Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP/PUM Multiple rootkits need help not sure if everything is removed.


  • This topic is locked This topic is locked
20 replies to this topic

#1 oom

oom

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 19 August 2014 - 06:49 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.65.2
Run by Ryan at 7:43:02 on 2014-08-19
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.936.86.1033.18.12278.6747 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe
C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Jetico\BestCrypt\BC_VE\bcveserv.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Jetico\BestCrypt\BC_VE\bcvetray.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Jetico\BestCrypt\BCResident.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Jetico\BestCrypt\BCUpdt.exe
C:\Program Files (x86)\Jetico\BestCrypt\BestCrypt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptcore.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\tap\x64\devcon.exe
C:\Windows\system32\vssadmin.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~2\Jetico\BESTCR~1\BestCrypt.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
uLocal Page = C:\Windows\System32\blank.htm
uSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mStart Page = about:blank
mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
mWinlogon: Shell = explorer.exe
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
mRun: [BestCrypt Volume Encryption] "C:\Program Files (x86)\Jetico\BestCrypt\BC_VE\bcfmgr.exe"  MountAtLogon
mRun: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe" startup
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BESTCR~1.LNK - C:\Program Files (x86)\Jetico\BestCrypt\BestCrypt.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoThumbNailCache = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: ForceActiveDesktopOn = dword:0
mPolicies-Explorer: NoControlPanel = dword:0
mPolicies-Explorer: NoFolderOptions = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:1
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
LSP: %SystemRoot%\system32\mswsock.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{C5A7A356-324D-4016-B8A1-3F2C2A48D316} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C5A7A356-324D-4016-B8A1-3F2C2A48D316}\255637964656E63656D23596D6D6 : DHCPNameServer = 68.87.74.166 68.87.68.166
TCP: Interfaces\{C5A7A356-324D-4016-B8A1-3F2C2A48D316}\348494E4F5E45445 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D73269F4-4E45-41D2-90F0-C203F18E1324} : DHCPNameServer = 192.168.1.254
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
SSODL: WebCheck - <orphaned>
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages =  msv1_0
LSA: Notification Packages =  scecli
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\System32\cmd.exe /D /C start C:\Windows\System32\ie4uinit.exe -ClearIconCache
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
x64-mStart Page = about:blank
x64-mLocal Page = C:\Windows\System32\blank.htm
x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mWinlogon: Shell = explorer.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
x64-mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\System32\cmd.exe /D /C start C:\Windows\System32\ie4uinit.exe -ClearIconCache
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ACPI;Microsoft ACPI Driver;C:\Windows\System32\drivers\acpi.sys [2011-5-25 334208]
R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2011-4-27 27008]
R0 atapi;IDE Channel;C:\Windows\System32\drivers\atapi.sys [2009-7-13 24128]
R0 bcfnt;bcfnt;C:\Windows\System32\drivers\bcfnt.sys [2014-7-3 180928]
R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-13 367696]
R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2013-11-13 458712]
R0 Disk;Disk Driver;C:\Windows\System32\drivers\disk.sys [2009-7-13 73280]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-13 70224]
R0 FltMgr;FltMgr;C:\Windows\System32\drivers\fltMgr.sys [2011-5-25 289664]
R0 fsh;fsh;C:\Windows\System32\drivers\fsh.sys [2014-7-3 67776]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\System32\drivers\fvevol.sys [2013-4-9 223752]
R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2011-5-25 14720]
R0 intelide;intelide;C:\Windows\System32\drivers\intelide.sys [2009-7-13 16960]
R0 JRAID;JRAID;C:\Windows\System32\drivers\jraid.sys [2011-8-11 115824]
R0 KSecDD;KSecDD;C:\Windows\System32\drivers\ksecdd.sys [2014-5-14 95680]
R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2014-5-14 155072]
R0 mountmgr;Mount Point Manager;C:\Windows\System32\drivers\mountmgr.sys [2011-5-25 94592]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-13 15424]
R0 Mup;Mup;C:\Windows\System32\drivers\mup.sys [2009-7-13 60496]
R0 NDIS;NDIS System Driver;C:\Windows\System32\drivers\ndis.sys [2012-9-12 950128]
R0 partmgr;Partition Manager;C:\Windows\System32\drivers\partmgr.sys [2012-5-10 75120]
R0 pci;PCI Bus Driver;C:\Windows\System32\drivers\pci.sys [2011-5-25 184704]
R0 pciide;pciide;C:\Windows\System32\drivers\pciide.sys [2009-7-13 12352]
R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-13 50768]
R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2011-5-25 213888]
R0 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2013-11-22 74432]
R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-13 19008]
R0 Tcpip;TCP/IP Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2014-6-12 1903552]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-13 36432]
R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2011-5-25 71552]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2011-5-25 363392]
R0 volsnap;Storage volumes;C:\Windows\System32\drivers\volsnap.sys [2011-5-25 295808]
R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\Windows\System32\drivers\Wdf01000.sys [2013-10-9 785624]
R1 AFD;Ancillary Function Driver for Winsock;C:\Windows\System32\drivers\afd.sys [2014-7-8 497152]
R1 BC_3DES;BC_3DES;C:\Windows\System32\drivers\bc_3des.sys [2014-7-3 35520]
R1 BC_BF128;BC_BF128;C:\Windows\System32\drivers\bc_bf128.sys [2014-7-3 31424]
R1 BC_BF448;BC_BF448;C:\Windows\System32\drivers\bc_bf448.sys [2014-7-3 31936]
R1 BC_BFish;BC_BFish;C:\Windows\System32\drivers\bc_bfish.sys [2014-7-3 31424]
R1 BC_CAST;BC_CAST;C:\Windows\System32\drivers\bc_cast.sys [2014-7-3 38592]
R1 BC_DES;BC_DES;C:\Windows\System32\drivers\bc_des.sys [2014-7-3 35008]
R1 BC_Gost;BC_Gost;C:\Windows\System32\drivers\bc_gost.sys [2014-7-3 26816]
R1 BC_IDEA;BC_IDEA;C:\Windows\System32\drivers\bc_idea.sys [2014-7-3 28864]
R1 BC_RC6;BC_RC6;C:\Windows\System32\drivers\bc_rc6.sys [2014-7-3 31424]
R1 BC_RIJN;BC_RIJN;C:\Windows\System32\drivers\bc_rijn.sys [2014-7-3 52416]
R1 BC_SERP;BC_SERP;C:\Windows\System32\drivers\bc_serp.sys [2014-7-3 38080]
R1 BC_TFISH;BC_TFISH;C:\Windows\System32\drivers\bc_tfish.sys [2014-7-3 35520]
R1 bcbus;BestCrypt bus driver;C:\Windows\System32\drivers\bcbus.sys [2014-7-3 62656]
R1 Beep;Beep;C:\Windows\System32\drivers\beep.sys [2009-7-13 6656]
R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-13 45056]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\System32\drivers\CLBStor.sys [2010-7-12 24560]
R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2011-5-25 102400]
R1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-13 40448]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-8-18 62392]
R1 Msfs;Msfs;C:\Windows\System32\drivers\msfs.sys [2009-7-13 26112]
R1 mssmbios;Microsoft System Management BIOS Driver;C:\Windows\System32\drivers\mssmbios.sys [2009-7-13 32320]
R1 NetBIOS;NetBIOS Interface;C:\Windows\System32\drivers\netbios.sys [2009-7-13 44544]
R1 NetBT;NetBT;C:\Windows\System32\drivers\netbt.sys [2011-5-25 261632]
R1 Npfs;Npfs;C:\Windows\System32\drivers\npfs.sys [2009-7-13 44032]
R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-13 24576]
R1 Null;Null;C:\Windows\System32\drivers\null.sys [2009-7-13 6144]
R1 Psched;QoS Packet Scheduler;C:\Windows\System32\drivers\pacer.sys [2011-5-25 131584]
R1 rdbss;Redirected Buffering Sub Sysytem;C:\Windows\System32\drivers\rdbss.sys [2011-5-25 309248]
R1 RDPCDD;RDPCDD;C:\Windows\System32\drivers\RDPCDD.sys [2009-7-13 7680]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-13 7680]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-13 8192]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2011-5-25 119296]
R1 TermDD;Terminal Device Driver;C:\Windows\System32\drivers\termdd.sys [2011-5-25 63360]
R1 VgaSave;VgaSave;C:\Windows\System32\drivers\vga.sys [2009-7-13 29184]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2011-5-25 88576]
R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-13 12800]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/07/12 11:09:49];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-4-16 146928]
R2 AppHostSvc;Application Host Helper Service;C:\Windows\System32\svchost.exe -k apphost [2009-7-13 27136]
R2 atksgt;atksgt;C:\Windows\System32\drivers\atksgt.sys [2011-1-15 314016]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 AudioSrv;Windows Audio;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 BcveServ;BestCrypt Volume Encryption service;C:\Program Files (x86)\Jetico\BestCrypt\BC_VE\bcveserv.exe [2014-7-3 147232]
R2 BCWipeSvc;BCWipe service;C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe [2014-7-3 87840]
R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 BITS;Background Intelligent Transfer Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2010-7-12 371696]
R2 CryptSvc;Cryptographic Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 DcomLaunch;DCOM Server Process Launcher;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 Dhcp;DHCP Client;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 Dnscache;DNS Client;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 eventlog;Windows Event Log;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 EventSystem;COM+ Event System;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 27136]
R2 LanmanServer;Server;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 LanmanWorkstation;Workstation;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 lirsgt;lirsgt;C:\Windows\System32\drivers\lirsgt.sys [2011-1-15 43680]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-13 60928]
R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2009-7-13 113152]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-8-18 360592]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-19 1809720]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-19 860472]
R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 MsMpSvc;Microsoft Antimalware Service;C:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-3-11 23808]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 nsi;Network Store Interface Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-20 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-21 18956064]
R2 nvsvc;NVIDIA Display Driver Service;C:\Windows\System32\nvvsvc.exe [2013-11-21 935368]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2009-7-13 651264]
R2 PlugPlay;Plug and Play;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 Power;Power;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 ProfSvc;User Profile Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\System32\svchost.exe -k RPCSS [2009-7-13 27136]
R2 RpcSs;Remote Procedure Call (RPC);C:\Windows\System32\svchost.exe -k rpcss [2009-7-13 27136]
R2 rspndr;Link-Layer Topology Discovery Responder;C:\Windows\System32\drivers\rspndr.sys [2009-7-13 76800]
R2 SamSs;Security Accounts Manager;C:\Windows\System32\lsass.exe [2014-5-14 31232]
R2 Schedule;Task Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 secdrv;Security Driver;C:\Windows\System32\drivers\secdrv.sys [2009-7-13 23040]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-6 662232]
R2 SENS;System Event Notification Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 ShellHWDetection;Shell Hardware Detection;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 simptcp;Simple TCP/IP Services;C:\Windows\System32\TCPSVCS.EXE [2009-7-13 10240]
R2 Spooler;Print Spooler;C:\Windows\System32\spoolsv.exe [2012-8-15 559104]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-8-9 411936]
R2 stisvc;Windows Image Acquisition (WIA);C:\Windows\System32\svchost.exe -k imgsvc [2009-7-13 27136]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2012-11-16 45568]
R2 Themes;Themes;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 UI0Detect;Interactive Services Detection;C:\Windows\System32\UI0Detect.exe [2009-7-13 40960]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 W3SVC;World Wide Web Publishing Service;C:\Windows\System32\svchost.exe -k iissvcs [2009-7-13 27136]
R2 Winmgmt;Windows Management Instrumentation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 Wlansvc;WLAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-8-18 2291568]
R2 wscsvc;Security Center;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 wuauserv;Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\System32\drivers\1394ohci.sys [2011-5-25 229888]
R3 AeLookupSvc;Application Experience;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 AsyncMac;RAS Asynchronous Media Driver;C:\Windows\System32\drivers\asyncmac.sys [2009-7-13 23040]
R3 bowser;Browser Support Driver;C:\Windows\System32\drivers\bowser.sys [2011-4-14 90624]
R3 Browser;Computer Browser;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2014-8-19 145408]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2011-5-25 38912]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2014-8-14 985536]
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 fastfat;FAT12/16/32 File System Driver;C:\Windows\System32\drivers\fastfat.sys [2009-7-13 204800]
R3 fdc;Floppy Disk Controller Driver;C:\Windows\System32\drivers\fdc.sys [2009-7-13 29696]
R3 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 flpydisk;Floppy Disk Driver;C:\Windows\System32\drivers\flpydisk.sys [2009-7-13 24576]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2011-5-25 42856]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\Windows\System32\drivers\hdaudbus.sys [2011-5-25 122368]
R3 hidserv;Human Interface Device Access;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 HidUsb;Microsoft HID Class Driver;C:\Windows\System32\drivers\hidusb.sys [2011-5-25 30208]
R3 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R3 HTTP;HTTP;C:\Windows\System32\drivers\http.sys [2011-5-25 753664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM);C:\Windows\System32\drivers\RTKVHD64.sys [2012-2-15 2359200]
R3 intelppm;Intel Processor Driver;C:\Windows\System32\drivers\intelppm.sys [2009-7-13 62464]
R3 kbdclass;Keyboard Class Driver;C:\Windows\System32\drivers\kbdclass.sys [2009-7-13 50768]
R3 kbdhid;Keyboard HID Driver;C:\Windows\System32\drivers\kbdhid.sys [2011-5-25 33280]
R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2014-5-14 31232]
R3 ksthunk;Kernel Streaming Thunks;C:\Windows\System32\drivers\ksthunk.sys [2009-7-13 20992]
R3 lmhosts;TCP/IP NetBIOS Helper;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-19 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-19 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-19 63704]
R3 mhk;mhk;C:\Windows\System32\drivers\mhk.sys [2014-7-3 18624]
R3 moh;moh;C:\Windows\System32\drivers\moh.sys [2014-7-3 14528]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-13 30208]
R3 mouclass;Mouse Class Driver;C:\Windows\System32\drivers\mouclass.sys [2009-7-13 49216]
R3 mouhid;Mouse HID Driver;C:\Windows\System32\drivers\mouhid.sys [2009-7-13 31232]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-13 77312]
R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\Windows\System32\drivers\mrxsmb.sys [2011-7-11 158208]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2011-8-10 288768]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2011-7-11 128000]
R3 MTsensor;ATK0110 ACPI UTILITY;C:\Windows\System32\drivers\ASACPI.sys [2011-8-11 15416]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-13 318976]
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\Windows\System32\drivers\ndistapi.sys [2009-7-13 24064]
R3 Ndisuio;NDIS Usermode I/O Protocol;C:\Windows\System32\drivers\ndisuio.sys [2011-5-25 56832]
R3 NdisWan;Remote Access NDIS WAN Driver;C:\Windows\System32\drivers\ndiswan.sys [2011-5-25 164352]
R3 NDProxy;NDIS Proxy;C:\Windows\System32\drivers\ndproxy.sys [2011-5-25 57856]
R3 Netman;Network Connections;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 Ntfs;Ntfs;C:\Windows\System32\drivers\ntfs.sys [2014-4-9 1684928]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2013-11-21 196384]
R3 nvlddmkm;nvlddmkm;C:\Windows\System32\drivers\nvlddmkm.sys [2014-8-9 12866008]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-9 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-9 40392]
R3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
R3 PolicyAgent;IPsec Policy Agent;C:\Windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2009-7-13 27136]
R3 PptpMiniport;WAN Miniport (PPTP);C:\Windows\System32\drivers\raspptp.sys [2011-5-25 111104]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]
R3 ptun0901;TAP Adapter V9 for Private Tunnel;C:\Windows\System32\drivers\ptun0901.sys [2014-4-24 27136]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-13 60416]
R3 Rasl2tp;WAN Miniport (L2TP);C:\Windows\System32\drivers\rasl2tp.sys [2011-5-25 129536]
R3 RasPppoe;Remote Access PPPOE Driver;C:\Windows\System32\drivers\raspppoe.sys [2009-7-13 92672]
R3 RasSstp;WAN Miniport (SSTP);C:\Windows\System32\drivers\rassstp.sys [2009-7-13 83968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2014-8-19 38016]
R3 SDRSVC;Windows Backup;C:\Windows\System32\svchost.exe -k SDRSVC [2009-7-13 27136]
R3 srv;Server SMB 1.xxx Driver;C:\Windows\System32\drivers\srv.sys [2011-7-11 467456]
R3 srv2;Server SMB 2.xxx Driver;C:\Windows\System32\drivers\srv2.sys [2011-7-11 410112]
R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2011-7-11 168448]
R3 SSDPSRV;SSDP Discovery;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R3 swenum;Software Bus Driver;C:\Windows\System32\drivers\swenum.sys [2009-7-13 12496]
R3 swprv;Microsoft Software Shadow Copy Provider;C:\Windows\System32\svchost.exe -k swprv [2009-7-13 27136]
R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2011-5-25 48640]
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\Windows\System32\drivers\usbccgp.sys [2014-1-15 99840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\Windows\System32\drivers\usbehci.sys [2014-1-15 53248]
R3 usbhub;Microsoft USB Standard Hub Driver;C:\Windows\System32\drivers\usbhub.sys [2014-1-15 343040]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\Windows\System32\drivers\usbuhci.sys [2014-1-15 30720]
R3 VSS;Volume Shadow Copy;C:\Windows\System32\VSSVC.exe [2011-5-25 1600512]
R3 WAS;Windows Process Activation Service;C:\Windows\System32\svchost.exe -k iissvcs [2009-7-13 27136]
R3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\Windows\System32\drivers\wmiacpi.sys [2009-7-13 14336]
R3 WMPNetworkSvc;Windows Media Player Network Sharing Service;C:\Program Files\Windows Media Player\wmpnetwk.exe [2011-5-25 1525248]
R3 WSearch;Windows Search;C:\Windows\System32\SearchIndexer.exe [2011-7-11 591872]
R3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\Windows\System32\drivers\WUDFPf.sys [2012-11-17 87040]
R3 wudfsvc;Windows Driver Foundation - User-mode Driver Framework;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S1 cdrom;CD-ROM Driver;C:\Windows\System32\drivers\cdrom.sys [2011-5-25 147456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-8-19 109352]
S2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S2 sppsvc;Software Protection;C:\Windows\System32\sppsvc.exe [2011-5-25 3524608]
S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\System32\drivers\acpipmi.sys [2011-5-25 12800]
S3 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2009-6-10 491088]
S3 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2009-7-13 339536]
S3 adpu320;adpu320;C:\Windows\System32\drivers\adpu320.sys [2009-7-13 182864]
S3 agp440;Intel AGP Bus Filter;C:\Windows\System32\drivers\AGP440.sys [2009-7-13 61008]
S3 ALG;Application Layer Gateway Service;C:\Windows\System32\alg.exe [2009-7-13 79360]
S3 aliide;aliide;C:\Windows\System32\drivers\aliide.sys [2009-7-13 15440]
S3 amdide;amdide;C:\Windows\System32\drivers\amdide.sys [2009-7-13 15440]
S3 AmdK8;AMD K8 Processor Driver;C:\Windows\System32\drivers\amdk8.sys [2009-7-13 64512]
S3 AmdPPM;AMD Processor Driver;C:\Windows\System32\drivers\amdppm.sys [2009-7-13 60928]
S3 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2011-4-27 107904]
S3 amdsbs;amdsbs;C:\Windows\System32\drivers\amdsbs.sys [2009-6-10 194128]
S3 AppID;AppID Driver;C:\Windows\System32\drivers\appid.sys [2011-5-25 61440]
S3 AppIDSvc;Application Identity;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 arc;arc;C:\Windows\System32\drivers\arc.sys [2009-7-13 87632]
S3 arcsas;arcsas;C:\Windows\System32\drivers\arcsas.sys [2009-7-13 97856]
S3 aspnet_state;ASP.NET State Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-9-11 51808]
S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\System32\svchost.exe -k AxInstSVGroup [2009-7-13 27136]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\System32\drivers\bxvbda.sys [2009-6-10 468480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2009-6-10 270848]
S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2009-7-13 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2009-7-13 8704]
S3 Bridge;MAC Bridge;C:\Windows\System32\drivers\bridge.sys [2009-7-13 95232]
S3 BridgeMP;MAC Bridge Miniport;C:\Windows\System32\drivers\bridge.sys [2009-7-13 95232]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2009-7-13 286720]
S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2009-7-13 47104]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2009-7-13 14976]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\System32\drivers\BrUsbSer.sys [2009-7-13 14720]
S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\Windows\System32\drivers\bthmodem.sys [2009-7-13 72192]
S3 bthserv;Bluetooth Support Service;C:\Windows\System32\svchost.exe -k bthsvcs [2009-7-13 27136]
S3 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2009-7-13 45568]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\Windows\System32\drivers\CmBatt.sys [2009-7-13 17664]
S3 cmdide;cmdide;C:\Windows\System32\drivers\cmdide.sys [2009-7-13 17488]
S3 Compbatt;Compbatt;C:\Windows\System32\drivers\compbatt.sys [2009-7-13 21584]
S3 COMSysApp;COM+ System Application;C:\Windows\System32\dllhost.exe [2009-7-13 9728]
S3 defragsvc;Disk Defragmenter;C:\Windows\System32\svchost.exe -k defragsvc [2009-7-13 27136]
S3 dot3svc;Wired AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 drmkaud;Microsoft Trusted Audio Drivers;C:\Windows\System32\drivers\drmkaud.sys [2009-7-13 5632]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\System32\drivers\evbda.sys [2009-6-10 3286016]
S3 EFS;Encrypting File System (EFS);C:\Windows\System32\lsass.exe [2014-5-14 31232]
S3 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2011-5-25 696832]
S3 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2009-7-13 127488]
S3 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2009-6-10 530496]
S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\System32\drivers\errdev.sys [2009-7-13 9728]
S3 exfat;exFAT File System Driver;C:\Windows\System32\drivers\exfat.sys [2009-7-13 195072]
S3 Fax;Fax;C:\Windows\System32\FXSSVC.exe [2011-5-25 689152]
S3 Filetrace;Filetrace;C:\Windows\System32\drivers\filetrace.sys [2009-7-13 34304]
S3 FsDepends;File System Dependency Minifilter;C:\Windows\System32\drivers\fsdepends.sys [2009-7-13 55376]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\Windows\System32\drivers\GAGP30KX.SYS [2009-7-13 65088]
S3 GEARAspiWDM;GEAR ASPI Filter Driver;C:\Windows\System32\drivers\GEARAspiWDM.sys [2013-8-8 33240]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-7-13 31232]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\HdAudio.sys [2011-5-25 350208]
S3 HidBatt;HID UPS Battery Driver;C:\Windows\System32\drivers\hidbatt.sys [2009-7-13 26624]
S3 HidBth;Microsoft Bluetooth HID Miniport;C:\Windows\System32\drivers\hidbth.sys [2009-7-13 100864]
S3 HidIr;Microsoft Infrared HID Driver;C:\Windows\System32\drivers\hidir.sys [2009-7-13 46592]
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 HpSAMD;HpSAMD;C:\Windows\System32\drivers\HpSAMD.sys [2011-5-25 78720]
S3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\Windows\System32\drivers\i8042prt.sys [2009-7-13 105472]
S3 iaStorV;Intel RAID Controller Windows 7;C:\Windows\System32\drivers\iaStorV.sys [2011-4-27 410496]
S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2014-8-14 859280]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 iirsp;iirsp;C:\Windows\System32\drivers\iirsp.sys [2009-7-13 44112]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 IpFilterDriver;IP Traffic Filter Driver;C:\Windows\System32\drivers\ipfltdrv.sys [2011-5-25 82944]
S3 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-13 27136]
S3 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2011-5-25 78848]
S3 IPNAT;IP Network Address Translator;C:\Windows\System32\drivers\ipnat.sys [2009-7-13 116224]
S3 IRENUM;IR Bus Enumerator;C:\Windows\System32\drivers\irenum.sys [2009-7-13 17920]
S3 isapnp;isapnp;C:\Windows\System32\drivers\isapnp.sys [2009-7-13 20544]
S3 iScsiPrt;iScsiPort Driver;C:\Windows\System32\drivers\msiscsi.sys [2014-4-9 274880]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-13 27136]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver;C:\Windows\System32\drivers\LHidFilt.Sys [2010-3-18 63568]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver;C:\Windows\System32\drivers\LMouFilt.Sys [2010-3-18 57936]
S3 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2009-7-13 114752]
S3 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2009-7-13 106560]
S3 LSI_SAS2;LSI_SAS2;C:\Windows\System32\drivers\lsi_sas2.sys [2009-7-13 65600]
S3 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2009-7-13 115776]
S3 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2009-6-10 35392]
S3 MegaSR;MegaSR;C:\Windows\System32\drivers\MegaSR.sys [2009-7-13 284736]
S3 MftWipeFilter;Jetico file system filter;C:\Windows\System32\drivers\MftWipeFilter.sys [2014-7-3 33472]
S3 Modem;Modem;C:\Windows\System32\drivers\modem.sys [2009-7-13 40448]
S3 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\System32\drivers\mpio.sys [2011-5-25 155008]
S3 MRxDAV;WebDav Client Redirector Driver;C:\Windows\System32\drivers\mrxdav.sys [2013-10-9 140800]
S3 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2011-5-25 31104]
S3 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\System32\drivers\msdsm.sys [2011-5-25 140672]
S3 MSDTC;Distributed Transaction Coordinator;C:\Windows\System32\msdtc.exe [2009-7-13 141824]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\System32\drivers\mshidkmdf.sys [2009-7-13 8192]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 msiserver;Windows Installer;C:\Windows\System32\msiexec.exe [2011-5-25 128000]
S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\Windows\System32\drivers\mskssrv.sys [2009-7-13 11136]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\Windows\System32\drivers\mspclock.sys [2009-7-13 7168]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\Windows\System32\drivers\mspqm.sys [2009-7-13 6784]
S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2011-5-25 366976]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\Windows\System32\drivers\mstee.sys [2009-7-13 8064]
S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\System32\drivers\MTConfig.sys [2009-7-13 15360]
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\System32\drivers\ndiscap.sys [2009-7-13 35328]
S3 Netlogon;Netlogon;C:\Windows\System32\lsass.exe [2014-5-14 31232]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2009-7-13 51264]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\Windows\System32\drivers\NV_AGP.SYS [2009-7-13 122960]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver;C:\Windows\System32\drivers\nvm62x64.sys [2009-6-10 408960]
S3 nvraid;nvraid;C:\Windows\System32\drivers\nvraid.sys [2011-4-27 148352]
S3 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2011-4-27 166272]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\Windows\System32\drivers\ohci1394.sys [2009-7-13 72832]
S3 Parport;Parallel port driver;C:\Windows\System32\drivers\parport.sys [2009-7-13 97280]
S3 pcmcia;pcmcia;C:\Windows\System32\drivers\pcmcia.sys [2009-7-13 220752]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-13 20992]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
S3 Processor;Processor Driver;C:\Windows\System32\drivers\processr.sys [2009-7-13 60416]
S3 ProtectedStorage;Protected Storage;C:\Windows\System32\lsass.exe [2014-5-14 31232]
S3 ql2300;ql2300;C:\Windows\System32\drivers\ql2300.sys [2009-6-10 1524816]
S3 ql40xx;ql40xx;C:\Windows\System32\drivers\ql40xx.sys [2009-7-13 128592]
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 QWAVEdrv;QWAVE driver;C:\Windows\System32\drivers\qwavedrv.sys [2009-7-13 46592]
S3 RasAcd;Remote Access Auto Connection Driver;C:\Windows\System32\drivers\rasacd.sys [2009-7-13 14848]
S3 RasAuto;Remote Access Auto Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 RasMan;Remote Access Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\System32\drivers\rdpbus.sys [2009-7-13 24064]
S3 RDPWD;RDP Winstation Driver;C:\Windows\System32\drivers\rdpwd.sys [2012-6-13 210944]
S3 RemoteRegistry;Remote Registry;C:\Windows\System32\svchost.exe -k regsvc [2009-7-13 27136]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\Windows\System32\Locator.exe [2009-7-13 10240]
S3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-11-15 149160]
S3 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\Windows\System32\drivers\sbp2port.sys [2011-5-25 103808]
S3 SCardSvr;Smart Card;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\System32\drivers\scfilter.sys [2011-5-25 29696]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SeaPort;SeaPort;C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-9-22 249136]
S3 seclogon;Secondary Logon;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SensrSvc;Adaptive Brightness;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 Serenum;Serenum Filter Driver;C:\Windows\System32\drivers\serenum.sys [2009-7-13 23552]
S3 Serial;Serial;C:\Windows\System32\drivers\serial.sys [2009-7-13 94208]
S3 sermouse;Serial Mouse Driver;C:\Windows\System32\drivers\sermouse.sys [2009-7-13 26624]
S3 SessionEnv;Remote Desktop Configuration;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 sffdisk;SFF Storage Class Driver;C:\Windows\System32\drivers\sffdisk.sys [2009-7-13 14336]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2009-7-13 13824]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\Windows\System32\drivers\sffp_sd.sys [2011-5-25 14336]
S3 sfloppy;High-Capacity Floppy Disk Drive;C:\Windows\System32\drivers\sfloppy.sys [2009-7-13 16896]
S3 SharedAccess;Internet Connection Sharing (ICS);C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SiSRaid2;SiSRaid2;C:\Windows\System32\drivers\sisraid2.sys [2009-6-10 43584]
S3 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2009-7-13 80464]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2009-7-13 93184]
S3 SNMPTRAP;SNMP Trap;C:\Windows\System32\snmptrap.exe [2009-7-13 14336]
S3 sppuinotify;SPP Notification Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 SstpSvc;Secure Socket Tunneling Protocol Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 stexstor;stexstor;C:\Windows\System32\drivers\stexstor.sys [2009-7-13 24656]
S3 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 tap0901;TAP-Win32 Adapter V9;C:\Windows\System32\drivers\tap0901.sys [2014-8-17 31232]
S3 TapiSrv;Telephony;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2014-6-12 1903552]
S3 TDPIPE;TDPIPE;C:\Windows\System32\drivers\tdpipe.sys [2009-7-13 15872]
S3 TDTCP;TDTCP;C:\Windows\System32\drivers\tdtcp.sys [2012-3-13 23552]
