 000,733,840 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng700.bin
[2012/07/25 13:22:56 | 000,492,340 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng700.bin
[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/25 20:07:16 | 019,779,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/25 20:19:59 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 

< End of report >
 
 
OTL Extras logfile created on: 4/6/2014 8:11:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\one23\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.71 Gb Total Physical Memory | 6.09 Gb Available Physical Memory | 79.03% Memory free
12.21 Gb Paging File | 10.43 Gb Available in Paging File | 85.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 137.66 Gb Total Space | 58.74 Gb Free Space | 42.67% Space Free | Partition Type: NTFS
Drive D: | 781.94 Gb Total Space | 781.75 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive E: | 3.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 7.45 Gb Total Space | 4.25 Gb Free Space | 57.04% Space Free | Partition Type: FAT32
Drive G: | 372.61 Gb Total Space | 228.88 Gb Free Space | 61.43% Space Free | Partition Type: NTFS
Drive H: | 93.13 Gb Total Space | 81.09 Gb Free Space | 87.08% Space Free | Partition Type: FAT32
 
Computer Name: LAB123 | User Name: one23 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\WINDOWS\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B10663-0C35-446E-BB00-248DBABCD6BB}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{081FDA58-3E7A-4CF1-B1E6-A172E20722BD}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{0F23ECAF-2374-403F-A344-8792EDD118EB}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{108FFA77-3A56-405B-9B3B-128FB55C5E5B}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{206D1E79-E938-4FE8-BA26-BE638D604CF5}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{39C0539D-DF24-4389-B5F3-A25DBBED4565}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{3E286BA4-51E9-49D0-BC93-DED7F8CAB536}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3E757068-09DB-4BEF-AEA2-ED78DB79BBF8}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{449C50C0-DF06-476D-8453-696695C9E01C}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{779A999A-27AA-44FC-9EF7-0EEE5A1CECB0}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8341BD02-6297-4797-928B-FEE157435DCF}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{9023F547-6772-414B-AD5D-FE7865BF93B2}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{9B2C5F43-FC7D-4CBE-84C6-8624F0081F6D}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{B82C1667-A4B6-4F71-B941-FF95A8FFAAF0}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{B9503AEB-C47F-4874-A454-071DD7A2D87E}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{D6DDB995-D830-4615-B14B-3E67F74461D5}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{DB859E3A-C477-49FA-B60C-80B30145BAA7}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{F89ABAEB-485A-4037-8FD9-F2EDC4F93EC3}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{48E60BD7-34CF-4DEB-AD7C-5261FF41BD34}" = GeekBuddy
"{901D1D88-408D-48E5-80DD-CC3145BD8456}" = COMODO Firewall
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"Comodo Dragon" = Comodo Dragon
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/6/2014 4:33:06 PM | Computer Name = lab123 | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0x80072EE7  Sku Id=625cc89b-693d-45c4-9967-123877fc41e4
 
Error - 4/6/2014 4:33:06 PM | Computer Name = lab123 | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line
 arguments:  RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=625cc89b-693d-45c4-9967-123877fc41e4;NotificationInterval=1440;Trigger=TimerEvent
 
Error - 4/6/2014 4:33:19 PM | Computer Name = lab123 | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details.   hr=0x80072EE7
 
Error - 4/6/2014 4:33:19 PM | Computer Name = lab123 | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0x80072EE7  Sku Id=625cc89b-693d-45c4-9967-123877fc41e4
 
Error - 4/6/2014 4:33:20 PM | Computer Name = lab123 | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line
 arguments:  RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=625cc89b-693d-45c4-9967-123877fc41e4;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error - 4/6/2014 6:00:18 PM | Computer Name = lab123 | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details.   hr=0x80072EE7
 
Error - 4/6/2014 6:00:18 PM | Computer Name = lab123 | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0x80072EE7  Sku Id=625cc89b-693d-45c4-9967-123877fc41e4
 
Error - 4/6/2014 6:00:18 PM | Computer Name = lab123 | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line
 arguments:  RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=625cc89b-693d-45c4-9967-123877fc41e4;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error - 4/6/2014 7:42:05 PM | Computer Name = lab123 | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.2.9200.16384,
time stamp: 0x50107dbc  Faulting module name: DUser.dll, version: 6.2.9200.16384,
time stamp: 0x5010846e  Exception code: 0xc0000005  Fault offset: 0x0000000000026f7f
Faulting
 process id: 0xb38  Faulting application start time: 0x01cf51e384c0816a  Faulting application
 path: C:\WINDOWS\Explorer.EXE  Faulting module path: C:\WINDOWS\SYSTEM32\DUser.dll
Report
 Id: 0ef06976-bde5-11e3-be68-c8f73326ffd3  Faulting package full name:   Faulting package-relative
 application ID:
 
Error - 4/6/2014 11:09:47 PM | Computer Name = lab123 | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
[ System Events ]
Error - 4/6/2014 4:23:41 PM | Computer Name = windows-uj49s6b | Source = Service Control Manager | ID = 7023
Description = The IP Helper service terminated with the following error:   %%1058
 
Error - 4/6/2014 4:23:43 PM | Computer Name = windows-uj49s6b | Source = Service Control Manager | ID = 7023
Description = The Network List Service service terminated with the following error:
   %%21
 
Error - 4/6/2014 4:24:08 PM | Computer Name = windows-uj49s6b | Source = BTHUSB | ID = 327710
Description = The local adapter does not support an important Low Energy controller
 state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.
  Low Energy functionality will be disabled.
 
Error - 4/6/2014 4:25:43 PM | Computer Name = windows-uj49s6b | Source = DCOM | ID = 10010
Description =
 
Error - 4/6/2014 4:25:58 PM | Computer Name = windows-uj49s6b | Source = Service Control Manager | ID = 7023
Description = The Network List Service service terminated with the following error:
   %%21
 
Error - 4/6/2014 4:26:43 PM | Computer Name = lab123 | Source = BTHUSB | ID = 327710
Description = The local adapter does not support an important Low Energy controller
 state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.
  Low Energy functionality will be disabled.
 
