Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ESET keeps blocking website traffagon.in/index.php


  • This topic is locked This topic is locked
25 replies to this topic

#1 AngryHan

AngryHan

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 07 September 2014 - 07:17 AM

As mentioned, ESET smart security keeps popping up saying it is blocking the website

http://traffagon.in/index.php Blocked by internal blacklist C:\Windows\System32\rundll32.exe

 

 

---

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16384
Run by Han at 13:14:00 on 2014-09-07
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8053.5163 [GMT 1:00]
.
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\USB Camera2\VM332STI.EXE
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\SysWOW64\netupdsrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
C:\Users\Han\Games\Steam\bin\SteamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Han\Games\Steam\bin\steamservice.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskhost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo13.msn.com
uDefault_Page_URL = hxxp://lenovo13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: FlowSurf: {E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0} - C:\Program Files (x86)\Flowsurf\flowsurf.dll
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332STI.EXE
mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: DisableCAD = dword:1
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{14C07993-CC23-412A-B9B1-948B1F5CEED0} : DHCPNameServer = 192.168.1.254
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [SynLenovoGestureMgr] "C:\Program Files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" /m
x64-Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 edevmon;edevmon;C:\WINDOWS\System32\Drivers\edevmon.sys [2013-9-17 239296]
R0 epfwwfp;epfwwfp;C:\WINDOWS\System32\Drivers\epfwwfp.sys [2013-9-17 62136]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\Drivers\iaStorA.sys [2012-11-6 645952]
R0 LHDmgr;LHDmgr;C:\WINDOWS\System32\Drivers\LhdX64.sys [2012-11-6 39008]
R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\Drivers\nvpciflt.sys [2012-11-6 30056]
R1 eamonm;eamonm;C:\WINDOWS\System32\Drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\WINDOWS\System32\Drivers\EpfwLWF.sys [2013-9-17 44120]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-8-20 211584]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2014-2-24 1343408]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2012-11-6 2451456]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-11-6 128896]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-6 165760]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-7-16 69640]
R2 ServiceUpdater;Network Support Service Updater;C:\Windows\SysWOW64\netupdsrv.exe [2014-9-7 159744]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-6 364416]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-8-20 323584]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\WINDOWS\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\WINDOWS\System32\Drivers\btath_bus.sys [2012-11-6 33944]
R3 DKRtWrt;DKRtWrt;C:\WINDOWS\System32\Drivers\DKRtWrt.sys [2014-9-7 52048]
R3 IntcDAud;Intel® Display Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2012-8-22 342528]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\Drivers\MBAMSwissArmy.sys [2014-9-7 122584]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\Drivers\RtsUVStor.sys [2012-11-6 315536]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-11-6 683664]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\Drivers\Smb_driver_Intel.sys [2012-8-22 43832]
R3 vm332avs;Lenovo Camera2;C:\WINDOWS\System32\Drivers\vm332avs.sys [2012-11-6 981112]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S0 DKDFM;Device Filter Manager Driver;C:\WINDOWS\System32\Drivers\DKDFM.sys [2014-9-7 40752]
S0 DKTLFSMF;Telemetry File System Mini Filter Driver;C:\WINDOWS\System32\Drivers\DKTLFSMF.sys [2014-9-7 106832]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\WINDOWS\System32\Drivers\btath_flt.sys [2012-11-6 88728]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\WINDOWS\System32\Drivers\btath_a2dp.sys [2012-11-6 344216]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\WINDOWS\System32\Drivers\btath_avdt.sys [2012-11-6 114840]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\WINDOWS\System32\Drivers\btath_hcrp.sys [2012-11-6 178840]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\WINDOWS\System32\Drivers\btath_lwflt.sys [2012-11-6 76952]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\WINDOWS\System32\Drivers\btath_rcp.sys [2012-11-6 135832]
S3 BtFilter;BtFilter;C:\WINDOWS\System32\Drivers\btfilter.sys [2012-11-6 567808]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
S3 wsvd;wsvd;C:\WINDOWS\System32\Drivers\wsvd.sys [2012-11-6 102376]
.
=============== Created Last 30 ================
.
2014-09-07 18:15:17 -------- d-----w- C:\Windows.old
2014-09-07 17:49:43 -------- d-----w- C:\$WINDOWS.~BT
2014-09-07 12:04:37 122584 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2014-09-07 12:04:20 91352 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2014-09-07 12:04:20 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2014-09-07 12:04:20 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2014-09-07 12:04:20 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-07 12:04:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-07 12:03:14 -------- d-----w- C:\Users\Han\AppData\Local\Programs
2014-09-07 12:00:58 -------- d-----w- C:\Program Files\CCleaner
2014-09-07 11:56:36 -------- d-----w- C:\Users\Han\AppData\Roaming\Condusiv_Technologies
2014-09-07 11:56:36 -------- d-----w- C:\Users\Han\AppData\Local\Condusiv_Technologies
2014-09-07 11:53:12 106832 ----a-w- C:\WINDOWS\System32\drivers\DKTLFSMF.sys
2014-09-07 11:53:11 40752 ----a-w- C:\WINDOWS\System32\drivers\DKDFM.sys
2014-09-07 11:53:05 52048 ----a-w- C:\WINDOWS\System32\drivers\DKRtWrt.sys
2014-09-07 11:53:02 -------- d-----w- C:\Program Files\Common Files\Diskeeper Corporation
2014-09-07 11:53:01 -------- d-----w- C:\ProgramData\Condusiv Technologies
2014-09-07 11:52:56 -------- d-----w- C:\Program Files\Condusiv Technologies
2014-09-07 11:40:22 687 ----a-w- C:\awh285E.tmp
2014-09-07 11:35:27 -------- d-----w- C:\Program Files (x86)\Flowsurf
2014-09-07 11:35:14 -------- d-----w- C:\Program Files (x86)\Common Files\Config
2014-09-07 11:11:34 25 ----a-w- C:\WINDOWS\Svchost.exe.tmp
2014-09-07 11:08:17 -------- d-----w- C:\WINDOWS\pss
2014-09-07 10:59:04 -------- d-----w- C:\Users\Han\AppData\Roaming\ESET
2014-09-07 10:59:04 -------- d-----w- C:\Users\Han\AppData\Local\ESET
2014-09-07 10:54:54 -------- d-----w- C:\Program Files\ESET
2014-09-07 10:18:01 -------- d-----w- C:\Program Files (x86)\StartIsBack
2014-09-07 10:11:17 -------- d-----w- C:\Users\Han\AppData\Roaming\uTorrent
2014-09-07 10:08:23 -------- d-----w- C:\Users\Han\AppData\Local\Google
2014-09-07 10:08:09 -------- d-----w- C:\Users\Han\AppData\Local\Deployment
2014-09-07 10:08:09 -------- d-----w- C:\Users\Han\AppData\Local\Apps
2014-09-07 09:30:03 -------- d-----w- C:\ProgramData\Atheros
2014-09-07 09:29:56 -------- d-----w- C:\Users\Han\AppData\Roaming\Atheros
2014-09-07 09:29:10 -------- d-----r- C:\Users\Han\Searches
2014-09-07 09:28:29 -------- d-----w- C:\ProgramData\eBay
2014-09-07 09:24:30 -------- d-----w- C:\Users\Han\AppData\Local\VirtualStore
2014-09-07 09:24:13 -------- d-----w- C:\Users\Han\AppData\Local\Packages
2014-09-07 08:40:04 -------- d--h--w- C:\$SysReset
2014-09-07 08:39:42 159744 ----a-w- C:\WINDOWS\SysWow64\netupdsrv.exe
2014-09-07 08:39:32 108544 ----a-w- C:\WINDOWS\SysWow64\installd.exe
2014-09-07 08:39:22 179200 ----a-w- C:\WINDOWS\SysWow64\nethtsrv.exe
2014-09-06 17:36:10 -------- d-----w- C:\Users\Han\Intel
.
==================== Find3M  ====================
.
.
============= FINISH: 13:16:09.30 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 AngryHan

AngryHan
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 07 September 2014 - 07:55 AM

Quick update: Not sure if related, but after every boot up, I get a popup from Host Processes for Windows Tasks saying that I need to restart my computer to apply these changes.

 

Also, I ran adwcleaner to deal with Flowsurf, but I'm still getting the popup from ESET



#3 AngryHan

AngryHan
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 07 September 2014 - 04:10 PM

Another update, ESET notifying me of these:

 

07/09/2014 22:05:43 Advanced Memory Scanner file Operating memory » C:\ProgramData\Microsoft\Secure\Icons\temp\tmp82CB.exe a variant of Win32/Simda.B trojan cleaned - quarantined

 

07/09/2014 22:04:14 Advanced Memory Scanner file Operating memory » tmp89C1.exe(7680) a variant of Win32/Agent.VPS trojan cleaned - contained infected files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 08 September 2014 - 06:06 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.


Edited by TB-Psychotic, 08 September 2014 - 06:06 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 AngryHan

AngryHan
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 08 September 2014 - 12:06 PM

Hi Marius, thanks for taking a look at my case.

 

Firstly, I need to mention that I have installed a number of programs since my first post, because I was in the middle of reinstalling everything after I Refreshed my computer when I was hit by this malware.

 

Secondly, I am getting the following problems when running GMER:

tuHqUqU.jpg

The ESET popup happens at the same time as this. When I hit OK, this happens:

 

o7vXzcr.jpg

When I hit OK, it says the scan has finished.

 

I'm assuming this isn't right.

 

Nevertheless, here are the contents of my ark.txt file:

 

 

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-08 18:07:15
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000039 ST1000LM024_HN-M101MBB rev.2AR10001 931.51GB
Running: slhdmoho.exe; Driver: C:\Users\Han\AppData\Local\Temp\kxtoqpod.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread   C:\WINDOWS\system32\csrss.exe [704:7668]                                                                                                                          fffff960009095e8
---- Processes - GMER 2.1 ----
 
Library  C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [2056] (FILE NOT FOUND)                              000007ff53830000
Process  C:\ProgramData\Microsoft\Secure\Icons\temp\tmp89C1.exe (*** suspicious ***) @ C:\ProgramData\Microsoft\Secure\Icons\temp\tmp89C1.exe [7680](2014-09-07 21:03:56)  0000000000400000
Library  C:\WINDOWS\Temp\mpgear.dll (*** suspicious ***) @ C:\WINDOWS\system32\mrt.exe [9396]                                                                              000007ff4a4e0000
Library  C:\WINDOWS\Temp\mpengine.dll (*** suspicious ***) @ C:\WINDOWS\system32\mrt.exe [9396]                                                                            000007ff3eac0000
Library  C:\WINDOWS\Temp\MRT\53B5DBC4-54C7-46E4-B056-C6F17947DBDC\offreg.dll (*** suspicious ***) @ C:\WINDOWS\system32\mrt.exe [9396]                                     000007ff4a1d0000
 
---- Disk sectors - GMER 2.1 ----
 
Disk     \Device\Harddisk0\DR0                                                                                                                                             unknown MBR code
 
---- EOF - GMER 2.1 ----
 
 
I have not proceeded to the TDSS-Killer step.

Edited by AngryHan, 08 September 2014 - 12:08 PM.


#6 AngryHan

AngryHan
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 08 September 2014 - 01:29 PM

I also don't know if this is related to my problem here:

 

http://www.bleepingcomputer.com/forums/t/547161/windows-81-100-disk-usage-freezing/

 

In my task manager, I often see 100% disk usage, with 'System' sometimes using between 1-2MB/s



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 09 September 2014 - 02:41 AM

Please proceed with TDSS-Killer


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 AngryHan

AngryHan
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 09 September 2014 - 06:48 AM

Thanks, have attached the TDSS log below

Attached Files


Edited by AngryHan, 09 September 2014 - 06:49 AM.


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 09 September 2014 - 07:13 AM

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 AngryHan

AngryHan
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 09 September 2014 - 08:29 AM

Thanks, when running Combofix I kept getting the error 'Commandline Standard Stream Splitter has stopped working', but Combofix still finished.

 

I also ran into a bsod when it was restarting: DRIVER_POWER_STATE_FAILURE

 

 

After rebooting, ESET popped up saying it had detected a threat at C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll (a variant of Win64/Cathurbot.A trojan)

 

I also got the same notification about http://traffagon.in/index.php

 

Combofix log:

 