S3 TermService;Remote Desktop Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 THREADORDER;Thread Ordering Server;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 TrkWks;Distributed Link Tracking Client;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2011-5-25 194048]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2013-8-14 39936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-14 56832]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2011-5-25 125440]
S3 uagp35;Microsoft AGPv3.5 Filter;C:\Windows\System32\drivers\UAGP35.SYS [2009-7-13 64080]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2009-7-13 64592]
S3 UmPass;Microsoft UMPass Driver;C:\Windows\System32\drivers\umpass.sys [2009-7-13 9728]
S3 upnphost;UPnP Device Host;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbaudio;USB Audio Driver (WDM);C:\Windows\System32\drivers\USBAUDIO.sys [2013-10-9 109824]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2013-10-9 100864]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2014-1-15 25600]
S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\System32\drivers\usbprint.sys [2009-7-13 25088]
S3 USBSTOR;USB Mass Storage Driver;C:\Windows\System32\drivers\USBSTOR.SYS [2011-4-27 91648]
S3 VaultSvc;Credential Manager;C:\Windows\System32\lsass.exe [2014-5-14 31232]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\System32\drivers\VBoxNetAdp.sys [2014-7-28 142528]
S3 vds;Virtual Disk;C:\Windows\System32\vds.exe [2011-5-25 533504]
S3 vga;vga;C:\Windows\System32\drivers\vgapnp.sys [2009-7-13 29184]
S3 vhdmp;vhdmp;C:\Windows\System32\drivers\vhdmp.sys [2011-5-25 215936]
S3 viaide;viaide;C:\Windows\System32\drivers\viaide.sys [2009-7-13 17488]
S3 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2009-6-10 161872]
S3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\System32\drivers\vwifibus.sys [2009-7-13 24576]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 W32Time;Windows Time;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2009-7-13 27776]
S3 WANARP;Remote Access IP ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2011-5-25 88576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-24 1255736]
S3 wbengine;Block Level Backup Engine Service;C:\Windows\System32\wbengine.exe [2011-5-25 1504256]
S3 WbioSrvc;Windows Biometric Service;C:\Windows\System32\svchost.exe -k WbioSvcGroup [2009-7-13 27136]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 WcsPlugInService;Windows Color System;C:\Windows\System32\svchost.exe -k wcssvc [2009-7-13 27136]
S3 Wd;Wd;C:\Windows\System32\drivers\wd.sys [2009-7-13 21056]
S3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WebClient;WebClient;C:\Windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 Wecsvc;Windows Event Collector;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup [2009-7-13 27136]
S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-13 22096]
S3 WinDefend;Windows Defender;C:\Windows\System32\svchost.exe -k secsvcs [2009-7-13 27136]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 WinUsb;WinUsb;C:\Windows\System32\drivers\winusb.sys [2011-5-25 41984]
S3 wmiApSrv;WMI Performance Adapter;C:\Windows\System32\wbem\WmiApSrv.exe [2009-7-13 203264]
S3 WPCSvc;Parental Controls;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
S3 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WUDFRd;WUDFRd;C:\Windows\System32\drivers\WUDFRd.sys [2012-11-17 198656]
S3 WwanSvc;WWAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21;C:\Windows\System32\drivers\xusb21.sys [2012-6-28 74960]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-2-25 262320]
S4 Apple Mobile Device;Apple Mobile Device;C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-1-7 43336]
S4 BCSWAP;BCSWAP;C:\Windows\System32\drivers\bcswap.sys [2014-7-3 124992]
S4 cdfs;CD/DVD File System Reader;C:\Windows\System32\drivers\cdfs.sys [2009-7-13 92160]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2014-8-14 67224]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-14 90776]
S4 crcdisk;Crcdisk Filter Driver;C:\Windows\System32\drivers\crcdisk.sys [2009-7-13 24144]
S4 gusvc;Google Updater Service;C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-4-23 136120]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\smite\HiPatchService.exe [2013-11-17 9216]
S4 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);"I:\Cleaning Software\Anti-Virus Software\HitmanPro_x64.exe" /crusader:boot --> I:\Cleaning Software\Anti-Virus Software\HitmanPro_x64.exe [?]
S4 iPod Service;iPod Service;C:\Program Files\iPod\bin\iPodService.exe [2014-1-20 641352]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service;C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-1-28 73728]
S4 Mcx2Svc;Media Center Extender Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S4 NetMsmqActivator;Net.Msmq Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 NetPipeActivator;Net.Pipe Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 NetTcpActivator;Net.Tcp Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 RemoteAccess;Routing and Remote Access;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S4 RichVideo;Cyberlink RichVideo Service(CRVS);C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2010-7-12 244904]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 Steam Client Service;Steam Client Service;C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-7-16 833728]
S4 SysMain;Superfetch;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S4 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-8-11 5052224]
S4 udfs;udfs;C:\Windows\System32\drivers\udfs.sys [2011-5-25 328192]
S4 ws2ifsl;Windows Socket 2.0 Non-IFS Service Provider Support Environment;C:\Windows\System32\drivers\ws2ifsl.sys [2009-7-13 21504]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: comfile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: AcroRD32.exe: Read="D:\Adobe\Reader 10.0\Reader\AcroRd32.exe" "%1"
ShellExec: contagion.exe: open="d:\steamlibrary\steamapps\common\contagionbeta\contagion.exe" "%1"
ShellExec: csgo.exe: open="c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe" "%1"
ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
ShellExec: hl2.exe: open="d:\steamlibrary\steamapps\common\garrysmod\hl2.exe" "%1"
ShellExec: iexplore.exe: open="C:\Program Files\Internet Explorer\iexplore.exe" %1
ShellExec: iTunes.exe: open="C:\Program Files (x86)\iTunes\iTunes.exe" /open "%L"
ShellExec: iTunes.exe: play="C:\Program Files (x86)\iTunes\iTunes.exe" /play "%L"
ShellExec: left4dead2.exe: open="d:\steamlibrary\steamapps\common\left 4 dead 2\left4dead2.exe" "%1"
ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: PicasaPhotoViewer.exe: Open="D:\Picasa\Picasa3\PicasaPhotoViewer.exe" "%1"
ShellExec: PicasaPhotoViewer.exe: Preview="D:\Picasa\Picasa3\PicasaPhotoViewer.exe" "%1"
ShellExec: SC2Editor.exe: open="D:/Starcraft 2/StarCraft II\Support\SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="D:/Starcraft 2/StarCraft II\Support\SC2Switcher.exe" "%1"
ShellExec: vlc.exe: Open="D:\Program Files (x86)\VLC\vlc.exe" --started-from-file "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
.
=============== Created Last 60 ================
.
2042-06-09 21:25:17 -------- d-----w- C:\ProgramData\HitmanPro
2014-08-19 11:10:12 -------- d-----w- C:\Windows\SysWow64\%LOCALAPPDATA%
2014-08-19 10:55:43 -------- d-----w- C:\Program Files (x86)\OpenVPN Technologies
2014-08-19 09:16:11 38016 ----a-w- C:\Windows\System32\drivers\SAlpham64.sys
2014-08-19 09:16:11 145408 ----a-w- C:\Windows\System32\drivers\SteelBus64.sys
2014-08-19 05:38:38 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0F641ED-3635-414A-9665-5454449C5D5D}\offreg.dll
2014-08-19 05:28:12 -------- d-----w- C:\Users\Ryan\AppData\Local\CrashDumps
2014-08-19 05:27:01 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0F641ED-3635-414A-9665-5454449C5D5D}\mpengine.dll
2014-08-19 05:06:46 -------- d-----w- C:\Windows\temp
2014-08-19 04:24:59 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2014-08-19 04:20:25 -------- d-----w- C:\Program Files\HitmanPro
2014-08-19 04:20:08 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-19 04:20:02 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-19 04:20:02 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-19 04:20:02 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-19 04:20:02 -------- d-----w- C:\Program Files\Malwarebytes Anti-Malware
2014-08-19 03:58:16 -------- d-----w- C:\Users\Ryan\AppData\Local\Diagnostics
2014-08-19 03:24:42 33512 ----a-w- C:\Windows\SysWow64\drivers\TrueSight.sys
2014-08-19 03:24:37 -------- d-----w- C:\ProgramData\RogueKiller
2014-08-19 02:17:31 -------- d-----w- C:\Windows\ERUNT
2014-08-19 02:14:43 -------- d--h--w- C:\Program Files (x86)\Uninstall Information
2014-08-19 02:12:35 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2014-08-19 02:11:45 -------- d-----w- C:\Program Files (x86)\eMule
2014-08-19 02:06:19 -------- d-----w- C:\Program Files (x86)\ESET
2014-08-19 01:39:25 -------- d-----w- C:\RegBackup
2014-08-19 01:39:25 -------- d-----w- \RegBackup
2014-08-19 00:57:45 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-08-19 00:44:49 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-19 00:43:12 -------- d-----w- C:\ProgramData\Malwarebytes Anti-Exploit
2014-08-19 00:43:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-08-19 00:34:43 272808 ----a-w- C:\Windows\SysWow64\javaws.exe
2014-08-19 00:34:34 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-19 00:34:34 175528 ----a-w- C:\Windows\SysWow64\javaw.exe
2014-08-19 00:34:34 175528 ----a-w- C:\Windows\SysWow64\java.exe
2014-08-19 00:32:29 -------- d-----w- C:\Program Files\iTunes
2014-08-19 00:32:29 -------- d-----w- C:\Program Files\iPod
2014-08-19 00:32:29 -------- d-----w- C:\Program Files (x86)\iTunes
2014-08-19 00:19:00 -------- d-----w- C:\Users\Ryan\AppData\Local\Secunia PSI
2014-08-19 00:18:56 -------- d-----w- C:\Program Files (x86)\Secunia
2014-08-19 00:09:16 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-08-19 00:08:44 -------- d-----w- C:\AdwCleaner
2014-08-19 00:08:44 -------- d-----w- \AdwCleaner
2014-08-17 09:12:09 31232 ----a-w- C:\Windows\System32\drivers\tap0901.sys
2014-08-17 07:57:40 -------- d-----w- C:\Users\Ryan\AppData\Local\Programs
2014-08-17 06:31:22 868184 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2014-08-17 06:31:21 129168 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2014-08-17 05:07:27 -------- d-----w- C:\Program Files (x86)\Jetico
2014-08-17 03:41:07 230840 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2014-08-17 03:10:22 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-16 23:40:40 -------- d-----w- C:\Users\Ryan\AppData\Local\Psi
2014-08-15 11:09:10 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-08-15 11:09:10 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-08-14 22:56:39 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2014-08-14 22:56:37 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2014-08-14 22:56:36 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2014-08-14 22:56:36 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-14 22:56:36 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-14 22:56:35 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-08-14 22:56:35 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2014-08-14 22:56:35 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2014-08-14 22:56:35 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-08-14 22:56:35 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2014-08-14 22:56:35 420864 ----a-w- C:\Windows\System32\wksprt.exe
2014-08-14 22:56:35 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2014-08-14 22:56:35 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2014-08-14 22:56:35 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-08-14 22:56:34 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2014-08-14 22:56:34 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2014-08-14 22:56:34 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
2014-08-14 22:44:40 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{37B7260D-202E-471B-8ADE-A53141959D66}\gapaengine.dll
2014-08-14 22:41:53 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-08-14 22:41:52 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-08-14 22:28:01 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-14 22:28:01 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-14 22:28:01 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-14 22:28:01 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-14 22:28:01 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-14 22:28:01 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-14 22:27:50 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-14 22:27:50 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-14 22:27:30 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-08-14 22:27:30 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-14 22:27:27 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-08-14 22:27:27 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-08-14 20:59:58 76152 ----a-w- C:\Windows\System32\PnkBstrA.exe
2014-08-14 20:29:07 -------- d-----w- C:\Users\Ryan\AppData\Local\PunkBuster
2014-08-14 20:10:52 -------- d-----w- C:\Users\Ryan\AppData\Local\ESN
2014-08-14 19:26:23 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-08-14 19:26:23 7168 ----a-w- C:\Windows\SysWow64\KBDTAT.DLL
2014-08-14 19:26:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-08-14 19:26:23 7168 ----a-w- C:\Windows\System32\KBDTAT.DLL
2014-08-14 19:26:23 7168 ----a-w- C:\Windows\System32\KBDRU1.DLL
2014-08-14 19:26:23 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-08-14 19:26:23 6656 ----a-w- C:\Windows\SysWow64\KBDRU1.DLL
2014-08-14 19:26:23 6656 ----a-w- C:\Windows\SysWow64\KBDRU.DLL
2014-08-14 19:26:23 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-08-14 19:26:23 6656 ----a-w- C:\Windows\System32\KBDRU.DLL
2014-08-14 19:26:22 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-14 19:26:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-14 19:26:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-08-14 19:26:20 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-08-14 19:26:20 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-08-14 19:26:20 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-08-14 19:26:20 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-08-14 19:26:20 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-08-14 19:26:20 112064 ----a-w- C:\Windows\System32\consent.exe
2014-08-14 19:26:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-14 19:26:18 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-14 19:26:18 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-14 19:26:18 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-14 19:26:18 14175744 ----a-w- C:\Windows\System32\shell32.dll
2014-08-14 19:26:17 12874240 ----a-w- C:\Windows\SysWow64\shell32.dll
2014-08-14 19:26:15 810176 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-08-14 19:26:15 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-14 19:26:15 69632 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-08-14 19:26:15 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-14 19:26:15 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-14 19:26:15 526336 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-08-14 19:26:15 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-14 19:26:15 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-14 19:26:15 48128 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll
2014-08-14 19:26:15 367104 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-08-14 19:26:15 32768 ----a-w- C:\Windows\SysWow64\iernonce.dll
2014-08-14 19:26:15 225792 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsTap.dll
2014-08-14 19:26:15 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-08-14 19:26:15 17524224 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-08-14 19:26:15 163840 ----a-w- C:\Program Files\Internet Explorer\Timeline_is.dll
2014-08-14 19:26:15 161280 ----a-w- C:\Program Files (x86)\Internet Explorer\DiagnosticsTap.dll
2014-08-14 19:26:15 1169920 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-08-14 19:26:14 812224 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-08-14 19:26:14 692736 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-08-14 19:26:14 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-14 19:26:14 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-08-14 19:26:14 43008 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-08-14 19:26:14 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-14 19:26:14 347648 ----a-w- C:\Program Files\Internet Explorer\F12Tools.dll
2014-08-14 19:26:14 33792 ----a-w- C:\Windows\System32\iernonce.dll
2014-08-14 19:26:14 307384 ----a-w- C:\Windows\SysWow64\iedkcs32.dll
2014-08-14 19:26:14 272896 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2014-08-14 19:26:14 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-14 19:26:14 265728 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
2014-08-14 19:26:14 259584 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-08-14 19:26:14 241664 ----a-w- C:\Program Files (x86)\Internet Explorer\F12Tools.dll
2014-08-14 19:26:14 239616 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-08-14 19:26:14 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-08-14 19:26:14 2184704 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-08-14 19:26:14 204800 ----a-w- C:\Program Files\Internet Explorer\Timeline.dll
2014-08-14 19:26:14 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-14 19:26:14 1431040 ----a-w- C:\Windows\System32\urlmon.dll
2014-08-14 19:26:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-14 19:26:14 1064960 ----a-w- C:\Program Files (x86)\Internet Explorer\networkinspection.dll
2014-08-14 19:26:13 726528 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-08-14 19:26:13 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-14 19:26:13 631808 ----a-w- C:\Windows\System32\msfeeds.dll
2014-08-14 19:26:13 483328 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-08-14 19:26:13 452096 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-08-14 19:26:13 438784 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-08-14 19:26:13 348856 ----a-w- C:\Windows\System32\iedkcs32.dll
2014-08-14 19:26:13 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-14 19:26:13 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-14 19:26:13 11772928 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-08-14 19:26:12 752640 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2014-08-14 19:26:12 704512 ----a-w- C:\Windows\SysWow64\ieapfltr.dll
2014-08-14 19:26:12 696832 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2014-08-14 19:26:12 639488 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
2014-08-14 19:26:12 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-14 19:26:12 51200 ----a-w- C:\Windows\System32\jsproxy.dll
2014-08-14 19:26:12 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-14 19:26:12 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-14 19:26:12 2774528 ----a-w- C:\Windows\System32\iertutil.dll
2014-08-14 19:26:12 235200 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2014-08-14 19:26:12 2112000 ----a-w- C:\Program Files\Internet Explorer\F12.dll
2014-08-14 19:26:12 1856512 ----a-w- C:\Program Files\Internet Explorer\MemoryAnalyzer.dll
2014-08-14 19:26:12 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-14 19:26:12 164864 ----a-w- C:\Windows\SysWow64\msrating.dll
2014-08-14 19:26:12 1191936 ----a-w- C:\Program Files\Internet Explorer\networkinspection.dll
2014-08-14 19:26:12 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-14 19:26:12 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-14 19:26:11 85504 ----a-w- C:\Windows\System32\mshtmled.dll
2014-08-14 19:26:11 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-14 19:26:11 598016 ----a-w- C:\Windows\System32\ieui.dll
2014-08-14 19:26:11 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-14 19:26:11 292864 ----a-w- C:\Windows\System32\dxtrans.dll
2014-08-14 19:26:11 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-14 19:26:11 13547008 ----a-w- C:\Windows\System32\ieframe.dll
2014-08-14 19:26:11 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-14 19:26:10 871936 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2014-08-14 19:26:10 846336 ----a-w- C:\Windows\System32\ieapfltr.dll
2014-08-14 19:26:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-14 19:26:10 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-14 19:26:10 360448 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-08-14 19:26:10 293056 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-08-14 19:26:10 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-08-14 19:26:10 195584 ----a-w- C:\Windows\System32\msrating.dll
2014-08-14 19:26:09 977408 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-08-14 19:26:09 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-14 19:26:09 23645696 ----a-w- C:\Windows\System32\mshtml.dll
2014-08-14 19:26:09 10747904 ----a-w- C:\Program Files\Internet Explorer\F12Resources.dll
2014-08-14 19:25:36 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-14 19:25:36 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-14 19:25:36 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-14 19:25:36 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-14 13:57:21 -------- d-----w- C:\Users\Ryan\AppData\Local\Origin
2014-08-14 07:38:10 -------- d-----w- C:\Users\Ryan\AppData\Local\._LiveCode_
2014-08-12 15:54:26 -------- d-----w- C:\Users\Ryan\AppData\Local\HonorbuddyMeshes
2014-08-12 07:08:02 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C44D0F5-6652-4A5F-9C5D-980565FD14C6}\mpengine.dll
2014-08-12 05:18:41 -------- d-----w- C:\Users\Ryan\AppData\Local\SteelSeries_ApS
2014-08-12 02:06:41 -------- d-----w- C:\Program Files\Dxtory Software
2014-08-11 17:12:20 -------- d-----w- C:\Users\Ryan\AppData\Local\VirtualStore
2014-08-11 16:45:43 -------- d-----w- C:\Program Files (x86)\TeamViewer
2014-08-11 15:25:26 -------- d-----w- C:\Users\Ryan\AppData\Local\Skype
2014-08-10 17:00:48 -------- d-----w- C:\Users\Ryan\AppData\Local\Blizzard Entertainment
2014-08-10 17:00:45 -------- d-----w- C:\Users\Ryan\AppData\Local\Razer
2014-08-10 16:58:34 -------- d-----w- C:\Users\Ryan\AppData\Local\TSVNCache
2014-08-10 15:50:00 -------- d-----w- C:\Users\Ryan\AppData\Local\Apple
2014-08-10 03:14:23 -------- d-----w- C:\Users\Ryan\AppData\Local\Deployment
2014-08-10 03:11:05 -------- d-sh--w- C:\Users\Ryan\AppData\Local\EmieUserList
2014-08-10 03:11:05 -------- d-sh--w- C:\Users\Ryan\AppData\Local\EmieSiteList
2014-08-09 19:05:25 609240 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-08-09 19:01:10 944928 ----a-w- C:\Windows\System32\NvIFR64.dll
2014-08-09 19:01:10 907096 ----a-w- C:\Windows\SysWow64\NvIFR.dll
2014-08-09 19:01:10 903624 ----a-w- C:\Windows\System32\NvFBC64.dll
2014-08-09 19:01:10 869152 ----a-w- C:\Windows\SysWow64\NvFBC.dll
2014-08-09 19:01:10 846832 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2014-08-09 19:01:10 4247000 ----a-w- C:\Windows\System32\nvcuvid.dll
2014-08-09 19:01:10 3989960 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2014-08-09 19:01:10 354016 ----a-w- C:\Windows\System32\nvoglshim64.dll
2014-08-09 19:01:10 31512520 ----a-w- C:\Windows\System32\nvoglv64.dll
2014-08-09 19:01:10 305600 ----a-w- C:\Windows\SysWow64\nvoglshim32.dll
2014-08-09 19:01:10 24196896 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2014-08-09 19:01:10 22994208 ----a-w- C:\Windows\System32\nvcompiler.dll
2014-08-09 19:01:10 1890080 ----a-w- C:\Windows\System32\nvdispco6434052.dll
2014-08-09 19:01:10 18626304 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2014-08-09 19:01:10 166568 ----a-w- C:\Windows\System32\nvinitx.dll
2014-08-09 19:01:10 1539928 ----a-w- C:\Windows\System32\nvdispgenco6434052.dll
2014-08-09 19:01:10 15294296 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2014-08-09 19:01:10 146480 ----a-w- C:\Windows\SysWow64\nvinit.dll
2014-08-09 19:01:10 13922752 ----a-w- C:\Windows\System32\nvopencl.dll
2014-08-09 19:01:10 13835208 ----a-w- C:\Windows\System32\nvcuda.dll
2014-08-09 19:01:10 12866008 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2014-08-09 19:01:10 11283344 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2014-08-09 19:01:10 11222048 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2014-08-03 05:52:05 58336 ----a-w- C:\Windows\System32\wuauclt.exe
2014-08-03 05:52:05 44512 ----a-w- C:\Windows\System32\wups2.dll
2014-08-03 05:52:05 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-03 05:52:05 2477536 ----a-w- C:\Windows\System32\wuaueng.dll
2014-08-03 05:51:56 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-03 05:51:56 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-03 05:51:56 700384 ----a-w- C:\Windows\System32\wuapi.dll
2014-08-03 05:51:56 581600 ----a-w- C:\Windows\SysWow64\wuapi.dll
2014-08-03 05:51:56 38880 ----a-w- C:\Windows\System32\wups.dll
2014-08-03 05:51:56 36320 ----a-w- C:\Windows\SysWow64\wups.dll
2014-08-03 05:51:53 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-03 05:51:53 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-03 05:51:53 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-03 05:51:53 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-07-29 03:43:28 142528 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2014-07-25 18:31:15 -------- d-----w- C:\Program Files (x86)\Dungeon Defenders 2
2014-07-09 03:43:33 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 03:43:33 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 03:43:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-07-09 03:43:30 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-07-09 03:43:30 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-07-09 03:43:30 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-07-09 03:43:30 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-07-09 03:43:30 449024 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-09 03:43:29 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-07-09 03:43:29 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-07-09 03:43:29 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-07-09 03:43:29 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-07-09 03:43:29 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-07-09 03:43:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-07-09 03:43:29 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-07-09 03:43:29 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-07-09 03:43:29 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-07-09 03:43:29 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-07-09 03:43:29 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-07-09 03:43:29 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-07-09 03:43:29 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-07-09 03:43:29 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-07-09 03:42:55 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-07-09 03:42:55 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-09 03:42:55 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-07-07 19:15:58 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-07-03 10:38:12 67776 ----a-w- C:\Windows\System32\drivers\fsh.sys
2014-07-03 10:38:12 62656 ----a-w- C:\Windows\System32\drivers\bcbus.sys
2014-07-03 10:38:12 52416 ----a-w- C:\Windows\System32\drivers\bc_rijn.sys
2014-07-03 10:38:12 38592 ----a-w- C:\Windows\System32\drivers\bc_cast.sys
2014-07-03 10:38:12 38080 ----a-w- C:\Windows\System32\drivers\bc_serp.sys
2014-07-03 10:38:12 35520 ----a-w- C:\Windows\System32\drivers\bc_tfish.sys
2014-07-03 10:38:12 35520 ----a-w- C:\Windows\System32\drivers\bc_3des.sys
2014-07-03 10:38:12 35008 ----a-w- C:\Windows\System32\drivers\bc_des.sys
2014-07-03 10:38:12 31936 ----a-w- C:\Windows\System32\drivers\bc_bf448.sys
2014-07-03 10:38:12 31424 ----a-w- C:\Windows\System32\drivers\bc_rc6.sys
2014-07-03 10:38:12 31424 ----a-w- C:\Windows\System32\drivers\bc_bfish.sys
2014-07-03 10:38:12 31424 ----a-w- C:\Windows\System32\drivers\bc_bf128.sys
2014-07-03 10:38:12 28864 ----a-w- C:\Windows\System32\drivers\bc_idea.sys
2014-07-03 10:38:12 26816 ----a-w- C:\Windows\System32\drivers\bc_gost.sys
2014-07-03 10:38:12 18624 ----a-w- C:\Windows\System32\drivers\mhk.sys
2014-07-03 10:38:12 180928 ----a-w- C:\Windows\System32\drivers\bcfnt.sys
2014-07-03 10:38:12 14528 ----a-w- C:\Windows\System32\drivers\moh.sys
2014-07-03 10:38:12 124992 ----a-w- C:\Windows\System32\drivers\bcswap.sys
2014-07-03 10:35:42 43520 ----a-w- C:\Windows\SysWow64\HPLUN.dll
2014-07-03 10:34:29 33472 ----a-w- C:\Windows\System32\drivers\MftWipeFilter.sys
2014-07-03 10:33:26 364320 ----a-w- C:\Windows\BCUnInstall.exe
2014-07-02 09:45:30 -------- d-----w- C:\ProgramData\Hunter
2014-06-26 12:18:40 -------- d-----w- C:\NVIDIA Corporation
2014-06-26 12:18:40 -------- d-----w- \NVIDIA Corporation
2014-06-22 00:54:41 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
.
==================== Find6M  ====================
.
2014-08-19 00:25:42 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-19 00:25:42 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-15 06:53:02 215416 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-08-14 22:48:42 99218768 ----a-w- C:\Windows\System32\MRT.exe
2014-07-25 13:50:29 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-07-25 13:50:29 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-07-25 13:50:11 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-07-25 13:50:11 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-07-02 20:48:32 965312 ----a-w- C:\Windows\System32\nvumdshimx.dll
2014-07-02 20:48:32 75040 ----a-w- C:\Windows\System32\OpenCL.dll
2014-07-02 20:48:32 61912 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-07-02 20:48:32 3196816 ----a-w- C:\Windows\System32\nvapi64.dll
2014-07-02 20:48:32 2814656 ----a-w- C:\Windows\SysWow64\nvapi.dll
2014-07-02 20:48:32 17555104 ----a-w- C:\Windows\System32\nvd3dumx.dll
2014-07-02 20:48:32 16122344 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48:32 14498552 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-06-27 01:18:50 298032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-05-20 02:44:03 1889112 ----a-w- C:\Windows\System32\nvdispco6433788.dll
2014-05-20 02:44:03 1541576 ----a-w- C:\Windows\System32\nvdispgenco6433788.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-24 18:44:44 27136 ----a-w- C:\Windows\System32\drivers\ptun0901.sys
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-31 16:42:44 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-03-31 16:42:42 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-31 16:42:40 34760 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-03-11 13:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-04 14:35:23 1885472 ----a-w- C:\Windows\System32\nvdispco6433523.dll
2014-03-04 14:35:23 1516488 ----a-w- C:\Windows\System32\nvdispgenco6433523.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:44:00 1163264 ----a-w- C:\Windows\System32\kernel32.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:17:38 35328 ----a-w- C:\Windows\SysWow64\wincredprovider.dll
2014-03-04 09:17:19 538112 ----a-w- C:\Windows\SysWow64\objsel.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:08 47616 ----a-w- C:\Windows\SysWow64\dpapiprovider.dll
2014-03-04 09:17:08 36864 ----a-w- C:\Windows\SysWow64\dimsroam.dll
2014-03-04 09:17:07 51200 ----a-w- C:\Windows\SysWow64\cngprovider.dll
2014-03-04 09:17:06 48128 ----a-w- C:\Windows\SysWow64\capiprovider.dll
2014-03-04 09:17:05 49664 ----a-w- C:\Windows\SysWow64\adprovider.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 09:16:17 1114112 ----a-w- C:\Windows\SysWow64\kernel32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH:  7:43:12.25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 19 August 2014 - 07:15 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 oom