Error - 4/6/2014 5:55:15 PM | Computer Name = lab123 | Source = BTHUSB | ID = 327710
Description = The local adapter does not support an important Low Energy controller
 state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.
  Low Energy functionality will be disabled.
 
Error - 4/6/2014 7:43:23 PM | Computer Name = lab123 | Source = BTHUSB | ID = 327710
Description = The local adapter does not support an important Low Energy controller
 state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.
  Low Energy functionality will be disabled.
 
Error - 4/6/2014 11:14:01 PM | Computer Name = lab123 | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
 code is 51. The Windows SChannel error state is 900.
 
 
< End of report >


Edited by hamluis, 08 April 2014 - 06:26 AM.
PM sent OP advising of merged topic/location - Hamluis.


BC AdBot (Login to Remove)

 


#2 kingtwothree

kingtwothree
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 08 April 2014 - 12:20 AM

OTL logfile created on: 4/7/2014 11:57:51 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\one23\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16843)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.71 Gb Total Physical Memory | 6.58 Gb Available Physical Memory | 85.37% Memory free
12.21 Gb Paging File | 10.79 Gb Available in Paging File | 88.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 137.66 Gb Total Space | 99.85 Gb Free Space | 72.53% Space Free | Partition Type: NTFS
Drive D: | 781.94 Gb Total Space | 781.75 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive E: | 3.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 7.45 Gb Total Space | 4.25 Gb Free Space | 57.00% Space Free | Partition Type: FAT32
 