ComboFix 14-09-09.01 - Han 09/09/2014  13:33:11.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8053.5177 [GMT 1:00]
Running from: c:\users\Han\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\TEMP
c:\users\Han\AppData\Local\assembly\tmp
.
Infected copy of c:\windows\system32\lpk.dll was found and disinfected 
Restored copy from - c:\windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.2.9200.16624_none_02dda516e419e312\lpk.dll 
.
c:\windows\SysWow64\sfcfiles.dll . . . is missing!!
.
c:\windows\system32\drivers\ipsec.sys . . . is missing!!
.
c:\windows\system32\drivers\psched.sys . . . is missing!!
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-09 to 2014-09-09  )))))))))))))))))))))))))))))))
.
.
2014-09-09 12:59 . 2014-09-09 12:59 -------- d-----w- C:\Device
2014-09-08 18:25 . 2014-09-08 18:25 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-09-08 18:03 . 2014-09-08 18:03 -------- d-----w- c:\programdata\Oracle
2014-09-08 18:03 . 2014-09-08 18:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-09-08 18:02 . 2014-09-08 18:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-08 18:02 . 2014-09-08 18:02 -------- d-----w- c:\program files (x86)\Java
2014-09-08 02:00 . 2014-09-08 02:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-09-07 23:01 . 2014-09-07 23:01 -------- d-----w- c:\program files (x86)\Battle.net
2014-09-07 23:01 . 2014-09-07 23:01 -------- d-----w- c:\programdata\Blizzard Entertainment
2014-09-07 23:01 . 2014-09-07 23:01 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2014-09-07 22:59 . 2014-09-07 22:59 -------- d-----w- c:\programdata\Battle.net
2014-09-07 22:52 . 2014-09-07 22:52 -------- d-----w- c:\program files (x86)\AutoHotkey
2014-09-07 21:03 . 2014-09-07 21:03 419758 ----a-w- c:\programdata\Microsoft\Secure\Icons\temp\tmp89C1.exe
2014-09-07 20:43 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2014-09-07 19:55 . 2014-09-07 19:55 -------- d-----w- c:\program files (x86)\MSECache
2014-09-07 19:40 . 2014-09-07 19:40 -------- d-----w- c:\program files (x86)\HydraIRC
2014-09-07 19:14 . 2014-09-07 19:14 -------- d-----w- c:\program files (x86)\EMET 5.0
2014-09-07 19:08 . 2014-09-07 19:08 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-09-07 19:08 . 2014-09-07 19:08 -------- d-----r- c:\program files (x86)\Skype
2014-09-07 19:07 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-09-07 19:04 . 2014-09-07 19:04 -------- d-----w- c:\programdata\Skype
2014-09-07 19:04 . 2014-09-07 19:04 -------- d-----w- c:\program files\iPod
2014-09-07 19:04 . 2014-09-07 19:07 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-07 19:04 . 2014-09-07 19:07 -------- d-----w- c:\program files\iTunes
2014-09-07 19:04 . 2014-09-07 19:07 -------- d-----w- c:\program files (x86)\iTunes
2014-09-07 19:04 . 2014-09-07 19:04 -------- d-----w- c:\programdata\Apple Computer
2014-09-07 19:04 . 2014-09-07 19:04 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-09-07 19:03 . 2014-09-07 19:03 -------- d-----w- c:\program files\Common Files\Apple
2014-09-07 19:03 . 2014-09-07 19:03 -------- d-----w- c:\program files\Bonjour
2014-09-07 19:03 . 2014-09-07 19:03 -------- d-----w- c:\program files (x86)\Bonjour
2014-09-07 19:03 . 2014-09-07 19:04 -------- d-----w- c:\program files (x86)\Common Files\Apple
2014-09-07 19:03 . 2014-09-07 19:04 -------- d-----w- c:\programdata\Apple
2014-09-07 18:46 . 2013-08-14 14:36 662784 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
2014-09-07 18:46 . 2014-04-10 11:19 14863448 ----a-w- c:\windows\system32\MaxxAudioRealtek64.dll
2014-09-07 18:46 . 2014-04-10 11:20 1934424 ----a-w- c:\windows\system32\MaxxAudioRealtek264.dll
2014-09-07 18:46 . 2014-04-10 11:19 2041432 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2014-09-07 18:46 . 2014-04-10 11:19 1063512 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2014-09-07 18:46 . 2013-08-14 14:35 663296 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2014-09-07 18:46 . 2010-09-27 08:34 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2014-09-07 18:46 . 2014-02-18 16:04 2770976 ----a-w- c:\windows\system32\FMAPO64.dll
2014-09-07 18:42 . 2014-09-07 18:42 -------- d-----w- c:\windows\SysWow64\NV
2014-09-07 18:42 . 2014-09-07 18:42 -------- d-----w- c:\windows\system32\NV
2014-09-07 18:28 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-09-07 18:28 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-09-07 18:28 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-09-07 18:28 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-09-07 18:28 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-09-07 18:28 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-09-07 18:27 . 2014-07-25 14:01 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-09-07 18:27 . 2014-07-25 14:01 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-09-07 18:27 . 2014-07-25 14:01 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-09-07 18:27 . 2014-07-25 14:01 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-09-07 18:19 . 2014-03-31 16:42 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-09-07 18:19 . 2014-03-31 16:42 37320 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-09-07 18:19 . 2014-03-31 16:42 34760 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-09-07 18:19 . 2014-07-02 20:48 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-09-07 18:19 . 2014-07-02 20:48 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-09-07 18:19 . 2014-07-02 20:48 32544 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2014-09-07 18:12 . 2014-09-07 18:12 -------- d-----w- C:\NVIDIA
2014-09-07 17:59 . 2014-09-07 17:59 -------- d-----w- c:\program files\TeamSpeak 3 Client
2014-09-07 17:54 . 2014-09-07 18:43 -------- d-----w- c:\windows\AutoKMS
2014-09-07 17:53 . 2014-09-09 13:07 151552 ----a-w- c:\windows\KMSEmulator.exe
2014-09-07 17:49 . 2014-09-07 17:49 -------- d-----w- C:\$WINDOWS.~BT
2014-09-07 17:49 . 2014-09-07 17:49 -------- d-----w- c:\program files\Common Files\DESIGNER
2014-09-07 17:47 . 2014-09-07 17:47 -------- d-----w- c:\program files\Microsoft Synchronization Services
2014-09-07 17:46 . 2014-09-07 17:46 -------- d-----w- c:\windows\PCHEALTH
2014-09-07 17:46 . 2014-09-07 17:46 -------- d-----w- c:\program files\Microsoft Sync Framework
2014-09-07 17:46 . 2014-09-07 17:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-09-07 17:44 . 2014-09-07 17:44 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2014-09-07 17:43 . 2014-09-07 17:43 -------- d-----w- c:\program files\Microsoft Analysis Services
2014-09-07 17:43 . 2014-09-07 17:43 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2014-09-07 17:42 . 2014-09-07 17:46 -------- d-----w- c:\program files\Microsoft Office
2014-09-07 17:42 . 2014-09-07 17:50 -------- d-----w- c:\programdata\Microsoft Help
2014-09-07 15:43 . 2014-09-07 15:46 -------- d-----w- c:\windows\system32\MRT
2014-09-07 14:59 . 2014-06-10 22:44 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-09-07 14:59 . 2014-06-10 22:43 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-09-07 14:11 . 2013-09-20 09:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-09-07 14:11 . 2014-09-07 14:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-09-07 14:11 . 2014-09-07 14:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-09-07 13:14 . 2013-08-07 05:15 144896 ----a-w- c:\windows\system32\tssdisai.dll
2014-09-07 13:14 . 2012-11-10 04:22 122880 ----a-w- c:\windows\system32\VmHostAI.dll
2014-09-07 13:14 . 2012-11-10 04:22 126976 ----a-w- c:\windows\system32\RDWebAI.dll
2014-09-07 13:14 . 2012-11-10 04:20 135680 ----a-w- c:\windows\system32\appserverai.dll
2014-09-07 13:14 . 2012-11-10 04:23 132608 ----a-w- c:\windows\SysWow64\poqexec.exe
2014-09-07 13:14 . 2012-11-10 04:23 148480 ----a-w- c:\windows\system32\poqexec.exe
2014-09-07 13:07 . 2014-09-07 13:07 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-09-07 12:48 . 2014-09-07 12:48 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2014-09-07 12:45 . 2010-08-30 07:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-07 12:43 . 2014-09-07 14:03 -------- d-----w- C:\AdwCleaner
2014-09-07 12:42 . 2014-09-07 12:42 -------- d-----w- c:\programdata\LogiShrd
2014-09-07 12:41 . 2014-09-07 12:42 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-09-07 12:39 . 2014-09-07 12:39 -------- d-----w- c:\program files\Logitech Gaming Software
2014-09-07 12:38 . 2014-09-07 12:38 -------- d-----w- c:\programdata\Package Cache
2014-09-07 12:04 . 2014-09-07 17:04 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-07 12:04 . 2014-09-07 12:04 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-07 12:04 . 2014-09-07 12:04 -------- d-----w- c:\programdata\Malwarebytes
2014-09-07 12:04 . 2014-05-12 06:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-07 12:04 . 2014-05-12 06:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-07 12:04 . 2014-05-12 06:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-07 12:00 . 2014-09-07 12:01 -------- d-----w- c:\program files\CCleaner
2014-09-07 11:53 . 2012-07-09 13:54 106832 ----a-w- c:\windows\system32\drivers\DKTLFSMF.sys
2014-09-07 11:53 . 2012-04-05 01:32 40752 ----a-w- c:\windows\system32\drivers\DKDFM.sys
2014-09-07 11:53 . 2012-06-18 18:14 52048 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys
2014-09-07 11:53 . 2014-09-07 19:07 -------- dc----w- c:\windows\system32\DRVSTORE
2014-09-07 11:53 . 2014-09-07 11:53 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2014-09-07 11:53 . 2014-09-07 11:53 -------- d-----w- c:\programdata\Condusiv Technologies
2014-09-07 11:52 . 2014-09-07 11:52 -------- d-----w- c:\program files\Condusiv Technologies
2014-09-07 11:40 . 2014-09-07 11:40 687 ----a-w- C:\awh285E.tmp
2014-09-07 11:11 . 2014-09-07 11:12 25 ----a-w- c:\windows\Svchost.exe.tmp
2014-09-07 10:54 . 2014-09-07 10:54 -------- d-----w- c:\programdata\ESET
2014-09-07 10:54 . 2014-09-07 10:54 -------- d-----w- c:\program files\ESET
2014-09-07 10:18 . 2014-09-07 10:18 -------- d-----w- c:\program files (x86)\StartIsBack
2014-09-07 10:13 . 2014-09-07 10:13 -------- d-----w- c:\program files\WinRAR
2014-09-07 10:08 . 2014-09-07 10:08 -------- d-----w- c:\program files (x86)\Google
2014-09-07 09:30 . 2014-09-07 09:30 -------- d-----w- c:\programdata\Atheros
2014-09-07 09:28 . 2014-09-07 09:28 -------- d-----w- c:\programdata\eBay
2014-09-07 09:17 . 2014-09-07 09:19 -------- d-----w- c:\users\DefaultAppPool
2014-09-07 09:17 . 2014-09-07 09:19 -------- d-----w- c:\users\.NET v2.0
2014-09-07 09:17 . 2014-09-07 09:19 -------- d-----w- c:\users\.NET v2.0 Classic
2014-09-07 09:17 . 2014-09-07 23:02 -------- d-----w- c:\users\Han
2014-09-07 09:17 . 2014-09-07 09:19 -------- d-----w- c:\users\Classic .NET AppPool
2014-09-07 09:17 . 2014-09-07 09:19 -------- d-----w- c:\users\Test
2014-09-07 08:40 . 2014-09-07 16:29 -------- d-----w- C:\$SysReset
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-30 18:11 . 2014-07-30 18:11 832648 ----a-w- c:\windows\apppatch\apppatch64\EMET64.dll
2014-07-30 18:11 . 2014-07-30 18:11 761480 ----a-w- c:\windows\apppatch\EMET.dll
2014-07-02 20:48 . 2012-11-06 01:58 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2012-11-06 01:58 846832 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-07-02 20:48 . 2012-11-06 01:58 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2012-11-06 01:58 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2012-11-06 01:58 17555104 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-07-02 20:48 . 2012-11-06 01:58 166568 ----a-w- c:\windows\system32\nvinitx.dll
2014-07-02 20:48 . 2012-11-06 01:58 146480 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-07-02 20:48 . 2012-11-06 01:58 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 18:55 . 2012-11-06 01:59 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2012-11-06 01:59 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2012-11-06 01:59 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2012-11-06 01:59 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2014-07-02 18:55 . 2012-11-06 01:59 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2012-11-06 01:59 618440 ----a-w- c:\windows\SysWow64\oemdspif.dll
2014-07-02 18:55 . 2012-11-06 01:59 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 18:55 . 2012-11-06 01:59 2559960 ----a-w- c:\windows\system32\nvsvcr.dll
2014-07-02 18:55 . 2012-11-06 01:59 1084704 ----a-w- c:\windows\system32\nv3dappshext.dll
2014-07-02 10:14 . 2012-11-06 01:59 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[7] 2013-07-13 . 328803BFFA520E19D794F6FD523A9562 . 67584 . . [6.2.9200.20774] .. c:\windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.2.9200.20774_none_cf5db3323da8ff2e\cryptsvc.dll
[7] 2013-07-13 . 5CE2742F063731EC10C1B2EE386A2C08 . 68096 . . [6.2.9200.16666] .. c:\windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.2.9200.16666_none_cee0e6e724817621\cryptsvc.dll
[7] 2013-04-23 . 465EBA0941A360F2815F495C886EE199 . 67584 . . [6.2.9200.20696] .. c:\windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.2.9200.20699_none_cf4d12e63db4b89c\cryptsvc.dll
[7] 2013-04-23 . AFA426B0E7975CEB21F8B6711EFA8945 . 68096 . . [6.2.9200.16592] .. c:\windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.2.9200.16595_none_cebf74f3249ab376\cryptsvc.dll
[7] 2012-07-26 . F0E78B119D12BA81F163D48C0FF30B9A . 67584 . . [6.2.9200.16384] .. c:\windows\erdnt\cache64\cryptsvc.dll
[7] 2012-07-26 . F0E78B119D12BA81F163D48C0FF30B9A . 67584 . . [6.2.9200.16384] .. c:\windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.2.9200.16384_none_cec940c9249383e0\cryptsvc.dll
[7] 2012-07-26 . F0E78B119D12BA81F163D48C0FF30B9A . 67584 . . [6.2.9200.16384] .. c:\windows\system32\cryptsvc.dll
.
.
.
.
c:\windows\system32\cngaudit.dll ... is missing !!
c:\windows\SysWow64\cryptsvc.dll ... is missing !!
c:\windows\SysWow64\eventlog.dll ... is missing !!
c:\windows\SysWow64\sfcfiles.dll ... is missing !!
c:\windows\SysWow64\drivers\ipsec.sys ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\users\Han\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"wuapp"="c:\users\Han\AppData\Roaming\Microsoft\Windows\IEUpdate\wuapp.exe" [2012-07-26 134144]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wuapp"="c:\users\Han\AppData\Roaming\Microsoft\Windows\IEUpdate\wuapp.exe" [2012-07-26 134144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332STI.EXE" [2012-03-20 548864]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-07-26 508656]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-19 217088]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"MuteSync"="c:\program files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe" [2012-02-04 343040]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-08-01 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wuapp.lnk - c:\users\Han\AppData\Roaming\Microsoft\Windows\IEUpdate\wuapp.exe [2012-7-26 134144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