oom
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 19 August 2014 - 07:30 AM

Hello Marius,

 

I just attempted those steps in safemode and a regular fresh boot and it bsod me about 30 seconds after i click scan.


Edited by oom, 19 August 2014 - 07:33 AM.


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 19 August 2014 - 07:50 AM

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 oom

oom
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 19 August 2014 - 08:22 AM

Hello Marius here is the log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by SYSTEM on MININT-NJCT5RH on 19-08-2014 09:10:54
Running from f:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10806816 2012-02-15] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [BestCrypt Volume Encryption] => C:\Program Files (x86)\Jetico\BestCrypt\BC_VE\bcfmgr.exe [2682656 2014-05-28] (Jetico Inc. Oy)
HKLM-x32\...\Run: [BCWipeTM Startup] => C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe [1650464 2014-07-03] (Jetico, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\Guest\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2387968 2009-01-27] (Hewlett-Packard Company)
HKU\Guest\...\Run: [Google Update] => C:\Users\Guest\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-06-25] (Google Inc.)
HKU\Ryan\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [5352288 2012-08-22] (Piriform Ltd)
HKU\Ryan\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\Ryan\...\Policies\Explorer: [NoThumbNailCache] 1
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BcveServ; C:\Program Files (x86)\Jetico\BestCrypt\BC_VE\bcveserv.exe [147232 2014-05-29] (Jetico Inc. Oy)
S2 BCWipeSvc; C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe [87840 2014-07-03] (Jetico, Inc.)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2014-08-18] (SurfRight B.V.)
S2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-16] ()
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S4 HiPatchService; D:\smite\HiPatchService.exe [X]
S4 HitmanPro37CrusaderBoot; "I:\Cleaning Software\Anti-Virus Software\HitmanPro_x64.exe" /crusader:boot [X]
S3 npggsvc; C:\Windows\system32\GameMon.des -service [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ALSysIO; No ImagePath
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-01-15] ()
S1 bcbus; C:\Windows\System32\DRIVERS\bcbus.sys [62656 2014-07-03] (Jetico, Inc.)
S0 bcfnt; C:\Windows\System32\Drivers\bcfnt.sys [180928 2014-05-28] (Jetico, Inc.)
S4 BCSWAP; C:\Windows\System32\Drivers\BCSWAP.sys [124992 2014-07-03] (Jetico, Inc.)
S1 BC_3DES; C:\Windows\System32\Drivers\BC_3DES.sys [35520 2014-07-03] (Jetico, Inc.)
S1 BC_BF128; C:\Windows\System32\Drivers\BC_BF128.sys [31424 2014-07-03] (Jetico, Inc.)
S1 BC_BF448; C:\Windows\System32\Drivers\BC_BF448.sys [31936 2014-07-03] (Jetico, Inc.)
S1 BC_BFish; C:\Windows\System32\Drivers\BC_BFish.sys [31424 2014-07-03] (Jetico, Inc.)
S1 BC_CAST; C:\Windows\System32\Drivers\BC_CAST.sys [38592 2014-07-03] (Jetico, Inc.)
S1 BC_DES; C:\Windows\System32\Drivers\BC_DES.sys [35008 2014-07-03] (Jetico, Inc.)
S1 BC_Gost; C:\Windows\System32\Drivers\BC_Gost.sys [26816 2014-07-03] (Jetico, Inc.)
S1 BC_IDEA; C:\Windows\System32\Drivers\BC_IDEA.sys [28864 2014-07-03] (Iarsn)
S1 BC_RC6; C:\Windows\System32\Drivers\BC_RC6.sys [31424 2014-07-03] (Michael Oestergaard Pedersen)
S1 BC_RIJN; C:\Windows\System32\Drivers\BC_RIJN.sys [52416 2014-07-03] (Jetico, Inc.)
S1 BC_SERP; C:\Windows\System32\Drivers\BC_SERP.sys [38080 2014-07-03] (Michael Oestergaard Pedersen)
S1 BC_TFISH; C:\Windows\System32\Drivers\BC_TFISH.sys [35520 2014-07-03] (Jetico, Inc.)
S1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2008-10-14] (Cyberlink Co.,Ltd.)
S2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [371696 2008-10-14] (CyberLink Corporation.)
S3 cpuz130; No ImagePath
S3 cpuz133; No ImagePath
S3 EagleX64; No ImagePath
S1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] ()
S0 fsh; C:\Windows\System32\Drivers\fsh.sys [67776 2014-07-03] (Jetico, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-01-15] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 MftWipeFilter; C:\Windows\System32\Drivers\MftWipeFilter.sys [33472 2014-07-03] (Windows ® Win 7 DDK provider)
S3 mhk; C:\Windows\System32\Drivers\mhk.sys [18624 2014-07-03] (Jetico, Inc.)
S3 moh; C:\Windows\System32\Drivers\moh.sys [14528 2014-07-03] (Jetico, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-24] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2011-08-10] ()
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-04-24] (The OpenVPN Project)
S0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2013-10-24] (Razer, Inc.)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2014-08-19] (SteelSeries Corporation)
S3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-19] ()
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-04-15] (CyberLink Corp.)
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2042-06-09 14:30 - 2014-08-18 14:14 - 00005916 _____ () C:\Users\Ryan\Desktop\virussoftware.txt
2042-06-09 13:30 - 2014-08-18 20:24 - 00000462 _____ () C:\Windows\System32\.crusader
2042-06-09 13:25 - 2014-08-18 20:20 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 09:10 - 2014-08-19 09:10 - 00000000 ____D () C:\FRST
2014-08-19 04:30 - 2014-08-19 04:55 - 00023493 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 04:17 - 2014-08-19 04:17 - 00380416 _____ () C:\Users\Ryan\Downloads\8nf02bok.exe
2014-08-19 04:10 - 2014-08-19 04:11 - 00019096 _____ () C:\Users\Ryan\Desktop\MBRCheck_08.19.14_08.10.46.txt
2014-08-19 04:10 - 2014-08-19 04:10 - 00080384 _____ () C:\Users\Ryan\Downloads\MBRCheck.exe
2014-08-19 03:43 - 2014-08-19 03:43 - 00094446 _____ () C:\Users\Ryan\Desktop\dds.txt
2014-08-19 03:43 - 2014-08-19 03:43 - 00007779 _____ () C:\Users\Ryan\Desktop\attach.txt
2014-08-19 03:42 - 2014-08-19 03:42 - 00688992 ____R (Swearware) C:\Users\Ryan\Downloads\dds.com
2014-08-19 03:32 - 2014-08-19 03:32 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Downloads\OTL.exe
2014-08-19 03:29 - 2014-08-19 03:29 - 00165376 _____ () C:\Users\Ryan\Downloads\SystemLook_x64.exe
2014-08-19 03:29 - 2014-08-19 03:29 - 00002512 _____ () C:\Users\Ryan\Downloads\SystemLook.txt
2014-08-19 03:24 - 2014-08-19 03:24 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\iExplore.exe
2014-08-19 03:23 - 2014-08-19 03:23 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill.exe
2014-08-19 03:10 - 2014-08-19 03:10 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2014-08-19 02:55 - 2014-08-19 02:55 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies
2014-08-19 01:16 - 2014-08-19 01:16 - 00145408 _____ (SteelSeries Corporation) C:\Windows\System32\Drivers\SteelBus64.sys
2014-08-19 01:16 - 2014-08-19 01:16 - 00038016 _____ (SteelSeries Corporation) C:\Windows\System32\Drivers\SAlpham64.sys
2014-08-19 01:08 - 2014-08-19 01:09 - 53001320 _____ () C:\Users\Ryan\Downloads\SteelSeriesEngine_2.8.0450.exe
2014-08-19 01:08 - 2014-08-19 01:08 - 03978232 _____ (SteelSeries) C:\Users\Ryan\Downloads\SSEFix_1.25.4.1.exe
2014-08-19 00:59 - 2014-08-19 00:59 - 00000634 _____ () C:\Users\Ryan\Desktop\JRT.txt
2014-08-19 00:49 - 2014-08-18 19:23 - 04851288 _____ () C:\Users\Ryan\Desktop\RogueKiller.exe
2014-08-19 00:49 - 2014-08-18 18:12 - 01016261 _____ (Thisisu) C:\Users\Ryan\Desktop\JRT.exe
2014-08-19 00:49 - 2014-08-18 16:28 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Ryan\Desktop\mbar-1.07.0.1012.exe
2014-08-19 00:49 - 2014-08-18 16:25 - 00400632 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Desktop\ListCWall.exe
2014-08-19 00:49 - 2014-08-18 16:03 - 01361671 _____ () C:\Users\Ryan\Desktop\AdwCleaner.exe
2014-08-19 00:49 - 2014-08-18 16:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Desktop\rkill.com
2014-08-18 22:47 - 2014-08-18 22:47 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Oracle
2014-08-18 22:15 - 2014-08-19 04:15 - 00032675 _____ () C:\Users\Ryan\Desktop\Result.txt
2014-08-18 21:58 - 2014-08-18 21:58 - 00401920 _____ (Farbar) C:\Users\Ryan\Desktop\MiniToolBox.exe
2014-08-18 21:28 - 2014-08-18 22:49 - 00000000 ____D () C:\Users\Ryan\AppData\Local\CrashDumps
2014-08-18 20:24 - 2014-08-18 20:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2014-08-18 20:20 - 2014-08-19 04:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-18 20:20 - 2014-08-19 04:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-18 20:20 - 2014-08-19 01:19 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-18 20:20 - 2014-08-18 20:20 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-18 20:20 - 2014-08-18 20:20 - 00000907 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-18 20:20 - 2014-08-18 20:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-18 20:20 - 2014-05-12 03:35 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-08-18 20:20 - 2014-05-12 03:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-08-18 19:24 - 2014-08-19 01:04 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-18 19:24 - 2014-08-18 19:24 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-18 18:19 - 2014-08-19 02:19 - 00000452 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 32d08496-9cc0-4f1f-b2e7-016fe33045ea.job
2014-08-18 18:19 - 2014-08-18 22:00 - 00000452 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7f3ade73-3676-4ceb-918d-a556deb99072.job
2014-08-18 18:19 - 2014-08-18 18:19 - 00003526 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 7f3ade73-3676-4ceb-918d-a556deb99072
2014-08-18 18:19 - 2014-08-18 18:19 - 00003452 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 32d08496-9cc0-4f1f-b2e7-016fe33045ea
2014-08-18 18:19 - 2014-08-18 18:19 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\SUPERAntiSpyware.com
2014-08-18 18:17 - 2014-08-18 18:17 - 00000000 ____D () C:\Windows\ERUNT
2014-08-18 18:14 - 2014-08-18 19:10 - 00000855 _____ () C:\Windows\System32\Drivers\etc\hosts_bak_493
2014-08-18 18:14 - 2014-08-18 18:14 - 00000855 _____ () C:\Windows\System32\Drivers\etc\hosts_bak_142
2014-08-18 18:11 - 2014-08-18 18:11 - 00000959 _____ () C:\Users\Public\Desktop\eMule.lnk
2014-08-18 18:11 - 2014-08-18 18:11 - 00000000 ____D () C:\Program Files (x86)\eMule
2014-08-18 18:10 - 2014-08-18 18:10 - 00270848 _____ (Secure By Design Inc.) C:\Users\Ryan\Downloads\Ninite eMule Installer.exe
2014-08-18 18:06 - 2014-08-18 18:06 - 02347384 _____ (ESET) C:\Users\Ryan\Downloads\esetsmartinstaller_enu.exe
2014-08-18 18:06 - 2014-08-18 18:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-18 17:56 - 2014-08-18 17:56 - 00000000 ____D () C:\Users\Ryan\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2014-08-18 17:39 - 2014-08-18 17:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-RYAN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-08-18 17:39 - 2014-08-18 17:39 - 00000000 ____D () C:\RegBackup
2014-08-18 17:06 - 2014-08-18 17:06 - 00002123 _____ () C:\Users\Ryan\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-08-18 17:01 - 2014-08-18 17:01 - 00000544 _____ () C:\Users\Ryan\Desktop\SpeedFan.lnk
2014-08-18 17:01 - 2014-08-18 17:01 - 00000544 _____ () C:\Users\Guest\Desktop\SpeedFan.lnk
2014-08-18 17:01 - 2014-08-18 17:01 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-08-18 16:58 - 2014-08-18 16:58 - 00000655 _____ () C:\Users\Ryan\Desktop\Tweaking.com - Hardware Identify.lnk
2014-08-18 16:57 - 2014-08-18 17:05 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-08-18 16:44 - 2014-08-19 04:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-18 16:43 - 2014-08-19 04:49 - 00000000 ____D () C:\Users\Ryan\Desktop\mbar
2014-08-18 16:43 - 2014-08-19 03:09 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-08-18 16:43 - 2014-08-18 17:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-08-18 16:43 - 2014-08-18 16:43 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-08-18 16:42 - 2014-08-19 03:20 - 00001178 _____ () C:\Users\Ryan\Desktop\ListCWall.txt
2014-08-18 16:34 - 2014-08-18 16:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-18 16:34 - 2014-08-18 16:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-18 16:34 - 2014-08-18 16:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-18 16:34 - 2014-08-18 16:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 16:33 - 2014-08-18 16:33 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-18 16:32 - 2014-08-18 16:33 - 00000000 ____D () C:\Program Files\iTunes
2014-08-18 16:32 - 2014-08-18 16:33 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-18 16:32 - 2014-08-18 16:32 - 00000000 ____D () C:\Program Files\iPod
2014-08-18 16:31 - 2014-08-18 16:31 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Apple Computer
2014-08-18 16:31 - 2014-08-18 16:31 - 00000000 ____D () C:\Users\Default\AppData\Local\Apple Computer
2014-08-18 16:31 - 2014-08-18 16:31 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Apple Computer
2014-08-18 16:31 - 2014-08-18 16:31 - 00000000 ____D () C:\Users\Default User\AppData\Local\Apple Computer
2014-08-18 16:26 - 2014-08-19 03:19 - 00000622 _____ () C:\Users\Ryan\Desktop\unhide.txt
2014-08-18 16:25 - 2014-08-18 16:43 - 00001790 _____ () C:\sc-cleaner.txt
2014-08-18 16:19 - 2014-08-18 16:19 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Secunia PSI
2014-08-18 16:18 - 2014-08-18 16:18 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-18 16:09 - 2010-08-30 04:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-18 16:08 - 2014-08-19 03:19 - 00000000 ____D () C:\AdwCleaner
2014-08-18 16:03 - 2014-08-19 03:39 - 00000702 _____ () C:\Users\Ryan\Desktop\Rkill.txt
2014-08-17 16:59 - 2014-08-17 16:59 - 00000000 ____D () C:\Users\Ryan\Desktop\Photos
2014-08-17 16:08 - 2014-08-17 16:08 - 00011461 _____ () C:\Users\Ryan\Downloads\oom (1).zip
2014-08-17 13:35 - 2014-08-17 13:35 - 00032057 _____ () C:\Users\Ryan\Downloads\mini.zip
2014-08-17 03:14 - 2014-08-17 03:18 - 63722695 _____ () C:\Users\Ryan\Downloads\xbmc-13.1-Gotham.exe
2014-08-17 01:22 - 2014-08-17 01:22 - 00002505 _____ () C:\Users\Ryan\Documents\NetSpeedTest.txt
2014-08-17 01:12 - 2014-08-17 01:12 - 00031232 _____ (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2014-08-17 00:23 - 2014-08-17 00:23 - 00000000 ____D () C:\Users\Ryan\Desktop\Tor Browser
2014-08-17 00:22 - 2014-08-17 00:23 - 27281991 _____ () C:\Users\Ryan\Downloads\torbrowser-install-3.6.4_en-US.exe
2014-08-17 00:16 - 2014-08-17 00:16 - 00002972 _____ () C:\Users\Ryan\Documents\CB5 Settings.c5s
2014-08-16 22:31 - 2014-07-28 19:45 - 00868184 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2014-08-16 22:31 - 2014-07-28 19:43 - 00129168 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2014-08-16 21:07 - 2014-08-16 21:07 - 00000000 ____D () C:\Program Files (x86)\Jetico
2014-08-16 19:49 - 2014-08-16 19:49 - 00000064 _____ () C:\Users\Ryan\myinfo
2014-08-16 19:41 - 2014-08-16 19:46 - 00230840 _____ (TrueCrypt Foundation) C:\Windows\System32\Drivers\truecrypt.sys
2014-08-16 16:40 - 2014-08-16 16:40 - 01016209 _____ () C:\Users\Ryan\Downloads\HexygenBeta.rar
2014-08-16 16:38 - 2014-08-16 16:38 - 01014598 _____ () C:\Users\Ryan\Downloads\Hexygen.zip
2014-08-16 15:40 - 2014-08-19 02:55 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Psi
2014-08-16 15:40 - 2014-08-16 15:40 - 00000492 _____ () C:\Users\Ryan\Desktop\Psi.lnk
2014-08-16 15:40 - 2014-08-16 15:40 - 00000492 _____ () C:\Users\Guest\Desktop\Psi.lnk
2014-08-16 15:40 - 2014-08-16 15:40 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Psi
2014-08-15 03:09 - 2014-01-08 18:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-15 03:09 - 2014-01-03 14:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-08-14 21:28 - 2014-08-14 21:28 - 01647311 _____ () C:\Users\Ryan\Downloads\OOM.ZIP
2014-08-14 17:00 - 2014-08-16 22:18 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Notepad++
2014-08-14 14:56 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2014-08-14 14:56 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-14 14:56 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-14 14:56 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2014-08-14 14:56 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2014-08-14 14:56 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2014-08-14 14:56 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2014-08-14 14:56 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\System32\rdvidcrl.dll
2014-08-14 14:56 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-14 14:56 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-14 14:56 - 2013-10-01 16:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2014-08-14 14:56 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2014-08-14 14:56 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-14 14:56 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2014-08-14 14:56 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-14 14:56 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-14 14:42 - 2014-08-14 14:46 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-14 14:41 - 2014-08-14 14:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-14 14:41 - 2014-08-14 14:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-14 14:28 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll
2014-08-14 14:28 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 14:28 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2014-08-14 14:28 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2014-08-14 14:28 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 14:28 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 14:27 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 14:27 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2014-08-14 14:27 - 2013-09-24 18:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll
2014-08-14 14:27 - 2013-09-24 17:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-14 14:27 - 2012-05-04 03:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2014-08-14 14:27 - 2012-05-04 01:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-08-14 12:59 - 2014-08-14 12:59 - 00076152 _____ () C:\Windows\System32\PnkBstrA.exe
2014-08-14 12:29 - 2014-08-14 12:29 - 00000000 ____D () C:\Users\Ryan\AppData\Local\PunkBuster
2014-08-14 12:12 - 2014-08-14 12:16 - 00000000 ____D () C:\Users\Ryan\Documents\Battlefield 4
2014-08-14 12:10 - 2014-08-14 12:10 - 00000000 ____D () C:\Users\Ryan\AppData\Local\ESN
2014-08-14 11:26 - 2014-07-31 15:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-08-14 11:26 - 2014-07-31 15:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 11:26 - 2014-07-25 06:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-08-14 11:26 - 2014-07-25 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-08-14 11:26 - 2014-07-25 06:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-08-14 11:26 - 2014-07-25 05:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 11:26 - 2014-07-25 05:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-08-14 11:26 - 2014-07-25 05:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-08-14 11:26 - 2014-07-25 05:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-08-14 11:26 - 2014-07-25 05:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-08-14 11:26 - 2014-07-25 05:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-08-14 11:26 - 2014-07-25 05:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-08-14 11:26 - 2014-07-25 05:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-08-14 11:26 - 2014-07-25 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 11:26 - 2014-07-25 05:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-08-14 11:26 - 2014-07-25 05:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-08-14 11:26 - 2014-07-25 05:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-08-14 11:26 - 2014-07-25 04:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-08-14 11:26 - 2014-07-25 04:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-14 11:26 - 2014-07-25 04:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-08-14 11:26 - 2014-07-25 04:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 11:26 - 2014-07-25 04:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 11:26 - 2014-07-25 04:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 11:26 - 2014-07-25 04:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 11:26 - 2014-07-25 04:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-08-14 11:26 - 2014-07-25 04:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-14 11:26 - 2014-07-25 04:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 11:26 - 2014-07-25 04:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-08-14 11:26 - 2014-07-25 04:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 11:26 - 2014-07-25 04:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-08-14 11:26 - 2014-07-25 04:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 11:26 - 2014-07-25 04:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 11:26 - 2014-07-25 04:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-08-14 11:26 - 2014-07-25 04:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 11:26 - 2014-07-25 04:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 11:26 - 2014-07-25 04:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 11:26 - 2014-07-25 03:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 11:26 - 2014-07-25 03:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-08-14 11:26 - 2014-07-25 03:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 11:26 - 2014-07-25 03:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-08-14 11:26 - 2014-07-25 03:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-08-14 11:26 - 2014-07-25 03:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-08-14 11:26 - 2014-07-25 03:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 11:26 - 2014-07-25 03:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 11:26 - 2014-07-25 03:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 11:26 - 2014-07-25 03:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-08-14 11:26 - 2014-07-25 03:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 11:26 - 2014-07-25 03:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 11:26 - 2014-07-25 03:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 11:26 - 2014-07-25 03:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 11:26 - 2014-07-25 02:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-08-14 11:26 - 2014-07-25 02:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-08-14 11:26 - 2014-07-25 02:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-08-14 11:26 - 2014-07-25 02:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 11:26 - 2014-07-25 02:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 11:26 - 2014-07-25 02:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 11:26 - 2014-07-15 19:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-14 11:26 - 2014-07-15 19:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-08-14 11:26 - 2014-07-15 18:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 11:26 - 2014-07-15 18:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 11:26 - 2014-07-15 18:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-14 11:26 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDYAK.DLL
2014-08-14 11:26 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDTAT.DLL
2014-08-14 11:26 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDRU1.DLL
2014-08-14 11:26 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDBASH.DLL
2014-08-14 11:26 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDRU.DLL
2014-08-14 11:26 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 11:26 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 11:26 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 11:26 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 11:26 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 11:26 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\System32\locale.nls
2014-08-14 11:26 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 11:26 - 2014-06-24 18:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-08-14 11:26 - 2014-06-24 17:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 11:26 - 2014-06-15 18:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2014-08-14 11:26 - 2014-06-03 02:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-08-14 11:26 - 2014-06-03 02:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-08-14 11:26 - 2014-06-03 02:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll
2014-08-14 11:26 - 2014-06-03 02:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2014-08-14 11:26 - 2014-06-03 01:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 11:26 - 2014-06-03 01:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 11:26 - 2014-06-03 01:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 11:25 - 2014-08-06 18:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-08-14 11:25 - 2014-08-06 18:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-08-14 11:25 - 2014-07-13 18:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2014-08-14 11:25 - 2014-07-13 17:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 09:44 - 2014-08-14 09:44 - 00000865 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk
2014-08-14 09:44 - 2014-08-14 09:44 - 00000849 _____ () C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2014-08-14 05:57 - 2014-08-14 16:01 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Origin
2014-08-14 05:57 - 2014-08-14 12:16 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Origin
2014-08-14 05:03 - 2014-08-14 05:03 - 00004132 _____ () C:\Users\Ryan\Desktop\how to evade esea.txt
2014-08-13 23:38 - 2014-08-16 13:10 - 00000000 ____D () C:\Users\Ryan\AppData\Local\._LiveCode_
2014-08-13 23:38 - 2014-08-13 23:38 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Acreon
2014-08-12 07:54 - 2014-08-12 07:54 - 00000000 ____D () C:\Users\Ryan\AppData\Local\HonorbuddyMeshes
2014-08-11 21:18 - 2014-08-11 21:18 - 00000000 ____D () C:\Users\Ryan\AppData\Local\SteelSeries_ApS
2014-08-11 18:06 - 2014-08-11 18:07 - 00000000 ____D () C:\Program Files\Dxtory Software
2014-08-11 09:12 - 2014-08-17 00:03 - 00000000 ____D () C:\Users\Ryan\AppData\Local\VirtualStore
2014-08-11 08:48 - 2014-08-11 08:48 - 47400128 _____ (Microsoft Corporation) C:\Users\Ryan\Downloads\NetFx64.exe
2014-08-11 08:45 - 2014-08-11 08:45 - 06267504 _____ (TeamViewer GmbH) C:\Users\Ryan\Downloads\TeamViewer_Setup_en.exe
2014-08-11 08:45 - 2014-08-11 08:45 - 00001126 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-11 08:45 - 2014-08-11 08:45 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-11 08:22 - 2014-08-11 08:22 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\WinRAR
2014-08-11 07:25 - 2014-08-17 16:03 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
2014-08-11 07:25 - 2014-08-11 07:25 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Skype
2014-08-10 09:00 - 2014-08-10 09:01 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Curse Advertising
2014-08-10 09:00 - 2014-08-10 09:01 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Battle.net
2014-08-10 09:00 - 2014-08-10 09:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Subversion