Computer Name: LAB123 | User Name: one23 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/03 00:00:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\one23\Desktop\OTL.exe
PRC - [2014/03/20 09:52:22 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
PRC - [2014/03/20 08:33:46 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
PRC - [2013/11/11 08:23:02 | 002,098,880 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2012/10/08 11:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/25 12:22:39 | 006,812,400 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2014/03/25 12:22:18 | 002,264,280 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2013/10/25 00:34:55 | 000,016,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/15 22:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/05/03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/03 23:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 16:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/19 23:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 20:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 20:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/20 09:52:22 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
SRV - [2014/03/20 08:33:46 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2014/03/15 01:40:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/01/25 02:22:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/11/11 08:23:02 | 002,098,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/10/08 11:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/07 23:53:34 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/03 09:51:22 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/25 12:22:53 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2014/01/25 02:22:44 | 004,221,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/25 00:34:52 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/10/24 15:34:32 | 000,248,240 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/10 04:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/06 22:17:38 | 000,014,888 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\hmd.sys -- (HMD)
DRV:64bit: - [2013/08/31 03:02:26 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2013/08/15 22:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/07/01 18:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/07/01 18:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 18:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/05/07 00:00:16 | 000,040,224 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\CFRMD.sys -- (CFRMD)
DRV:64bit: - [2013/05/04 00:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 03:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 03:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/02 00:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/01/09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 20:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 21:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/10/08 11:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/07/30 03:02:08 | 000,023,408 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys -- (RadioHIDMini)
DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 22:00:55 | 000,120,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 22:00:54 | 000,056,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/07/25 22:00:52 | 003,295,984 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 22:00:49 | 000,539,376 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 20:17:38 | 000,027,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 19:28:02 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpials.sys -- (acpials)
DRV:64bit: - [2012/07/25 19:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/02 07:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2218410941-3676213390-633495507-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKU\S-1-5-21-2218410941-3676213390-633495507-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2218410941-3676213390-633495507-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 62 A6 33 E9 51 CF 01  [binary data]
IE - HKU\S-1-5-21-2218410941-3676213390-633495507-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2218410941-3676213390-633495507-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2218410941-3676213390-633495507-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/04/06 20:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\one23\AppData\Roaming\Mozilla\Extensions
[2014/04/06 20:29:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\one23\AppData\Roaming\Mozilla\Firefox\Profiles\kdl84rli.default\extensions
[2014/04/06 20:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/06 20:21:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2012/07/25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\WINDOWS\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe" File not found
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{310ADF44-C833-47C4-A1F7-2C80551EE64A}: DhcpNameServer = 167.206.245.135 167.206.245.136 192.168.1.1
O20:64bit: - AppInit_DLLs: (C:\WINDOWS\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/26 01:23:07 | 000,000,128 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/07 23:58:35 | 027,973,080 | ---- | C] (Wireshark development team) -- C:\Users\one23\Desktop\Wireshark-win64-1.10.3.exe
[2014/04/07 23:58:13 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\one23\Desktop\rkill.exe
[2014/04/07 18:17:24 | 000,694,240 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2014/04/07 18:17:24 | 000,078,304 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/07 17:54:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\MRT
[2014/04/07 17:01:10 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mmc.exe
[2014/04/07 17:01:10 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidsvc.dll
[2014/04/07 17:01:10 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2014/04/07 17:01:09 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\setupapi.dll
[2014/04/07 17:01:09 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmc.exe
[2014/04/07 17:01:08 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsm.dll
[2014/04/07 17:01:08 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2014/04/07 17:01:08 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSDMon.dll
[2014/04/07 17:01:08 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\msgpiowin32.sys
[2014/04/07 17:01:07 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\samsrv.dll
[2014/04/07 17:01:07 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MP4SDECD.DLL
[2014/04/07 17:01:07 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2014/04/07 17:01:07 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetpp.dll
[2014/04/07 17:01:07 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wiaacmgr.exe
[2014/04/07 17:01:07 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wiaacmgr.exe
[2014/04/07 17:01:06 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncbservice.dll
[2014/04/07 17:01:05 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MP4SDECD.DLL
[2014/04/07 17:01:05 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\httpprxm.dll
[2014/04/07 17:01:05 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adhsvc.dll
[2014/04/07 17:01:05 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adhapi.dll
[2014/04/07 17:01:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\httpprxp.dll
[2014/04/07 17:01:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\keepaliveprovider.dll
[2014/04/07 17:00:20 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvcr100_clr0400.dll
[2014/04/07 17:00:19 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvcr100_clr0400.dll
[2014/04/07 16:58:31 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2014/04/07 16:58:31 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfasfsrcsnk.dll
[2014/04/07 16:58:31 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
[2014/04/07 16:58:30 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll
[2014/04/07 16:58:30 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\Classpnp.sys
[2014/04/07 16:58:29 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2014/04/07 16:58:29 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2014/04/07 16:58:29 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2014/04/07 16:58:29 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.OnlineId.dll
[2014/04/07 16:58:29 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netcfgx.dll
[2014/04/07 16:58:27 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2014/04/07 16:58:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drvstore.dll
[2014/04/07 16:58:27 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2014/04/07 16:58:27 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netcfgx.dll
[2014/04/07 16:58:27 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSync.dll
[2014/04/07 16:58:27 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\FWPKCLNT.SYS
[2014/04/07 16:58:27 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys
[2014/04/07 16:58:27 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usbmon.dll
[2014/04/07 16:58:27 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll
[2014/04/07 16:58:27 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TimeBrokerServer.dll
[2014/04/07 16:58:26 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\drvstore.dll
[2014/04/07 16:58:25 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2014/04/07 16:58:22 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\sdbus.sys
[2014/04/07 16:58:19 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSync.dll
[2014/04/07 16:58:19 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\discan.dll
[2014/04/07 16:58:19 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpsd.sys
[2014/04/07 16:58:18 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\powercfg.cpl
[2014/04/07 16:58:18 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\tpm.sys
[2014/04/07 16:58:18 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\powercfg.cpl
[2014/04/07 16:58:18 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NdisImPlatform.dll
[2014/04/07 16:58:18 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storahci.sys
[2014/04/07 16:58:18 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevDispItemProvider.dll
[2014/04/07 16:58:17 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fsquirt.exe
[2014/04/07 16:58:17 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncInfo.dll
[2014/04/07 16:58:17 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSDPrintProxy.DLL
[2014/04/07 16:58:14 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DevDispItemProvider.dll
[2014/04/07 16:58:13 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncInfo.dll
[2014/04/07 16:55:58 | 013,644,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2014/04/07 16:55:54 | 010,788,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2014/04/07 16:55:51 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2014/04/07 16:55:49 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll
[2014/04/07 16:55:48 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netprofmsvc.dll
[2014/04/07 16:55:48 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BCP47Langs.dll
[2014/04/07 16:55:48 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BCP47Langs.dll
[2014/04/07 16:55:48 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ubpm.dll
[2014/04/07 16:55:47 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2014/04/07 16:55:47 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2014/04/07 16:55:47 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2014/04/07 16:55:47 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\stobject.dll
[2014/04/07 16:55:47 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll
[2014/04/07 16:55:47 | 000,014,848 | ---- | C] (Microsoft) -- C:\WINDOWS\SysWow64\rars.rs
[2014/04/07 16:55:47 | 000,014,848 | ---- | C] (Microsoft) -- C:\WINDOWS\SysNative\rars.rs
[2014/04/07 16:55:46 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Magnify.exe