@="Enhanced Storage Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
@="SDA Standard Compliant SD Host Controller"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
R0 acpiex;Microsoft ACPIEx Driver;c:\windows\System32\Drivers\acpiex.sys [26/07/2012 03:25 77040]
R0 CLFS;Common Log (CLFS);c:\windows\System32\Drivers\clfs.sys [26/07/2012 03:29 361200]
R0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [26/07/2012 03:26 562400]
R0 DKDFM;Device Filter Manager Driver;c:\windows\System32\Drivers\DKDFM.sys [07/09/2014 12:53 40752]
R0 DKTLFSMF;Telemetry File System Mini Filter Driver;c:\windows\System32\Drivers\DKTLFSMF.sys [07/09/2014 12:53 106832]
R0 edevmon;edevmon;c:\windows\System32\Drivers\edevmon.sys [17/09/2013 14:17 239296]
R0 EhStorClass;Enhanced Storage Filter Driver;c:\windows\System32\Drivers\EhStorClass.sys [26/07/2012 03:26 81136]
R0 epfwwfp;epfwwfp;c:\windows\System32\Drivers\epfwwfp.sys [17/09/2013 14:17 62136]
R0 FileInfo;File Information FS MiniFilter;c:\windows\System32\Drivers\fileinfo.sys [26/07/2012 03:28 71920]
R0 fvevol;BitLocker Drive Encryption Filter Driver;c:\windows\System32\Drivers\fvevol.sys [26/07/2012 03:26 465136]
R0 iaStorA;iaStorA;c:\windows\System32\Drivers\iaStorA.sys [06/11/2012 02:54 645952]
R0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [26/07/2012 03:25 172272]
R0 LHDmgr;LHDmgr;c:\windows\System32\Drivers\LhdX64.sys [06/11/2012 03:33 39008]
R0 msisadrv;msisadrv;c:\windows\System32\Drivers\msisadrv.sys [26/07/2012 03:28 17136]
R0 nvpciflt;nvpciflt;c:\windows\System32\Drivers\nvpciflt.sys [07/09/2014 19:19 32544]
R0 pcw;Performance Counters for Windows Driver;c:\windows\System32\Drivers\pcw.sys [26/07/2012 03:28 52464]
R0 pdc;pdc;c:\windows\System32\Drivers\pdc.sys [26/07/2012 03:28 68848]
R0 rdyboost;ReadyBoost;c:\windows\System32\Drivers\rdyboost.sys [26/07/2012 03:28 217328]
R0 spaceport;Storage Spaces Driver;c:\windows\System32\Drivers\spaceport.sys [26/07/2012 03:28 283888]
R0 vdrvroot;Microsoft Virtual Drive Enumerator;c:\windows\System32\Drivers\vdrvroot.sys [26/07/2012 03:27 36080]
R0 volmgr;Volume Manager Driver;c:\windows\System32\Drivers\volmgr.sys [26/07/2012 03:29 83184]
R0 volmgrx;Dynamic Volume Manager;c:\windows\System32\Drivers\volmgrx.sys [26/07/2012 03:30 378608]
R0 WFPLWFS;Microsoft Windows Filtering Platform;c:\windows\System32\Drivers\wfplwfs.sys [26/07/2012 03:23 96496]
R1 BasicDisplay;BasicDisplay;c:\windows\System32\Drivers\BasicDisplay.sys [26/07/2012 03:29 48640]
R1 BasicRender;BasicRender;c:\windows\System32\Drivers\BasicRender.sys [26/07/2012 03:28 29696]
R1 Dfsc;DFS Namespace Client Driver;c:\windows\System32\Drivers\dfsc.sys [26/07/2012 03:26 118784]
R1 discache;System Attribute Cache;c:\windows\System32\Drivers\discache.sys [26/07/2012 03:28 50688]
R1 eamonm;eamonm;c:\windows\System32\Drivers\eamonm.sys [17/09/2013 14:17 239320]
R1 ehdrv;ehdrv;c:\windows\System32\Drivers\ehdrv.sys [17/09/2013 14:17 168256]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\System32\Drivers\EpfwLWF.sys [17/09/2013 14:17 44120]
R1 npsvctrig;Named pipe service trigger provider;c:\windows\System32\Drivers\npsvctrig.sys [26/07/2012 03:27 23552]
R1 nsiproxy;NSI Proxy Service Driver;c:\windows\System32\Drivers\nsiproxy.sys [26/07/2012 06:26 34304]
R1 tdx;NetIO Legacy TDI Support Driver;c:\windows\System32\Drivers\tdx.sys [26/07/2012 06:26 117248]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\System32\Drivers\wanarp.sys [26/07/2012 03:23 83456]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\AdminService.exe [20/08/2012 06:55 211584]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
R2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [26/07/2012 01:00 30208]
R2 BrokerInfrastructure;Background Tasks Infrastructure Service;c:\windows\system32\svchost.exe -k DcomLaunch [26/07/2012 01:00 30208]
R2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [26/07/2012 01:00 30208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [24/02/2014 16:27 1343408]
R2 EMET_Service;Microsoft EMET Service;c:\program files (x86)\EMET 5.0\EMET_Service.exe [30/07/2014 19:11 31880]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalService [26/07/2012 01:00 30208]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [06/11/2012 03:13 2451456]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [26/07/2012 01:00 30208]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [20/04/2012 23:16 635104]
R2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [06/11/2012 02:54 128896]
R2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe -k NetSvcs [26/07/2012 01:00 30208]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [06/11/2012 02:54 165760]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\System32\Drivers\lltdio.sys [26/07/2012 03:24 60416]
R2 LSM;Local Session Manager;c:\windows\system32\svchost.exe -k DcomLaunch [26/07/2012 01:00 30208]
R2 luafv;UAC File Virtualization;c:\windows\System32\Drivers\luafv.sys [26/07/2012 03:29 134144]
R2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [26/07/2012 01:00 30208]
R2 NativeWifiP;NativeWiFi Filter;c:\windows\System32\Drivers\nwifi.sys [26/07/2012 03:25 427520]
R2 Ndu;Windows Network Data Usage Monitoring Driver;c:\windows\System32\Drivers\Ndu.sys [26/07/2012 03:23 97792]
R2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe -k NetworkService [26/07/2012 01:00 30208]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [16/07/2012 09:49 69640]
R2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe -k LocalService [26/07/2012 01:00 30208]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [07/09/2014 19:25 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [07/09/2014 19:27 18956064]
R2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
R2 PEAUTH;PEAUTH;c:\windows\System32\Drivers\PEAuth.sys [26/07/2012 03:24 804864]
R2 Power;Power;c:\windows\system32\svchost.exe -k DcomLaunch [26/07/2012 01:00 30208]
R2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe -k netsvcs [26/07/2012 01:00 30208]
R2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe -k RPCSS [26/07/2012 01:00 30208]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [07/09/2014 15:11 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [07/09/2014 15:11 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [07/09/2014 15:11 171928]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\System32\Drivers\tcpipreg.sys [26/07/2012 03:23 45056]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [06/11/2012 02:53 364416]
R2 Wcmsvc;Windows Connection Manager;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [26/07/2012 01:00 30208]
R2 WlanSvc;WLAN AutoConfig;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [20/08/2012 06:13 323584]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\Drivers\AcpiVpc.sys [15/05/2012 18:22 33560]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe -k netsvcs [26/07/2012 01:00 30208]
R3 bowser;Browser Support Driver;c:\windows\System32\Drivers\bowser.sys [26/07/2012 03:28 101888]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\Drivers\btath_bus.sys [06/11/2012 03:05 33944]
R3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\System32\Drivers\CompositeBus.sys [26/07/2012 03:28 36352]
R3 condrv;Console Driver;c:\windows\System32\Drivers\condrv.sys [26/07/2012 06:26 33792]
R3 DeviceAssociationService;Device Association Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
R3 DKRtWrt;DKRtWrt;c:\windows\System32\Drivers\DKRtWrt.sys [07/09/2014 12:53 52048]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\Drivers\dxgkrnl.sys [26/07/2012 03:26 1448688]
R3 IntcDAud;Intel® Display Audio;c:\windows\System32\Drivers\IntcDAud.sys [22/08/2012 09:13 342528]
R3 kdnic;Microsoft Kernel Debug Network Miniport (NDIS 6.20);c:\windows\System32\Drivers\kdnic.sys [26/07/2012 03:27 18432]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\System32\Drivers\LGBusEnum.sys [24/11/2009 01:37 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\System32\Drivers\LGSHidFilt.Sys [30/05/2013 16:16 64280]
R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\System32\Drivers\monitor.sys [26/07/2012 03:24 30720]
R3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\System32\Drivers\mpsdrv.sys [26/07/2012 03:23 74752]
R3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\System32\Drivers\mrxsmb10.sys [26/07/2012 03:23 279552]
R3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\System32\Drivers\mrxsmb20.sys [26/07/2012 03:27 214016]
R3 mshidumdf;Pass-through HID to UMDF Driver;c:\windows\System32\Drivers\mshidumdf.sys [26/07/2012 03:29 10752]
R3 netprofm;Network List Service;c:\windows\System32\svchost.exe -k LocalService [26/07/2012 01:00 30208]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [07/09/2014 19:27 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\System32\Drivers\nvvad64v.sys [07/09/2014 19:19 40392]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\System32\Drivers\agilevpn.sys [26/07/2012 03:23 68608]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\System32\Drivers\rdpbus.sys [26/07/2012 03:28 22528]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [06/11/2012 03:13 315536]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\System32\Drivers\Rt630x64.sys [06/11/2012 03:16 683664]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\Drivers\Smb_driver_Intel.sys [22/08/2012 09:17 43832]
R3 srv2;Server SMB 2.xxx Driver;c:\windows\System32\Drivers\srv2.sys [26/07/2012 03:25 619520]
R3 srvnet;srvnet;c:\windows\System32\Drivers\srvnet.sys [26/07/2012 03:23 248832]
R3 SystemEventsBroker;System Events Broker;c:\windows\system32\svchost.exe -k netsvcs [26/07/2012 01:00 30208]
R3 TimeBroker;Time Broker;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [26/07/2012 01:00 30208]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\System32\Drivers\tunnel.sys [26/07/2012 03:23 149504]
R3 UCX01000;USB Controller Extension;c:\windows\System32\Drivers\UCX01000.SYS [26/07/2012 03:26 212208]
R3 umbus;UMBus Enumerator Driver;c:\windows\System32\Drivers\umbus.sys [26/07/2012 03:27 48128]
R3 USBHUB3;SuperSpeed Hub;c:\windows\System32\Drivers\USBHUB3.SYS [26/07/2012 03:25 445168]
R3 USBXHCI;USB xHCI Compliant Host Controller;c:\windows\System32\Drivers\USBXHCI.SYS [26/07/2012 03:25 337136]
R3 vm332avs;Lenovo Camera2;c:\windows\System32\Drivers\vm332avs.sys [06/11/2012 03:14 981112]
R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\Drivers\vwifibus.sys [26/07/2012 03:27 24064]
R3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe -k LocalService [26/07/2012 01:00 30208]
R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\System32\Drivers\WUDFRd.sys [26/07/2012 03:26 198656]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\Drivers\hwpolicy.sys [26/07/2012 03:29 24816]
S1 dam;Desktop Activity Moderator Driver;c:\windows\System32\Drivers\dam.sys [26/07/2012 03:29 55024]
S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe -k netsvcs [26/07/2012 01:00 30208]
S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe -k netsvcs [26/07/2012 01:00 30208]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [03/04/2014 20:21 315008]
S2 sppsvc;Software Protection;c:\windows\System32\sppsvc.exe [26/07/2012 02:35 4881408]
S3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\System32\Drivers\1394ohci.sys [26/07/2012 03:26 226304]
S3 3ware;3ware;c:\windows\System32\Drivers\3ware.sys [25/07/2012 21:22 106736]
S3 acpipagr;ACPI Processor Aggregator Driver;c:\windows\System32\Drivers\acpipagr.sys [26/07/2012 03:27 10240]
S3 AcpiPmi;ACPI Power Meter Driver;c:\windows\System32\Drivers\acpipmi.sys [26/07/2012 03:27 12288]
S3 acpitime;ACPI Wake Alarm Driver;c:\windows\System32\Drivers\acpitime.sys [26/07/2012 03:27 10752]
S3 adp94xx;adp94xx;c:\windows\System32\Drivers\adp94xx.sys [02/06/2012 15:32 492272]
S3 adpahci;adpahci;c:\windows\System32\Drivers\adpahci.sys [25/07/2012 21:37 340720]
S3 AllUserInstallAgent;Windows All-User Install Agent;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
S3 amdsata;amdsata;c:\windows\System32\Drivers\amdsata.sys [24/06/2012 00:24 76016]
S3 amdsbs;amdsbs;c:\windows\System32\Drivers\amdsbs.sys [02/06/2012 15:33 258288]
S3 amdxata;amdxata;c:\windows\System32\Drivers\amdxata.sys [25/07/2012 21:37 26352]
S3 AppID;AppID Driver;c:\windows\System32\Drivers\appid.sys [26/07/2012 03:25 79360]
S3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [26/07/2012 01:00 30208]
S3 arcsas;Adaptec SAS/SATA-II RAID Windows Inbox Miniport Driver;c:\windows\System32\Drivers\arcsas.sys [25/07/2012 21:37 108272]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\System32\Drivers\btath_flt.sys [06/11/2012 03:05 88728]
S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\System32\Drivers\bxvbda.sys [24/06/2012 00:24 539376]
S3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe -k netsvcs [26/07/2012 01:00 30208]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\System32\Drivers\btath_a2dp.sys [06/11/2012 03:05 344216]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\System32\Drivers\btath_avdt.sys [06/11/2012 03:05 114840]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\Drivers\btath_hcrp.sys [06/11/2012 03:05 178840]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\System32\Drivers\btath_lwflt.sys [06/11/2012 03:05 76952]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\Drivers\btath_rcp.sys [06/11/2012 03:05 135832]
S3 BtFilter;BtFilter;c:\windows\System32\Drivers\btfilter.sys [06/11/2012 03:05 567808]
S3 BthAvrcpTg;Bluetooth Audio/Video Remote Control HID;c:\windows\System32\Drivers\BthAvrcpTg.sys [26/07/2012 03:28 31104]
S3 BthHFEnum;Bluetooth Hands-Free Audio and Call Control HID Enumerator;c:\windows\System32\Drivers\bthhfenum.sys [26/07/2012 03:26 51200]
S3 bthhfhid;Bluetooth Hands-Free Call Control HID;c:\windows\System32\Drivers\BthhfHid.sys [26/07/2012 03:27 29952]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\System32\Drivers\BthLEEnum.sys [26/07/2012 03:25 202752]
S3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe -k netsvcs [26/07/2012 01:00 30208]
S3 circlass;Consumer IR Devices;c:\windows\System32\Drivers\circlass.sys [26/07/2012 03:27 45056]
S3 defragsvc;Optimize drives;c:\windows\system32\svchost.exe -k defragsvc [26/07/2012 01:00 30208]
S3 DeviceInstall;Device Install Service;c:\windows\system32\svchost.exe -k DcomLaunch [26/07/2012 01:00 30208]
S3 dmvsc;dmvsc;c:\windows\System32\Drivers\dmvsc.sys [26/07/2012 03:25 33280]
S3 DsmSvc;Device Setup Manager;c:\windows\system32\svchost.exe -k netsvcs [26/07/2012 01:00 30208]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\System32\Drivers\evbda.sys [24/06/2012 00:24 3295984]
S3 EhStorTcgDrv;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols;c:\windows\System32\Drivers\EhStorTcgDrv.sys [26/07/2012 03:25 113904]