2014-08-10 09:00 - 2014-08-10 09:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Apple Computer
2014-08-10 09:00 - 2014-08-10 09:00 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Razer
2014-08-10 09:00 - 2014-08-10 09:00 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Blizzard Entertainment
2014-08-10 08:58 - 2014-08-19 04:55 - 00000000 ____D () C:\Users\Ryan\AppData\Local\TSVNCache
2014-08-10 07:50 - 2014-08-10 07:50 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Apple
2014-08-09 22:19 - 2014-08-09 22:19 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Macromedia
2014-08-09 19:48 - 2014-08-10 15:36 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Ventrilo
2014-08-09 19:14 - 2014-08-18 17:11 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Deployment
2014-08-09 19:11 - 2014-08-09 19:11 - 00000000 __SHD () C:\Users\Ryan\AppData\Local\EmieUserList
2014-08-09 19:11 - 2014-08-09 19:11 - 00000000 __SHD () C:\Users\Ryan\AppData\Local\EmieSiteList
2014-08-09 19:11 - 2014-08-09 19:11 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Adobe
2014-08-09 19:10 - 2014-08-09 19:10 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\NVIDIA
2014-08-09 11:05 - 2014-07-02 09:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-08-09 11:01 - 2014-07-02 12:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 18626304 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2014-08-09 11:01 - 2014-07-02 12:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6434052.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6434052.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-08-09 11:01 - 2014-07-02 12:48 - 00026353 _____ () C:\Windows\System32\nvinfo.pb
2014-08-07 13:41 - 2014-08-07 13:46 - 00000069 _____ () C:\Users\Ryan\Desktop\5digitsteamid.txt
2014-08-03 12:34 - 2014-08-03 12:34 - 00006036 _____ () C:\Users\Ryan\Downloads\Settings.rar
2014-08-02 21:52 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-08-02 21:52 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-08-02 21:52 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2014-08-02 21:52 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-08-02 21:51 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-08-02 21:51 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 21:51 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-08-02 21:51 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 21:51 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-08-02 21:51 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 21:51 - 2014-05-14 05:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-08-02 21:51 - 2014-05-14 05:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 21:51 - 2014-05-14 05:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-08-02 21:51 - 2014-05-14 05:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-28 19:43 - 2014-07-28 19:43 - 00142528 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2014-07-25 10:31 - 2014-07-25 10:31 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders 2
2014-07-25 10:28 - 2014-07-25 10:28 - 00000222 _____ () C:\Users\Ryan\Desktop\Dungeon Defenders Eternity.url
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2042-06-09 14:03 - 2011-01-31 14:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2042-06-09 14:00 - 2010-07-16 16:27 - 00000000 ____D () C:\ProgramData\McAfee
2042-06-09 13:58 - 2010-07-16 16:28 - 00000000 ____D () C:\Program Files\McAfee
2042-06-09 13:56 - 2014-02-07 21:05 - 00000000 ____D () C:\Program Files (x86)\Gameforge
2014-08-19 09:10 - 2014-08-19 09:10 - 00000000 ____D () C:\FRST
2014-08-19 04:55 - 2014-08-19 04:30 - 00023493 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 04:55 - 2014-08-10 08:58 - 00000000 ____D () C:\Users\Ryan\AppData\Local\TSVNCache
2014-08-19 04:52 - 2009-07-13 21:13 - 00863396 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-19 04:49 - 2014-08-18 16:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-19 04:49 - 2014-08-18 16:43 - 00000000 ____D () C:\Users\Ryan\Desktop\mbar
2014-08-19 04:41 - 2014-08-18 20:20 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-19 04:35 - 2009-07-13 20:45 - 00023056 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 04:35 - 2009-07-13 20:45 - 00023056 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 04:34 - 2013-06-24 08:51 - 00000000 ____D () C:\users\Guest
2014-08-19 04:34 - 2012-05-11 03:37 - 00000000 ____D () C:\users\DefaultAppPool
2014-08-19 04:28 - 2014-08-18 20:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-19 04:27 - 2013-02-19 02:29 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-19 04:27 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 04:17 - 2014-08-19 04:17 - 00380416 _____ () C:\Users\Ryan\Downloads\8nf02bok.exe
2014-08-19 04:15 - 2014-08-18 22:15 - 00032675 _____ () C:\Users\Ryan\Desktop\Result.txt
2014-08-19 04:11 - 2014-08-19 04:10 - 00019096 _____ () C:\Users\Ryan\Desktop\MBRCheck_08.19.14_08.10.46.txt
2014-08-19 04:10 - 2014-08-19 04:10 - 00080384 _____ () C:\Users\Ryan\Downloads\MBRCheck.exe
2014-08-19 03:43 - 2014-08-19 03:43 - 00094446 _____ () C:\Users\Ryan\Desktop\dds.txt
2014-08-19 03:43 - 2014-08-19 03:43 - 00007779 _____ () C:\Users\Ryan\Desktop\attach.txt
2014-08-19 03:42 - 2014-08-19 03:42 - 00688992 ____R (Swearware) C:\Users\Ryan\Downloads\dds.com
2014-08-19 03:39 - 2014-08-18 16:03 - 00000702 _____ () C:\Users\Ryan\Desktop\Rkill.txt
2014-08-19 03:32 - 2014-08-19 03:32 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Downloads\OTL.exe
2014-08-19 03:29 - 2014-08-19 03:29 - 00165376 _____ () C:\Users\Ryan\Downloads\SystemLook_x64.exe
2014-08-19 03:29 - 2014-08-19 03:29 - 00002512 _____ () C:\Users\Ryan\Downloads\SystemLook.txt
2014-08-19 03:24 - 2014-08-19 03:24 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\iExplore.exe
2014-08-19 03:23 - 2014-08-19 03:23 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill.exe
2014-08-19 03:20 - 2014-08-18 16:42 - 00001178 _____ () C:\Users\Ryan\Desktop\ListCWall.txt
2014-08-19 03:19 - 2014-08-18 16:26 - 00000622 _____ () C:\Users\Ryan\Desktop\unhide.txt
2014-08-19 03:19 - 2014-08-18 16:08 - 00000000 ____D () C:\AdwCleaner
2014-08-19 03:10 - 2014-08-19 03:10 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2014-08-19 03:09 - 2014-08-18 16:43 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-08-19 02:55 - 2014-08-19 02:55 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies
2014-08-19 02:55 - 2014-08-16 15:40 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Psi
2014-08-19 02:19 - 2014-08-18 18:19 - 00000452 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 32d08496-9cc0-4f1f-b2e7-016fe33045ea.job
2014-08-19 01:19 - 2014-08-18 20:20 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-19 01:16 - 2014-08-19 01:16 - 00145408 _____ (SteelSeries Corporation) C:\Windows\System32\Drivers\SteelBus64.sys
2014-08-19 01:16 - 2014-08-19 01:16 - 00038016 _____ (SteelSeries Corporation) C:\Windows\System32\Drivers\SAlpham64.sys
2014-08-19 01:11 - 2012-05-03 11:09 - 00000000 ____D () C:\ProgramData\SteelSeries
2014-08-19 01:10 - 2013-03-30 19:00 - 00000000 ____D () C:\Program Files\SteelSeries
2014-08-19 01:09 - 2014-08-19 01:08 - 53001320 _____ () C:\Users\Ryan\Downloads\SteelSeriesEngine_2.8.0450.exe
2014-08-19 01:08 - 2014-08-19 01:08 - 03978232 _____ (SteelSeries) C:\Users\Ryan\Downloads\SSEFix_1.25.4.1.exe
2014-08-19 01:04 - 2014-08-18 19:24 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-19 00:59 - 2014-08-19 00:59 - 00000634 _____ () C:\Users\Ryan\Desktop\JRT.txt
2014-08-19 00:11 - 2010-07-16 16:02 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-19 00:11 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-19 00:09 - 2013-04-05 01:39 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-08-18 22:55 - 2012-10-08 14:59 - 00000000 ____D () C:\Windows\pss
2014-08-18 22:54 - 2013-04-05 01:39 - 00000000 ____D () C:\ProgramData\Razer
2014-08-18 22:49 - 2014-08-18 21:28 - 00000000 ____D () C:\Users\Ryan\AppData\Local\CrashDumps
2014-08-18 22:47 - 2014-08-18 22:47 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Oracle
2014-08-18 22:42 - 2011-01-17 00:01 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-08-18 22:00 - 2014-08-18 18:19 - 00000452 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7f3ade73-3676-4ceb-918d-a556deb99072.job
2014-08-18 21:58 - 2014-08-18 21:58 - 00401920 _____ (Farbar) C:\Users\Ryan\Desktop\MiniToolBox.exe
2014-08-18 21:03 - 2009-07-13 18:34 - 00000573 _____ () C:\Windows\win.ini
2014-08-18 20:24 - 2042-06-09 13:30 - 00000462 _____ () C:\Windows\System32\.crusader
2014-08-18 20:24 - 2014-08-18 20:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2014-08-18 20:23 - 2014-04-08 04:39 - 00000238 _____ () C:\Users\Ryan\Desktop\TsINFO.txt
2014-08-18 20:20 - 2042-06-09 13:25 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-18 20:20 - 2014-08-18 20:20 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-18 20:20 - 2014-08-18 20:20 - 00000907 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-18 20:20 - 2014-08-18 20:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-18 19:24 - 2014-08-18 19:24 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-18 19:23 - 2014-08-19 00:49 - 04851288 _____ () C:\Users\Ryan\Desktop\RogueKiller.exe
2014-08-18 19:10 - 2014-08-18 18:14 - 00000855 _____ () C:\Windows\System32\Drivers\etc\hosts_bak_493
2014-08-18 18:19 - 2014-08-18 18:19 - 00003526 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 7f3ade73-3676-4ceb-918d-a556deb99072
2014-08-18 18:19 - 2014-08-18 18:19 - 00003452 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 32d08496-9cc0-4f1f-b2e7-016fe33045ea
2014-08-18 18:19 - 2014-08-18 18:19 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\SUPERAntiSpyware.com
2014-08-18 18:17 - 2014-08-18 18:17 - 00000000 ____D () C:\Windows\ERUNT
2014-08-18 18:14 - 2014-08-18 18:14 - 00000855 _____ () C:\Windows\System32\Drivers\etc\hosts_bak_142
2014-08-18 18:12 - 2014-08-19 00:49 - 01016261 _____ (Thisisu) C:\Users\Ryan\Desktop\JRT.exe
2014-08-18 18:11 - 2014-08-18 18:11 - 00000959 _____ () C:\Users\Public\Desktop\eMule.lnk
2014-08-18 18:11 - 2014-08-18 18:11 - 00000000 ____D () C:\Program Files (x86)\eMule
2014-08-18 18:10 - 2014-08-18 18:10 - 00270848 _____ (Secure By Design Inc.) C:\Users\Ryan\Downloads\Ninite eMule Installer.exe
2014-08-18 18:06 - 2014-08-18 18:06 - 02347384 _____ (ESET) C:\Users\Ryan\Downloads\esetsmartinstaller_enu.exe
2014-08-18 18:06 - 2014-08-18 18:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-18 17:56 - 2014-08-18 17:56 - 00000000 ____D () C:\Users\Ryan\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2014-08-18 17:39 - 2014-08-18 17:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-RYAN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-08-18 17:39 - 2014-08-18 17:39 - 00000000 ____D () C:\RegBackup
2014-08-18 17:31 - 2013-10-05 11:54 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Battle.net
2014-08-18 17:31 - 2011-09-18 14:22 - 00003158 _____ () C:\Windows\System32\Tasks\XboxStatTask
2014-08-18 17:31 - 2010-07-20 13:29 - 00003920 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2093DF8B-ED65-4601-893F-C1902C2641C4}
2014-08-18 17:11 - 2014-08-09 19:14 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Deployment
2014-08-18 17:07 - 2014-08-18 16:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-08-18 17:06 - 2014-08-18 17:06 - 00002123 _____ () C:\Users\Ryan\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-08-18 17:05 - 2014-08-18 16:57 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-08-18 17:01 - 2014-08-18 17:01 - 00000544 _____ () C:\Users\Ryan\Desktop\SpeedFan.lnk
2014-08-18 17:01 - 2014-08-18 17:01 - 00000544 _____ () C:\Users\Guest\Desktop\SpeedFan.lnk
2014-08-18 17:01 - 2014-08-18 17:01 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-08-18 16:58 - 2014-08-18 16:58 - 00000655 _____ () C:\Users\Ryan\Desktop\Tweaking.com - Hardware Identify.lnk
2014-08-18 16:43 - 2014-08-18 16:43 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-08-18 16:43 - 2014-08-18 16:25 - 00001790 _____ () C:\sc-cleaner.txt
2014-08-18 16:34 - 2014-08-18 16:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-18 16:34 - 2014-08-18 16:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-18 16:34 - 2014-08-18 16:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-18 16:34 - 2014-08-18 16:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 16:34 - 2013-07-19 07:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-18 16:33 - 2014-08-18 16:33 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-18 16:33 - 2014-08-18 16:32 - 00000000 ____D () C:\Program Files\iTunes
2014-08-18 16:33 - 2014-08-18 16:32 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-18 16:32 - 2014-08-18 16:32 - 00000000 ____D () C:\Program Files\iPod
2014-08-18 16:31 - 2014-08-18 16:31 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Apple Computer
2014-08-18 16:31 - 2014-08-18 16:31 - 00000000 ____D () C:\Users\Default\AppData\Local\Apple Computer
2014-08-18 16:31 - 2014-08-18 16:31 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Apple Computer
2014-08-18 16:31 - 2014-08-18 16:31 - 00000000 ____D () C:\Users\Default User\AppData\Local\Apple Computer
2014-08-18 16:28 - 2014-08-19 00:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Ryan\Desktop\mbar-1.07.0.1012.exe
2014-08-18 16:28 - 2010-11-29 12:06 - 00000000 ____D () C:\ProgramData\Apple
2014-08-18 16:25 - 2014-08-19 00:49 - 00400632 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Desktop\ListCWall.exe
2014-08-18 16:25 - 2013-02-25 13:07 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-18 16:25 - 2011-10-26 09:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-18 16:19 - 2014-08-18 16:19 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Secunia PSI
2014-08-18 16:18 - 2014-08-18 16:18 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-18 16:10 - 2010-07-16 15:27 - 00000000 ____D () C:\users\Ryan
2014-08-18 16:03 - 2014-08-19 00:49 - 01361671 _____ () C:\Users\Ryan\Desktop\AdwCleaner.exe
2014-08-18 16:00 - 2014-08-19 00:49 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Desktop\rkill.com
2014-08-18 14:14 - 2042-06-09 14:30 - 00005916 _____ () C:\Users\Ryan\Desktop\virussoftware.txt
2014-08-17 18:20 - 2011-03-07 17:58 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Mumble
2014-08-17 16:59 - 2014-08-17 16:59 - 00000000 ____D () C:\Users\Ryan\Desktop\Photos
2014-08-17 16:26 - 2009-07-13 21:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-17 16:08 - 2014-08-17 16:08 - 00011461 _____ () C:\Users\Ryan\Downloads\oom (1).zip
2014-08-17 16:03 - 2014-08-11 07:25 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
2014-08-17 13:35 - 2014-08-17 13:35 - 00032057 _____ () C:\Users\Ryan\Downloads\mini.zip
2014-08-17 03:18 - 2014-08-17 03:14 - 63722695 _____ () C:\Users\Ryan\Downloads\xbmc-13.1-Gotham.exe
2014-08-17 01:22 - 2014-08-17 01:22 - 00002505 _____ () C:\Users\Ryan\Documents\NetSpeedTest.txt
2014-08-17 01:12 - 2014-08-17 01:12 - 00031232 _____ (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2014-08-17 00:23 - 2014-08-17 00:23 - 00000000 ____D () C:\Users\Ryan\Desktop\Tor Browser
2014-08-17 00:23 - 2014-08-17 00:22 - 27281991 _____ () C:\Users\Ryan\Downloads\torbrowser-install-3.6.4_en-US.exe
2014-08-17 00:16 - 2014-08-17 00:16 - 00002972 _____ () C:\Users\Ryan\Documents\CB5 Settings.c5s
2014-08-17 00:03 - 2014-08-11 09:12 - 00000000 ____D () C:\Users\Ryan\AppData\Local\VirtualStore
2014-08-16 22:18 - 2014-08-14 17:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Notepad++
2014-08-16 21:08 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\GroupPolicy
2014-08-16 21:07 - 2014-08-16 21:07 - 00000000 ____D () C:\Program Files (x86)\Jetico
2014-08-16 19:49 - 2014-08-16 19:49 - 00000064 _____ () C:\Users\Ryan\myinfo
2014-08-16 19:46 - 2014-08-16 19:41 - 00230840 _____ (TrueCrypt Foundation) C:\Windows\System32\Drivers\truecrypt.sys
2014-08-16 16:40 - 2014-08-16 16:40 - 01016209 _____ () C:\Users\Ryan\Downloads\HexygenBeta.rar
2014-08-16 16:38 - 2014-08-16 16:38 - 01014598 _____ () C:\Users\Ryan\Downloads\Hexygen.zip
2014-08-16 15:40 - 2014-08-16 15:40 - 00000492 _____ () C:\Users\Ryan\Desktop\Psi.lnk
2014-08-16 15:40 - 2014-08-16 15:40 - 00000492 _____ () C:\Users\Guest\Desktop\Psi.lnk
2014-08-16 15:40 - 2014-08-16 15:40 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Psi
2014-08-16 13:10 - 2014-08-13 23:38 - 00000000 ____D () C:\Users\Ryan\AppData\Local\._LiveCode_
2014-08-16 07:21 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 23:58 - 2014-06-18 23:32 - 00000000 ____D () C:\ProgramData\Origin
2014-08-14 22:53 - 2014-06-19 00:22 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-08-14 21:28 - 2014-08-14 21:28 - 01647311 _____ () C:\Users\Ryan\Downloads\OOM.ZIP
2014-08-14 18:44 - 2014-06-21 16:54 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-08-14 16:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 16:01 - 2014-08-14 05:57 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Origin
2014-08-14 14:52 - 2013-08-12 23:04 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-14 14:48 - 2010-05-24 13:32 - 99218768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-08-14 14:46 - 2014-08-14 14:42 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-14 14:46 - 2014-08-14 14:41 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-14 14:46 - 2014-08-14 14:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-14 14:27 - 2014-04-29 23:00 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-08-14 12:59 - 2014-08-14 12:59 - 00076152 _____ () C:\Windows\System32\PnkBstrA.exe
2014-08-14 12:29 - 2014-08-14 12:29 - 00000000 ____D () C:\Users\Ryan\AppData\Local\PunkBuster
2014-08-14 12:16 - 2014-08-14 12:12 - 00000000 ____D () C:\Users\Ryan\Documents\Battlefield 4
2014-08-14 12:16 - 2014-08-14 05:57 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Origin
2014-08-14 12:10 - 2014-08-14 12:10 - 00000000 ____D () C:\Users\Ryan\AppData\Local\ESN
2014-08-14 09:44 - 2014-08-14 09:44 - 00000865 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk
2014-08-14 09:44 - 2014-08-14 09:44 - 00000849 _____ () C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2014-08-14 05:03 - 2014-08-14 05:03 - 00004132 _____ () C:\Users\Ryan\Desktop\how to evade esea.txt
2014-08-14 04:35 - 2010-07-19 04:54 - 00000000 ____D () C:\Windows\Minidump
2014-08-13 23:38 - 2014-08-13 23:38 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Acreon
2014-08-13 14:58 - 2010-07-16 15:30 - 00002362 _____ () C:\Users\Ryan\Desktop\Google Chrome.lnk
2014-08-12 07:54 - 2014-08-12 07:54 - 00000000 ____D () C:\Users\Ryan\AppData\Local\HonorbuddyMeshes
2014-08-11 21:18 - 2014-08-11 21:18 - 00000000 ____D () C:\Users\Ryan\AppData\Local\SteelSeries_ApS
2014-08-11 18:07 - 2014-08-11 18:06 - 00000000 ____D () C:\Program Files\Dxtory Software
2014-08-11 08:48 - 2014-08-11 08:48 - 47400128 _____ (Microsoft Corporation) C:\Users\Ryan\Downloads\NetFx64.exe
2014-08-11 08:45 - 2014-08-11 08:45 - 06267504 _____ (TeamViewer GmbH) C:\Users\Ryan\Downloads\TeamViewer_Setup_en.exe
2014-08-11 08:45 - 2014-08-11 08:45 - 00001126 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-11 08:45 - 2014-08-11 08:45 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-11 08:22 - 2014-08-11 08:22 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\WinRAR
2014-08-11 07:25 - 2014-08-11 07:25 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Skype
2014-08-10 15:36 - 2014-08-09 19:48 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Ventrilo
2014-08-10 09:01 - 2014-08-10 09:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Curse Advertising
2014-08-10 09:01 - 2014-08-10 09:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Battle.net
2014-08-10 09:00 - 2014-08-10 09:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Subversion
2014-08-10 09:00 - 2014-08-10 09:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Apple Computer
2014-08-10 09:00 - 2014-08-10 09:00 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Razer
2014-08-10 09:00 - 2014-08-10 09:00 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Blizzard Entertainment
2014-08-10 07:50 - 2014-08-10 07:50 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Apple
2014-08-09 22:19 - 2014-08-09 22:19 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Macromedia
2014-08-09 19:11 - 2014-08-09 19:11 - 00000000 __SHD () C:\Users\Ryan\AppData\Local\EmieUserList
2014-08-09 19:11 - 2014-08-09 19:11 - 00000000 __SHD () C:\Users\Ryan\AppData\Local\EmieSiteList
2014-08-09 19:11 - 2014-08-09 19:11 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Adobe
2014-08-09 19:10 - 2014-08-09 19:10 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\NVIDIA
2014-08-09 11:05 - 2011-11-05 16:23 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-09 11:02 - 2010-07-12 09:52 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-08-09 10:54 - 2014-01-20 00:47 - 00000000 ____D () C:\Users\Ryan\AppData\Local\NVIDIA Corporation
2014-08-07 13:46 - 2014-08-07 13:41 - 00000069 _____ () C:\Users\Ryan\Desktop\5digitsteamid.txt
2014-08-06 18:06 - 2014-08-14 11:25 - 00529920 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-08-06 18:01 - 2014-08-14 11:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-08-03 12:34 - 2014-08-03 12:34 - 00006036 _____ () C:\Users\Ryan\Downloads\Settings.rar
2014-08-02 21:29 - 2010-07-28 12:03 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-07-31 15:41 - 2014-08-14 11:26 - 00348856 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-07-31 15:16 - 2014-08-14 11:26 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-29 13:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-07-28 19:45 - 2014-08-16 22:31 - 00868184 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2014-07-28 19:43 - 2014-08-16 22:31 - 00129168 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2014-07-28 19:43 - 2014-07-28 19:43 - 00142528 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2014-07-25 10:31 - 2014-07-25 10:31 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders 2
2014-07-25 10:28 - 2014-07-25 10:28 - 00000222 _____ () C:\Users\Ryan\Desktop\Dungeon Defenders Eternity.url
2014-07-25 08:15 - 2014-04-23 19:04 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-07-25 06:52 - 2014-08-14 11:26 - 23645696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-25 06:02 - 2014-08-14 11:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-07-25 06:01 - 2014-08-14 11:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 05:51 - 2014-08-14 11:26 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 05:50 - 2014-06-09 19:14 - 01715224 _____ (NVIDIA Corporation) C:\Windows\System32\nvspbridge64.dll
2014-07-25 05:50 - 2014-06-09 19:14 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-07-25 05:50 - 2014-01-20 00:47 - 01283136 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll
2014-07-25 05:50 - 2014-01-20 00:47 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-07-25 05:30 - 2014-08-14 11:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-07-25 05:28 - 2014-08-14 11:26 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-07-25 05:28 - 2014-08-14 11:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-07-25 05:25 - 2014-08-14 11:26 - 02774528 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-25 05:25 - 2014-08-14 11:26 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-07-25 05:11 - 2014-08-14 11:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-07-25 05:10 - 2014-08-14 11:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-07-25 05:04 - 2014-08-14 11:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 05:03 - 2014-08-14 11:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-07-25 05:00 - 2014-08-14 11:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-07-25 05:00 - 2014-08-14 11:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-07-25 04:59 - 2014-08-14 11:26 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-07-25 04:47 - 2014-08-14 11:26 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 04:40 - 2014-08-14 11:26 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-25 04:34 - 2014-08-14 11:26 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 04:34 - 2014-08-14 11:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 04:33 - 2014-08-14 11:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 04:30 - 2014-08-14 11:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 04:28 - 2014-08-14 11:26 - 05824512 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-25 04:28 - 2014-08-14 11:26 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 04:21 - 2014-08-14 11:26 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 04:19 - 2014-08-14 11:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-07-25 04:18 - 2014-08-14 11:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 04:17 - 2014-08-14 11:26 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-07-25 04:17 - 2014-08-14 11:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 04:12 - 2014-08-14 11:26 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 04:10 - 2014-08-14 11:26 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-25 04:10 - 2014-08-14 11:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 04:08 - 2014-08-14 11:26 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 04:06 - 2014-08-14 11:26 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 03:52 - 2014-08-14 11:26 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 03:47 - 2014-08-14 11:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-25 03:43 - 2014-08-14 11:26 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 03:42 - 2014-08-14 11:26 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-07-25 03:39 - 2014-08-14 11:26 - 02087936 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-25 03:39 - 2014-08-14 11:26 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-07-25 03:36 - 2014-08-14 11:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 03:34 - 2014-08-14 11:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 03:29 - 2014-08-14 11:26 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 03:23 - 2014-08-14 11:26 - 13547008 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-25 03:13 - 2014-08-14 11:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 03:07 - 2014-08-14 11:26 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 03:07 - 2014-08-14 11:26 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 03:03 - 2014-08-14 11:26 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 02:52 - 2014-08-14 11:26 - 02266624 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-25 02:26 - 2014-08-14 11:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-25 02:17 - 2014-08-14 11:26 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-07-25 02:09 - 2014-08-14 11:26 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 02:05 - 2014-08-14 11:26 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 02:00 - 2014-08-14 11:26 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-23 23:00 - 2013-03-13 23:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 23:00 - 2013-03-13 23:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-21 11:56 - 2009-08-07 10:33 - 00000000 ____D () C:\Windows\Panther
 