[2014/04/07 16:55:46 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevicePairing.dll
[2014/04/07 16:55:46 | 000,284,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2014/04/07 16:55:46 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netplwiz.dll
[2014/04/07 16:55:46 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netplwiz.dll
[2014/04/07 16:55:46 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2014/04/07 16:55:46 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskhost.exe
[2014/04/07 16:55:45 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Magnify.exe
[2014/04/07 16:55:45 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DevicePairing.dll
[2014/04/07 16:55:45 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\intl.cpl
[2014/04/07 16:55:45 | 000,120,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AuthHost.exe
[2014/04/07 16:55:45 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskhostex.exe
[2014/04/07 16:55:45 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuaext.dll
[2014/04/07 16:55:42 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\biwinrt.dll
[2014/04/07 16:55:38 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\biwinrt.dll
[2014/04/07 16:55:34 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\intl.cpl
[2014/04/07 16:55:32 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wushareduxresources.dll
[2014/04/07 16:55:32 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\muifontsetup.dll
[2014/04/07 16:55:32 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nlmproxy.dll
[2014/04/07 16:55:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\muifontsetup.dll
[2014/04/07 16:55:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nlmsprep.dll
[2014/04/07 16:55:25 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\autochk.exe
[2014/04/07 16:55:25 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\autochk.exe
[2014/04/07 16:55:25 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\untfs.dll
[2014/04/07 16:55:25 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\untfs.dll
[2014/04/07 16:55:24 | 001,257,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2014/04/07 16:55:10 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmp.dll
[2014/04/07 16:55:10 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tquery.dll
[2014/04/07 16:55:09 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmp.dll
[2014/04/07 16:55:09 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssrch.dll
[2014/04/07 16:55:08 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tquery.dll
[2014/04/07 16:55:08 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchProtocolHost.exe
[2014/04/07 16:55:05 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssrch.dll
[2014/04/07 16:55:04 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2014/04/07 16:55:04 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MSAudDecMFT.dll
[2014/04/07 16:55:03 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSAudDecMFT.dll
[2014/04/07 16:55:02 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEng.dll
[2014/04/07 16:55:02 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll
[2014/04/07 16:55:02 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssph.dll
[2014/04/07 16:55:02 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\conhost.exe
[2014/04/07 16:55:02 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kd_02_10ec.dll
[2014/04/07 16:55:02 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rsaenh.dll
[2014/04/07 16:55:02 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\audiodg.exe
[2014/04/07 16:55:02 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmredir.dll
[2014/04/07 16:55:01 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2014/04/07 16:55:01 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2014/04/07 16:55:01 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RecoveryDrive.exe
[2014/04/07 16:55:01 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.dll
[2014/04/07 16:55:01 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssph.dll
[2014/04/07 16:54:59 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2014/04/07 16:54:59 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2014/04/07 16:54:58 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2014/04/07 16:54:58 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XpsGdiConverter.dll
[2014/04/07 16:54:58 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2014/04/07 16:54:58 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll
[2014/04/07 16:54:57 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ci.dll
[2014/04/07 16:54:57 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.dll
[2014/04/07 16:54:57 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmvdsitf.dll
[2014/04/07 16:54:57 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rascfg.dll
[2014/04/07 16:54:57 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rascfg.dll
[2014/04/07 16:54:56 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssvp.dll
[2014/04/07 16:54:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhengine.dll
[2014/04/07 16:54:56 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XpsRasterService.dll
[2014/04/07 16:54:55 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2014/04/07 16:54:55 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfreadwrite.dll
[2014/04/07 16:54:55 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll
[2014/04/07 16:54:54 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2014/04/07 16:54:54 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wscapi.dll
[2014/04/07 16:54:53 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AUDIOKSE.dll
[2014/04/07 16:54:53 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AUDIOKSE.dll
[2014/04/07 16:54:53 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
[2014/04/07 16:54:53 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfreadwrite.dll
[2014/04/07 16:54:53 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iuilp.dll
[2014/04/07 16:54:53 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFilterHost.exe
[2014/04/07 16:54:53 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dmvdsitf.dll
[2014/04/07 16:54:53 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XpsRasterService.dll
[2014/04/07 16:54:53 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Robocopy.exe
[2014/04/07 16:54:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Robocopy.exe
[2014/04/07 16:54:53 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kdnet.dll
[2014/04/07 16:54:53 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kdvm.dll
[2014/04/07 16:54:52 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssvp.dll
[2014/04/07 16:54:52 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GenuineCenter.dll
[2014/04/07 16:54:52 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcfg.dll
[2014/04/07 16:54:52 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2014/04/07 16:54:52 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhevents.dll
[2014/04/07 16:54:52 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fmifs.dll
[2014/04/07 16:54:52 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidi2c.sys
[2014/04/07 16:54:51 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcat.dll
[2014/04/07 16:54:51 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssphtb.dll
[2014/04/07 16:54:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhmanagew.exe
[2014/04/07 16:54:51 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhshl.dll
[2014/04/07 16:54:51 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhsvc.dll
[2014/04/07 16:54:51 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssitlb.dll
[2014/04/07 16:54:51 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssprxy.dll
[2014/04/07 16:54:51 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhsrchapi.dll
[2014/04/07 16:54:51 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasdiag.dll
[2014/04/07 16:54:51 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhsrchph.dll
[2014/04/07 16:54:51 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhlisten.dll
[2014/04/07 16:54:51 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasdiag.dll
[2014/04/07 16:54:51 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcleanup.dll
[2014/04/07 16:54:51 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fmifs.dll
[2014/04/07 16:54:51 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhtask.dll
[2014/04/07 16:54:51 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msshooks.dll
[2014/04/07 16:54:51 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msshooks.dll
[2014/04/07 16:54:50 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EncDump.dll
[2014/04/07 16:54:50 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssitlb.dll
[2014/04/07 16:54:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msscntrs.dll
[2014/04/07 16:54:50 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhautoplay.dll
[2014/04/07 16:54:50 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ndptsp.tsp
[2014/04/07 16:54:50 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ndptsp.tsp
[2014/04/07 16:54:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msscntrs.dll
[2014/04/07 16:54:50 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kmddsp.tsp
[2014/04/07 16:54:50 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasmxs.dll
[2014/04/07 16:54:50 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kmddsp.tsp
[2014/04/07 16:54:50 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasmxs.dll
[2014/04/07 16:54:50 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasser.dll
[2014/04/07 16:54:50 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasser.dll
[2014/04/07 16:54:49 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhsvcctl.dll
[2014/04/07 16:54:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\spwmp.dll
[2014/04/07 16:54:48 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\spwmp.dll
[2014/04/07 16:54:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdxm.ocx
[2014/04/07 16:54:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxmasf.dll
[2014/04/07 16:54:48 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdxm.ocx
[2014/04/07 16:54:48 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dxmasf.dll
[2014/04/07 16:54:47 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmploc.DLL
[2014/04/07 16:54:47 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmploc.DLL
[2014/04/07 16:42:11 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\synceng.dll
[2014/04/07 16:42:11 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\synceng.dll
[2014/04/07 16:42:08 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\nshwfp.dll
[2014/04/07 16:42:08 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nshwfp.dll
[2014/04/07 16:42:08 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FWPUCLNT.DLL
[2014/04/07 16:42:08 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FWPUCLNT.DLL
[2014/04/07 16:42:08 | 000,096,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wfplwfs.sys
[2014/04/07 16:41:59 | 000,209,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NotificationUI.exe
[2014/04/07 16:41:58 | 002,371,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSService.dll
[2014/04/07 16:41:58 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll
[2014/04/07 16:41:56 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2014/04/07 16:41:56 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppwinob.dll
[2014/04/07 16:41:56 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppc.dll
[2014/04/07 16:41:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinSetupUI.dll
[2014/04/07 16:41:55 | 001,621,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2014/04/07 16:41:55 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2014/04/07 16:41:55 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2014/04/07 16:41:55 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSClient.dll
[2014/04/07 16:41:55 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSSync.dll