S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe -k LocalService [26/07/2012 01:00 30208]
S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [26/07/2012 01:00 30208]
S3 fhsvc;File History Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
S3 Filetrace;Filetrace;c:\windows\System32\Drivers\filetrace.sys [26/07/2012 03:29 34816]
S3 FsDepends;File System Dependency Minifilter;c:\windows\System32\Drivers\fsdepends.sys [26/07/2012 03:29 57584]
S3 FxPPM;Power Framework Processor Driver;c:\windows\System32\Drivers\fxppm.sys [26/07/2012 03:27 22528]
S3 gencounter;Microsoft Hyper-V Generation Counter;c:\windows\System32\Drivers\vmgencounter.sys [26/07/2012 03:27 12288]
S3 GPIOClx0101;Microsoft GPIO Class Extension Driver;c:\windows\System32\Drivers\msgpioclx.sys [26/07/2012 03:26 120048]
S3 hidi2c;Microsoft I2C HID Miniport Driver;c:\windows\System32\Drivers\hidi2c.sys [26/07/2012 03:25 38400]
S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [26/07/2012 01:00 30208]
S3 HpSAMD;HpSAMD;c:\windows\System32\Drivers\HpSAMD.sys [25/07/2012 21:22 64752]
S3 hyperkbd;hyperkbd;c:\windows\System32\Drivers\hyperkbd.sys [26/07/2012 03:27 11776]
S3 HyperVideo;HyperVideo;c:\windows\System32\Drivers\HyperVideo.sys [26/07/2012 03:29 24576]
S3 iaStorV;Intel RAID Controller Windows 7;c:\windows\System32\Drivers\iaStorV.sys [02/06/2012 15:32 411888]
S3 IPMIDRV;IPMIDRV;c:\windows\System32\Drivers\IPMIDrv.sys [26/07/2012 03:28 78336]
S3 iScsiPrt;iScsiPort Driver;c:\windows\System32\Drivers\msiscsi.sys [26/07/2012 03:23 277744]
S3 KeyIso;CNG Key Isolation;c:\windows\System32\lsass.exe [26/07/2012 06:26 35840]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [26/07/2012 01:00 30208]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe -k LocalService [26/07/2012 01:00 30208]
S3 LSI_SAS;LSI_SAS;c:\windows\System32\Drivers\lsi_sas.sys [25/07/2012 21:22 108784]
S3 LSI_SAS2;LSI_SAS2;c:\windows\System32\Drivers\lsi_sas2.sys [25/07/2012 21:22 92400]
S3 LSI_SCSI;LSI_SCSI;c:\windows\System32\Drivers\lsi_scsi.sys [25/07/2012 21:22 116976]
S3 LSI_SSS;LSI_SSS;c:\windows\System32\Drivers\lsi_sss.sys [25/07/2012 21:22 81136]
S3 megasas;megasas;c:\windows\System32\Drivers\megasas.sys [02/06/2012 15:32 51952]
S3 MsBridge;Microsoft MAC Bridge;c:\windows\System32\Drivers\bridge.sys [26/07/2012 03:23 129536]
S3 msgpiowin32;GPIO Buttons Driver;c:\windows\System32\Drivers\msgpiowin32.sys [26/07/2012 03:26 28400]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\Drivers\mshidkmdf.sys [26/07/2012 03:29 8704]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe -k netsvcs [26/07/2012 01:00 30208]
S3 MsLldp;Microsoft Link-Layer Discovery Protocol;c:\windows\System32\Drivers\mslldp.sys [26/07/2012 03:23 68608]
S3 MsRPC;MsRPC;c:\windows\System32\Drivers\msrpc.sys [26/07/2012 06:26 390896]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\System32\Drivers\MTConfig.sys [26/07/2012 03:26 14848]
S3 mvumis;mvumis;c:\windows\System32\Drivers\mvumis.sys [02/06/2012 15:32 64240]
S3 NcaSvc;Network Connectivity Assistant;c:\windows\System32\svchost.exe -k NetSvcs [26/07/2012 01:00 30208]
S3 NcdAutoSetup;Network Connected Devices Auto-Setup;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [26/07/2012 01:00 30208]
S3 NdisCap;Microsoft NDIS Capture;c:\windows\System32\Drivers\ndiscap.sys [26/07/2012 03:27 46592]
S3 NdisImPlatform;Microsoft Network Adapter Multiplexor Protocol;c:\windows\System32\Drivers\NdisImPlatform.sys [26/07/2012 03:25 126464]
S3 NDISWANLEGACY;Remote Access LEGACY NDIS WAN Driver;c:\windows\System32\Drivers\ndiswan.sys [26/07/2012 03:23 174080]
S3 nfrd960;nfrd960;c:\windows\System32\Drivers\nfrd960.sys [25/07/2012 21:37 52464]
S3 nvstor;nvstor;c:\windows\System32\Drivers\nvstor.sys [02/06/2012 15:33 168176]
S3 ose64;Office 64 Source Engine;c:\program files\Common Files\microsoft shared\Source Engine\OSE.EXE [09/01/2010 21:20 174440]
S3 PerfHost;Performance Counter DLL Host;c:\windows\SysWOW64\perfhost.exe [26/07/2012 03:39 20992]
S3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [26/07/2012 01:00 30208]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe -k LocalServicePeerNet [26/07/2012 01:00 30208]
S3 PrintNotify;Printer Extensions and Notifications;c:\windows\system32\svchost.exe -k print [26/07/2012 01:00 30208]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\System32\Drivers\rdpvideominiport.sys [26/07/2012 03:28 27888]
S3 s3cap;s3cap;c:\windows\System32\Drivers\vms3cap.sys [26/07/2012 03:28 7168]
S3 scfilter;Smart card PnP Class Filter Driver;c:\windows\System32\Drivers\scfilter.sys [26/07/2012 03:28 36864]
S3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe -k netsvcs [26/07/2012 01:00 30208]
S3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe -k SDRSVC [26/07/2012 01:00 30208]
S3 sdstor;SD Storage Port Driver;c:\windows\System32\Drivers\sdstor.sys [26/07/2012 03:29 56560]
S3 SensrSvc;Sensor Monitoring Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [26/07/2012 01:00 30208]
S3 SerCx;Serial UART Support Library;c:\windows\System32\Drivers\SerCx.sys [26/07/2012 03:26 62976]
S3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe -k netsvcs [26/07/2012 01:00 30208]
S3 SiSRaid4;SiSRaid4;c:\windows\System32\Drivers\sisraid4.sys [25/07/2012 21:37 81648]
S3 SpbCx;Simple Peripheral Bus Support Library;c:\windows\System32\Drivers\SpbCx.sys [26/07/2012 03:26 59392]
S3 stexstor;stexstor;c:\windows\System32\Drivers\stexstor.sys [25/07/2012 21:22 30960]
S3 storahci;Microsoft Standard SATA AHCI Driver;c:\windows\System32\Drivers\storahci.sys [26/07/2012 03:30 77552]
S3 storflt;Hyper-V Storage Accelerator;c:\windows\System32\Drivers\vmstorfl.sys [26/07/2012 03:25 45160]
S3 StorSvc;Storage Service;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
S3 storvsc;storvsc;c:\windows\System32\Drivers\storvsc.sys [26/07/2012 03:26 37992]
S3 svsvc;Spot Verifier;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
S3 TabletInputService;Touch Keyboard and Handwriting Panel Service;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\System32\Drivers\terminpt.sys [26/07/2012 03:28 36592]
S3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe -k LocalService [26/07/2012 01:00 30208]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [07/09/2014 14:14 98304]
S3 TsUsbFlt;TsUsbFlt;c:\windows\System32\Drivers\TsUsbFlt.sys [26/07/2012 03:25 57344]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\System32\Drivers\TsUsbGD.sys [26/07/2012 03:26 30208]
S3 UASPStor;USB Attached SCSI (UAS) Driver;c:\windows\System32\Drivers\uaspstor.sys [26/07/2012 03:27 97008]
S3 UI0Detect;Interactive Services Detection;c:\windows\System32\UI0Detect.exe [26/07/2012 02:58 40960]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\System32\Drivers\ULIAGPKX.SYS [26/07/2012 03:29 66800]
S3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
S3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\System32\Drivers\usbcir.sys [26/07/2012 03:27 99328]
S3 VaultSvc;Credential Manager;c:\windows\System32\lsass.exe [26/07/2012 06:26 35840]
S3 VerifierExt;VerifierExt;c:\windows\System32\Drivers\VerifierExt.sys [26/07/2012 03:28 106224]
S3 vhdmp;vhdmp;c:\windows\System32\Drivers\vhdmp.sys [26/07/2012 03:25 496368]
S3 vmbus;Virtual Machine Bus;c:\windows\System32\Drivers\vmbus.sys [26/07/2012 03:25 137832]
S3 VMBusHID;VMBusHID;c:\windows\System32\Drivers\VMBusHID.sys [26/07/2012 03:27 22144]
S3 vmicheartbeat;Hyper-V Heartbeat Service;c:\windows\system32\svchost.exe -k ICService [26/07/2012 01:00 30208]
S3 vmickvpexchange;Hyper-V Data Exchange Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
S3 vmicrdv;Hyper-V Remote Desktop Virtualization Service;c:\windows\system32\svchost.exe -k ICService [26/07/2012 01:00 30208]
S3 vmicshutdown;Hyper-V Guest Shutdown Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
S3 vmictimesync;Hyper-V Time Synchronization Service;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [26/07/2012 01:00 30208]
S3 vmicvss;Hyper-V Volume Shadow Copy Requestor;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
S3 vpci;Microsoft Hyper-V Virtual PCI Bus;c:\windows\System32\Drivers\vpci.sys [26/07/2012 03:25 67824]
S3 vsmraid;vsmraid;c:\windows\System32\Drivers\vsmraid.sys [02/06/2012 15:33 164080]
S3 VSTXRAID;VIA StorX Storage Controller Windows Driver;c:\windows\System32\Drivers\VSTXRAID.SYS [25/07/2012 21:37 322800]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\System32\Drivers\wacompen.sys [26/07/2012 03:29 27008]
S3 wbengine;Block Level Backup Engine Service;c:\windows\System32\wbengine.exe [26/07/2012 01:18 1616896]
S3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe -k WbioSvcGroup [26/07/2012 01:00 30208]
S3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [26/07/2012 01:00 30208]
S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [26/07/2012 01:00 30208]
S3 Wd;Microsoft Watchdog Timer Driver;c:\windows\System32\Drivers\wd.sys [26/07/2012 03:30 23792]
S3 WdBoot;Windows Defender Boot Driver;c:\windows\System32\Drivers\WdBoot.sys [26/07/2012 03:28 34216]
S3 WdFilter;Windows Defender Mini-Filter Driver;c:\windows\System32\Drivers\WdFilter.sys [26/07/2012 03:29 258288]
S3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe -k NetworkService [26/07/2012 01:00 30208]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe -k netsvcs [26/07/2012 01:00 30208]
S3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe -k WerSvcGroup [26/07/2012 01:00 30208]
S3 WiaRpc;Still Image Acquisition Events;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
S3 WIMMount;WIMMount;c:\windows\System32\Drivers\wimmount.sys [26/07/2012 03:29 33520]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [26/07/2012 01:00 30208]
S3 wpcfltr;Family Safety Filter Driver;c:\windows\System32\Drivers\wpcfltr.sys [26/07/2012 03:25 45056]
S3 WPCSvc;Family Safety;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [26/07/2012 01:00 30208]
S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [26/07/2012 01:00 30208]
S3 WpdUpFltr;WPD Upper Class Filter Driver;c:\windows\System32\Drivers\WpdUpFltr.sys [26/07/2012 03:27 19968]
S3 WSService;Windows Store Service (WSService);c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [26/07/2012 01:00 30208]
S3 wsvd;wsvd;c:\windows\System32\Drivers\wsvd.sys [06/11/2012 03:32 102376]
S3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [26/07/2012 01:00 30208]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ   PLA
wcssvc REG_MULTI_SZ   WcsPlugInService
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr BthHFSrv QWAVE wcncsvc
DcomLaunch REG_MULTI_SZ   PlugPlay DeviceInstall DcomLaunch
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
msiscsi
schedule
winmgmt
SessionEnv
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
eventsystem
iprip
netman
wzcsvc
ip6fwhlp
WmdmPmSN
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
2012-07-26 03:20 240128 ----a-w- c:\windows\System32\unregmp2.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-07 10:08 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-09 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2014-09-07 17:54]
.
2014-09-09 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS\AutoKMS.exe [2014-09-07 17:54]
.
2014-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-07 10:08]
.
2014-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-07 10:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1SecureIconsProvider]
@="{FC9D8189-520A-4417-AED7-9EAC810C6FBA}"
[HKEY_CLASSES_ROOT\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}]
2014-09-07 11:47 3140096 ----a-w- c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-22 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-22 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-22 440640]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-08-20 764032]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-08-20 127616]
"OnekeyStudio"="c:\program files\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-08-10 4196432]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-11-06 17079376]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-11-06 191568]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-02-24 5581888]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-07-28 10801944]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-05-13 1387376]
"RtHDVBg_LENOVO_DOLBYDRAGON"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-05-13 1387376]
"RtHDVBg_LENOVO_MICPKEY"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-05-13 1387376]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
EapHost
schedule
winmgmt
MMCSS
browser
ProfSvc
SessionEnv
wercplsupport
hkmsvc
BDESVC
wlidsvc
Themes
DsmSvc
NcaSvc
SystemEventsBroker
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalSystemNetworkRestricted
WiaRpc
AllUserInstallAgent
svsvc
StorSvc
fhsvc
DeviceAssociationService
homegrouplistener
vmickvpexchange
vmicshutdown
vmicvss
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
WdiServiceHost
FontCache
bthserv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalServiceNetworkRestricted
AppIDSvc
wcmsvc
homegroupprovider
vmictimesync
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-TBS
SafeBoot-vmms
Toolbar-Locked - (no file)
HKLM-Run-SynLenovoGestureMgr - c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Microsoft\Windows NT\CurrentVersion\Windows]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
@SACL=
@="mnmsrvc"
"Spooler"="yes"
"DeviceNotSelectedTimeout"="15"
"TransmissionRetryTimeout"="90"
"ShutdownWarningDialogTimeout"=dword:ffffffff
"USERProcessHandleQuota"=dword:00002710
"IconServiceLib"="IconCodecService.dll"
"DesktopHeapLogging"=dword:00000001
"DdeSendTimeout"=dword:00000000
"USERPostMessageLimit"=dword:00002710
"USERNestedWindowLimit"=dword:00000032
"NaturalInputHandler"="Ninput.dll"
"ThreadUnresponsiveLogTimeout"=dword:000001f4
"GDIProcessHandleQuota"=dword:00002710
"RequireSignedAppInit_DLLs"=dword:00000001
.
[HKEY_LOCAL_MACHINE\CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
@SACL=
@="mnmsrvc"
"Spooler"="yes"
"DeviceNotSelectedTimeout"="15"
"TransmissionRetryTimeout"="90"
"ShutdownWarningDialogTimeout"=dword:ffffffff
"USERProcessHandleQuota"=dword:00002710
"LoadAppInit_DLLs"=dword:00000001
"IconServiceLib"="IconCodecService.dll"
"DesktopHeapLogging"=dword:00000001
"DdeSendTimeout"=dword:00000000
"USERPostMessageLimit"=dword:00002710
"USERNestedWindowLimit"=dword:00000032
"NaturalInputHandler"="Ninput.dll"
"ThreadUnresponsiveLogTimeout"=dword:000001f4
"GDIProcessHandleQuota"=dword:00002710
"AppInit_DLLs"="c:\\Windows\\SysWOW64\\nvinit.dll c:\\Windows\\SysWOW64\\nvinit.dll"
.
[HKEY_LOCAL_MACHINE\CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-09-09  14:27:24 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-09 13:27
.
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 376,800,485,376 bytes free
.
- - End Of File - - F0C6D06D3D335096AF700F4192521FE6