Files to move or delete:
====================
C:\ProgramData\DT0001.dat
 
 
Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\_is99C0.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
 
==================== Restore Points  =========================
 
Restore point made on: 2014-08-18 22:24:15
Restore point made on: 2014-08-18 22:28:30
Restore point made on: 2014-08-18 22:35:29
Restore point made on: 2014-08-18 22:41:03
Restore point made on: 2014-08-18 22:53:44
Restore point made on: 2014-08-19 02:59:59
Restore point made on: 2014-08-19 03:00:47
 
==================== Memory info =========================== 
 
Percentage of memory in use: 8%
Total physical RAM: 12278.12 MB
Available physical RAM: 11240.45 MB
Total Pagefile: 12276.27 MB
Available Pagefile: 11240.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.14 GB) (Free:46.83 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (KINGSTON) (Removable) (Total:7.45 GB) (Free:5.29 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:931.51 GB) (Free:222.24 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B1833512)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: B183350F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 7FDB77E7)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)
 
 
LastRegBack: 2014-08-17 04:27
 
==================== End Of Log ============================


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 19 August 2014 - 08:42 AM

Fix with FRST (Recovery Environment)

 

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    EmptyTemp:
    testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
    S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
    
    C:\ProgramData\DT0001.dat
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.
     
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Edited by TB-Psychotic, 19 August 2014 - 08:45 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 oom

oom
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 19 August 2014 - 09:06 AM

Hello Marius,

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by SYSTEM at 2014-08-19 09:58:08 Run:1
Running from f:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
testsigning on:
EmptyTemp:
 
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
 
C:\ProgramData\DT0001.dat
*****************
 
 
The operation completed successfully.
Error: This directive works only outside recovery mode.
X6va012 => Service deleted successfully.
C:\ProgramData\DT0001.dat => Moved successfully.
 
==== End of Fixlog ====
 
---------------------------------------------
 
I have something to add. I ran farbar scan again after i booted my system back up and i found these in the txt log. Now i believe my chrome might be infected because i can't remove it under add/remove programs.
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Picasa\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @ncsoft.com/Plugin -> C:\Program Files (x86)\plaync\NCPlugin\npncllm3.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll No File
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll No File

 

 
Chrome: 
=======
CHR HomePage: hxxp://www.msn.com/
CHR StartupUrls: "hxxp://www.msn.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Adobe Acrobat) - D:\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Google Update) - C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - D:\Itunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (AdBlock) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-08-05]
CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR StartMenuInternet: Google Chrome - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-11-21 22:26 - 2014-07-02 14:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-18 21:16 - 2014-02-18 21:16 - 00076016 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-02-18 21:16 - 2014-02-18 21:16 - 00088816 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () D:\Notepad++\NppShell_05.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-05-16 11:57 - 2014-05-16 11:57 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-05-16 11:57 - 2014-05-16 11:57 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00060928 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CustomWPFColorPicker.dll
2014-02-18 20:32 - 2014-02-18 20:32 - 00065776 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2014-02-18 20:32 - 2014-02-18 20:32 - 00071920 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
 
2014-08-13 18:58 - 2014-08-06 23:20 - 00718152 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-13 18:58 - 2014-08-06 23:20 - 00126280 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-13 18:58 - 2014-08-06 23:20 - 08537928 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-13 18:58 - 2014-08-06 23:20 - 00353096 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-13 18:58 - 2014-08-06 23:20 - 01732936 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 19 August 2014 - 09:19 AM

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • If any threats are found, don´t click the Cleanup button - rather save the log and post it up in your topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 oom

oom
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 19 August 2014 - 09:28 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Ryan (administrator) on RYAN-PC on 19-08-2014 10:26:44
Running from C:\Users\Ryan\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Jetico, Inc.) C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe
(Jetico, Inc.) C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe
(Jetico, Inc.) C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Jetico Inc. Oy) C:\Program Files (x86)\Jetico\BestCrypt\BC_VE\bcveserv.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Jetico Inc. Oy) C:\Program Files (x86)\Jetico\BestCrypt\BC_VE\bcvetray.exe
(Jetico, Inc.) C:\Program Files (x86)\Jetico\BestCrypt\BCResident.exe
(Jetico, Inc.) C:\Program Files (x86)\Jetico\BestCrypt\BCUpdt.exe
(Jetico, Inc.) C:\Program Files (x86)\Jetico\BestCrypt\BestCrypt.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corp.) C:\Users\Ryan\Desktop\mbar-1.07.0.1012.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes Corporation) C:\Users\Ryan\Desktop\mbar\mbar.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10806816 2012-02-15] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [BestCrypt Volume Encryption] => C:\Program Files (x86)\Jetico\BestCrypt\BC_VE\bcfmgr.exe [2682656 2014-05-28] (Jetico Inc. Oy)
HKLM-x32\...\Run: [BCWipeTM Startup] => C:\Program Files (x86)\Jetico\BestCrypt\BCWipeTM.exe [1650464 2014-07-03] (Jetico, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3514845564-2089270939-1637311307-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [5352288 2012-08-22] (Piriform Ltd)
HKU\S-1-5-21-3514845564-2089270939-1637311307-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-3514845564-2089270939-1637311307-1000\...\Policies\Explorer: [NoThumbNailCache] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BestCrypt Auto Open.lnk
ShortcutTarget: BestCrypt Auto Open.lnk -> C:\Program Files (x86)\Jetico\BestCrypt\BestCrypt.exe (Jetico, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Picasa\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @ncsoft.com/Plugin -> C:\Program Files (x86)\plaync\NCPlugin\npncllm3.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll No File
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll No File
 