[2014/04/07 16:41:55 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2014/04/07 16:41:55 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSClient.dll
[2014/04/07 16:41:55 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSSync.dll
[2014/04/07 16:41:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2014/04/07 16:41:55 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2014/04/07 16:41:55 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sppc.dll
[2014/04/07 16:41:55 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2014/04/07 16:41:55 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2014/04/07 16:41:55 | 000,058,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dam.sys
[2014/04/07 16:41:55 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll
[2014/04/07 16:41:55 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll
[2014/04/07 16:41:55 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups.dll
[2014/04/07 16:41:53 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2014/04/07 16:41:53 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2014/04/07 16:41:53 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2014/04/07 16:41:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\setupcln.dll
[2014/04/07 16:41:50 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\setupcln.dll
[2014/04/07 16:41:02 | 000,652,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comctl32.dll
[2014/04/07 16:41:00 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\imagehlp.dll
[2014/04/07 16:40:54 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncryptsslp.dll
[2014/04/07 16:40:54 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ncryptsslp.dll
[2014/04/07 16:40:02 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2014/04/07 16:39:59 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2014/04/07 16:39:54 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tssdisai.dll
[2014/04/07 16:39:54 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appserverai.dll
[2014/04/07 16:39:54 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDWebAI.dll
[2014/04/07 16:39:54 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VmHostAI.dll
[2014/04/07 16:39:53 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\poqexec.exe
[2014/04/07 16:39:53 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\poqexec.exe
[2014/04/07 16:37:02 | 000,248,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys
[2014/04/07 16:37:02 | 000,035,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys
[2014/04/07 16:32:06 | 000,054,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdfLdr.sys
[2014/04/07 16:31:57 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidclass.sys
[2014/04/07 16:31:57 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidparse.sys
[2014/04/07 16:31:27 | 001,890,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\crypt32.dll
[2014/04/07 16:31:22 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rpcrt4.dll
[2014/04/07 16:31:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msrating.dll
[2014/04/07 16:31:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesysprep.dll
[2014/04/07 16:31:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll
[2014/04/07 16:31:15 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UXInit.dll
[2014/04/07 16:31:15 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014/04/07 16:31:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UXInit.dll
[2014/04/07 16:31:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iernonce.dll
[2014/04/07 16:31:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll
[2014/04/07 16:31:14 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uxtheme.dll
[2014/04/07 16:31:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msrating.dll
[2014/04/07 16:31:13 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesysprep.dll
[2014/04/07 16:31:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesetup.dll
[2014/04/07 16:31:12 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014/04/07 16:31:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2014/04/07 16:31:01 | 003,960,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014/04/07 16:31:01 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2014/04/07 16:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2014/04/07 16:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2014/04/07 16:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2014/04/07 16:26:46 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\certutil.exe
[2014/04/07 16:26:45 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\certutil.exe
[2014/04/07 16:26:45 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cryptnet.dll
[2014/04/07 16:26:41 | 002,893,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msmpeg2vdec.dll
[2014/04/07 16:26:41 | 002,400,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
[2014/04/07 16:25:23 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgentc.exe
[2014/04/07 16:25:23 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgentc.exe
[2014/04/07 16:25:21 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll
[2014/04/07 16:25:21 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\resetengmig.dll
[2014/04/07 16:25:21 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgent.dll
[2014/04/07 16:25:21 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll
[2014/04/07 16:25:21 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sysreset.exe
[2014/04/07 16:25:08 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2014/04/07 16:25:08 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2014/04/07 16:25:08 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontsub.dll
[2014/04/07 16:25:08 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontsub.dll
[2014/04/07 16:25:08 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll
[2014/04/07 16:25:08 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll
[2014/04/07 16:25:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dciman32.dll
[2014/04/07 16:25:08 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lpk.dll
[2014/04/07 16:20:09 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\duser.dll
[2014/04/07 16:20:09 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlroamextension.dll
[2014/04/07 16:20:09 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncsi.dll
[2014/04/07 16:20:08 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWanAPI.dll
[2014/04/07 16:20:08 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlroamextension.dll
[2014/04/07 16:20:08 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWanAPI.dll
[2014/04/07 16:20:08 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.Connectivity.dll
[2014/04/07 16:20:08 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hotspotauth.dll
[2014/04/07 16:20:08 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mbsmsapi.dll
[2014/04/07 16:20:08 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.Connectivity.dll
[2014/04/07 16:20:08 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mbsmsapi.dll
[2014/04/07 16:20:08 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskkill.exe
[2014/04/07 16:20:08 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tasklist.exe
[2014/04/07 16:20:08 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BthAvrcpTg.sys
[2014/04/07 16:20:07 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpd_ci.dll
[2014/04/07 16:20:07 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tasklist.exe
[2014/04/07 16:20:07 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\taskkill.exe
[2014/04/07 16:20:07 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\crashdmp.sys
[2014/04/07 16:20:07 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BthhfHid.sys
[2014/04/07 16:20:07 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BtaMPM.sys
[2014/04/07 16:19:49 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2014/04/07 16:19:48 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2014/04/07 16:19:48 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2014/04/07 16:19:46 | 000,498,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usbport.sys
[2014/04/07 16:19:46 | 000,021,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usbd.sys
[2014/04/07 16:19:44 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2014/04/07 16:19:30 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shdocvw.dll
[2014/04/07 16:19:28 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\consent.exe
[2014/04/07 16:19:04 | 000,583,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdrm.dll
[2014/04/07 16:19:03 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMVDECOD.DLL
[2014/04/07 16:19:02 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMVDECOD.DLL
[2014/04/07 16:19:02 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll
[2014/04/07 16:18:59 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scrobj.dll
[2014/04/07 16:18:59 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scrrun.dll
[2014/04/07 16:18:59 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scrobj.dll
[2014/04/07 16:18:59 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scrrun.dll
[2014/04/07 16:18:59 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cscript.exe
[2014/04/07 16:18:59 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wshom.ocx
[2014/04/07 16:18:59 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cscript.exe
[2014/04/07 16:18:59 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcadm.dll
[2014/04/07 16:18:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcalua.exe
[2014/04/07 16:18:59 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcaevts.dll
[2014/04/07 16:18:56 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wintrust.dll
[2014/04/07 16:18:56 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apprepapi.dll
[2014/04/07 16:18:56 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apprepsync.dll
[2014/04/07 16:18:56 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apprepapi.dll
[2014/04/07 16:18:56 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apprepsync.dll
[2014/04/07 16:18:51 | 000,447,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2014/04/07 16:18:51 | 000,337,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2014/04/07 16:18:51 | 000,213,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\UCX01000.SYS
[2014/04/07 16:18:50 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpnet.dll
[2014/04/07 16:18:50 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dpnet.dll
[2014/04/07 16:18:50 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpnathlp.dll
[2014/04/07 16:18:50 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dpnathlp.dll
[2014/04/07 16:18:50 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpnsvr.exe
[2014/04/07 16:18:50 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dpnsvr.exe
[2014/04/07 16:18:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpnhupnp.dll
[2014/04/07 16:18:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpnhpast.dll
[2014/04/07 16:18:50 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dpnhupnp.dll
[2014/04/07 16:18:50 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dpnhpast.dll
[2014/04/07 16:18:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpnlobby.dll
[2014/04/07 16:18:50 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpnaddr.dll
[2014/04/07 16:18:50 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dpnlobby.dll
[2014/04/07 16:18:50 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dpnaddr.dll
[2014/04/07 16:18:48 | 003,842,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll
[2014/04/07 16:18:48 | 002,238,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d10warp.dll
[2014/04/07 16:18:37 | 002,062,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2014/04/07 16:18:37 | 001,711,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2014/04/07 16:18:33 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\esent.dll
[2014/04/07 16:18:33 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\esent.dll
[2014/04/07 16:18:31 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll
[2014/04/07 16:18:31 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll