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 09 September 2014 - 08:59 AM

I see you´re running Windows 8 - didn´t you get a warning that Combofix isn´t compatible to your windows version? :wacko:


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 AngryHan

AngryHan
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 09 September 2014 - 09:04 AM

I see you´re running Windows 8 - didn´t you get a warning that Combofix isn´t compatible to your windows version? :wacko:

To my knowledge, it's only incompatible with 8.1?

 

I didn't run it with Compatability mode either.



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 09 September 2014 - 09:31 AM

It is designed to run on XP/Vista/7, but not on 8.

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 AngryHan

AngryHan
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 09 September 2014 - 11:32 AM

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Han (administrator) on KARLA on 09-09-2014 17:29:26
Running from C:\Users\Han\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.0\EMET_Service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Flux Software LLC) C:\Users\Han\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Users\Han\AppData\Roaming\Microsoft\Windows\IEUpdate\wuapp.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Han\AppData\Roaming\Microsoft\Windows\IEUpdate\wuapp.exe
() C:\Users\Han\AppData\Roaming\Microsoft\Windows\IEUpdate\wuapp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-20] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-20] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-16] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-11-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-11-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5581888 2014-02-24] (ESET)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-04] (Lenovo)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2515162299-54484857-2870992804-1002\...\Run: [f.lux] => C:\Users\Han\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2515162299-54484857-2870992804-1002\...\Run: [wuapp] => C:\Users\Han\AppData\Roaming\Microsoft\Windows\IEUpdate\wuapp.exe [134144 2012-07-26] ()
HKU\S-1-5-21-2515162299-54484857-2870992804-1002\...\RunOnce: [wuapp] => C:\Users\Han\AppData\Roaming\Microsoft\Windows\IEUpdate\wuapp.exe [134144 2012-07-26] ()
HKU\S-1-5-21-2515162299-54484857-2870992804-1002\...\Command Processor: "C:\Users\Han\AppData\Roaming\Microsoft\Windows\IEUpdate\wuapp.exe" <===== ATTENTION!
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wuapp.lnk
ShortcutTarget: wuapp.lnk -> C:\Users\Han\AppData\Roaming\Microsoft\Windows\IEUpdate\wuapp.exe ()
ShellIconOverlayIdentifiers: 1SecureIconsProvider -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {6EB2D4EB-67A9-4517-A528-87D6AC562F81} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {6EB2D4EB-67A9-4517-A528-87D6AC562F81} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-09-07]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default -> "chrome-extension://hibkhcnpkakjniplpfblaoikiggkopka/html/fauxbar.html#newTab"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Han\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Han\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07]
CHR Extension: (Adblock Plus) - C:\Users\Han\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-07]
CHR Extension: (Dark Vibe) - C:\Users\Han\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2014-09-07]
CHR Extension: (Proxy SwitchySharp) - C:\Users\Han\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2014-09-07]
CHR Extension: (AdBlock) - C:\Users\Han\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-07]
CHR Extension: (Hola Better Internet) - C:\Users\Han\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-07]
CHR Extension: (Fauxbar) - C:\Users\Han\AppData\Local\Google\Chrome\User Data\Default\Extensions\hibkhcnpkakjniplpfblaoikiggkopka [2014-09-07]
CHR Extension: (Tabs to the front!) - C:\Users\Han\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla [2014-09-07]
CHR Extension: (imgur Uploader) - C:\Users\Han\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcpkicdemehhmkjolekhlglljnkggfcf [2014-09-07]
CHR Extension: (Ghostery) - C:\Users\Han\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-09-07]
CHR Extension: (Google Wallet) - C:\Users\Han\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-07]
CHR Extension: (Better History) - C:\Users\Han\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2014-09-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-20] (Qualcomm Atheros Commnucations)
R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2721656 2012-07-27] (Condusiv Technologies)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.0\EMET_Service.exe [31880 2014-07-30] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-20] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [30208 2012-07-26] (Microsoft Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-20] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [40752 2012-04-05] (Condusiv Technologies)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52048 2012-06-18] (Condusiv Technologies)
R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [106832 2012-07-09] (Condusiv Technologies)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
U5 ProtectedStorage; C:\Windows\system32\lsass.exe [35840 2012-07-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVCx32: eventsystem -> C:\Windows\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: iprip -> No ServiceDLL Path.
NETSVCx32: netman -> C:\Windows\SysWOW64\netman.dll ==> No File.
NETSVCx32: wzcsvc -> No ServiceDLL Path.
NETSVCx32: ip6fwhlp -> No ServiceDLL Path.
NETSVCx32: WmdmPmSN -> No ServiceDLL Path.
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-09 17:29 - 2014-09-09 17:30 - 00021757 _____ () C:\Users\Han\Downloads\FRST.txt
2014-09-09 17:29 - 2014-09-09 17:29 - 00000000 ____D () C:\FRST
2014-09-09 17:28 - 2014-09-09 17:29 - 02105344 _____ (Farbar) C:\Users\Han\Downloads\FRST64.exe
2014-09-09 17:25 - 2014-09-09 17:25 - 00000117 _____ () C:\WINDOWS\system32\netcfg-11993953.txt
2014-09-09 17:25 - 2014-09-09 17:25 - 00000117 _____ () C:\WINDOWS\system32\netcfg-11993703.txt
2014-09-09 15:47 - 2014-09-09 15:47 - 00000117 _____ () C:\WINDOWS\system32\netcfg-6119890.txt
2014-09-09 15:47 - 2014-09-09 15:47 - 00000117 _____ () C:\WINDOWS\system32\netcfg-6119843.txt
2014-09-09 14:27 - 2014-09-09 14:27 - 00059290 _____ () C:\ComboFix.txt
2014-09-09 14:07 - 2014-09-09 14:07 - 00000117 _____ () C:\WINDOWS\system32\netcfg-99250.txt
2014-09-09 14:07 - 2014-09-09 14:07 - 00000117 _____ () C:\WINDOWS\system32\netcfg-101109.txt
2014-09-09 14:06 - 2014-09-09 14:06 - 00318888 _____ () C:\WINDOWS\Minidump\090914-66468-01.dmp
2014-09-09 13:59 - 2014-09-09 13:59 - 00000000 ____D () C:\Device
2014-09-09 13:31 - 2014-09-09 13:31 - 00000117 _____ () C:\WINDOWS\system32\netcfg-68046734.txt
2014-09-09 13:31 - 2014-09-09 13:31 - 00000117 _____ () C:\WINDOWS\system32\netcfg-68043687.txt
2014-09-09 13:31 - 2014-09-09 13:31 - 00000092 _____ () C:\WINDOWS\system32\netcfg-68046890.txt
2014-09-09 13:27 - 2014-09-09 13:27 - 00000117 _____ () C:\WINDOWS\system32\netcfg-67859750.txt
2014-09-09 13:24 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-09-09 13:24 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-09-09 13:24 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-09-09 13:24 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-09-09 13:24 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-09-09 13:24 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-09-09 13:24 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-09-09 13:24 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-09-09 13:24 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-09-09 13:20 - 2014-09-09 14:27 - 00000000 ____D () C:\Qoobox
2014-09-09 13:19 - 2014-09-09 14:22 - 00000000 ____D () C:\WINDOWS\erdnt
2014-09-09 12:45 - 2014-09-09 12:45 - 04161313 _____ () C:\Users\Han\Downloads\tdsskiller.zip
2014-09-09 00:45 - 2014-09-09 00:45 - 00000117 _____ () C:\WINDOWS\system32\netcfg-22089234.txt
2014-09-09 00:45 - 2014-09-09 00:45 - 00000117 _____ () C:\WINDOWS\system32\netcfg-22088812.txt
2014-09-08 19:25 - 2014-09-08 19:25 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-08 19:03 - 2014-09-08 19:03 - 00000000 ____D () C:\ProgramData\Sun
2014-09-08 19:03 - 2014-09-08 19:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-08 19:03 - 2014-09-08 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-08 19:03 - 2014-09-08 19:02 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-09-08 19:02 - 2014-09-08 19:02 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-09-08 19:02 - 2014-09-08 19:02 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-09-08 19:02 - 2014-09-08 19:02 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-09-08 19:02 - 2014-09-08 19:02 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-08 18:55 - 2014-09-08 18:55 - 00918440 _____ (Oracle Corporation) C:\Users\Han\Downloads\chromeinstall-7u67.exe
2014-09-08 18:38 - 2014-09-08 18:38 - 00000117 _____ () C:\WINDOWS\system32\netcfg-90828.txt
2014-09-08 18:36 - 2014-09-08 18:36 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1508468.txt
2014-09-08 18:17 - 2014-09-09 14:06 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-08 18:17 - 2014-09-08 18:17 - 00302496 _____ () C:\WINDOWS\Minidump\090814-345687-01.dmp
2014-09-08 18:12 - 2014-09-09 14:06 - 808414054 _____ () C:\WINDOWS\MEMORY.DMP
2014-09-08 18:07 - 2014-09-08 18:07 - 00001719 _____ () C:\Users\Han\Desktop\ark.txt
2014-09-08 17:59 - 2014-09-08 17:59 - 00380416 _____ () C:\Users\Han\Downloads\slhdmoho.exe
2014-09-08 11:49 - 2014-09-08 11:49 - 00000117 _____ () C:\WINDOWS\system32\netcfg-57580015.txt
2014-09-08 08:48 - 2014-09-08 08:48 - 00000117 _____ () C:\WINDOWS\system32\netcfg-46689187.txt
2014-09-08 00:15 - 2014-09-08 00:15 - 00000000 ____D () C:\Users\Han\AppData\Local\Blizzard
2014-09-08 00:02 - 2014-09-08 00:02 - 00000000 ____D () C:\Users\Han\AppData\Roaming\NVIDIA
2014-09-08 00:01 - 2014-09-08 15:58 - 00000000 ____D () C:\Users\Han\AppData\Local\Battle.net
2014-09-08 00:01 - 2014-09-08 00:02 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Battle.net
2014-09-08 00:01 - 2014-09-08 00:01 - 00000000 ____D () C:\Users\Han\AppData\Local\Blizzard Entertainment
2014-09-08 00:01 - 2014-09-08 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-09-08 00:01 - 2014-09-08 00:01 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-09-08 00:01 - 2014-09-08 00:01 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-07 23:59 - 2014-09-07 23:59 - 02907552 _____ (Blizzard Entertainment) C:\Users\Han\Downloads\Battle.net-Setup-enGB.exe
2014-09-07 23:59 - 2014-09-07 23:59 - 00000000 ____D () C:\ProgramData\Battle.net
2014-09-07 23:52 - 2014-09-07 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2014-09-07 23:52 - 2014-09-07 23:52 - 00000000 ____D () C:\Program Files (x86)\AutoHotkey
2014-09-07 23:51 - 2014-09-07 23:51 - 02047357 _____ () C:\Users\Han\Downloads\AutoHotkey104805_Install.exe
2014-09-07 22:06 - 2014-09-07 22:06 - 01674864 _____ () C:\Users\Han\Downloads\HoxHud P6.1 Manual install.7z
2014-09-07 22:05 - 2014-09-07 22:03 - 00634880 _____ () C:\Users\Han\AppData\Roaming\i3qGM3g.exe
2014-09-07 21:44 - 2014-09-07 21:45 - 00000000 ____D () C:\Users\Han\AppData\Local\PAYDAY 2
2014-09-07 21:44 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2014-09-07 21:44 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2014-09-07 21:44 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2014-09-07 21:44 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2014-09-07 21:44 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2014-09-07 21:44 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2014-09-07 21:44 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2014-09-07 21:44 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2014-09-07 21:44 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2014-09-07 21:44 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2014-09-07 21:44 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2014-09-07 21:44 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2014-09-07 21:44 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2014-09-07 21:44 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2014-09-07 21:44 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2014-09-07 21:44 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2014-09-07 21:44 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2014-09-07 21:44 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2014-09-07 21:44 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2014-09-07 21:44 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2014-09-07 21:44 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2014-09-07 21:44 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2014-09-07 21:44 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2014-09-07 21:44 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2014-09-07 21:44 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2014-09-07 21:44 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2014-09-07 21:44 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2014-09-07 21:44 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2014-09-07 21:44 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2014-09-07 21:44 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2014-09-07 21:44 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2014-09-07 21:44 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2014-09-07 21:44 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2014-09-07 21:44 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2014-09-07 21:44 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2014-09-07 21:44 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2014-09-07 21:44 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2014-09-07 21:44 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2014-09-07 21:44 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2014-09-07 21:44 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2014-09-07 21:44 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2014-09-07 21:44 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2014-09-07 21:44 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2014-09-07 21:44 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2014-09-07 21:44 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2014-09-07 21:44 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2014-09-07 21:43 - 2014-09-08 22:00 - 00027370 _____ () C:\WINDOWS\DirectX.log
2014-09-07 21:43 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2014-09-07 21:43 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2014-09-07 21:43 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2014-09-07 21:43 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2014-09-07 21:43 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2014-09-07 21:43 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2014-09-07 21:43 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2014-09-07 21:43 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2014-09-07 21:43 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2014-09-07 21:43 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2014-09-07 21:43 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2014-09-07 21:43 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2014-09-07 21:43 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2014-09-07 21:43 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2014-09-07 21:43 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2014-09-07 21:43 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2014-09-07 21:43 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2014-09-07 21:43 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2014-09-07 21:43 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2014-09-07 21:43 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2014-09-07 21:43 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2014-09-07 21:43 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2014-09-07 21:43 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2014-09-07 21:43 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2014-09-07 21:43 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2014-09-07 21:43 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2014-09-07 21:43 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2014-09-07 21:43 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2014-09-07 21:43 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2014-09-07 21:43 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2014-09-07 21:43 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2014-09-07 21:43 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2014-09-07 21:43 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2014-09-07 21:43 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2014-09-07 21:43 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2014-09-07 21:43 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2014-09-07 21:43 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2014-09-07 21:43 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2014-09-07 21:43 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2014-09-07 21:43 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2014-09-07 21:43 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2014-09-07 21:43 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2014-09-07 21:43 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2014-09-07 21:43 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2014-09-07 21:43 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2014-09-07 21:43 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2014-09-07 21:43 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2014-09-07 21:43 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2014-09-07 21:43 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2014-09-07 21:43 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2014-09-07 21:43 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2014-09-07 21:43 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2014-09-07 21:43 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2014-09-07 21:43 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2014-09-07 21:43 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2014-09-07 21:43 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2014-09-07 21:43 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2014-09-07 21:43 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2014-09-07 21:43 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2014-09-07 21:43 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2014-09-07 21:43 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2014-09-07 21:43 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2014-09-07 21:43 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2014-09-07 21:43 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2014-09-07 21:43 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2014-09-07 21:43 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2014-09-07 21:43 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2014-09-07 21:43 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2014-09-07 21:43 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2014-09-07 21:43 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2014-09-07 21:43 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2014-09-07 21:43 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2014-09-07 21:43 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2014-09-07 21:43 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2014-09-07 21:43 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2014-09-07 21:43 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2014-09-07 