Chrome: 
=======
CHR HomePage: hxxp://www.msn.com/
CHR StartupUrls: "hxxp://www.msn.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Adobe Acrobat) - D:\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Google Update) - C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - D:\Itunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (AdBlock) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-08-05]
CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR StartMenuInternet: Google Chrome - C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BcveServ; C:\Program Files (x86)\Jetico\BestCrypt\BC_VE\bcveserv.exe [147232 2014-05-29] (Jetico Inc. Oy)
R2 BCWipeSvc; C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe [87840 2014-07-03] (Jetico, Inc.)
S4 HiPatchService; D:\smite\HiPatchService.exe [9216 2013-10-25] (Hi-Rez Studios) [File not signed]
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2014-08-19] (SurfRight B.V.)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-01-28] (Hewlett-Packard Company) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-17] () [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S4 HitmanPro37CrusaderBoot; "I:\Cleaning Software\Anti-Virus Software\HitmanPro_x64.exe" /crusader:boot [X]
S3 npggsvc; C:\Windows\system32\GameMon.des -service [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ALSysIO; No ImagePath
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-01-15] ()
R1 bcbus; C:\Windows\System32\DRIVERS\bcbus.sys [62656 2014-07-03] (Jetico, Inc.)
R0 bcfnt; C:\Windows\System32\Drivers\bcfnt.sys [180928 2014-05-28] (Jetico, Inc.)
S4 BCSWAP; C:\Windows\System32\Drivers\BCSWAP.sys [124992 2014-07-03] (Jetico, Inc.)
R1 BC_3DES; C:\Windows\System32\Drivers\BC_3DES.sys [35520 2014-07-03] (Jetico, Inc.)
R1 BC_BF128; C:\Windows\System32\Drivers\BC_BF128.sys [31424 2014-07-03] (Jetico, Inc.)
R1 BC_BF448; C:\Windows\System32\Drivers\BC_BF448.sys [31936 2014-07-03] (Jetico, Inc.)
R1 BC_BFish; C:\Windows\System32\Drivers\BC_BFish.sys [31424 2014-07-03] (Jetico, Inc.)
R1 BC_CAST; C:\Windows\System32\Drivers\BC_CAST.sys [38592 2014-07-03] (Jetico, Inc.)
R1 BC_DES; C:\Windows\System32\Drivers\BC_DES.sys [35008 2014-07-03] (Jetico, Inc.)
R1 BC_Gost; C:\Windows\System32\Drivers\BC_Gost.sys [26816 2014-07-03] (Jetico, Inc.)
R1 BC_IDEA; C:\Windows\System32\Drivers\BC_IDEA.sys [28864 2014-07-03] (Iarsn)
R1 BC_RC6; C:\Windows\System32\Drivers\BC_RC6.sys [31424 2014-07-03] (Michael Oestergaard Pedersen)
R1 BC_RIJN; C:\Windows\System32\Drivers\BC_RIJN.sys [52416 2014-07-03] (Jetico, Inc.)
R1 BC_SERP; C:\Windows\System32\Drivers\BC_SERP.sys [38080 2014-07-03] (Michael Oestergaard Pedersen)
R1 BC_TFISH; C:\Windows\System32\Drivers\BC_TFISH.sys [35520 2014-07-03] (Jetico, Inc.)
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2008-10-14] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [371696 2008-10-14] (CyberLink Corporation.)
S3 cpuz130; No ImagePath
S3 cpuz133; No ImagePath
S3 EagleX64; No ImagePath
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] ()
R0 fsh; C:\Windows\System32\Drivers\fsh.sys [67776 2014-07-03] (Jetico, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-01-15] ()
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-08-19] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 MftWipeFilter; C:\Windows\System32\Drivers\MftWipeFilter.sys [33472 2014-07-03] (Windows ® Win 7 DDK provider)
R3 mhk; C:\Windows\System32\Drivers\mhk.sys [18624 2014-07-03] (Jetico, Inc.)
R3 moh; C:\Windows\System32\Drivers\moh.sys [14528 2014-07-03] (Jetico, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2011-08-11] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-04-24] (The OpenVPN Project)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2013-10-25] (Razer, Inc.)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2014-08-19] (SteelSeries Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-19] ()
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-04-16] (CyberLink Corp.)
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2042-06-09 18:30 - 2014-08-18 18:14 - 00005916 _____ () C:\Users\Ryan\Desktop\virussoftware.txt
2042-06-09 17:30 - 2014-08-19 00:24 - 00000462 _____ () C:\Windows\system32\.crusader
2042-06-09 17:25 - 2014-08-19 00:20 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 13:10 - 2014-08-19 10:26 - 00000000 ____D () C:\FRST
2014-08-19 10:23 - 2014-08-19 10:23 - 00000000 ____D () C:\Users\Ryan\Desktop\mbar
2014-08-19 10:21 - 2014-08-19 10:26 - 00025230 _____ () C:\Users\Ryan\Desktop\FRST.txt
2014-08-19 10:20 - 2014-08-19 10:20 - 02101760 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2014-08-19 10:02 - 2014-08-19 10:03 - 00007546 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 08:17 - 2014-08-19 08:17 - 00380416 _____ () C:\Users\Ryan\Downloads\8nf02bok.exe
2014-08-19 08:10 - 2014-08-19 08:11 - 00019096 _____ () C:\Users\Ryan\Desktop\MBRCheck_08.19.14_08.10.46.txt
2014-08-19 08:10 - 2014-08-19 08:10 - 00080384 _____ () C:\Users\Ryan\Downloads\MBRCheck.exe
2014-08-19 07:43 - 2014-08-19 07:43 - 00094446 _____ () C:\Users\Ryan\Desktop\dds.txt
2014-08-19 07:43 - 2014-08-19 07:43 - 00007779 _____ () C:\Users\Ryan\Desktop\attach.txt
2014-08-19 07:42 - 2014-08-19 07:42 - 00688992 ____R (Swearware) C:\Users\Ryan\Downloads\dds.com
2014-08-19 07:32 - 2014-08-19 07:32 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Downloads\OTL.exe
2014-08-19 07:29 - 2014-08-19 07:29 - 00165376 _____ () C:\Users\Ryan\Downloads\SystemLook_x64.exe
2014-08-19 07:29 - 2014-08-19 07:29 - 00002512 _____ () C:\Users\Ryan\Downloads\SystemLook.txt
2014-08-19 07:24 - 2014-08-19 07:24 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\iExplore.exe
2014-08-19 07:23 - 2014-08-19 07:23 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill.exe
2014-08-19 07:10 - 2014-08-19 07:10 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2014-08-19 06:55 - 2014-08-19 09:45 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies
2014-08-19 05:16 - 2014-08-19 05:16 - 00145408 _____ (SteelSeries Corporation) C:\Windows\system32\Drivers\SteelBus64.sys
2014-08-19 05:16 - 2014-08-19 05:16 - 00038016 _____ (SteelSeries Corporation) C:\Windows\system32\Drivers\SAlpham64.sys
2014-08-19 05:08 - 2014-08-19 05:09 - 53001320 _____ () C:\Users\Ryan\Downloads\SteelSeriesEngine_2.8.0450.exe
2014-08-19 05:08 - 2014-08-19 05:08 - 03978232 _____ (SteelSeries) C:\Users\Ryan\Downloads\SSEFix_1.25.4.1.exe
2014-08-19 04:59 - 2014-08-19 04:59 - 00000634 _____ () C:\Users\Ryan\Desktop\JRT.txt
2014-08-19 04:49 - 2014-08-19 10:22 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Ryan\Desktop\mbar-1.07.0.1012.exe
2014-08-19 04:49 - 2014-08-18 23:23 - 04851288 _____ () C:\Users\Ryan\Desktop\RogueKiller.exe
2014-08-19 04:49 - 2014-08-18 22:12 - 01016261 _____ (Thisisu) C:\Users\Ryan\Desktop\JRT.exe
2014-08-19 04:49 - 2014-08-18 20:25 - 00400632 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Desktop\ListCWall.exe
2014-08-19 04:49 - 2014-08-18 20:03 - 01361671 _____ () C:\Users\Ryan\Desktop\AdwCleaner.exe
2014-08-19 04:49 - 2014-08-18 20:00 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Desktop\rkill.com
2014-08-19 02:47 - 2014-08-19 02:47 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Oracle
2014-08-19 02:15 - 2014-08-19 08:15 - 00032675 _____ () C:\Users\Ryan\Desktop\Result.txt
2014-08-19 01:58 - 2014-08-19 01:58 - 00401920 _____ (Farbar) C:\Users\Ryan\Desktop\MiniToolBox.exe
2014-08-19 00:24 - 2014-08-19 00:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-08-19 00:20 - 2014-08-19 10:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 00:20 - 2014-08-19 10:23 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-19 00:20 - 2014-08-19 05:19 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-19 00:20 - 2014-08-19 00:20 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-19 00:20 - 2014-08-19 00:20 - 00000907 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-19 00:20 - 2014-08-19 00:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 00:20 - 2014-08-19 00:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-19 00:20 - 2014-08-19 00:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-19 00:20 - 2014-05-12 07:35 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-19 00:20 - 2014-05-12 07:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-18 23:24 - 2014-08-19 05:04 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-18 23:24 - 2014-08-18 23:24 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-18 22:19 - 2014-08-19 06:19 - 00000452 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 32d08496-9cc0-4f1f-b2e7-016fe33045ea.job
2014-08-18 22:19 - 2014-08-19 02:00 - 00000452 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7f3ade73-3676-4ceb-918d-a556deb99072.job
2014-08-18 22:19 - 2014-08-18 22:19 - 00003526 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 7f3ade73-3676-4ceb-918d-a556deb99072
2014-08-18 22:19 - 2014-08-18 22:19 - 00003452 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 32d08496-9cc0-4f1f-b2e7-016fe33045ea
2014-08-18 22:19 - 2014-08-18 22:19 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\SUPERAntiSpyware.com
2014-08-18 22:17 - 2014-08-18 22:17 - 00000000 ____D () C:\Windows\ERUNT
2014-08-18 22:14 - 2014-08-18 23:10 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_493
2014-08-18 22:14 - 2014-08-18 22:14 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_142
2014-08-18 22:11 - 2014-08-18 22:11 - 00000959 _____ () C:\Users\Public\Desktop\eMule.lnk
2014-08-18 22:11 - 2014-08-18 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
2014-08-18 22:11 - 2014-08-18 22:11 - 00000000 ____D () C:\Program Files (x86)\eMule
2014-08-18 22:10 - 2014-08-18 22:10 - 00270848 _____ (Secure By Design Inc.) C:\Users\Ryan\Downloads\Ninite eMule Installer.exe
2014-08-18 22:06 - 2014-08-18 22:06 - 02347384 _____ (ESET) C:\Users\Ryan\Downloads\esetsmartinstaller_enu.exe
2014-08-18 22:06 - 2014-08-18 22:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-18 21:56 - 2014-08-18 21:56 - 00000000 ____D () C:\Users\Ryan\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2014-08-18 21:39 - 2014-08-18 21:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-RYAN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-08-18 21:39 - 2014-08-18 21:39 - 00000000 ____D () C:\RegBackup
2014-08-18 21:06 - 2014-08-18 21:06 - 00002123 _____ () C:\Users\Ryan\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-08-18 21:01 - 2014-08-18 21:01 - 00000544 _____ () C:\Users\Ryan\Desktop\SpeedFan.lnk
2014-08-18 21:01 - 2014-08-18 21:01 - 00000544 _____ () C:\Users\Guest\Desktop\SpeedFan.lnk
2014-08-18 21:01 - 2014-08-18 21:01 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-08-18 21:01 - 2014-08-18 21:01 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-08-18 21:01 - 2014-08-18 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-08-18 20:58 - 2014-08-18 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-18 20:58 - 2014-08-18 20:58 - 00000655 _____ () C:\Users\Ryan\Desktop\Tweaking.com - Hardware Identify.lnk
2014-08-18 20:57 - 2014-08-18 21:05 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-08-18 20:44 - 2014-08-19 08:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-18 20:43 - 2014-08-19 07:09 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-08-18 20:43 - 2014-08-18 21:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-08-18 20:43 - 2014-08-18 20:43 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-08-18 20:43 - 2014-08-18 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-08-18 20:42 - 2014-08-19 07:20 - 00001178 _____ () C:\Users\Ryan\Desktop\ListCWall.txt
2014-08-18 20:34 - 2014-08-18 20:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-18 20:34 - 2014-08-18 20:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-18 20:34 - 2014-08-18 20:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-18 20:34 - 2014-08-18 20:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 20:34 - 2014-08-18 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-18 20:33 - 2014-08-18 20:33 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-18 20:33 - 2014-08-18 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-18 20:32 - 2014-08-18 20:33 - 00000000 ____D () C:\Program Files\iTunes
2014-08-18 20:32 - 2014-08-18 20:33 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-18 20:32 - 2014-08-18 20:32 - 00000000 ____D () C:\Program Files\iPod
2014-08-18 20:31 - 2014-08-18 20:31 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Apple Computer
2014-08-18 20:31 - 2014-08-18 20:31 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Apple Computer
2014-08-18 20:26 - 2014-08-19 07:19 - 00000622 _____ () C:\Users\Ryan\Desktop\unhide.txt
2014-08-18 20:25 - 2014-08-18 20:43 - 00001790 _____ () C:\sc-cleaner.txt
2014-08-18 20:18 - 2014-08-18 20:18 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-08-18 20:18 - 2014-08-18 20:18 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-18 20:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-18 20:08 - 2014-08-19 07:19 - 00000000 ____D () C:\AdwCleaner
2014-08-18 20:03 - 2014-08-19 07:39 - 00000702 _____ () C:\Users\Ryan\Desktop\Rkill.txt
2014-08-17 20:59 - 2014-08-17 20:59 - 00000000 ____D () C:\Users\Ryan\Desktop\Photos
2014-08-17 20:08 - 2014-08-17 20:08 - 00011461 _____ () C:\Users\Ryan\Downloads\oom (1).zip
2014-08-17 17:35 - 2014-08-17 17:35 - 00032057 _____ () C:\Users\Ryan\Downloads\mini.zip
2014-08-17 07:14 - 2014-08-17 07:18 - 63722695 _____ () C:\Users\Ryan\Downloads\xbmc-13.1-Gotham.exe
2014-08-17 05:22 - 2014-08-17 05:22 - 00002505 _____ () C:\Users\Ryan\Documents\NetSpeedTest.txt
2014-08-17 05:12 - 2014-08-17 05:12 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2014-08-17 04:23 - 2014-08-17 04:23 - 00000000 ____D () C:\Users\Ryan\Desktop\Tor Browser
2014-08-17 04:22 - 2014-08-17 04:23 - 27281991 _____ () C:\Users\Ryan\Downloads\torbrowser-install-3.6.4_en-US.exe
2014-08-17 04:16 - 2014-08-17 04:16 - 00002972 _____ () C:\Users\Ryan\Documents\CB5 Settings.c5s
2014-08-17 02:31 - 2014-07-28 23:45 - 00868184 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-08-17 02:31 - 2014-07-28 23:43 - 00129168 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-08-17 01:09 - 2014-08-17 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BestCrypt
2014-08-17 01:07 - 2014-08-17 01:07 - 00000000 ____D () C:\Program Files (x86)\Jetico
2014-08-16 23:49 - 2014-08-16 23:49 - 00000064 _____ () C:\Users\Ryan\myinfo
2014-08-16 23:41 - 2014-08-16 23:46 - 00230840 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-08-16 20:40 - 2014-08-16 20:40 - 01016209 _____ () C:\Users\Ryan\Downloads\HexygenBeta.rar
2014-08-16 20:38 - 2014-08-16 20:38 - 01014598 _____ () C:\Users\Ryan\Downloads\Hexygen.zip
2014-08-16 19:40 - 2014-08-16 19:40 - 00000492 _____ () C:\Users\Ryan\Desktop\Psi.lnk
2014-08-16 19:40 - 2014-08-16 19:40 - 00000492 _____ () C:\Users\Guest\Desktop\Psi.lnk
2014-08-16 19:40 - 2014-08-16 19:40 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Psi
2014-08-15 07:09 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-15 07:09 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-15 01:28 - 2014-08-15 01:28 - 01647311 _____ () C:\Users\Ryan\Downloads\OOM.ZIP
2014-08-14 21:00 - 2014-08-17 02:18 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Notepad++
2014-08-14 18:56 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-14 18:56 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-14 18:56 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-14 18:56 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-14 18:56 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-14 18:56 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-14 18:56 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-14 18:56 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-14 18:56 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-14 18:56 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-14 18:56 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-14 18:56 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-14 18:56 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-14 18:56 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-14 18:56 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-14 18:56 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-14 18:42 - 2014-08-14 18:46 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-14 18:41 - 2014-08-14 18:46 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-14 18:41 - 2014-08-14 18:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-14 18:41 - 2014-08-14 18:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-14 18:28 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 18:28 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 18:28 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 18:28 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 18:28 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 18:28 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 18:27 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 18:27 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 18:27 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-14 18:27 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-14 18:27 - 2012-05-04 07:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-14 18:27 - 2012-05-04 05:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-08-14 16:59 - 2014-08-14 16:59 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-08-14 16:12 - 2014-08-14 16:16 - 00000000 ____D () C:\Users\Ryan\Documents\Battlefield 4
2014-08-14 15:26 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 15:26 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 15:26 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 15:26 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 15:26 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 15:26 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 15:26 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 15:26 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 15:26 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 15:26 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 15:26 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 15:26 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 15:26 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 15:26 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 15:26 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 15:26 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 15:26 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 15:26 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 15:26 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 15:26 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 15:26 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 15:26 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 15:26 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 15:26 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 15:26 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 15:26 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 15:26 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 15:26 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 15:26 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 15:26 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 15:26 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 15:26 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 15:26 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 15:26 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 15:26 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 15:26 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 15:26 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 15:26 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 15:26 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 15:26 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 15:26 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 15:26 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 15:26 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 15:26 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 15:26 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 15:26 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 15:26 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 15:26 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 15:26 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 15:26 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 15:26 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 15:26 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 15:26 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 15:26 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 15:26 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 15:26 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 15:26 - 2014-07-15 23:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 15:26 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 15:26 - 2014-07-15 22:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 15:26 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 15:26 - 2014-07-15 22:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 15:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 15:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 15:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 15:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 15:26 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 15:26 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 15:26 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 15:26 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 15:26 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 15:26 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 15:26 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 15:26 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 15:26 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 15:26 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 15:26 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 15:26 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 15:26 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 15:26 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 15:26 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 15:26 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 15:26 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 15:26 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 15:25 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 15:25 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 15:25 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 15:25 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 13:44 - 2014-08-14 13:44 - 00000865 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk
2014-08-14 13:44 - 2014-08-14 13:44 - 00000849 _____ () C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2014-08-14 13:44 - 2014-08-14 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2014-08-14 09:57 - 2014-08-14 20:01 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Origin
2014-08-14 09:03 - 2014-08-14 09:03 - 00004132 _____ () C:\Users\Ryan\Desktop\how to evade esea.txt
2014-08-14 03:38 - 2014-08-14 03:38 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Acreon
2014-08-11 22:06 - 2014-08-11 22:07 - 00000000 ____D () C:\Program Files\Dxtory Software
2014-08-11 12:48 - 2014-08-11 12:48 - 47400128 _____ (Microsoft Corporation) C:\Users\Ryan\Downloads\NetFx64.exe
2014-08-11 12:45 - 2014-08-11 12:45 - 06267504 _____ (TeamViewer GmbH) C:\Users\Ryan\Downloads\TeamViewer_Setup_en.exe
2014-08-11 12:45 - 2014-08-11 12:45 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-11 12:45 - 2014-08-11 12:45 - 00001126 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-11 12:45 - 2014-08-11 12:45 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-11 12:22 - 2014-08-11 12:22 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\WinRAR
2014-08-11 11:25 - 2014-08-17 20:03 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
2014-08-10 13:00 - 2014-08-10 13:01 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Curse Advertising
2014-08-10 13:00 - 2014-08-10 13:01 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Battle.net
2014-08-10 13:00 - 2014-08-10 13:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Subversion
2014-08-10 13:00 - 2014-08-10 13:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Apple Computer
2014-08-10 02:19 - 2014-08-10 02:19 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Macromedia
2014-08-09 23:48 - 2014-08-10 19:36 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Ventrilo
2014-08-09 23:11 - 2014-08-09 23:11 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Adobe
2014-08-09 23:10 - 2014-08-09 23:10 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\NVIDIA
2014-08-09 15:05 - 2014-07-02 13:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-08-09 15:01 - 2014-07-02 16:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 18626304 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-08-09 15:01 - 2014-07-02 16:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-08-09 15:01 - 2014-07-02 16:48 - 00026353 _____ () C:\Windows\system32\nvinfo.pb
2014-08-07 17:41 - 2014-08-07 17:46 - 00000069 _____ () C:\Users\Ryan\Desktop\5digitsteamid.txt
2014-08-03 16:34 - 2014-08-03 16:34 - 00006036 _____ () C:\Users\Ryan\Downloads\Settings.rar
2014-08-03 01:52 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 01:52 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 01:52 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 01:52 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 01:51 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 01:51 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 01:51 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 01:51 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 01:51 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 01:51 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 01:51 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 01:51 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 01:51 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 01:51 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-28 23:43 - 2014-07-28 23:43 - 00142528 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-07-25 14:31 - 2014-07-25 14:31 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders 2
2014-07-25 14:28 - 2014-07-25 14:28 - 00000222 _____ () C:\Users\Ryan\Desktop\Dungeon Defenders Eternity.url
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2042-06-09 18:03 - 2011-01-31 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2042-06-09 18:00 - 2010-07-16 20:27 - 00000000 ____D () C:\ProgramData\McAfee
2042-06-09 17:58 - 2010-07-16 20:28 - 00000000 ____D () C:\Program Files\McAfee
2042-06-09 17:56 - 2014-02-08 01:05 - 00000000 ____D () C:\Program Files (x86)\Gameforge
2014-08-19 10:26 - 2014-08-19 13:10 - 00000000 ____D () C:\FRST
2014-08-19 10:26 - 2014-08-19 10:21 - 00025230 _____ () C:\Users\Ryan\Desktop\FRST.txt
2014-08-19 10:24 - 2014-08-19 00:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 10:23 - 2014-08-19 10:23 - 00000000 ____D () C:\Users\Ryan\Desktop\mbar
2014-08-19 10:23 - 2014-08-19 00:20 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-19 10:22 - 2014-08-19 04:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Ryan\Desktop\mbar-1.07.0.1012.exe
2014-08-19 10:20 - 2014-08-19 10:20 - 02101760 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2014-08-19 10:07 - 2009-07-14 00:45 - 00023056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 10:07 - 2009-07-14 00:45 - 00023056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 10:04 - 2009-07-14 01:13 - 00863396 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 10:03 - 2014-08-19 10:02 - 00007546 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 09:59 - 2013-02-19 06:29 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-19 09:59 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 09:45 - 2014-08-19 06:55 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies
2014-08-19 08:49 - 2014-08-18 20:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-19 08:34 - 2013-06-24 12:51 - 00000000 ____D () C:\Users\Guest
2014-08-19 08:34 - 2012-05-11 07:37 - 00000000 ____D () C:\Users\DefaultAppPool
2014-08-19 08:17 - 2014-08-19 08:17 - 00380416 _____ () C:\Users\Ryan\Downloads\8nf02bok.exe
2014-08-19 08:15 - 2014-08-19 02:15 - 00032675 _____ () C:\Users\Ryan\Desktop\Result.txt
2014-08-19 08:11 - 2014-08-19 08:10 - 00019096 _____ () C:\Users\Ryan\Desktop\MBRCheck_08.19.14_08.10.46.txt
2014-08-19 08:10 - 2014-08-19 08:10 - 00080384 _____ () C:\Users\Ryan\Downloads\MBRCheck.exe
2014-08-19 07:43 - 2014-08-19 07:43 - 00094446 _____ () C:\Users\Ryan\Desktop\dds.txt
2014-08-19 07:43 - 2014-08-19 07:43 - 00007779 _____ () C:\Users\Ryan\Desktop\attach.txt
2014-08-19 07:42 - 2014-08-19 07:42 - 00688992 ____R (Swearware) C:\Users\Ryan\Downloads\dds.com
2014-08-19 07:39 - 2014-08-18 20:03 - 00000702 _____ () C:\Users\Ryan\Desktop\Rkill.txt
2014-08-19 07:32 - 2014-08-19 07:32 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Downloads\OTL.exe
2014-08-19 07:29 - 2014-08-19 07:29 - 00165376 _____ () C:\Users\Ryan\Downloads\SystemLook_x64.exe
2014-08-19 07:29 - 2014-08-19 07:29 - 00002512 _____ () C:\Users\Ryan\Downloads\SystemLook.txt
2014-08-19 07:24 - 2014-08-19 07:24 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\iExplore.exe
2014-08-19 07:23 - 2014-08-19 07:23 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill.exe
2014-08-19 07:20 - 2014-08-18 20:42 - 00001178 _____ () C:\Users\Ryan\Desktop\ListCWall.txt
2014-08-19 07:19 - 2014-08-18 20:26 - 00000622 _____ () C:\Users\Ryan\Desktop\unhide.txt
2014-08-19 07:19 - 2014-08-18 20:08 - 00000000 ____D () C:\AdwCleaner
2014-08-19 07:10 - 2014-08-19 07:10 - 00000000 ____D () C:\Windows\SysWOW64\%LOCALAPPDATA%
2014-08-19 07:09 - 2014-08-18 20:43 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-08-19 06:19 - 2014-08-18 22:19 - 00000452 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 32d08496-9cc0-4f1f-b2e7-016fe33045ea.job
2014-08-19 05:19 - 2014-08-19 00:20 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-19 05:16 - 2014-08-19 05:16 - 00145408 _____ (SteelSeries Corporation) C:\Windows\system32\Drivers\SteelBus64.sys
2014-08-19 05:16 - 2014-08-19 05:16 - 00038016 _____ (SteelSeries Corporation) C:\Windows\system32\Drivers\SAlpham64.sys
2014-08-19 05:11 - 2014-02-06 17:12 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2014-08-19 05:11 - 2012-05-03 15:09 - 00000000 ____D () C:\ProgramData\SteelSeries
2014-08-19 05:10 - 2013-03-30 23:00 - 00000000 ____D () C:\Program Files\SteelSeries
2014-08-19 05:09 - 2014-08-19 05:08 - 53001320 _____ () C:\Users\Ryan\Downloads\SteelSeriesEngine_2.8.0450.exe
2014-08-19 05:08 - 2014-08-19 05:08 - 03978232 _____ (SteelSeries) C:\Users\Ryan\Downloads\SSEFix_1.25.4.1.exe
2014-08-19 05:04 - 2014-08-18 23:24 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-19 04:59 - 2014-08-19 04:59 - 00000634 _____ () C:\Users\Ryan\Desktop\JRT.txt
2014-08-19 04:11 - 2010-07-16 20:02 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-19 04:11 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-19 04:10 - 2010-07-16 19:27 - 00001417 _____ () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-19 04:10 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-19 04:09 - 2013-04-05 05:39 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-08-19 02:55 - 2012-10-08 18:59 - 00000000 ____D () C:\Windows\pss
2014-08-19 02:54 - 2013-04-05 05:39 - 00000000 ____D () C:\ProgramData\Razer
2014-08-19 02:52 - 2013-04-05 05:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-08-19 02:49 - 2014-06-25 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
2014-08-19 02:47 - 2014-08-19 02:47 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Oracle
2014-08-19 02:42 - 2011-01-17 04:01 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-08-19 02:00 - 2014-08-18 22:19 - 00000452 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7f3ade73-3676-4ceb-918d-a556deb99072.job
2014-08-19 01:58 - 2014-08-19 01:58 - 00401920 _____ (Farbar) C:\Users\Ryan\Desktop\MiniToolBox.exe
2014-08-19 01:03 - 2009-07-13 22:34 - 00000573 _____ () C:\Windows\win.ini
2014-08-19 00:24 - 2042-06-09 17:30 - 00000462 _____ () C:\Windows\system32\.crusader
2014-08-19 00:24 - 2014-08-19 00:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-08-19 00:23 - 2014-04-08 08:39 - 00000238 _____ () C:\Users\Ryan\Desktop\TsINFO.txt
2014-08-19 00:20 - 2042-06-09 17:25 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 00:20 - 2014-08-19 00:20 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-19 00:20 - 2014-08-19 00:20 - 00000907 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-19 00:20 - 2014-08-19 00:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 00:20 - 2014-08-19 00:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-19 00:20 - 2014-08-19 00:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-18 23:24 - 2014-08-18 23:24 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-18 23:23 - 2014-08-19 04:49 - 04851288 _____ () C:\Users\Ryan\Desktop\RogueKiller.exe
2014-08-18 23:10 - 2014-08-18 22:14 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_493
2014-08-18 22:19 - 2014-08-18 22:19 - 00003526 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 7f3ade73-3676-4ceb-918d-a556deb99072
2014-08-18 22:19 - 2014-08-18 22:19 - 00003452 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 32d08496-9cc0-4f1f-b2e7-016fe33045ea
2014-08-18 22:19 - 2014-08-18 22:19 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\SUPERAntiSpyware.com
2014-08-18 22:17 - 2014-08-18 22:17 - 00000000 ____D () C:\Windows\ERUNT
2014-08-18 22:14 - 2014-08-18 22:14 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_142
2014-08-18 22:12 - 2014-08-19 04:49 - 01016261 _____ (Thisisu) C:\Users\Ryan\Desktop\JRT.exe
2014-08-18 22:11 - 2014-08-18 22:11 - 00000959 _____ () C:\Users\Public\Desktop\eMule.lnk
2014-08-18 22:11 - 2014-08-18 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
2014-08-18 22:11 - 2014-08-18 22:11 - 00000000 ____D () C:\Program Files (x86)\eMule
2014-08-18 22:10 - 2014-08-18 22:10 - 00270848 _____ (Secure By Design Inc.) C:\Users\Ryan\Downloads\Ninite eMule Installer.exe
2014-08-18 22:06 - 2014-08-18 22:06 - 02347384 _____ (ESET) C:\Users\Ryan\Downloads\esetsmartinstaller_enu.exe
2014-08-18 22:06 - 2014-08-18 22:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-18 21:56 - 2014-08-18 21:56 - 00000000 ____D () C:\Users\Ryan\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2014-08-18 21:39 - 2014-08-18 21:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-RYAN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-08-18 21:39 - 2014-08-18 21:39 - 00000000 ____D () C:\RegBackup
2014-08-18 21:31 - 2011-09-18 18:22 - 00003158 _____ () C:\Windows\System32\Tasks\XboxStatTask
2014-08-18 21:31 - 2010-07-20 17:29 - 00003920 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2093DF8B-ED65-4601-893F-C1902C2641C4}
2014-08-18 21:07 - 2014-08-18 20:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-08-18 21:06 - 2014-08-18 21:06 - 00002123 _____ () C:\Users\Ryan\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-08-18 21:06 - 2014-08-18 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-08-18 21:05 - 2014-08-18 20:57 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-08-18 21:01 - 2014-08-18 21:01 - 00000544 _____ () C:\Users\Ryan\Desktop\SpeedFan.lnk
2014-08-18 21:01 - 2014-08-18 21:01 - 00000544 _____ () C:\Users\Guest\Desktop\SpeedFan.lnk
2014-08-18 21:01 - 2014-08-18 21:01 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-08-18 21:01 - 2014-08-18 21:01 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-08-18 21:01 - 2014-08-18 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-08-18 20:58 - 2014-08-18 20:58 - 00000655 _____ () C:\Users\Ryan\Desktop\Tweaking.com - Hardware Identify.lnk
2014-08-18 20:43 - 2014-08-18 20:43 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-08-18 20:43 - 2014-08-18 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-08-18 20:43 - 2014-08-18 20:25 - 00001790 _____ () C:\sc-cleaner.txt
2014-08-18 20:34 - 2014-08-18 20:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-18 20:34 - 2014-08-18 20:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-18 20:34 - 2014-08-18 20:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-18 20:34 - 2014-08-18 20:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 20:34 - 2014-08-18 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-18 20:34 - 2013-07-19 11:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-18 20:33 - 2014-08-18 20:33 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-18 20:33 - 2014-08-18 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-18 20:33 - 2014-08-18 20:32 - 00000000 ____D () C:\Program Files\iTunes
2014-08-18 20:33 - 2014-08-18 20:32 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-18 20:32 - 2014-08-18 20:32 - 00000000 ____D () C:\Program Files\iPod
2014-08-18 20:31 - 2014-08-18 20:31 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Apple Computer
2014-08-18 20:31 - 2014-08-18 20:31 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Apple Computer
2014-08-18 20:28 - 2010-11-29 16:06 - 00000000 ____D () C:\ProgramData\Apple
2014-08-18 20:25 - 2014-08-19 04:49 - 00400632 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Desktop\ListCWall.exe
2014-08-18 20:25 - 2013-02-25 17:07 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-18 20:25 - 2011-10-26 13:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-18 20:18 - 2014-08-18 20:18 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-08-18 20:18 - 2014-08-18 20:18 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-18 20:10 - 2010-07-16 19:27 - 00000000 ____D () C:\Users\Ryan
2014-08-18 20:03 - 2014-08-19 04:49 - 01361671 _____ () C:\Users\Ryan\Desktop\AdwCleaner.exe
2014-08-18 20:00 - 2014-08-19 04:49 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Desktop\rkill.com
2014-08-18 18:14 - 2042-06-09 18:30 - 00005916 _____ () C:\Users\Ryan\Desktop\virussoftware.txt
2014-08-17 22:20 - 2011-03-07 21:58 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Mumble
2014-08-17 20:59 - 2014-08-17 20:59 - 00000000 ____D () C:\Users\Ryan\Desktop\Photos
2014-08-17 20:26 - 2009-07-14 01:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-17 20:08 - 2014-08-17 20:08 - 00011461 _____ () C:\Users\Ryan\Downloads\oom (1).zip
2014-08-17 20:03 - 2014-08-11 11:25 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
2014-08-17 17:35 - 2014-08-17 17:35 - 00032057 _____ () C:\Users\Ryan\Downloads\mini.zip
2014-08-17 07:18 - 2014-08-17 07:14 - 63722695 _____ () C:\Users\Ryan\Downloads\xbmc-13.1-Gotham.exe
2014-08-17 05:22 - 2014-08-17 05:22 - 00002505 _____ () C:\Users\Ryan\Documents\NetSpeedTest.txt
2014-08-17 05:12 - 2014-08-17 05:12 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2014-08-17 04:23 - 2014-08-17 04:23 - 00000000 ____D () C:\Users\Ryan\Desktop\Tor Browser
2014-08-17 04:23 - 2014-08-17 04:22 - 27281991 _____ () C:\Users\Ryan\Downloads\torbrowser-install-3.6.4_en-US.exe
2014-08-17 04:16 - 2014-08-17 04:16 - 00002972 _____ () C:\Users\Ryan\Documents\CB5 Settings.c5s
2014-08-17 02:18 - 2014-08-14 21:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Notepad++
2014-08-17 01:09 - 2014-08-17 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BestCrypt
2014-08-17 01:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-08-17 01:07 - 2014-08-17 01:07 - 00000000 ____D () C:\Program Files (x86)\Jetico
2014-08-16 23:49 - 2014-08-16 23:49 - 00000064 _____ () C:\Users\Ryan\myinfo
2014-08-16 23:46 - 2014-08-16 23:41 - 00230840 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-08-16 20:40 - 2014-08-16 20:40 - 01016209 _____ () C:\Users\Ryan\Downloads\HexygenBeta.rar
2014-08-16 20:38 - 2014-08-16 20:38 - 01014598 _____ () C:\Users\Ryan\Downloads\Hexygen.zip
2014-08-16 19:40 - 2014-08-16 19:40 - 00000492 _____ () C:\Users\Ryan\Desktop\Psi.lnk
2014-08-16 19:40 - 2014-08-16 19:40 - 00000492 _____ () C:\Users\Guest\Desktop\Psi.lnk
2014-08-16 19:40 - 2014-08-16 19:40 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Psi
2014-08-16 11:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-15 05:01 - 2012-06-26 02:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2014-08-15 03:58 - 2014-06-19 03:32 - 00000000 ____D () C:\ProgramData\Origin
2014-08-15 02:53 - 2014-06-19 04:22 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-08-15 01:28 - 2014-08-15 01:28 - 01647311 _____ () C:\Users\Ryan\Downloads\OOM.ZIP
2014-08-14 22:44 - 2014-06-21 20:54 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-08-14 20:22 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-14 20:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 20:01 - 2014-08-14 09:57 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Origin
2014-08-14 18:52 - 2013-08-13 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 18:48 - 2010-05-24 17:32 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 18:46 - 2014-08-14 18:42 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-14 18:46 - 2014-08-14 18:41 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-14 18:46 - 2014-08-14 18:41 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-14 18:46 - 2014-08-14 18:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-14 18:27 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 16:59 - 2014-08-14 16:59 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-08-14 16:16 - 2014-08-14 16:12 - 00000000 ____D () C:\Users\Ryan\Documents\Battlefield 4
2014-08-14 13:44 - 2014-08-14 13:44 - 00000865 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk
2014-08-14 13:44 - 2014-08-14 13:44 - 00000849 _____ () C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2014-08-14 13:44 - 2014-08-14 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2014-08-14 13:44 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-14 09:03 - 2014-08-14 09:03 - 00004132 _____ () C:\Users\Ryan\Desktop\how to evade esea.txt
2014-08-14 08:35 - 2010-07-19 08:54 - 00000000 ____D () C:\Windows\Minidump
2014-08-14 03:38 - 2014-08-14 03:38 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Acreon
2014-08-13 18:58 - 2010-07-16 19:30 - 00002362 _____ () C:\Users\Ryan\Desktop\Google Chrome.lnk
2014-08-11 22:07 - 2014-08-11 22:06 - 00000000 ____D () C:\Program Files\Dxtory Software
2014-08-11 12:48 - 2014-08-11 12:48 - 47400128 _____ (Microsoft Corporation) C:\Users\Ryan\Downloads\NetFx64.exe
2014-08-11 12:45 - 2014-08-11 12:45 - 06267504 _____ (TeamViewer GmbH) C:\Users\Ryan\Downloads\TeamViewer_Setup_en.exe
2014-08-11 12:45 - 2014-08-11 12:45 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-11 12:45 - 2014-08-11 12:45 - 00001126 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-11 12:45 - 2014-08-11 12:45 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-11 12:22 - 2014-08-11 12:22 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\WinRAR
2014-08-10 19:36 - 2014-08-09 23:48 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Ventrilo
2014-08-10 13:01 - 2014-08-10 13:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Curse Advertising
2014-08-10 13:01 - 2014-08-10 13:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Battle.net
2014-08-10 13:00 - 2014-08-10 13:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Subversion
2014-08-10 13:00 - 2014-08-10 13:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Apple Computer
2014-08-10 02:19 - 2014-08-10 02:19 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Macromedia
2014-08-09 23:11 - 2014-08-09 23:11 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Adobe
2014-08-09 23:10 - 2014-08-09 23:10 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\NVIDIA
2014-08-09 15:05 - 2012-07-12 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-08-09 15:05 - 2011-11-05 20:23 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-09 15:02 - 2010-07-12 13:52 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-08-07 17:46 - 2014-08-07 17:41 - 00000069 _____ () C:\Users\Ryan\Desktop\5digitsteamid.txt
2014-08-06 22:06 - 2014-08-14 15:25 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-14 15:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-03 16:34 - 2014-08-03 16:34 - 00006036 _____ () C:\Users\Ryan\Downloads\Settings.rar
2014-08-03 01:29 - 2010-07-28 16:03 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-07-31 19:41 - 2014-08-14 15:26 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-14 15:26 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-29 17:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-28 23:45 - 2014-08-17 02:31 - 00868184 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-07-28 23:43 - 2014-08-17 02:31 - 00129168 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-07-28 23:43 - 2014-07-28 23:43 - 00142528 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-07-25 14:31 - 2014-07-25 14:31 - 00000000 ____D () C:\Program Files (x86)\Dungeon Defenders 2
2014-07-25 14:28 - 2014-07-25 14:28 - 00000222 _____ () C:\Users\Ryan\Desktop\Dungeon Defenders Eternity.url
2014-07-25 12:15 - 2014-04-23 23:04 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-07-25 10:52 - 2014-08-14 15:26 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 10:02 - 2014-08-14 15:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 10:01 - 2014-08-14 15:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 09:51 - 2014-08-14 15:26 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 09:50 - 2014-06-09 23:14 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-07-25 09:50 - 2014-06-09 23:14 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-07-25 09:50 - 2014-01-20 04:47 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-07-25 09:50 - 2014-01-20 04:47 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-07-25 09:30 - 2014-08-14 15:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 09:28 - 2014-08-14 15:26 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 09:28 - 2014-08-14 15:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 09:25 - 2014-08-14 15:26 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-14 15:26 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 09:11 - 2014-08-14 15:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 09:10 - 2014-08-14 15:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 09:04 - 2014-08-14 15:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 09:03 - 2014-08-14 15:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 09:00 - 2014-08-14 15:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 09:00 - 2014-08-14 15:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 08:59 - 2014-08-14 15:26 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 08:47 - 2014-08-14 15:26 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 08:40 - 2014-08-14 15:26 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-14 15:26 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 08:34 - 2014-08-14 15:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 08:33 - 2014-08-14 15:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 08:30 - 2014-08-14 15:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-14 15:26 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-14 15:26 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-14 15:26 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 08:19 - 2014-08-14 15:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 08:18 - 2014-08-14 15:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 08:17 - 2014-08-14 15:26 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 08:17 - 2014-08-14 15:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 08:12 - 2014-08-14 15:26 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 08:10 - 2014-08-14 15:26 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 08:10 - 2014-08-14 15:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 08:08 - 2014-08-14 15:26 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-14 15:26 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-14 15:26 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-14 15:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-14 15:26 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-14 15:26 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-14 15:26 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 07:39 - 2014-08-14 15:26 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 07:36 - 2014-08-14 15:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 07:34 - 2014-08-14 15:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 07:29 - 2014-08-14 15:26 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 07:23 - 2014-08-14 15:26 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-14 15:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 07:07 - 2014-08-14 15:26 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 07:07 - 2014-08-14 15:26 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 07:03 - 2014-08-14 15:26 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-14 15:26 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 06:26 - 2014-08-14 15:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-14 15:26 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-14 15:26 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-14 15:26 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-14 15:26 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 03:01 - 2013-03-14 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 03:00 - 2013-03-14 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 03:00 - 2013-03-14 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-21 15:56 - 2009-08-07 14:33 - 00000000 ____D () C:\Windows\Panther
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
 