[2014/04/07 16:17:01 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2014/04/07 16:17:01 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2014/04/07 16:17:01 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll
[2014/04/07 16:17:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/04/07 16:17:01 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
[2014/04/07 16:17:01 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/04/07 16:17:00 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cryptdlg.dll
[2014/04/07 16:17:00 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cryptdlg.dll
[2014/04/07 16:16:59 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qedit.dll
[2014/04/07 16:16:59 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qedit.dll
[2014/04/07 16:16:57 | 001,628,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecs.dll
[2014/04/07 16:16:56 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\portcls.sys
[2014/04/07 16:16:55 | 006,987,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2014/04/07 16:16:55 | 000,370,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SysFxUI.dll
[2014/04/07 16:16:55 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\drmk.sys
[2014/04/07 16:16:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml6r.dll
[2014/04/07 16:16:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msxml6r.dll
[2014/04/07 16:16:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml3r.dll
[2014/04/07 16:16:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msxml3r.dll
[2014/04/07 16:16:06 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2014/04/07 16:16:05 | 008,858,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2014/04/07 16:16:05 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2014/04/07 16:16:04 | 002,304,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2014/04/07 16:16:04 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2014/04/07 16:16:04 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
[2014/04/07 16:15:21 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msieftp.dll
[2014/04/07 16:15:21 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msieftp.dll
[2014/04/06 23:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COMODO
[2014/04/06 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Roaming\Mozilla
[2014/04/06 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Local\Mozilla
[2014/04/06 20:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/04/06 20:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/04/06 20:21:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/04/06 20:10:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\one23\Desktop\OTL.exe
[2014/04/06 16:12:33 | 000,000,000 | -H-D | C] -- C:\VTRoot
[2014/04/06 15:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2014/04/06 15:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2014/04/06 15:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2014/04/06 15:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/04/06 15:54:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\NV
[2014/04/06 15:54:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\NV
[2014/04/06 15:54:33 | 003,293,544 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvsvc64.dll
[2014/04/06 15:54:33 | 000,866,664 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nv3dappshext.dll
[2014/04/06 15:54:33 | 000,063,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvshext.dll
[2014/04/06 15:54:33 | 000,055,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nv3dappshextr.dll
[2014/04/06 15:54:32 | 006,200,680 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcpl.dll
[2014/04/06 15:54:32 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvsvcr.dll
[2014/04/06 15:54:32 | 000,118,120 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvmctray.dll
[2014/04/06 15:54:10 | 000,064,000 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2014/04/06 15:54:10 | 000,060,416 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2014/04/06 15:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2014/04/06 15:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/04/06 15:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2014/04/06 15:26:12 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Roaming\Macromedia
[2014/04/06 14:44:05 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2014/04/06 14:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2014/04/06 14:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2014/04/06 14:40:44 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Local\Comodo
[2014/04/06 14:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2014/04/06 14:40:43 | 000,000,000 | ---D | C] -- C:\first_launch
[2014/04/06 14:40:42 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\SysNative\certsentry.dll
[2014/04/06 14:40:42 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\SysWow64\certsentry.dll
[2014/04/06 14:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2014/04/06 14:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2014/04/06 14:22:28 | 000,000,000 | ---D | C] -- C:\Windows.old
[2014/04/06 13:47:57 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/06 13:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/06 13:47:15 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2014/04/06 13:47:15 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2014/04/06 13:47:15 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2014/04/06 13:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/06 13:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/06 13:46:59 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Local\Programs
[2014/04/06 13:34:01 | 000,000,000 | R--D | C] -- C:\Users\one23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/04/06 13:34:01 | 000,000,000 | R--D | C] -- C:\Users\one23\Searches
[2014/04/06 13:34:01 | 000,000,000 | R--D | C] -- C:\Users\one23\Contacts
[2014/04/06 13:34:01 | 000,000,000 | R--D | C] -- C:\Users\one23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/04/06 13:34:01 | 000,000,000 | -H-D | C] -- C:\Users\one23\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/04/06 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Roaming\Adobe
[2014/04/06 13:33:24 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Local\VirtualStore
[2014/04/06 13:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache
[2014/04/06 13:33:18 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Local\Packages
[2014/04/06 13:33:14 | 000,000,000 | --SD | C] -- C:\Users\one23\AppData\Roaming\Microsoft
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Videos
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Saved Games
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Pictures
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Music
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Links
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Favorites
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Downloads
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Documents
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\Desktop
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/04/06 13:33:14 | 000,000,000 | R--D | C] -- C:\Users\one23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\AppData\Local\Temporary Internet Files
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Templates
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Start Menu
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\SendTo
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Recent
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\PrintHood
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\NetHood
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Documents\My Videos
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Documents\My Pictures
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Documents\My Music
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\My Documents
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Local Settings
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\AppData\Local\History
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Cookies
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\Application Data
[2014/04/06 13:33:14 | 000,000,000 | -HSD | C] -- C:\Users\one23\AppData\Local\Application Data
[2014/04/06 13:33:14 | 000,000,000 | -H-D | C] -- C:\Users\one23\AppData
[2014/04/06 13:33:14 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Local\Temp
[2014/04/06 13:33:14 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Local\Microsoft
[2014/04/06 13:33:14 | 000,000,000 | ---D | C] -- C:\Users\one23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/04/06 13:27:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2014/04/06 13:23:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/04/06 00:57:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2014/04/05 03:18:36 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/04/03 21:01:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/03 07:22:13 | 000,000,000 | R--D | C] -- C:\Sandbox
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/07 23:53:34 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/07 23:53:19 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/07 18:23:56 | 000,803,370 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/04/07 18:23:56 | 000,684,122 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/04/07 18:23:56 | 000,124,968 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/04/07 18:19:09 | 000,281,088 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/04/07 18:18:59 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/04/07 18:18:55 | 2326,601,727 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/07 16:26:52 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\one23\Desktop\dds.com
[2014/04/06 23:20:52 | 000,002,020 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2014/04/06 23:20:52 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2014/04/06 20:21:08 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/06 16:42:53 | 000,003,060 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\fvstore.dat
[2014/04/06 16:09:28 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2014/04/06 15:44:19 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/06 15:25:30 | 000,001,431 | ---- | M] () -- C:\Users\one23\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/06 14:44:18 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
[2014/04/06 14:44:18 | 000,000,600 | ---- | M] () -- C:\Users\Public\Desktop\Shared Space.lnk
[2014/04/06 14:40:44 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2014/04/06 14:40:42 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\SysNative\certsentry.dll
[2014/04/06 14:40:42 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\SysWow64\certsentry.dll
[2014/04/06 13:24:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2014/04/06 13:23:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_SensorsAlsDriver_01_11_00.Wdf
[2014/04/03 09:51:22 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2014/04/03 00:00:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\one23\Desktop\OTL.exe
[2014/04/02 23:39:56 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\one23\Desktop\rkill.exe
[2014/04/02 23:38:30 | 000,987,448 | ---- | M] () -- C:\Users\one23\Desktop\SecurityCheck.exe
[2014/03/25 12:22:53 | 000,023,168 | ---- | M] (COMODO) -- C:\WINDOWS\SysNative\drivers\cmderd.sys
[2014/03/25 12:22:37 | 000,043,216 | ---- | M] (COMODO) -- C:\WINDOWS\SysNative\cmdcsr.dll
[2014/03/25 12:22:36 | 000,363,504 | ---- | M] (COMODO) -- C:\WINDOWS\SysWow64\guard32.dll
[2014/03/25 12:22:35 | 000,453,680 | ---- | M] (COMODO) -- C:\WINDOWS\SysNative\guard64.dll
[2014/03/25 12:22:29 | 000,352,984 | ---- | M] (COMODO) -- C:\WINDOWS\SysNative\cmdvrt64.dll
[2014/03/25 12:22:28 | 000,045,784 | ---- | M] (COMODO) -- C:\WINDOWS\SysNative\cmdkbd64.dll
[2014/03/25 12:22:25 | 000,284,888 | ---- | M] (COMODO) -- C:\WINDOWS\SysWow64\cmdvrt32.dll
[2014/03/25 12:22:23 | 000,040,664 | ---- | M] (COMODO) -- C:\WINDOWS\SysWow64\cmdkbd32.dll
 