21:43 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2014-09-07 21:43 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2014-09-07 21:43 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2014-09-07 21:43 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2014-09-07 21:43 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2014-09-07 21:43 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2014-09-07 21:43 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2014-09-07 21:43 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2014-09-07 21:43 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2014-09-07 21:43 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2014-09-07 21:43 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2014-09-07 21:43 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2014-09-07 21:43 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2014-09-07 21:43 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2014-09-07 21:43 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2014-09-07 21:43 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2014-09-07 21:43 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2014-09-07 21:43 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2014-09-07 21:43 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2014-09-07 21:43 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2014-09-07 21:43 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2014-09-07 21:43 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2014-09-07 21:43 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2014-09-07 21:43 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2014-09-07 21:43 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2014-09-07 21:43 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2014-09-07 21:43 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2014-09-07 21:43 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2014-09-07 21:43 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2014-09-07 21:43 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2014-09-07 21:43 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2014-09-07 21:43 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2014-09-07 21:43 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2014-09-07 21:43 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2014-09-07 21:43 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2014-09-07 21:43 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2014-09-07 21:43 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2014-09-07 21:43 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2014-09-07 21:43 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2014-09-07 21:43 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2014-09-07 21:43 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2014-09-07 21:43 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2014-09-07 21:43 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2014-09-07 21:43 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2014-09-07 21:43 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2014-09-07 21:43 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2014-09-07 21:43 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2014-09-07 21:43 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2014-09-07 21:43 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2014-09-07 21:43 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2014-09-07 21:43 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2014-09-07 21:43 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2014-09-07 21:43 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2014-09-07 21:43 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2014-09-07 20:55 - 2014-09-07 20:55 - 03726256 _____ (Microsoft Corporation) C:\Users\Han\Downloads\OutlookConnector.exe
2014-09-07 20:55 - 2014-09-07 20:55 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-09-07 20:40 - 2014-09-07 20:40 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HydraIRC
2014-09-07 20:40 - 2014-09-07 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HydraIRC
2014-09-07 20:40 - 2014-09-07 20:40 - 00000000 ____D () C:\Program Files (x86)\HydraIRC
2014-09-07 20:39 - 2014-09-07 20:39 - 01081063 _____ () C:\Users\Han\Downloads\HydraIRC.exe
2014-09-07 20:36 - 2014-09-07 20:36 - 00597304 _____ () C:\Users\Han\Downloads\flux-setup.exe
2014-09-07 20:36 - 2014-09-07 20:36 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2014-09-07 20:36 - 2014-09-07 20:36 - 00000000 ____D () C:\Users\Han\AppData\Local\FluxSoftware
2014-09-07 20:14 - 2014-09-07 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2014-09-07 20:14 - 2014-09-07 20:14 - 00000000 ____D () C:\Program Files (x86)\EMET 5.0
2014-09-07 20:13 - 2014-09-07 20:13 - 11239424 _____ () C:\Users\Han\Downloads\EMET Setup.msi
2014-09-07 20:08 - 2014-09-09 13:24 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Skype
2014-09-07 20:08 - 2014-09-07 20:08 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-07 20:08 - 2014-09-07 20:08 - 00000000 ____D () C:\Users\Han\AppData\Local\Skype
2014-09-07 20:08 - 2014-09-07 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-07 20:07 - 2014-09-07 20:19 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Apple Computer
2014-09-07 20:07 - 2014-09-07 20:07 - 00000000 ____D () C:\Users\Han\AppData\Local\Apple Computer
2014-09-07 20:07 - 2014-09-07 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-07 20:07 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-09-07 20:05 - 2014-09-07 20:05 - 00003174 _____ () C:\WINDOWS\System32\Tasks\{4646CC40-4C38-4ADD-BFED-0E26D3F5A9D3}
2014-09-07 20:04 - 2014-09-07 20:07 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-07 20:04 - 2014-09-07 20:07 - 00000000 ____D () C:\Program Files\iTunes
2014-09-07 20:04 - 2014-09-07 20:07 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-07 20:04 - 2014-09-07 20:04 - 01678440 _____ (Skype Technologies S.A.) C:\Users\Han\Downloads\SkypeSetup.exe
2014-09-07 20:04 - 2014-09-07 20:04 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-07 20:04 - 2014-09-07 20:04 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2014-09-07 20:04 - 2014-09-07 20:04 - 00000000 ____D () C:\Users\Han\AppData\Local\Apple
2014-09-07 20:04 - 2014-09-07 20:04 - 00000000 ____D () C:\ProgramData\Skype
2014-09-07 20:04 - 2014-09-07 20:04 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-07 20:04 - 2014-09-07 20:04 - 00000000 ____D () C:\Program Files\iPod
2014-09-07 20:04 - 2014-09-07 20:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-07 20:03 - 2014-09-07 20:04 - 00000000 ____D () C:\ProgramData\Apple
2014-09-07 20:03 - 2014-09-07 20:03 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-07 20:03 - 2014-09-07 20:03 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-07 20:03 - 2014-09-07 20:03 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-07 19:52 - 2014-09-07 19:52 - 00000117 _____ () C:\WINDOWS\system32\netcfg-120515.txt
2014-09-07 19:49 - 2014-09-07 19:49 - 00000117 _____ () C:\WINDOWS\system32\netcfg-477078.txt
2014-09-07 19:47 - 2014-09-07 19:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-09-07 19:47 - 2014-09-07 19:47 - 00000000 ____D () C:\Program Files\Realtek
2014-09-07 19:47 - 2014-05-14 18:37 - 03962840 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2014-09-07 19:47 - 2014-05-14 16:00 - 01099203 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2014-09-07 19:47 - 2014-05-12 20:11 - 60636160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2014-09-07 19:47 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2014-09-07 19:47 - 2014-04-30 11:34 - 00948952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2014-09-07 19:47 - 2014-04-28 15:48 - 02800344 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2014-09-07 19:47 - 2014-04-25 13:51 - 02834648 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2014-09-07 19:47 - 2014-04-25 13:23 - 01022168 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2014-09-07 19:47 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2014-09-07 19:47 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2014-09-07 19:47 - 2014-02-06 11:28 - 05804772 _____ () C:\WINDOWS\system32\Drivers\rtvienna.dat
2014-09-07 19:47 - 2014-01-28 11:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2014-09-07 19:47 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2014-09-07 19:47 - 2012-11-14 11:41 - 00378000 _____ (Realtek Semiconductor) C:\WINDOWS\system32\RtkGuiCompLib.dll
2014-09-07 19:47 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2014-09-07 19:47 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2014-09-07 19:47 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2014-09-07 19:47 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2014-09-07 19:47 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2014-09-07 19:47 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2014-09-07 19:47 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2014-09-07 19:47 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2014-09-07 19:47 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2014-09-07 19:47 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2014-09-07 19:47 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2014-09-07 19:47 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2014-09-07 19:47 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2014-09-07 19:47 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2014-09-07 19:47 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2014-09-07 19:47 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2014-09-07 19:47 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2014-09-07 19:47 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2014-09-07 19:47 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2014-09-07 19:47 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2014-09-07 19:47 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2014-09-07 19:47 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2014-09-07 19:46 - 2014-04-10 12:20 - 01934424 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek264.dll
2014-09-07 19:46 - 2014-04-10 12:19 - 14863448 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2014-09-07 19:46 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2014-09-07 19:46 - 2014-04-10 12:19 - 01063512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2014-09-07 19:46 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2014-09-07 19:46 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2014-09-07 19:46 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2014-09-07 19:46 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2014-09-07 19:45 - 2014-04-07 16:03 - 06218072 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2014-09-07 19:45 - 2014-04-07 16:03 - 01939800 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2014-09-07 19:45 - 2014-04-07 16:03 - 00315736 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2014-09-07 19:45 - 2014-04-07 16:03 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2014-09-07 19:45 - 2013-10-16 03:43 - 00209096 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2014-09-07 19:45 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2014-09-07 19:45 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2014-09-07 19:45 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2014-09-07 19:45 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2014-09-07 19:45 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2014-09-07 19:45 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2014-09-07 19:45 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2014-09-07 19:45 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2014-09-07 19:45 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2014-09-07 19:45 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2014-09-07 19:45 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2014-09-07 19:45 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2014-09-07 19:45 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2014-09-07 19:45 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2014-09-07 19:43 - 2014-09-07 19:43 - 00000117 _____ () C:\WINDOWS\system32\netcfg-113031.txt
2014-09-07 19:42 - 2014-09-07 19:42 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-09-07 19:42 - 2014-09-07 19:42 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-09-07 19:41 - 2014-09-07 19:41 - 00000117 _____ () C:\WINDOWS\system32\netcfg-9016531.txt
2014-09-07 19:28 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2014-09-07 19:28 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2014-09-07 19:28 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2014-09-07 19:28 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2014-09-07 19:28 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2014-09-07 19:28 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2014-09-07 19:27 - 2014-09-07 19:27 - 00000000 ____D () C:\Users\Han\AppData\Local\NVIDIA Corporation
2014-09-07 19:27 - 2014-09-07 19:27 - 00000000 ____D () C:\Users\Han\AppData\Local\NVIDIA
2014-09-07 19:27 - 2014-09-07 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-07 19:27 - 2014-07-25 15:01 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-09-07 19:27 - 2014-07-25 15:01 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-09-07 19:27 - 2014-07-25 15:01 - 01283136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-09-07 19:27 - 2014-07-25 15:01 - 01126480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-09-07 19:19 - 2014-07-02 21:48 - 18626304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-09-07 19:19 - 2014-07-02 21:48 - 16122344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-09-07 19:19 - 2014-07-02 21:48 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2014-09-07 19:19 - 2014-03-31 17:42 - 00040392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-09-07 19:19 - 2014-03-31 17:42 - 00037320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2014-09-07 19:19 - 2014-03-31 17:42 - 00034760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 31512520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 24196896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 22994208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 15294296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 13922752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 13835208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 12866008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-09-07 19:18 - 2014-07-02 21:48 - 11283344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 11222048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 04247000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 03989960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 01890080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434052.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 01539928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434052.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 00944928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 00907096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 00903624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 00869152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 00354016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 00305600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-09-07 19:18 - 2014-07-02 21:48 - 00026353 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-09-07 19:16 - 2014-09-09 14:26 - 00001984 _____ () C:\WINDOWS\setupact.log
2014-09-07 19:16 - 2014-09-07 19:16 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-09-07 19:15 - 2014-09-08 01:53 - 00000000 ____D () C:\Windows.old
2014-09-07 19:14 - 2014-09-07 19:14 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-09-07 19:12 - 2014-09-07 19:13 - 113492816 _____ (Apple Inc.) C:\Users\Han\Downloads\iTunes64Setup.exe
2014-09-07 19:12 - 2014-09-07 19:12 - 00000000 ____D () C:\NVIDIA
2014-09-07 19:08 - 2014-09-07 19:10 - 274075712 _____ (NVIDIA Corporation) C:\Users\Han\Downloads\340.52-notebook-win8-win7-64bit-international-whql.exe
2014-09-07 19:01 - 2014-09-09 13:24 - 00000000 ____D () C:\Users\Han\AppData\Roaming\TS3Client
2014-09-07 18:59 - 2014-09-07 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-09-07 18:59 - 2014-09-07 18:59 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-09-07 18:56 - 2014-09-07 18:56 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Han\Downloads\TeamSpeak3-Client-win64-3.0.16.exe
2014-09-07 18:54 - 2014-09-09 14:08 - 00000224 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2014-09-07 18:54 - 2014-09-09 14:07 - 00002756 _____ () C:\WINDOWS\System32\Tasks\AutoKMSDaily
2014-09-07 18:54 - 2014-09-09 14:07 - 00000238 _____ () C:\WINDOWS\Tasks\AutoKMSDaily.job
2014-09-07 18:54 - 2014-09-07 19:43 - 00000000 ____D () C:\WINDOWS\AutoKMS
2014-09-07 18:54 - 2014-09-07 18:54 - 00002436 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2014-09-07 18:54 - 2014-09-07 18:54 - 00000117 _____ () C:\WINDOWS\system32\netcfg-6204875.txt
2014-09-07 18:53 - 2014-09-09 14:07 - 00151552 _____ () C:\WINDOWS\KMSEmulator.exe
2014-09-07 18:50 - 2014-09-07 18:50 - 00000000 ____D () C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-09-07 18:50 - 2014-09-07 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-09-07 18:50 - 2014-09-07 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-09-07 18:49 - 2014-09-07 18:49 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-09-07 18:49 - 2014-09-07 18:49 - 00000000 ____D () C:\$WINDOWS.~BT
2014-09-07 18:47 - 2014-09-07 18:47 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-09-07 18:46 - 2014-09-07 18:46 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-09-07 18:46 - 2014-09-07 18:46 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-09-07 18:46 - 2014-09-07 18:46 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-09-07 18:44 - 2014-09-07 18:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-09-07 18:43 - 2014-09-07 18:43 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-09-07 18:43 - 2014-09-07 18:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-09-07 18:42 - 2014-09-07 18:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-07 18:42 - 2014-09-07 18:46 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-09-07 18:42 - 2014-09-07 18:42 - 00000000 ____D () C:\Users\Han\AppData\Local\Microsoft Help
2014-09-07 18:42 - 2014-09-07 18:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-07 18:40 - 2014-09-07 18:40 - 00000117 _____ () C:\WINDOWS\system32\netcfg-5375953.txt
2014-09-07 18:39 - 2014-09-07 18:39 - 00001650 _____ () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ping.lnk
2014-09-07 18:39 - 2014-09-07 18:39 - 00001650 _____ () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ping (2).lnk
2014-09-07 17:18 - 2014-09-07 17:18 - 00000117 _____ () C:\WINDOWS\system32\netcfg-435125.txt
2014-09-07 17:18 - 2014-09-07 17:18 - 00000117 _____ () C:\WINDOWS\system32\netcfg-432265.txt
2014-09-07 17:12 - 2014-09-07 17:12 - 00000117 _____ () C:\WINDOWS\system32\netcfg-67031.txt
2014-09-07 17:10 - 2014-09-07 17:10 - 00000117 _____ () C:\WINDOWS\system32\netcfg-131718.txt
2014-09-07 17:09 - 2014-09-07 17:09 - 00000117 _____ () C:\WINDOWS\system32\netcfg-69656.txt
2014-09-07 17:08 - 2014-09-07 17:08 - 00000117 _____ () C:\WINDOWS\system32\netcfg-695171.txt
2014-09-07 16:58 - 2014-09-07 16:58 - 00000117 _____ () C:\WINDOWS\system32\netcfg-94218.txt
2014-09-07 16:56 - 2014-09-09 14:06 - 00006632 _____ () C:\WINDOWS\PFRO.log
2014-09-07 16:56 - 2014-09-07 16:56 - 00000117 _____ () C:\WINDOWS\system32\netcfg-11375218.txt