 
LastRegBack: 2014-08-17 08:27
 
==================== End Of Log ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Ryan at 2014-08-19 10:27:07
Running from C:\Users\Ryan\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ad-aware 6 Professional (HKLM-x32\...\Ad-aware 6 Professional) (Version: 6.0.1.158 - Lavasoft Sweden)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Flash Media Live Encoder 3.1 (HKLM-x32\...\{37491A3D-B2A6-402D-898E-5C4EF3984C29}) (Version: 3.1.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\{15AE611F-5A40-4BD0-9291-1C6856BDB9A4}) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\{16E20D9D-E7E2-4951-A944-6FFC40870AD4}) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.5 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BestCrypt 8.0 (HKLM-x32\...\BestCrypt) (Version: 8.25.7.1 - Jetico Inc.)
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome LLC)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.4617 - CyberLink Corp.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dungeon Defenders Eternity (HKLM-x32\...\Steam App 302270) (Version:  - Nom Nom Games)
eMule (HKLM-x32\...\eMule) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
GPU Temp version 1.0 (HKLM-x32\...\{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1) (Version: 1.0 - gputemp.com)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.3.193 - SurfRight B.V.)
Honorbuddy (x32 Version: 2.5.9958.729 - Bossland GmbH) Hidden
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
League of Legends (x32 Version: 1.0020 - Riot Games) Hidden
Malwarebytes Anti-Exploit version 1.03.1.1220 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.03.1.1220 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Memory Fox Professional (HKLM\...\{680270A2-5BF8-4431-8528-F8001084DBA7}_is1) (Version: 1.3.4.0 - IDEVFH L.L.C.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:  - )
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
My Game Long Name (HKLM\...\UDK-15976c0c-4e05-4cb3-8dfe-25e4abe9e6a1) (Version:  - Epic Games, Inc.)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Psi (remove only) (HKLM-x32\...\Psi) (Version:  - )
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.16.6 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6101 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1838.1 - Hi-Rez Studios)
Sniper Elite 3 (HKLM-x32\...\Steam App 238090) (Version:  - Rebellion)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
The Stomping Land (HKLM-x32\...\Steam App 263440) (Version:  - SuperCrit)
TortoiseSVN 1.8.5.25224 (64 bit) (HKLM\...\{57FCA88C-D94A-490A-B8C6-8ECC3A9A48D2}) (Version: 1.8.25224 - TortoiseSVN)
Tweaking.com - Hardware Identify (HKLM-x32\...\Tweaking.com - Hardware Identify) (Version: 1.3.0 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.7 - Tweaking.com)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
USB PnP Sound Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version:   -  )
Viscera Cleanup Detail (HKLM-x32\...\Steam App 246900) (Version:  - RuneStorm)
Viscera Cleanup Detail: Santa's Rampage (HKLM-x32\...\Steam App 265210) (Version:  - RuneStorm)
Viscera Cleanup Detail: Shadow Warrior (HKLM-x32\...\Steam App 255520) (Version:  - RuneStorm)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XSplit Gamecaster (HKLM-x32\...\{E8CF032D-9909-4BC3-B956-840F724CEEB8}) (Version: 1.6.1404.0218 - SplitMediaLabs)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-08-18 22:14 - 2014-08-19 01:03 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1D22F0B7-3771-4A2A-B6CD-E4CA3BA63FB3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2195CBD1-C0E8-4B5A-9890-EF10BED7F113} - System32\Tasks\SUPERAntiSpyware Scheduled Task 7f3ade73-3676-4ceb-918d-a556deb99072 => D:\SuperAntiSpyware\SASTask.exe
Task: {350E0C43-DB63-4C45-82FA-F3EEFD777559} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8031AFA6-06CD-4FC5-B122-A58EA3120BBA} - System32\Tasks\SUPERAntiSpyware Scheduled Task 32d08496-9cc0-4f1f-b2e7-016fe33045ea => D:\SuperAntiSpyware\SASTask.exe
Task: {EA613D66-C9DC-4A3A-84CD-A39614618C46} - System32\Tasks\XboxStatTask => C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 32d08496-9cc0-4f1f-b2e7-016fe33045ea.job => D:\SuperAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7f3ade73-3676-4ceb-918d-a556deb99072.job => D:\SuperAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-11-21 22:26 - 2014-07-02 14:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-18 21:16 - 2014-02-18 21:16 - 00076016 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-02-18 21:16 - 2014-02-18 21:16 - 00088816 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () D:\Notepad++\NppShell_05.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-05-16 11:57 - 2014-05-16 11:57 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-05-16 11:57 - 2014-05-16 11:57 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00060928 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CustomWPFColorPicker.dll
2014-02-18 20:32 - 2014-02-18 20:32 - 00065776 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2014-02-18 20:32 - 2014-02-18 20:32 - 00071920 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2014-08-13 18:58 - 2014-08-06 23:20 - 00718152 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-13 18:58 - 2014-08-06 23:20 - 00126280 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-13 18:58 - 2014-08-06 23:20 - 08537928 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-13 18:58 - 2014-08-06 23:20 - 00353096 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-13 18:58 - 2014-08-06 23:20 - 01732936 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-13 18:58 - 2014-08-06 23:20 - 14669128 _____ () C:\Users\Ryan\AppData\Local\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15914754.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\15914754.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Dyyno Launcher => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: HitmanPro37CrusaderBoot => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: ptservice => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: RzOvlMon => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
 
==================== Faulty Device Manager Devices =============
 
Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: USB PnP Sound Device
Description: USB PnP Sound Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Generic USB Audio
Service: USBPNPA
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/19/2014 10:26:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (08/19/2014 10:26:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (08/19/2014 10:23:23 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (08/19/2014 10:23:23 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (08/19/2014 10:21:32 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (08/19/2014 10:21:32 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (08/19/2014 10:13:22 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (08/19/2014 10:13:21 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (08/19/2014 10:13:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (08/19/2014 10:13:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (08/19/2014 10:00:33 AM) (Source: DCOM) (EventID: 10016) (User: Ryan-PC)
Description: application-specificLocalActivation{7D1933CB-86F6-4A98-8628-01BE94C9A575}{F290BFB2-1864-45B1-8804-2654194A87E7}Ryan-PCRyanS-1-5-21-3514845564-2089270939-1637311307-1000LocalHost (Using LRPC)
 
Error: (08/19/2014 10:00:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (08/19/2014 09:59:39 AM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'.  The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it.  The data field contains the error number.
 
Error: (08/19/2014 09:59:21 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (08/19/2014 09:59:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:55:37 AM on ‎8/‎19/‎2014 was unexpected.
 
Error: (08/19/2014 09:40:25 AM) (Source: DCOM) (EventID: 10016) (User: Ryan-PC)
Description: application-specificLocalActivation{7D1933CB-86F6-4A98-8628-01BE94C9A575}{F290BFB2-1864-45B1-8804-2654194A87E7}Ryan-PCRyanS-1-5-21-3514845564-2089270939-1637311307-1000LocalHost (Using LRPC)
 
Error: (08/19/2014 09:40:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (08/19/2014 09:39:40 AM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'.  The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it.  The data field contains the error number.
 
Error: (08/19/2014 09:39:37 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:54:33 AM on ‎8/‎19/‎2014 was unexpected.
 
Error: (08/19/2014 09:39:22 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
 
Microsoft Office Sessions:
=========================
Error: (08/19/2014 10:26:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.
 
Error: (08/19/2014 10:26:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.
 
Error: (08/19/2014 10:23:23 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.
 
Error: (08/19/2014 10:23:23 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.
 
Error: (08/19/2014 10:21:32 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.
 
Error: (08/19/2014 10:21:32 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.
 
Error: (08/19/2014 10:13:22 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.
 
Error: (08/19/2014 10:13:21 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The system cannot find the file specified.
 
Error: (08/19/2014 10:13:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Ryan\Downloads\esetsmartinstaller_enu.exe
 
Error: (08/19/2014 10:13:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Ryan\Downloads\esetsmartinstaller_enu.exe
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 960 @ 3.20GHz
Percentage of memory in use: 29%
Total physical RAM: 12278.12 MB
Available physical RAM: 8714.48 MB
Total Pagefile: 12276.3 MB
Available Pagefile: 8010.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.14 GB) (Free:49.53 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:222.24 GB) NTFS
Drive e: (KINGSTON) (Removable) (Total:7.45 GB) (Free:5.29 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: B183350F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B1833512)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 7FDB77E7)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)
 
==================== End Of Log ============================

 

Added: MBAR came up with no threats.


Edited by oom, 19 August 2014 - 09:35 AM.


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 19 August 2014 - 09:40 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 oom

oom
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 19 August 2014 - 10:09 AM