========== Files Created - No Company Name ==========
 
[2014/04/07 23:58:03 | 000,987,448 | ---- | C] () -- C:\Users\one23\Desktop\SecurityCheck.exe
[2014/04/07 18:19:01 | 000,281,088 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/04/07 16:55:47 | 000,386,646 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/04/07 16:41:50 | 000,110,592 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll
[2014/04/07 16:41:50 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/04/06 20:21:08 | 000,001,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/04/06 20:21:08 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/06 16:12:31 | 000,003,060 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\fvstore.dat
[2014/04/06 15:54:32 | 003,536,817 | ---- | C] () -- C:\WINDOWS\SysNative\nvcoproc.bin
[2014/04/06 15:25:30 | 000,001,431 | ---- | C] () -- C:\Users\one23\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/06 14:44:19 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2014/04/06 14:44:18 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
[2014/04/06 14:44:18 | 000,000,600 | ---- | C] () -- C:\Users\Public\Desktop\Shared Space.lnk
[2014/04/06 14:42:18 | 000,002,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2014/04/06 14:42:18 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2014/04/06 14:40:44 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2014/04/06 13:47:25 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/06 13:33:58 | 000,001,437 | ---- | C] () -- C:\Users\one23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/04/06 13:33:14 | 000,000,352 | ---- | C] () -- C:\Users\one23\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/04/06 13:33:14 | 000,000,334 | ---- | C] () -- C:\Users\one23\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/04/06 13:24:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2014/04/06 13:23:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_SensorsAlsDriver_01_11_00.Wdf
[2014/04/06 13:23:09 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2014/01/25 02:22:44 | 000,299,520 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2014/01/25 02:22:38 | 000,182,272 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/01/25 02:22:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012/07/25 13:22:56 | 000,733,840 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng700.bin
[2012/07/25 13:22:56 | 000,492,340 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng700.bin
[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/05 23:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/05 22:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 

< End of report >


OTL Extras logfile created on: 4/7/2014 11:57:51 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\one23\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16843)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.71 Gb Total Physical Memory | 6.58 Gb Available Physical Memory | 85.37% Memory free
12.21 Gb Paging File | 10.79 Gb Available in Paging File | 88.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 137.66 Gb Total Space | 99.85 Gb Free Space | 72.53% Space Free | Partition Type: NTFS
Drive D: | 781.94 Gb Total Space | 781.75 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive E: | 3.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 7.45 Gb Total Space | 4.25 Gb Free Space | 57.00% Space Free | Partition Type: FAT32
 