2014-09-07 16:43 - 2014-09-07 16:46 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-07 16:43 - 2014-07-31 23:41 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-07 15:59 - 2014-06-10 23:44 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-09-07 15:59 - 2014-06-10 23:43 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-09-07 15:54 - 2014-09-08 19:07 - 00007610 _____ () C:\Users\Han\AppData\Local\resmon.resmoncfg
2014-09-07 15:16 - 2012-07-26 06:26 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140907-151603.backup
2014-09-07 15:11 - 2014-09-07 15:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-07 15:11 - 2014-09-07 15:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-07 15:11 - 2014-09-07 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-07 15:11 - 2014-09-07 15:11 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-07 15:11 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-09-07 14:14 - 2013-08-07 06:15 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2014-09-07 14:14 - 2012-11-10 05:23 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-09-07 14:14 - 2012-11-10 05:23 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-09-07 14:14 - 2012-11-10 05:22 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDWebAI.dll
2014-09-07 14:14 - 2012-11-10 05:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmHostAI.dll
2014-09-07 14:14 - 2012-11-10 05:20 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appserverai.dll
2014-09-07 14:08 - 2014-09-07 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-07 13:47 - 2014-09-07 13:47 - 00000117 _____ () C:\WINDOWS\system32\netcfg-73906.txt
2014-09-07 13:46 - 2014-09-07 13:46 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1368734.txt
2014-09-07 13:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-09-07 13:43 - 2014-09-07 15:03 - 00000000 ____D () C:\AdwCleaner
2014-09-07 13:42 - 2014-09-09 13:47 - 00000000 ____D () C:\Users\Han\AppData\Local\CrashDumps
2014-09-07 13:42 - 2014-09-07 13:42 - 01370467 _____ () C:\Users\Han\Downloads\adwcleaner_3.309.exe
2014-09-07 13:42 - 2014-09-07 13:42 - 00000000 ____D () C:\Users\Han\AppData\Local\Logitech
2014-09-07 13:42 - 2014-09-07 13:42 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-09-07 13:41 - 2014-09-07 13:42 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2014-09-07 13:39 - 2014-09-07 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-09-07 13:39 - 2014-09-07 13:39 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-09-07 13:38 - 2014-09-07 13:38 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Logitech
2014-09-07 13:38 - 2014-09-07 13:38 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Logishrd
2014-09-07 13:38 - 2014-09-07 13:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-07 13:32 - 2014-09-07 13:32 - 58423016 _____ (Logitech Inc.) C:\Users\Han\Downloads\LGS_8.55.137_x64_Logitech.exe
2014-09-07 13:30 - 2014-05-20 03:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-07 13:30 - 2014-05-20 00:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-07 13:30 - 2014-05-20 00:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-07 13:30 - 2014-05-20 00:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-07 13:30 - 2014-05-20 00:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-07 13:30 - 2014-05-20 00:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-07 13:30 - 2014-05-20 00:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-07 13:30 - 2014-05-20 00:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-09-07 13:30 - 2014-05-20 00:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-07 13:30 - 2014-05-14 23:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-09-07 13:30 - 2014-05-14 23:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-09-07 13:30 - 2014-05-14 23:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-09-07 13:30 - 2014-05-14 23:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-09-07 13:30 - 2013-08-16 06:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-07 13:30 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-07 13:30 - 2013-08-15 23:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-07 13:30 - 2012-11-06 05:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-09-07 13:30 - 2012-11-06 05:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wushareduxresources.dll
2014-09-07 13:24 - 2014-09-07 13:24 - 00000117 _____ () C:\WINDOWS\system32\netcfg-46734.txt
2014-09-07 13:23 - 2014-09-07 13:23 - 00000117 _____ () C:\WINDOWS\system32\netcfg-207593.txt
2014-09-07 13:20 - 2014-09-07 13:20 - 00000117 _____ () C:\WINDOWS\system32\netcfg-48515.txt
2014-09-07 13:19 - 2014-09-07 13:19 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3989859.txt
2014-09-07 13:16 - 2014-09-07 13:16 - 00014792 _____ () C:\Users\Han\Desktop\dds.txt
2014-09-07 13:16 - 2014-09-07 13:16 - 00007729 _____ () C:\Users\Han\Desktop\attach.txt
2014-09-07 13:13 - 2014-09-07 13:13 - 00688992 ____R (Swearware) C:\Users\Han\Downloads\dds.com
2014-09-07 13:04 - 2014-09-07 18:04 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 13:04 - 2014-09-07 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-07 13:04 - 2014-09-07 13:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-07 13:04 - 2014-09-07 13:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-07 13:04 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-07 13:04 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-09-07 13:04 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-07 13:02 - 2014-09-07 13:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Han\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-07 13:01 - 2014-09-07 13:01 - 00002768 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-09-07 13:00 - 2014-09-07 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-07 13:00 - 2014-09-07 13:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-07 12:56 - 2014-09-07 12:56 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Condusiv_Technologies
2014-09-07 12:56 - 2014-09-07 12:56 - 00000000 ____D () C:\Users\Han\AppData\Local\Condusiv_Technologies
2014-09-07 12:53 - 2014-09-07 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Condusiv Technologies
2014-09-07 12:53 - 2014-09-07 12:53 - 00000000 ____D () C:\ProgramData\Condusiv Technologies
2014-09-07 12:53 - 2014-09-07 12:53 - 00000000 ____D () C:\Program Files\Common Files\Diskeeper Corporation
2014-09-07 12:53 - 2012-07-09 14:54 - 00106832 _____ (Condusiv Technologies) C:\WINDOWS\system32\Drivers\DKTLFSMF.sys
2014-09-07 12:53 - 2012-06-18 19:14 - 00052048 _____ (Condusiv Technologies) C:\WINDOWS\system32\Drivers\DKRtWrt.sys
2014-09-07 12:53 - 2012-04-05 02:32 - 00040752 _____ (Condusiv Technologies) C:\WINDOWS\system32\Drivers\DKDFM.sys
2014-09-07 12:52 - 2014-09-07 12:52 - 00000000 ____D () C:\Program Files\Condusiv Technologies
2014-09-07 12:50 - 2014-09-07 12:51 - 00000000 ____D () C:\Users\Han\Downloads\Diskeeper 2012 v16.0.1017 Professional Edition (32 & 64bit)
2014-09-07 12:50 - 2014-09-07 12:50 - 00017477 _____ () C:\Users\Han\Downloads\[rutracker.org].t4219398.torrent
2014-09-07 12:43 - 2014-09-07 12:46 - 00000000 ____D () C:\Users\Han\Downloads\Diskeeper Home Edition
2014-09-07 12:41 - 2014-09-07 12:41 - 00033797 _____ () C:\Users\Han\Downloads\Diskeeper Home Edition.torrent
2014-09-07 12:40 - 2014-09-07 12:40 - 00000687 _____ () C:\awh285E.tmp
2014-09-07 12:30 - 2014-09-07 12:30 - 00000000 ____D () C:\Users\Han\Documents\Quick Launch
2014-09-07 12:20 - 2014-09-07 12:36 - 00000000 ____D () C:\Users\Han\Downloads\Diskeeper Professional 2014 16.0.5 + Patch
2014-09-07 12:19 - 2014-09-07 12:19 - 00017340 _____ () C:\Users\Han\Downloads\2C1383DABC6A30883504482D312A3EF157CD3C39.torrent
2014-09-07 12:13 - 2014-09-07 12:13 - 00000117 _____ () C:\WINDOWS\system32\netcfg-43781.txt
2014-09-07 12:11 - 2014-09-07 12:12 - 00000025 _____ () C:\WINDOWS\Svchost.exe.tmp
2014-09-07 12:08 - 2014-09-07 12:08 - 00000117 _____ () C:\WINDOWS\system32\netcfg-262500.txt
2014-09-07 12:08 - 2014-09-07 12:08 - 00000000 ____D () C:\WINDOWS\pss
2014-09-07 12:03 - 2014-09-07 12:03 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3637281.txt
2014-09-07 11:59 - 2014-09-07 11:59 - 00000000 ____D () C:\Users\Han\AppData\Roaming\ESET
2014-09-07 11:59 - 2014-09-07 11:59 - 00000000 ____D () C:\Users\Han\AppData\Local\ESET
2014-09-07 11:58 - 2014-09-07 11:58 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3347953.txt
2014-09-07 11:58 - 2014-09-07 11:58 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3345031.txt
2014-09-07 11:57 - 2014-09-07 11:58 - 00000167 _____ () C:\WINDOWS\system32\netcfg-3288203.txt
2014-09-07 11:54 - 2014-09-07 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-09-07 11:54 - 2014-09-07 11:54 - 00000000 ____D () C:\ProgramData\ESET
2014-09-07 11:54 - 2014-09-07 11:54 - 00000000 ____D () C:\Program Files\ESET
2014-09-07 11:39 - 2014-09-07 11:39 - 00000000 ____D () C:\Users\Han\Downloads\ESET Smart Security 7.0.317.4 (x86x64)  + LifeTime Crack -==Eagle_ShaDow==-
2014-09-07 11:32 - 2014-09-08 15:58 - 00000000 ____D () C:\Users\Han\Downloads\ESET NOD32 Complete Pack Version 2014 7.0.317.4 + LifeTime Crack -==Eagle_ShaDow==-
2014-09-07 11:31 - 2014-09-07 11:31 - 00011703 _____ () C:\Users\Han\Downloads\ESET NOD32 Complete Pack Version 2014 7.0.317.4 + LifeTime Crack -==Eagle_ShaDow==- [3045315].torrent
2014-09-07 11:29 - 2014-09-07 11:29 - 00013349 _____ () C:\Users\Han\Downloads\[rutor.org]ESET Smart Security 7.0.317.4 Repack by SmokieB.torrent
2014-09-07 11:18 - 2014-09-07 11:18 - 00000000 ____D () C:\Program Files (x86)\StartIsBack
2014-09-07 11:17 - 2014-09-07 11:17 - 01362830 _____ () C:\Users\Han\Downloads\StartIsBackPlus.v1.0.5.MULTILINGUAL-CRD.rar
2014-09-07 11:17 - 2014-09-07 11:17 - 00000000 ____D () C:\Users\Han\AppData\Roaming\WinRAR
2014-09-07 11:14 - 2014-09-07 11:14 - 01141680 _____ () C:\Users\Han\Downloads\SteamSetup.exe
2014-09-07 11:13 - 2014-09-07 11:25 - 136626988 _____ () C:\Users\Han\Downloads\eav7_offline_new.rar
2014-09-07 11:13 - 2014-09-07 11:13 - 01922688 _____ () C:\Users\Han\Downloads\winrar-x64-511.exe
2014-09-07 11:13 - 2014-09-07 11:13 - 00042074 _____ () C:\Users\Han\Downloads\Eset NOD32 Antivirus 7 (x86 - x64) - Offline Installer.torrent
2014-09-07 11:13 - 2014-09-07 11:13 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-07 11:13 - 2014-09-07 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-07 11:13 - 2014-09-07 11:13 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-07 11:12 - 2014-09-07 11:12 - 00000802 _____ () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-09-07 11:11 - 2014-09-07 14:14 - 00000000 ____D () C:\Users\Han\AppData\Roaming\uTorrent
2014-09-07 11:11 - 2014-09-07 11:11 - 01942352 _____ (BitTorrent Inc.) C:\Users\Han\Downloads\uTorrent.exe
2014-09-07 11:08 - 2014-09-09 17:27 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-07 11:08 - 2014-09-09 14:13 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-07 11:08 - 2014-09-07 19:36 - 00000000 ____D () C:\Users\Han\AppData\Local\Deployment
2014-09-07 11:08 - 2014-09-07 11:08 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-07 11:08 - 2014-09-07 11:08 - 00003640 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-07 11:08 - 2014-09-07 11:08 - 00000000 ____D () C:\Users\Han\AppData\Local\Google
2014-09-07 11:08 - 2014-09-07 11:08 - 00000000 ____D () C:\Users\Han\AppData\Local\Apps\2.0
2014-09-07 11:08 - 2014-09-07 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-07 11:08 - 2014-09-07 11:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-07 11:04 - 2014-09-07 11:04 - 00000117 _____ () C:\WINDOWS\system32\netcfg-82343.txt
2014-09-07 11:02 - 2014-09-07 11:02 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2409343.txt
2014-09-07 10:35 - 2014-09-08 01:53 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2515162299-54484857-2870992804-1002
2014-09-07 10:30 - 2014-09-07 10:30 - 00000000 ____D () C:\ProgramData\Atheros
2014-09-07 10:29 - 2014-09-07 10:29 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Atheros
2014-09-07 10:28 - 2014-09-07 10:28 - 00001441 _____ () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-07 10:28 - 2014-09-07 10:28 - 00000000 ____D () C:\ProgramData\eBay
2014-09-07 10:25 - 2014-09-07 10:25 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Macromedia
2014-09-07 10:25 - 2014-09-07 10:25 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Adobe
2014-09-07 10:24 - 2014-09-07 10:28 - 00000000 ____D () C:\Users\Han\AppData\Local\Packages
2014-09-07 10:24 - 2014-09-07 10:24 - 00000000 ____D () C:\Users\Han\AppData\Local\VirtualStore
2014-09-07 10:23 - 2014-09-07 10:23 - 00000117 _____ () C:\WINDOWS\system32\netcfg-102890.txt
2014-09-07 10:23 - 2014-09-07 10:23 - 00000020 ___SH () C:\Users\Han\ntuser.ini
2014-09-07 10:21 - 2014-09-07 10:21 - 00000117 _____ () C:\WINDOWS\system32\netcfg-351562.txt
2014-09-07 10:20 - 2014-09-07 10:20 - 00000117 _____ () C:\WINDOWS\system32\netcfg-286265.txt
2014-09-07 10:20 - 2014-09-07 10:20 - 00000117 _____ () C:\WINDOWS\system32\netcfg-285703.txt
2014-09-07 10:19 - 2014-09-07 10:19 - 00000117 _____ () C:\WINDOWS\system32\netcfg-230234.txt
2014-09-07 10:19 - 2014-09-07 10:19 - 00000117 _____ () C:\WINDOWS\system32\netcfg-227187.txt
2014-09-07 10:19 - 2014-09-07 10:19 - 00000117 _____ () C:\WINDOWS\system32\netcfg-227156.txt
2014-09-07 10:19 - 2014-09-07 10:19 - 00000117 _____ () C:\WINDOWS\system32\netcfg-224343.txt
2014-09-07 10:18 - 2014-09-07 10:18 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-09-07 10:17 - 2014-09-08 00:02 - 00000000 ____D () C:\Users\Han
2014-09-07 10:17 - 2014-09-07 10:19 - 00049533 _____ () C:\WINDOWS\diagwrn.xml
2014-09-07 10:17 - 2014-09-07 10:19 - 00049533 _____ () C:\WINDOWS\diagerr.xml
2014-09-07 10:17 - 2014-09-07 10:19 - 00000000 ____D () C:\Users\Test
2014-09-07 10:17 - 2014-09-07 10:19 - 00000000 ____D () C:\Users\DefaultAppPool
2014-09-07 10:17 - 2014-09-07 10:19 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-09-07 10:17 - 2014-09-07 10:19 - 00000000 ____D () C:\Users\.NET v2.0 Classic
2014-09-07 10:17 - 2014-09-07 10:19 - 00000000 ____D () C:\Users\.NET v2.0
2014-09-07 10:17 - 2014-09-07 10:17 - 00000117 _____ () C:\WINDOWS\system32\netcfg-92156.txt
2014-09-07 10:17 - 2012-11-06 03:26 - 00001147 _____ () C:\Users\Test\Desktop\Cyberlink Power2Go.lnk
2014-09-07 10:17 - 2012-11-06 03:26 - 00001147 _____ () C:\Users\DefaultAppPool\Desktop\Cyberlink Power2Go.lnk
2014-09-07 10:17 - 2012-11-06 03:26 - 00001147 _____ () C:\Users\Classic .NET AppPool\Desktop\Cyberlink Power2Go.lnk
2014-09-07 10:17 - 2012-11-06 03:26 - 00001147 _____ () C:\Users\.NET v2.0\Desktop\Cyberlink Power2Go.lnk
2014-09-07 10:17 - 2012-11-06 03:26 - 00001147 _____ () C:\Users\.NET v2.0 Classic\Desktop\Cyberlink Power2Go.lnk
2014-09-07 10:17 - 2012-11-06 03:26 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-09-07 10:17 - 2012-11-06 03:26 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-09-07 10:17 - 2012-11-06 03:26 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-09-07 10:17 - 2012-11-06 03:26 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-09-07 10:17 - 2012-11-06 03:26 - 00000000 ____D () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-09-07 10:17 - 2012-11-06 03:26 - 00000000 ____D () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-07 10:17 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-07 10:17 - 2010-12-19 06:31 - 00000189 _____ () C:\Users\Test\Desktop\Lenovo Telephony Start Now.url
2014-09-07 10:17 - 2010-12-19 06:31 - 00000189 _____ () C:\Users\DefaultAppPool\Desktop\Lenovo Telephony Start Now.url
2014-09-07 10:17 - 2010-12-19 06:31 - 00000189 _____ () C:\Users\Classic .NET AppPool\Desktop\Lenovo Telephony Start Now.url
2014-09-07 10:17 - 2010-12-19 06:31 - 00000189 _____ () C:\Users\.NET v2.0\Desktop\Lenovo Telephony Start Now.url
2014-09-07 10:17 - 2010-12-19 06:31 - 00000189 _____ () C:\Users\.NET v2.0 Classic\Desktop\Lenovo Telephony Start Now.url
2014-09-07 09:40 - 2014-09-07 17:29 - 00000000 ____D () C:\$SysReset
2014-09-06 23:17 - 2014-09-09 13:18 - 05576885 ____R (Swearware) C:\Users\Han\Downloads\ComboFix.exe
2014-09-06 20:32 - 2014-09-06 20:32 - 31013800 _____ (Oracle Corporation) C:\Users\Han\Downloads\jre-7u67-windows-x64.exe
2014-09-06 18:36 - 2014-09-06 18:36 - 00000000 ____D () C:\Users\Han\Intel
2014-09-06 18:35 - 2014-09-06 18:36 - 11585520 _____ (Intel Corporation) C:\Users\Han\Downloads\SetupRST.exe
2014-09-06 18:35 - 2014-09-06 18:35 - 00387901 _____ () C:\Users\Han\Downloads\f6flpy-x64.zip
2014-09-06 14:54 - 2014-09-06 17:15 - 125683715 _____ (Realtek Semiconductor Corp.) C:\Users\Han\Downloads\64bit_Win7_Win8_Win81_R275.exe
2014-09-05 20:41 - 2014-09-05 20:41 - 04901352 _____ (Piriform Ltd) C:\Users\Han\Downloads\ccsetup417.exe
2014-09-04 20:25 - 2014-09-04 20:25 - 01674864 _____ () C:\Users\Han\Downloads\wwwwwwwwwwwwwww.7z
2014-09-02 19:28 - 2014-09-02 19:28 - 01928550 _____ () C:\Users\Han\Downloads\HoxHud P6 Self-installer.exe
2014-08-29 22:01 - 2014-08-29 22:01 - 06052529 _____ (Tim Kosse) C:\Users\Han\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-28 19:03 - 2014-08-28 19:03 - 00027312 _____ () C:\Users\Han\Downloads\pixel-sagas_quantum.zip
2014-08-28 18:46 - 2014-08-28 18:46 - 00734751 _____ () C:\Users\Han\Downloads\businessman_pack03.zip
2014-08-28 18:28 - 2014-08-28 18:28 - 00082169 _____ () C:\Users\Han\Downloads\businessmen-silhouettes.zip
2014-08-28 18:03 - 2014-08-28 18:03 - 01588532 _____ () C:\Users\Han\Downloads\office_people_silhouettes_58282.zip
2014-08-28 17:47 - 2014-08-28 17:47 - 01443262 _____ () C:\Users\Han\Downloads\businessman_vectors_58710.zip
2014-08-28 17:45 - 2014-08-28 17:45 - 00642563 _____ () C:\Users\Han\Downloads\business_men_silhouettes_58311.zip
2014-08-25 21:32 - 2014-08-25 21:32 - 00224840 _____ () C:\Users\Han\Downloads\good-.tiff
2014-08-16 14:51 - 2014-08-16 14:51 - 01058200 _____ (Adobe) C:\Users\Han\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-07-25 03:24 - 2014-05-04 22:40 - 00000000 ____D () C:\Users\Han\Downloads\Guru3D.com
2014-09-09 17:30 - 2014-09-09 17:29 - 00021757 _____ () C:\Users\Han\Downloads\FRST.txt
2014-09-09 17:29 - 2014-09-09 17:29 - 00000000 ____D () C:\FRST
2014-09-09 17:29 - 2014-09-09 17:28 - 02105344 _____ (Farbar) C:\Users\Han\Downloads\FRST64.exe
2014-09-09 17:27 - 2014-09-07 11:08 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 17:26 - 2012-07-26 08:28 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-09 17:25 - 2014-09-09 17:25 - 00000117 _____ () C:\WINDOWS\system32\netcfg-11993953.txt
2014-09-09 17:25 - 2014-09-09 17:25 - 00000117 _____ () C:\WINDOWS\system32\netcfg-11993703.txt
2014-09-09 17:25 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-09 15:47 - 2014-09-09 15:47 - 00000117 _____ () C:\WINDOWS\system32\netcfg-6119890.txt
2014-09-09 15:47 - 2014-09-09 15:47 - 00000117 _____ () C:\WINDOWS\system32\netcfg-6119843.txt
2014-09-09 14:27 - 2014-09-09 14:27 - 00059290 _____ () C:\ComboFix.txt
2014-09-09 14:27 - 2014-09-09 13:20 - 00000000 ____D () C:\Qoobox
2014-09-09 14:26 - 2014-09-07 19:16 - 00001984 _____ () C:\WINDOWS\setupact.log
2014-09-09 14:24 - 2012-11-06 03:36 - 01719327 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-09 14:22 - 2014-09-09 13:19 - 00000000 ____D () C:\WINDOWS\erdnt
2014-09-09 14:13 - 2014-09-07 11:08 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 14:08 - 2014-09-07 18:54 - 00000224 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2014-09-09 14:08 - 2012-07-26 06:26 - 00000215 _____ () C:\WINDOWS\system.ini
2014-09-09 14:07 - 2014-09-09 14:07 - 00000117 _____ () C:\WINDOWS\system32\netcfg-99250.txt
2014-09-09 14:07 - 2014-09-09 14:07 - 00000117 _____ () C:\WINDOWS\system32\netcfg-101109.txt
2014-09-09 14:07 - 2014-09-07 18:54 - 00002756 _____ () C:\WINDOWS\System32\Tasks\AutoKMSDaily
2014-09-09 14:07 - 2014-09-07 18:54 - 00000238 _____ () C:\WINDOWS\Tasks\AutoKMSDaily.job
2014-09-09 14:07 - 2014-09-07 18:53 - 00151552 _____ () C:\WINDOWS\KMSEmulator.exe
2014-09-09 14:06 - 2014-09-09 14:06 - 00318888 _____ () C:\WINDOWS\Minidump\090914-66468-01.dmp
2014-09-09 14:06 - 2014-09-08 18:17 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-09 14:06 - 2014-09-08 18:12 - 808414054 _____ () C:\WINDOWS\MEMORY.DMP