ComboFix 14-08-19.01 - Ryan 19/08/2014  10:47:32.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.936.86.1033.18.12278.10226 [GMT -4:00]
执行位置: c:\users\Ryan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   被删除的档案   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ryan\AppData\Local\._LiveCode_
c:\users\Ryan\AppData\Local\._LiveCode_\._b0fac543008600000002cbb9000000005e92903c86e5058d003af8fdf1ba6dc5_00000de4.pid
c:\windows\SysWow64\networkdlllsp.dll
.
.
(((((((((((((((((((((((((((((((((((((((   驱动/服务   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TESSAFE
.
.
(((((((((((((((((((((((((  2014-07-19 至 2014-08-19 的新的档案  )))))))))))))))))))))))))))))))
.
.
2042-06-09 21:25 . 2014-08-19 04:20 -------- d-----w- c:\programdata\HitmanPro
2014-08-19 17:10 . 2014-08-19 14:27 -------- d-----w- C:\FRST
2014-08-19 14:52 . 2014-08-19 14:52 -------- d-----w- c:\users\Ryan\AppData\Local\temp
2014-08-19 14:52 . 2014-08-19 14:52 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-08-19 14:52 . 2014-08-19 14:52 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-08-19 14:52 . 2014-08-19 14:52 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2014-08-19 11:10 . 2014-08-19 11:10 -------- d-----w- c:\windows\SysWow64\%LOCALAPPDATA%
2014-08-19 10:55 . 2014-08-19 13:45 -------- d-----w- c:\program files (x86)\OpenVPN Technologies
2014-08-19 09:16 . 2014-08-19 09:16 38016 ----a-w- c:\windows\system32\drivers\SAlpham64.sys
2014-08-19 09:16 . 2014-08-19 09:16 145408 ----a-w- c:\windows\system32\drivers\SteelBus64.sys
2014-08-19 06:47 . 2014-08-19 06:47 -------- d-----w- c:\users\Ryan\AppData\Roaming\Oracle
2014-08-19 05:38 . 2014-08-19 10:29 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0F641ED-3635-414A-9665-5454449C5D5D}\offreg.dll
2014-08-19 05:28 . 2014-08-19 06:49 -------- d-----w- c:\users\Ryan\AppData\Local\CrashDumps
2014-08-19 05:27 . 2014-07-14 08:12 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0F641ED-3635-414A-9665-5454449C5D5D}\mpengine.dll
2014-08-19 04:24 . 2014-08-19 04:24 12872 ----a-w- c:\windows\system32\bootdelete.exe
2014-08-19 04:20 . 2014-08-19 09:19 -------- d-----w- c:\program files\HitmanPro
2014-08-19 04:20 . 2014-08-19 14:54 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-19 04:20 . 2014-08-19 14:23 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-19 04:20 . 2014-08-19 04:20 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-19 04:20 . 2014-05-12 11:35 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-19 04:20 . 2014-05-12 11:35 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-19 03:58 . 2014-08-19 03:58 -------- d-----w- c:\users\Ryan\AppData\Local\Diagnostics
2014-08-19 03:24 . 2014-08-19 09:04 33512 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys
2014-08-19 03:24 . 2014-08-19 03:24 -------- d-----w- c:\programdata\RogueKiller
2014-08-19 02:19 . 2014-08-19 02:19 -------- d-----w- c:\users\Ryan\AppData\Roaming\SUPERAntiSpyware.com
2014-08-19 02:17 . 2014-08-19 02:17 -------- d-----w- c:\windows\ERUNT
2014-08-19 02:12 . 2014-08-19 05:01 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-08-19 02:11 . 2014-08-19 02:11 -------- d-----w- c:\program files (x86)\eMule
2014-08-19 02:06 . 2014-08-19 02:06 -------- d-----w- c:\program files (x86)\ESET
2014-08-19 01:39 . 2014-08-19 01:39 -------- d-----w- C:\RegBackup
2014-08-19 00:57 . 2014-08-19 01:05 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-08-19 00:44 . 2014-08-19 14:33 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-19 00:43 . 2014-08-19 11:09 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2014-08-19 00:43 . 2014-08-19 01:07 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Exploit
2014-08-19 00:34 . 2014-08-19 00:34 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-19 00:32 . 2014-08-19 00:33 -------- d-----w- c:\program files\iTunes
2014-08-19 00:32 . 2014-08-19 00:33 -------- d-----w- c:\program files (x86)\iTunes
2014-08-19 00:32 . 2014-08-19 00:32 -------- d-----w- c:\program files\iPod
2014-08-19 00:31 . 2014-08-19 00:31 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2014-08-19 00:31 . 2014-08-19 00:31 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2014-08-19 00:19 . 2014-08-19 00:19 -------- d-----w- c:\users\Ryan\AppData\Local\Secunia PSI
2014-08-19 00:18 . 2014-08-19 00:18 -------- d-----w- c:\program files (x86)\Secunia
2014-08-19 00:09 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-19 00:08 . 2014-08-19 11:19 -------- d-----w- C:\AdwCleaner
2014-08-17 09:12 . 2014-08-17 09:12 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2014-08-17 07:57 . 2014-08-17 07:57 -------- d-----w- c:\users\Ryan\AppData\Local\Programs
2014-08-17 06:31 . 2014-07-29 03:45 868184 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2014-08-17 06:31 . 2014-07-29 03:43 129168 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2014-08-17 05:07 . 2014-08-17 05:07 -------- d-----w- c:\program files (x86)\Jetico
2014-08-17 03:41 . 2014-08-17 03:46 230840 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2014-08-17 03:10 . 2014-07-14 08:12 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-16 23:40 . 2014-08-19 10:55 -------- d-----w- c:\users\Ryan\AppData\Local\Psi
2014-08-16 23:40 . 2014-08-16 23:40 -------- d-----w- c:\users\Ryan\AppData\Roaming\Psi
2014-08-15 11:09 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-08-15 11:09 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-08-15 01:00 . 2014-08-17 06:18 -------- d-----w- c:\users\Ryan\AppData\Roaming\Notepad++
2014-08-14 22:44 . 2014-04-23 15:50 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37B7260D-202E-471B-8ADE-A53141959D66}\gapaengine.dll
2014-08-14 22:41 . 2014-08-14 22:46 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-08-14 22:41 . 2014-08-14 22:46 -------- d-----w- c:\program files\Microsoft Security Client
2014-08-14 22:28 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 22:28 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-14 22:28 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 22:28 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 22:28 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-14 22:28 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-14 22:27 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 22:27 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 22:27 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-14 22:27 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-08-14 22:27 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-08-14 22:27 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-08-14 20:59 . 2014-08-14 20:59 76152 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-08-14 20:29 . 2014-08-14 20:29 -------- d-----w- c:\users\Ryan\AppData\Local\PunkBuster
2014-08-14 20:10 . 2014-08-14 20:10 -------- d-----w- c:\users\Ryan\AppData\Local\ESN
2014-08-14 19:25 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-14 19:25 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-14 19:25 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 19:25 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-14 13:57 . 2014-08-15 00:01 -------- d-----w- c:\users\Ryan\AppData\Roaming\Origin
2014-08-14 13:57 . 2014-08-14 20:16 -------- d-----w- c:\users\Ryan\AppData\Local\Origin
2014-08-14 07:38 . 2014-08-14 07:38 -------- d-----w- c:\users\Ryan\AppData\Roaming\Acreon
2014-08-12 15:54 . 2014-08-12 15:54 -------- d-----w- c:\users\Ryan\AppData\Local\HonorbuddyMeshes
2014-08-12 07:08 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C44D0F5-6652-4A5F-9C5D-980565FD14C6}\mpengine.dll
2014-08-12 05:18 . 2014-08-12 05:18 -------- d-----w- c:\users\Ryan\AppData\Local\SteelSeries_ApS
2014-08-12 02:06 . 2014-08-12 02:07 -------- d-----w- c:\program files\Dxtory Software
2014-08-11 17:12 . 2014-08-17 08:03 -------- d-----w- c:\users\Ryan\AppData\Local\VirtualStore
2014-08-11 16:45 . 2014-08-11 16:45 -------- d-----w- c:\program files (x86)\TeamViewer
2014-08-11 15:25 . 2014-08-11 15:25 -------- d-----w- c:\users\Ryan\AppData\Local\Skype
2014-08-11 15:25 . 2014-08-18 00:03 -------- d-----w- c:\users\Ryan\AppData\Roaming\Skype
2014-08-10 17:00 . 2014-08-10 17:00 -------- d-----w- c:\users\Ryan\AppData\Local\Blizzard Entertainment
2014-08-10 17:00 . 2014-08-10 17:01 -------- d-----w- c:\users\Ryan\AppData\Roaming\Battle.net
2014-08-10 17:00 . 2014-08-10 17:01 -------- d-----w- c:\users\Ryan\AppData\Roaming\Curse Advertising
2014-08-10 17:00 . 2014-08-10 17:00 -------- d-----w- c:\users\Ryan\AppData\Local\Razer
2014-08-10 17:00 . 2014-08-10 17:00 -------- d-----w- c:\users\Ryan\AppData\Roaming\Apple Computer
2014-08-10 17:00 . 2014-08-10 17:00 -------- d-----w- c:\users\Ryan\AppData\Roaming\Subversion
2014-08-10 16:58 . 2014-08-19 14:54 -------- d-----w- c:\users\Ryan\AppData\Local\TSVNCache
2014-08-10 15:50 . 2014-08-10 15:50 -------- d-----w- c:\users\Ryan\AppData\Local\Apple
2014-08-10 03:48 . 2014-08-10 23:36 -------- d-----w- c:\users\Ryan\AppData\Roaming\Ventrilo
2014-08-10 03:14 . 2014-08-19 01:11 -------- d-----w- c:\users\Ryan\AppData\Local\Deployment
2014-08-10 03:11 . 2014-08-10 03:11 -------- d-sh--w- c:\users\Ryan\AppData\Local\EmieUserList
2014-08-10 03:11 . 2014-08-10 03:11 -------- d-sh--w- c:\users\Ryan\AppData\Local\EmieSiteList
2014-08-10 03:10 . 2014-08-10 03:10 -------- d-----w- c:\users\Ryan\AppData\Roaming\NVIDIA
2014-08-09 19:05 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-08-03 05:52 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-03 05:52 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-03 05:52 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-03 05:52 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-03 05:51 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-03 05:51 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-03 05:51 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-03 05:51 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-03 05:51 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-03 05:51 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-03 05:51 . 2014-05-14 13:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-03 05:51 . 2014-05-14 13:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-03 05:51 . 2014-05-14 13:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-03 05:51 . 2014-05-14 13:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-07-29 03:43 . 2014-07-29 03:43 142528 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2014-07-25 18:31 . 2014-07-25 18:31 -------- d-----w- c:\program files (x86)\Dungeon Defenders 2
.
.
.
((((((((((((((((((((((((((((((((((((((((   在三个月内被修改的档案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-19 00:25 . 2013-02-25 21:07 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-19 00:25 . 2011-10-26 17:58 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-17 23:49 . 2014-07-07 19:15 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-08-15 06:53 . 2014-06-19 08:22 215416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-08-14 22:48 . 2010-05-24 21:32 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-25 13:50 . 2014-06-10 03:14 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2014-01-20 08:47 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-06-10 03:14 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2014-01-20 08:47 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-07-03 10:41 . 2014-07-03 10:34 33472 ----a-w- c:\windows\system32\drivers\MftWipeFilter.sys
2014-07-03 10:35 . 2014-07-03 10:35 43520 ----a-w- c:\windows\SysWow64\HPLUN.dll
2014-07-03 10:33 . 2014-07-03 10:33 364320 ----a-w- c:\windows\BCUnInstall.exe
2014-07-03 10:20 . 2014-07-03 10:38 67776 ----a-w- c:\windows\system32\drivers\fsh.sys
2014-07-03 10:20 . 2014-07-03 10:38 62656 ----a-w- c:\windows\system32\drivers\bcbus.sys
2014-07-03 10:20 . 2014-07-03 10:38 52416 ----a-w- c:\windows\system32\drivers\bc_rijn.sys
2014-07-03 10:20 . 2014-07-03 10:38 38592 ----a-w- c:\windows\system32\drivers\bc_cast.sys
2014-07-03 10:20 . 2014-07-03 10:38 38080 ----a-w- c:\windows\system32\drivers\bc_serp.sys
2014-07-03 10:20 . 2014-07-03 10:38 35520 ----a-w- c:\windows\system32\drivers\bc_tfish.sys
2014-07-03 10:20 . 2014-07-03 10:38 35520 ----a-w- c:\windows\system32\drivers\bc_3des.sys
2014-07-03 10:20 . 2014-07-03 10:38 35008 ----a-w- c:\windows\system32\drivers\bc_des.sys
2014-07-03 10:20 . 2014-07-03 10:38 31936 ----a-w- c:\windows\system32\drivers\bc_bf448.sys
2014-07-03 10:20 . 2014-07-03 10:38 31424 ----a-w- c:\windows\system32\drivers\bc_rc6.sys
2014-07-03 10:20 . 2014-07-03 10:38 31424 ----a-w- c:\windows\system32\drivers\bc_bfish.sys
2014-07-03 10:20 . 2014-07-03 10:38 31424 ----a-w- c:\windows\system32\drivers\bc_bf128.sys
2014-07-03 10:20 . 2014-07-03 10:38 28864 ----a-w- c:\windows\system32\drivers\bc_idea.sys
2014-07-03 10:20 . 2014-07-03 10:38 26816 ----a-w- c:\windows\system32\drivers\bc_gost.sys
2014-07-03 10:20 . 2014-07-03 10:38 18624 ----a-w- c:\windows\system32\drivers\mhk.sys
2014-07-03 10:20 . 2014-07-03 10:38 14528 ----a-w- c:\windows\system32\drivers\moh.sys
2014-07-03 10:20 . 2014-07-03 10:38 124992 ----a-w- c:\windows\system32\drivers\bcswap.sys
2014-07-02 20:48 . 2014-06-10 03:18 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2013-11-22 02:26 75040 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2013-11-22 02:26 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2013-11-22 02:25 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2013-11-22 02:25 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2013-11-22 02:25 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2013-11-22 02:25 17555104 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-07-02 20:48 . 2013-11-22 02:25 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 18:55 . 2013-11-22 02:26 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2013-11-22 02:26 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2013-11-22 02:26 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2013-11-22 02:26 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2013-11-22 02:26 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 10:14 . 2013-11-22 02:26 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-27 01:18 . 2014-06-20 05:40 298032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-06-18 02:18 . 2014-07-09 03:43 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 03:43 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-09 03:43 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 03:43 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 03:42 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 03:42 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 03:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 03:43 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 03:43 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 03:43 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 03:43 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 03:43 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 03:43 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 03:43 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 03:43 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 03:43 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 03:43 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 03:43 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 03:43 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 03:43 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 03:43 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 03:43 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-28 09:26 . 2014-07-03 10:38 180928 ----a-w- c:\windows\system32\drivers\bcfnt.sys
.
.
(((((((((((((((((((((((((((((((((((((   重要登入点   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-08-22 5352288]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2014-06-26 87040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-06-04 382608]
"BestCrypt Volume Encryption"="c:\program files (x86)\Jetico\BestCrypt\BC_VE\bcfmgr.exe" [2014-05-28 2682656]
"BCWipeTM Startup"="c:\program files (x86)\Jetico\BestCrypt\BCWipeTM.exe" [2014-07-03 1650464]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BestCrypt Auto Open.lnk - c:\program files (x86)\Jetico\BestCrypt\BestCrypt.exe AutoOpen [2014-7-3 1689888]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbNailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 ALSysIO;ALSysIO; [x]
R3 cpuz130;cpuz130; [x]
R3 cpuz133;cpuz133; [x]
R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [x]
R3 EagleX64;EagleX64; [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MftWipeFilter;Jetico file system filter; [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ptun0901;TAP Adapter V9 for Private Tunnel;c:\windows\system32\DRIVERS\ptun0901.sys;c:\windows\SYSNATIVE\DRIVERS\ptun0901.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BCSWAP;BCSWAP; [x]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\smite\HiPatchService.exe;d:\smite\HiPatchService.exe [x]
R4 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);i:\cleaning software\Anti-Virus Software\HitmanPro_x64.exe;i:\cleaning software\Anti-Virus Software\HitmanPro_x64.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S0 bcfnt;bcfnt; [x]
S0 fsh;fsh; [x]
S0 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S1 BC_3DES;BC_3DES; [x]
S1 BC_BF128;BC_BF128; [x]
S1 BC_BF448;BC_BF448; [x]
S1 BC_BFish;BC_BFish; [x]
S1 BC_CAST;BC_CAST; [x]
S1 BC_DES;BC_DES; [x]
S1 BC_Gost;BC_Gost; [x]
S1 BC_IDEA;BC_IDEA; [x]
S1 BC_RC6;BC_RC6; [x]
S1 BC_RIJN;BC_RIJN; [x]
S1 BC_SERP;BC_SERP; [x]
S1 BC_TFISH;BC_TFISH; [x]
S1 bcbus;BestCrypt bus driver;c:\windows\system32\DRIVERS\bcbus.sys;c:\windows\SYSNATIVE\DRIVERS\bcbus.sys [x]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys;c:\windows\SYSNATIVE\DRIVERS\CLBStor.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/07/12 11:09];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl;c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [x]
S2 BcveServ;BestCrypt Volume Encryption service;c:\program files (x86)\Jetico\BestCrypt\BC_VE\bcveserv.exe;c:\program files (x86)\Jetico\BestCrypt\BC_VE\bcveserv.exe [x]
S2 BCWipeSvc;BCWipe service;c:\program files (x86)\Jetico\BestCrypt\BCWipeSvc.exe;c:\program files (x86)\Jetico\BestCrypt\BCWipeSvc.exe [x]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
S3 mhk;mhk; [x]
S3 moh;moh; [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-28 05:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
 ‘计划任务’ 文件夹 里的内容
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-15 10806816]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-15914754.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HitmanPro37CrusaderBoot]
"ImagePath"="\"i:\cleaning software\Anti-Virus Software\HitmanPro_x64.exe\" /crusader:boot"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3514845564-2089270939-1637311307-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:c7,81,4f,c8,e6,3c,74,90,f2,3a,11,cf,f4,91,0f,24,a3,e1,38,ec,80,
   a5,b4,48,4c,d8,be,ad,18,6a,a1,3d,2b,5e,5f,9d,34,4a,10,d5,0a,a5,52,e4,8b,91,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
完成时间: 2014-08-19  11:02:07 - 电脑已重新启动
ComboFix-quarantined-files.txt  2014-08-19 15:02
.
Pre-Run: 52,706,779,136 bytes free
Post-Run: 52,269,469,696 bytes free
.
- - End Of File - - 6C8669E23E6ED06439C0985A715A95CD
A36C5E4F47E84449FF07ED3517B43A31


#12 oom

oom
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 19 August 2014 - 04:32 PM

What would be the next step in the process Marius?



#13 oom

oom
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 19 August 2014 - 06:07 PM

Here is a updated DDS Report after running Combofix. If any other volunteers/mods glance here and deem i am 100% clean you have my permission to close the thread. Again thank you Marius for your kind and fast help.
 
DDS INFO BELOW
----------------------------
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239
Run by Ryan at 18:59:49 on 2014-08-19
Microsoft Windows 7 Home Premium   6.1.7601.1.936.86.1033.18.12278.9288 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssadmin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HitmanPro\HitmanPro.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
uPolicies-Explorer: NoThumbNailCache = dword:1
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{C5A7A356-324D-4016-B8A1-3F2C2A48D316} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C5A7A356-324D-4016-B8A1-3F2C2A48D316}\255637964656E63656D23596D6D6 : DHCPNameServer = 68.87.74.166 68.87.68.166
TCP: Interfaces\{C5A7A356-324D-4016-B8A1-3F2C2A48D316}\348494E4F5E45445 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D73269F4-4E45-41D2-90F0-C203F18E1324} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 bcfnt;bcfnt;C:\Windows\System32\drivers\bcfnt.sys [2014-7-3 180928]
R0 fsh;fsh;C:\Windows\System32\drivers\fsh.sys [2014-7-3 67776]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2013-11-22 74432]
R1 BC_3DES;BC_3DES;C:\Windows\System32\drivers\bc_3des.sys [2014-7-3 35520]
R1 BC_BF128;BC_BF128;C:\Windows\System32\drivers\bc_bf128.sys [2014-7-3 31424]
R1 BC_BF448;BC_BF448;C:\Windows\System32\drivers\bc_bf448.sys [2014-7-3 31936]
R1 BC_BFish;BC_BFish;C:\Windows\System32\drivers\bc_bfish.sys [2014-7-3 31424]
R1 BC_CAST;BC_CAST;C:\Windows\System32\drivers\bc_cast.sys [2014-7-3 38592]
R1 BC_DES;BC_DES;C:\Windows\System32\drivers\bc_des.sys [2014-7-3 35008]
R1 BC_Gost;BC_Gost;C:\Windows\System32\drivers\bc_gost.sys [2014-7-3 26816]
R1 BC_IDEA;BC_IDEA;C:\Windows\System32\drivers\bc_idea.sys [2014-7-3 28864]
R1 BC_RC6;BC_RC6;C:\Windows\System32\drivers\bc_rc6.sys [2014-7-3 31424]
R1 BC_RIJN;BC_RIJN;C:\Windows\System32\drivers\bc_rijn.sys [2014-7-3 52416]
R1 BC_SERP;BC_SERP;C:\Windows\System32\drivers\bc_serp.sys [2014-7-3 38080]
R1 BC_TFISH;BC_TFISH;C:\Windows\System32\drivers\bc_tfish.sys [2014-7-3 35520]
R1 bcbus;BestCrypt bus driver;C:\Windows\System32\drivers\bcbus.sys [2014-7-3 62656]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\System32\drivers\CLBStor.sys [2010-7-12 24560]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-8-18 62392]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/07/12 11:09:49];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-4-16 146928]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2010-7-12 371696]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 27136]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-8-18 360592]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-19 1809720]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-19 860472]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-20 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-21 18956064]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-8-9 411936]
R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2014-8-19 145408]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-8-19 32152]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-19 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-19 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-19 63704]
R3 mhk;mhk;C:\Windows\System32\drivers\mhk.sys [2014-7-3 18624]
R3 moh;moh;C:\Windows\System32\drivers\moh.sys [2014-7-3 14528]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-9 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-9 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2014-8-19 38016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-8-19 109352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 MftWipeFilter;Jetico file system filter;C:\Windows\System32\drivers\MftWipeFilter.sys [2014-7-3 33472]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]
S3 ptun0901;TAP Adapter V9 for Private Tunnel;C:\Windows\System32\drivers\ptun0901.sys [2014-4-24 27136]
S3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-11-15 149160]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-14 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-24 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Ryan\Desktop\CPutemp\WinRing0x64.sys [2013-10-11 14544]
S4 BCSWAP;BCSWAP;C:\Windows\System32\drivers\bcswap.sys [2014-7-3 124992]
S4 BcveServ;BestCrypt Volume Encryption service;C:\Program Files (x86)\Jetico\BestCrypt\BC_VE\bcveserv.exe [2014-7-3 147232]
S4 BCWipeSvc;BCWipe service;C:\Program Files (x86)\Jetico\BestCrypt\BCWipeSvc.exe [2014-7-3 87840]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\smite\HiPatchService.exe [2013-11-17 9216]
S4 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);"I:\Cleaning Software\Anti-Virus Software\HitmanPro_x64.exe" /crusader:boot --> I:\Cleaning Software\Anti-Virus Software\HitmanPro_x64.exe [?]
S4 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
S4 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-6 662232]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-8-11 5052224]
.
=============== Created Last 30 ================
.
2042-06-09 21:25:17 -------- d-----w- C:\ProgramData\HitmanPro
2014-08-19 22:58:53 32152 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-08-19 22:30:49 -------- d-----w- C:\Windows\System32\catroot2
2014-08-19 21:02:58 1169712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{007802EF-62F7-4EF7-90C4-051179E9FF62}\gapaengine.dll
2014-08-19 21:02:58 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-19 21:00:22 11319200 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFBE4169-7FB2-4237-B07C-037552B9375A}\mpengine.dll
2014-08-19 17:10:45 -------- d-----w- C:\FRST
2014-08-19 17:10:45 -------- d-----w- \FRST
2014-08-19 15:05:21 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-19 14:54:54 -------- d-----w- C:\$RECYCLE.BIN
2014-08-19 14:54:54 -------- d-----w- \$RECYCLE.BIN
2014-08-19 14:52:29 -------- d-----w- C:\Users\Ryan\AppData\Local\temp
2014-08-19 14:45:51 98816 ----a-w- C:\Windows\sed.exe
2014-08-19 14:45:51 256000 ----a-w- C:\Windows\PEV.exe
2014-08-19 14:45:51 208896 ----a-w- C:\Windows\MBR.exe
2014-08-19 14:45:49 -------- d-----w- C:\ComboFix
2014-08-19 14:45:49 -------- d-----w- \ComboFix
2014-08-19 14:45:33 -------- d-----w- C:\Windows\System32\%LOCALAPPDATA%
2014-08-19 14:44:54 -------- d-----w- \Qoobox
2014-08-19 11:10:12 -------- d-----w- C:\Windows\SysWow64\%LOCALAPPDATA%
2014-08-19 09:16:11 38016 ----a-w- C:\Windows\System32\drivers\SAlpham64.sys
2014-08-19 09:16:11 145408 ----a-w- C:\Windows\System32\drivers\SteelBus64.sys
2014-08-19 05:28:12 -------- d-----w- C:\Users\Ryan\AppData\Local\CrashDumps
2014-08-19 04:24:59 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2014-08-19 04:20:25 -------- d-----w- C:\Program Files\HitmanPro
2014-08-19 04:20:08 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-19 04:20:02 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-19 04:20:02 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-19 04:20:02 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-19 04:20:02 -------- d-----w- C:\Program Files\Malwarebytes Anti-Malware
2014-08-19 03:58:16 -------- d-----w- C:\Users\Ryan\AppData\Local\Diagnostics
2014-08-19 03:24:42 33512 ----a-w- C:\Windows\SysWow64\drivers\TrueSight.sys
2014-08-19 03:24:37 -------- d-----w- C:\ProgramData\RogueKiller
2014-08-19 02:17:31 -------- d-----w- C:\Windows\ERUNT
2014-08-19 02:12:35 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2014-08-19 02:11:45 -------- d-----w- C:\Program Files (x86)\eMule
2014-08-19 01:39:25 -------- d-----w- C:\RegBackup
2014-08-19 01:39:25 -------- d-----w- \RegBackup
2014-08-19 00:57:45 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-08-19 00:44:49 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-19 00:43:12 -------- d-----w- C:\ProgramData\Malwarebytes Anti-Exploit
2014-08-19 00:43:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-08-19 00:32:29 -------- d-----w- C:\Program Files\iTunes
2014-08-19 00:32:29 -------- d-----w- C:\Program Files\iPod
2014-08-19 00:32:29 -------- d-----w- C:\Program Files (x86)\iTunes
2014-08-19 00:19:00 -------- d-----w- C:\Users\Ryan\AppData\Local\Secunia PSI
2014-08-19 00:18:56 -------- d-----w- C:\Program Files (x86)\Secunia
2014-08-19 00:09:16 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-08-19 00:08:44 -------- d-----w- C:\AdwCleaner
2014-08-19 00:08:44 -------- d-----w- \AdwCleaner
2014-08-17 09:12:09 31232 ----a-w- C:\Windows\System32\drivers\tap0901.sys
2014-08-17 07:57:40 -------- d-----w- C:\Users\Ryan\AppData\Local\Programs
2014-08-17 06:31:22 868184 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2014-08-17 06:31:21 129168 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2014-08-17 05:07:27 -------- d-----w- C:\Program Files (x86)\Jetico
2014-08-17 03:41:07 230840 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2014-08-16 23:40:40 -------- d-----w- C:\Users\Ryan\AppData\Local\Psi
2014-08-15 11:09:10 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-08-15 11:09:10 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-08-14 22:41:53 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-08-14 22:41:52 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-08-14 22:28:01 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-14 22:28:01 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-14 22:28:01 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-14 22:28:01 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-14 22:28:01 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-14 22:28:01 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-14 22:27:50 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-14 22:27:50 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-14 22:27:30 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-08-14 22:27:30 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-14 22:27:27 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-08-14 22:27:27 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-08-14 20:59:58 76152 ----a-w- C:\Windows\System32\PnkBstrA.exe
2014-08-14 20:29:07 -------- d-----w- C:\Users\Ryan\AppData\Local\PunkBuster
2014-08-14 20:10:52 -------- d-----w- C:\Users\Ryan\AppData\Local\ESN
2014-08-14 19:25:36 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-14 19:25:36 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-14 19:25:36 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-14 19:25:36 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-14 13:57:21 -------- d-----w- C:\Users\Ryan\AppData\Local\Origin
2014-08-12 15:54:26 -------- d-----w- C:\Users\Ryan\AppData\Local\HonorbuddyMeshes
2014-08-12 07:08:02 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C44D0F5-6652-4A5F-9C5D-980565FD14C6}\mpengine.dll
2014-08-12 05:18:41 -------- d-----w- C:\Users\Ryan\AppData\Local\SteelSeries_ApS
2014-08-12 02:06:41 -------- d-----w- C:\Program Files\Dxtory Software
2014-08-11 17:12:20 -------- d-----w- C:\Users\Ryan\AppData\Local\VirtualStore
2014-08-11 16:45:43 -------- d-----w- C:\Program Files (x86)\TeamViewer
2014-08-10 17:00:48 -------- d-----w- C:\Users\Ryan\AppData\Local\Blizzard Entertainment
2014-08-10 17:00:45 -------- d-----w- C:\Users\Ryan\AppData\Local\Razer
2014-08-10 16:58:34 -------- d-----w- C:\Users\Ryan\AppData\Local\TSVNCache
2014-08-10 15:50:00 -------- d-----w- C:\Users\Ryan\AppData\Local\Apple
2014-08-10 03:14:23 -------- d-----w- C:\Users\Ryan\AppData\Local\Deployment
2014-08-10 03:11:05 -------- d-sh--w- C:\Users\Ryan\AppData\Local\EmieUserList
2014-08-10 03:11:05 -------- d-sh--w- C:\Users\Ryan\AppData\Local\EmieSiteList
2014-08-09 19:05:25 609240 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-08-03 05:52:05 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-03 05:51:56 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-03 05:51:56 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-03 05:51:53 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-03 05:51:53 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-03 05:51:53 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-03 05:51:53 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-07-29 03:43:28 142528 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2014-07-25 18:31:15 -------- d-----w- C:\Program Files (x86)\Dungeon Defenders 2
.
==================== Find3M  ====================
.
2014-08-19 00:25:42 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-19 00:25:42 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-15 06:53:02 215416 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:50:29 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-07-25 13:50:29 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-07-25 13:50:11 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-07-25 13:50:11 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-07-03 10:41:59 33472 ----a-w- C:\Windows\System32\drivers\MftWipeFilter.sys
2014-07-03 10:35:42 43520 ----a-w- C:\Windows\SysWow64\HPLUN.dll
2014-07-03 10:33:34 364320 ----a-w- C:\Windows\BCUnInstall.exe
2014-07-02 20:48:32 965312 ----a-w- C:\Windows\System32\nvumdshimx.dll
2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-06-27 01:18:50 298032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-28 09:26:04 180928 ----a-w- C:\Windows\System32\drivers\bcfnt.sys
.
============= FINISH: 19:00:07.91 ===============
 

Attached Files



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 20 August 2014 - 06:00 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 oom

oom
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 20 August 2014 - 02:32 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 20/08/2014
Scan Time: 08:19:47 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.20.03
Rootkit Database: v2014.08.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ryan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 403929
Time Elapsed: 9 min, 54 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Eset:
 
D:\Transfer Folder\Hexygen\Hexygen\NewHexygen.exe a variant of Win32/Packed.Themida.AAL trojan
D:\Transfer Folder\High-minded\mybaby\mybaby.exe a variant of Win32/Packed.VMProtect.ABD trojan
D:\Transfer Folder\Inuria\Inuria\Black Gold Online\39P9kLJeyYi1.exe a variant of Win32/Packed.Themida potentially unwanted application





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users