Computer Name: LAB123 | User Name: one23 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\WINDOWS\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
.js[@ = JSFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- C:\WINDOWS\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2218410941-3676213390-633495507-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1"
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1"
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1"
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B10663-0C35-446E-BB00-248DBABCD6BB}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{081FDA58-3E7A-4CF1-B1E6-A172E20722BD}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{0F23ECAF-2374-403F-A344-8792EDD118EB}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{108FFA77-3A56-405B-9B3B-128FB55C5E5B}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{206D1E79-E938-4FE8-BA26-BE638D604CF5}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{39C0539D-DF24-4389-B5F3-A25DBBED4565}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{3E286BA4-51E9-49D0-BC93-DED7F8CAB536}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3E757068-09DB-4BEF-AEA2-ED78DB79BBF8}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{449C50C0-DF06-476D-8453-696695C9E01C}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{779A999A-27AA-44FC-9EF7-0EEE5A1CECB0}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8341BD02-6297-4797-928B-FEE157435DCF}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{9023F547-6772-414B-AD5D-FE7865BF93B2}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{9B2C5F43-FC7D-4CBE-84C6-8624F0081F6D}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{B82C1667-A4B6-4F71-B941-FF95A8FFAAF0}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{B9503AEB-C47F-4874-A454-071DD7A2D87E}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{D6DDB995-D830-4615-B14B-3E67F74461D5}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{DB859E3A-C477-49FA-B60C-80B30145BAA7}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{F89ABAEB-485A-4037-8FD9-F2EDC4F93EC3}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4053D788-F3FC-4785-B796-B4208254F890}" = GeekBuddy
"{901D1D88-408D-48E5-80DD-CC3145BD8456}" = COMODO Firewall
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"Comodo Dragon" = Comodo Dragon
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Security Task Manager" = Security Task Manager 1.8g
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/6/2014 4:33:06 PM | Computer Name = lab123 | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line
 arguments:  RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=625cc89b-693d-45c4-9967-123877fc41e4;NotificationInterval=1440;Trigger=TimerEvent
 
Error - 4/6/2014 4:33:19 PM | Computer Name = lab123 | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details.   hr=0x80072EE7
 
Error - 4/6/2014 4:33:19 PM | Computer Name = lab123 | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0x80072EE7  Sku Id=625cc89b-693d-45c4-9967-123877fc41e4
 
Error - 4/6/2014 4:33:20 PM | Computer Name = lab123 | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line
 arguments:  RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=625cc89b-693d-45c4-9967-123877fc41e4;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error - 4/6/2014 6:00:18 PM | Computer Name = lab123 | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details.   hr=0x80072EE7
 
Error - 4/6/2014 6:00:18 PM | Computer Name = lab123 | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0x80072EE7  Sku Id=625cc89b-693d-45c4-9967-123877fc41e4
 
Error - 4/6/2014 6:00:18 PM | Computer Name = lab123 | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line
 arguments:  RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=625cc89b-693d-45c4-9967-123877fc41e4;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error - 4/6/2014 7:42:05 PM | Computer Name = lab123 | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.2.9200.16384,
time stamp: 0x50107dbc  Faulting module name: DUser.dll, version: 6.2.9200.16384,
time stamp: 0x5010846e  Exception code: 0xc0000005  Fault offset: 0x0000000000026f7f
Faulting
 process id: 0xb38  Faulting application start time: 0x01cf51e384c0816a  Faulting application
 path: C:\WINDOWS\Explorer.EXE  Faulting module path: C:\WINDOWS\SYSTEM32\DUser.dll
Report
 Id: 0ef06976-bde5-11e3-be68-c8f73326ffd3  Faulting package full name:   Faulting package-relative
 application ID:
 
Error - 4/6/2014 11:09:47 PM | Computer Name = lab123 | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 4/7/2014 12:31:14 AM | Computer Name = lab123 | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos
 did not launch within its allotted time.
 
[ System Events ]
Error - 4/7/2014 5:22:26 AM | Computer Name = lab123 | Source = Service Control Manager | ID = 7034
Description = The COMODO LPS Launcher service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 4/7/2014 5:24:02 AM | Computer Name = lab123 | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 5000 milliseconds:
 Restart the service.
 
Error - 4/7/2014 2:41:34 PM | Computer Name = lab123 | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
 code is 51. The Windows SChannel error state is 900.
 
Error - 4/7/2014 2:41:36 PM | Computer Name = lab123 | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
 code is 51. The Windows SChannel error state is 900.
 
Error - 4/7/2014 2:41:41 PM | Computer Name = lab123 | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
 code is 51. The Windows SChannel error state is 900.
 
Error - 4/7/2014 2:41:42 PM | Computer Name = lab123 | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
 code is 51. The Windows SChannel error state is 900.
 
Error - 4/7/2014 7:07:46 PM | Computer Name = lab123 | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
 code is 51. The Windows SChannel error state is 900.
 
Error - 4/7/2014 7:44:44 PM | Computer Name = lab123 | Source = Service Control Manager | ID = 7034
Description = The Windows Defender Service service terminated unexpectedly.  It
has done this 3 time(s).
 
Error - 4/7/2014 9:15:56 PM | Computer Name = lab123 | Source = BTHUSB | ID = 327710
Description = The local adapter does not support an important Low Energy controller
 state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.
  Low Energy functionality will be disabled.
 
Error - 4/7/2014 9:18:59 PM | Computer Name = lab123 | Source = BTHUSB | ID = 327710
Description = The local adapter does not support an important Low Energy controller
 state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.
  Low Energy functionality will be disabled.
 
 
< End of report >
 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:25 AM

Posted 11 April 2014 - 08:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:25 AM

Posted 17 April 2014 - 09:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users