2014-09-09 14:06 - 2014-09-07 16:56 - 00006632 _____ () C:\WINDOWS\PFRO.log
2014-09-09 14:06 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-09 13:59 - 2014-09-09 13:59 - 00000000 ____D () C:\Device
2014-09-09 13:47 - 2014-09-07 13:42 - 00000000 ____D () C:\Users\Han\AppData\Local\CrashDumps
2014-09-09 13:36 - 2012-12-29 16:56 - 00000000 ____D () C:\Users\Han\Documents\Outlook Files
2014-09-09 13:31 - 2014-09-09 13:31 - 00000117 _____ () C:\WINDOWS\system32\netcfg-68046734.txt
2014-09-09 13:31 - 2014-09-09 13:31 - 00000117 _____ () C:\WINDOWS\system32\netcfg-68043687.txt
2014-09-09 13:31 - 2014-09-09 13:31 - 00000092 _____ () C:\WINDOWS\system32\netcfg-68046890.txt
2014-09-09 13:27 - 2014-09-09 13:27 - 00000117 _____ () C:\WINDOWS\system32\netcfg-67859750.txt
2014-09-09 13:24 - 2014-09-07 20:08 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Skype
2014-09-09 13:24 - 2014-09-07 19:01 - 00000000 ____D () C:\Users\Han\AppData\Roaming\TS3Client
2014-09-09 13:18 - 2014-09-06 23:17 - 05576885 ____R (Swearware) C:\Users\Han\Downloads\ComboFix.exe
2014-09-09 12:45 - 2014-09-09 12:45 - 04161313 _____ () C:\Users\Han\Downloads\tdsskiller.zip
2014-09-09 00:45 - 2014-09-09 00:45 - 00000117 _____ () C:\WINDOWS\system32\netcfg-22089234.txt
2014-09-09 00:45 - 2014-09-09 00:45 - 00000117 _____ () C:\WINDOWS\system32\netcfg-22088812.txt
2014-09-08 22:00 - 2014-09-07 21:43 - 00027370 _____ () C:\WINDOWS\DirectX.log
2014-09-08 21:59 - 2013-01-07 03:05 - 00112016 _____ () C:\Users\Han\Documents\cc_20130107_020512.reg
2014-09-08 19:25 - 2014-09-08 19:25 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-08 19:07 - 2014-09-07 15:54 - 00007610 _____ () C:\Users\Han\AppData\Local\resmon.resmoncfg
2014-09-08 19:03 - 2014-09-08 19:03 - 00000000 ____D () C:\ProgramData\Sun
2014-09-08 19:03 - 2014-09-08 19:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-08 19:03 - 2014-09-08 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-08 19:02 - 2014-09-08 19:03 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-09-08 19:02 - 2014-09-08 19:02 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-09-08 19:02 - 2014-09-08 19:02 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-09-08 19:02 - 2014-09-08 19:02 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-09-08 19:02 - 2014-09-08 19:02 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-08 18:55 - 2014-09-08 18:55 - 00918440 _____ (Oracle Corporation) C:\Users\Han\Downloads\chromeinstall-7u67.exe
2014-09-08 18:38 - 2014-09-08 18:38 - 00000117 _____ () C:\WINDOWS\system32\netcfg-90828.txt
2014-09-08 18:36 - 2014-09-08 18:36 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1508468.txt
2014-09-08 18:36 - 2012-07-26 06:26 - 79953920 _____ () C:\WINDOWS\system32\config\SOFTWARE.bak
2014-09-08 18:36 - 2012-07-26 06:26 - 10747904 _____ () C:\WINDOWS\system32\config\SYSTEM.bak
2014-09-08 18:36 - 2012-07-26 06:26 - 05505024 _____ () C:\WINDOWS\system32\config\DEFAULT.bak
2014-09-08 18:36 - 2012-07-26 06:26 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-09-08 18:33 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-08 18:33 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-08 18:33 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-08 18:33 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-08 18:33 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-08 18:33 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-09-08 18:33 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-09-08 18:33 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-08 18:33 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-09-08 18:33 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-08 18:33 - 2012-07-26 08:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-08 18:33 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-09-08 18:33 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-08 18:33 - 2012-07-26 06:38 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-09-08 18:17 - 2014-09-08 18:17 - 00302496 _____ () C:\WINDOWS\Minidump\090814-345687-01.dmp
2014-09-08 18:07 - 2014-09-08 18:07 - 00001719 _____ () C:\Users\Han\Desktop\ark.txt
2014-09-08 17:59 - 2014-09-08 17:59 - 00380416 _____ () C:\Users\Han\Downloads\slhdmoho.exe
2014-09-08 15:58 - 2014-09-08 00:01 - 00000000 ____D () C:\Users\Han\AppData\Local\Battle.net
2014-09-08 15:58 - 2014-09-07 11:32 - 00000000 ____D () C:\Users\Han\Downloads\ESET NOD32 Complete Pack Version 2014 7.0.317.4 + LifeTime Crack -==Eagle_ShaDow==-
2014-09-08 11:49 - 2014-09-08 11:49 - 00000117 _____ () C:\WINDOWS\system32\netcfg-57580015.txt
2014-09-08 08:48 - 2014-09-08 08:48 - 00000117 _____ () C:\WINDOWS\system32\netcfg-46689187.txt
2014-09-08 05:11 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-08 01:53 - 2014-09-07 19:15 - 00000000 ____D () C:\Windows.old
2014-09-08 01:53 - 2014-09-07 10:35 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2515162299-54484857-2870992804-1002
2014-09-08 01:47 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-09-08 00:15 - 2014-09-08 00:15 - 00000000 ____D () C:\Users\Han\AppData\Local\Blizzard
2014-09-08 00:02 - 2014-09-08 00:02 - 00000000 ____D () C:\Users\Han\AppData\Roaming\NVIDIA
2014-09-08 00:02 - 2014-09-08 00:01 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Battle.net
2014-09-08 00:02 - 2014-09-07 10:17 - 00000000 ____D () C:\Users\Han
2014-09-08 00:01 - 2014-09-08 00:01 - 00000000 ____D () C:\Users\Han\AppData\Local\Blizzard Entertainment
2014-09-08 00:01 - 2014-09-08 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-09-08 00:01 - 2014-09-08 00:01 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-09-08 00:01 - 2014-09-08 00:01 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-08 00:01 - 2012-12-27 14:21 - 00000000 ___RD () C:\Users\Han\Games
2014-09-07 23:59 - 2014-09-07 23:59 - 02907552 _____ (Blizzard Entertainment) C:\Users\Han\Downloads\Battle.net-Setup-enGB.exe
2014-09-07 23:59 - 2014-09-07 23:59 - 00000000 ____D () C:\ProgramData\Battle.net
2014-09-07 23:52 - 2014-09-07 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2014-09-07 23:52 - 2014-09-07 23:52 - 00000000 ____D () C:\Program Files (x86)\AutoHotkey
2014-09-07 23:52 - 2012-07-26 08:52 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-09-07 23:51 - 2014-09-07 23:51 - 02047357 _____ () C:\Users\Han\Downloads\AutoHotkey104805_Install.exe
2014-09-07 22:06 - 2014-09-07 22:06 - 01674864 _____ () C:\Users\Han\Downloads\HoxHud P6.1 Manual install.7z
2014-09-07 22:03 - 2014-09-07 22:05 - 00634880 _____ () C:\Users\Han\AppData\Roaming\i3qGM3g.exe
2014-09-07 21:45 - 2014-09-07 21:44 - 00000000 ____D () C:\Users\Han\AppData\Local\PAYDAY 2
2014-09-07 20:55 - 2014-09-07 20:55 - 03726256 _____ (Microsoft Corporation) C:\Users\Han\Downloads\OutlookConnector.exe
2014-09-07 20:55 - 2014-09-07 20:55 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-09-07 20:40 - 2014-09-07 20:40 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HydraIRC
2014-09-07 20:40 - 2014-09-07 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HydraIRC
2014-09-07 20:40 - 2014-09-07 20:40 - 00000000 ____D () C:\Program Files (x86)\HydraIRC
2014-09-07 20:39 - 2014-09-07 20:39 - 01081063 _____ () C:\Users\Han\Downloads\HydraIRC.exe
2014-09-07 20:36 - 2014-09-07 20:36 - 00597304 _____ () C:\Users\Han\Downloads\flux-setup.exe
2014-09-07 20:36 - 2014-09-07 20:36 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2014-09-07 20:36 - 2014-09-07 20:36 - 00000000 ____D () C:\Users\Han\AppData\Local\FluxSoftware
2014-09-07 20:19 - 2014-09-07 20:07 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Apple Computer
2014-09-07 20:14 - 2014-09-07 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2014-09-07 20:14 - 2014-09-07 20:14 - 00000000 ____D () C:\Program Files (x86)\EMET 5.0
2014-09-07 20:13 - 2014-09-07 20:13 - 11239424 _____ () C:\Users\Han\Downloads\EMET Setup.msi
2014-09-07 20:08 - 2014-09-07 20:08 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-07 20:08 - 2014-09-07 20:08 - 00000000 ____D () C:\Users\Han\AppData\Local\Skype
2014-09-07 20:08 - 2014-09-07 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-07 20:07 - 2014-09-07 20:07 - 00000000 ____D () C:\Users\Han\AppData\Local\Apple Computer
2014-09-07 20:07 - 2014-09-07 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-07 20:07 - 2014-09-07 20:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-07 20:07 - 2014-09-07 20:04 - 00000000 ____D () C:\Program Files\iTunes
2014-09-07 20:07 - 2014-09-07 20:04 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-07 20:05 - 2014-09-07 20:05 - 00003174 _____ () C:\WINDOWS\System32\Tasks\{4646CC40-4C38-4ADD-BFED-0E26D3F5A9D3}
2014-09-07 20:04 - 2014-09-07 20:04 - 01678440 _____ (Skype Technologies S.A.) C:\Users\Han\Downloads\SkypeSetup.exe
2014-09-07 20:04 - 2014-09-07 20:04 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-07 20:04 - 2014-09-07 20:04 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2014-09-07 20:04 - 2014-09-07 20:04 - 00000000 ____D () C:\Users\Han\AppData\Local\Apple
2014-09-07 20:04 - 2014-09-07 20:04 - 00000000 ____D () C:\ProgramData\Skype
2014-09-07 20:04 - 2014-09-07 20:04 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-07 20:04 - 2014-09-07 20:04 - 00000000 ____D () C:\Program Files\iPod
2014-09-07 20:04 - 2014-09-07 20:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-07 20:04 - 2014-09-07 20:03 - 00000000 ____D () C:\ProgramData\Apple
2014-09-07 20:03 - 2014-09-07 20:03 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-07 20:03 - 2014-09-07 20:03 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-07 20:03 - 2014-09-07 20:03 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-07 19:52 - 2014-09-07 19:52 - 00000117 _____ () C:\WINDOWS\system32\netcfg-120515.txt
2014-09-07 19:49 - 2014-09-07 19:49 - 00000117 _____ () C:\WINDOWS\system32\netcfg-477078.txt
2014-09-07 19:49 - 2012-07-26 06:26 - 00061440 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-09-07 19:48 - 2012-11-06 03:15 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-09-07 19:47 - 2014-09-07 19:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-09-07 19:47 - 2014-09-07 19:47 - 00000000 ____D () C:\Program Files\Realtek
2014-09-07 19:45 - 2012-11-06 02:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-07 19:43 - 2014-09-07 19:43 - 00000117 _____ () C:\WINDOWS\system32\netcfg-113031.txt
2014-09-07 19:43 - 2014-09-07 18:54 - 00000000 ____D () C:\WINDOWS\AutoKMS
2014-09-07 19:42 - 2014-09-07 19:42 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-09-07 19:42 - 2014-09-07 19:42 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-09-07 19:42 - 2012-07-26 08:19 - 00422160 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-07 19:41 - 2014-09-07 19:41 - 00000117 _____ () C:\WINDOWS\system32\netcfg-9016531.txt
2014-09-07 19:36 - 2014-09-07 11:08 - 00000000 ____D () C:\Users\Han\AppData\Local\Deployment
2014-09-07 19:29 - 2012-11-06 02:59 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-09-07 19:27 - 2014-09-07 19:27 - 00000000 ____D () C:\Users\Han\AppData\Local\NVIDIA Corporation
2014-09-07 19:27 - 2014-09-07 19:27 - 00000000 ____D () C:\Users\Han\AppData\Local\NVIDIA
2014-09-07 19:27 - 2014-09-07 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-07 19:27 - 2012-11-06 02:59 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-07 19:27 - 2012-11-06 02:58 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-07 19:25 - 2012-11-06 03:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-07 19:16 - 2014-09-07 19:16 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-09-07 19:15 - 2012-07-26 09:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2014-09-07 19:14 - 2014-09-07 19:14 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-09-07 19:13 - 2014-09-07 19:12 - 113492816 _____ (Apple Inc.) C:\Users\Han\Downloads\iTunes64Setup.exe
2014-09-07 19:12 - 2014-09-07 19:12 - 00000000 ____D () C:\NVIDIA
2014-09-07 19:10 - 2014-09-07 19:08 - 274075712 _____ (NVIDIA Corporation) C:\Users\Han\Downloads\340.52-notebook-win8-win7-64bit-international-whql.exe
2014-09-07 18:59 - 2014-09-07 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-09-07 18:59 - 2014-09-07 18:59 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-09-07 18:56 - 2014-09-07 18:56 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Han\Downloads\TeamSpeak3-Client-win64-3.0.16.exe
2014-09-07 18:54 - 2014-09-07 18:54 - 00002436 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2014-09-07 18:54 - 2014-09-07 18:54 - 00000117 _____ () C:\WINDOWS\system32\netcfg-6204875.txt
2014-09-07 18:50 - 2014-09-07 18:50 - 00000000 ____D () C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-09-07 18:50 - 2014-09-07 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-09-07 18:50 - 2014-09-07 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-09-07 18:50 - 2014-09-07 18:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-07 18:49 - 2014-09-07 18:49 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-09-07 18:49 - 2014-09-07 18:49 - 00000000 ____D () C:\$WINDOWS.~BT
2014-09-07 18:49 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-07 18:47 - 2014-09-07 18:47 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-09-07 18:47 - 2012-08-01 16:58 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-09-07 18:46 - 2014-09-07 18:46 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-09-07 18:46 - 2014-09-07 18:46 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-09-07 18:46 - 2014-09-07 18:46 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-09-07 18:46 - 2014-09-07 18:42 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-09-07 18:44 - 2014-09-07 18:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-09-07 18:43 - 2014-09-07 18:43 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-09-07 18:43 - 2014-09-07 18:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-09-07 18:43 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-07 18:43 - 2012-07-26 06:26 - 00000191 _____ () C:\WINDOWS\win.ini
2014-09-07 18:42 - 2014-09-07 18:42 - 00000000 ____D () C:\Users\Han\AppData\Local\Microsoft Help
2014-09-07 18:42 - 2014-09-07 18:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-07 18:40 - 2014-09-07 18:40 - 00000117 _____ () C:\WINDOWS\system32\netcfg-5375953.txt
2014-09-07 18:39 - 2014-09-07 18:39 - 00001650 _____ () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ping.lnk
2014-09-07 18:39 - 2014-09-07 18:39 - 00001650 _____ () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ping (2).lnk
2014-09-07 18:04 - 2014-09-07 13:04 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 17:41 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-07 17:29 - 2014-09-07 09:40 - 00000000 ____D () C:\$SysReset
2014-09-07 17:18 - 2014-09-07 17:18 - 00000117 _____ () C:\WINDOWS\system32\netcfg-435125.txt
2014-09-07 17:18 - 2014-09-07 17:18 - 00000117 _____ () C:\WINDOWS\system32\netcfg-432265.txt
2014-09-07 17:12 - 2014-09-07 17:12 - 00000117 _____ () C:\WINDOWS\system32\netcfg-67031.txt
2014-09-07 17:10 - 2014-09-07 17:10 - 00000117 _____ () C:\WINDOWS\system32\netcfg-131718.txt
2014-09-07 17:10 - 2012-07-26 06:37 - 00000000 ____D () C:\WINDOWS\servicing
2014-09-07 17:09 - 2014-09-07 17:09 - 00000117 _____ () C:\WINDOWS\system32\netcfg-69656.txt
2014-09-07 17:08 - 2014-09-07 17:08 - 00000117 _____ () C:\WINDOWS\system32\netcfg-695171.txt
2014-09-07 16:58 - 2014-09-07 16:58 - 00000117 _____ () C:\WINDOWS\system32\netcfg-94218.txt
2014-09-07 16:56 - 2014-09-07 16:56 - 00000117 _____ () C:\WINDOWS\system32\netcfg-11375218.txt
2014-09-07 16:46 - 2014-09-07 16:43 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-07 16:43 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-07 15:52 - 2014-09-07 15:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-07 15:15 - 2014-09-07 15:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-07 15:12 - 2014-09-07 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-07 15:11 - 2014-09-07 15:11 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-07 15:03 - 2014-09-07 13:43 - 00000000 ____D () C:\AdwCleaner
2014-09-07 14:14 - 2014-09-07 11:11 - 00000000 ____D () C:\Users\Han\AppData\Roaming\uTorrent
2014-09-07 14:14 - 2012-08-01 17:50 - 00000000 ___DC () C:\WINDOWS\Panther
2014-09-07 14:09 - 2014-02-15 16:56 - 00000000 ____D () C:\Users\Han\Mining
2014-09-07 14:09 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AppCompat
2014-09-07 14:08 - 2014-09-07 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-07 13:47 - 2014-09-07 13:47 - 00000117 _____ () C:\WINDOWS\system32\netcfg-73906.txt
2014-09-07 13:46 - 2014-09-07 13:46 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1368734.txt
2014-09-07 13:46 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\addins
2014-09-07 13:45 - 2012-11-06 03:28 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-09-07 13:42 - 2014-09-07 13:42 - 01370467 _____ () C:\Users\Han\Downloads\adwcleaner_3.309.exe
2014-09-07 13:42 - 2014-09-07 13:42 - 00000000 ____D () C:\Users\Han\AppData\Local\Logitech
2014-09-07 13:42 - 2014-09-07 13:42 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-09-07 13:42 - 2014-09-07 13:41 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2014-09-07 13:39 - 2014-09-07 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-09-07 13:39 - 2014-09-07 13:39 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-09-07 13:38 - 2014-09-07 13:38 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Logitech
2014-09-07 13:38 - 2014-09-07 13:38 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Logishrd
2014-09-07 13:38 - 2014-09-07 13:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-07 13:32 - 2014-09-07 13:32 - 58423016 _____ (Logitech Inc.) C:\Users\Han\Downloads\LGS_8.55.137_x64_Logitech.exe
2014-09-07 13:24 - 2014-09-07 13:24 - 00000117 _____ () C:\WINDOWS\system32\netcfg-46734.txt
2014-09-07 13:23 - 2014-09-07 13:23 - 00000117 _____ () C:\WINDOWS\system32\netcfg-207593.txt
2014-09-07 13:20 - 2014-09-07 13:20 - 00000117 _____ () C:\WINDOWS\system32\netcfg-48515.txt
2014-09-07 13:19 - 2014-09-07 13:19 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3989859.txt
2014-09-07 13:19 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\Web
2014-09-07 13:16 - 2014-09-07 13:16 - 00014792 _____ () C:\Users\Han\Desktop\dds.txt
2014-09-07 13:16 - 2014-09-07 13:16 - 00007729 _____ () C:\Users\Han\Desktop\attach.txt
2014-09-07 13:13 - 2014-09-07 13:13 - 00688992 ____R (Swearware) C:\Users\Han\Downloads\dds.com
2014-09-07 13:04 - 2014-09-07 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-07 13:04 - 2014-09-07 13:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-07 13:04 - 2014-09-07 13:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-07 13:03 - 2014-09-07 13:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Han\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-07 13:01 - 2014-09-07 13:01 - 00002768 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-09-07 13:01 - 2014-09-07 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-07 13:01 - 2014-09-07 13:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-07 13:00 - 2012-12-27 15:21 - 00000000 ___RD () C:\Users\Han\Maintenance
2014-09-07 12:56 - 2014-09-07 12:56 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Condusiv_Technologies
2014-09-07 12:56 - 2014-09-07 12:56 - 00000000 ____D () C:\Users\Han\AppData\Local\Condusiv_Technologies
2014-09-07 12:53 - 2014-09-07 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Condusiv Technologies
2014-09-07 12:53 - 2014-09-07 12:53 - 00000000 ____D () C:\ProgramData\Condusiv Technologies
2014-09-07 12:53 - 2014-09-07 12:53 - 00000000 ____D () C:\Program Files\Common Files\Diskeeper Corporation
2014-09-07 12:53 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\Help
2014-09-07 12:52 - 2014-09-07 12:52 - 00000000 ____D () C:\Program Files\Condusiv Technologies
2014-09-07 12:51 - 2014-09-07 12:50 - 00000000 ____D () C:\Users\Han\Downloads\Diskeeper 2012 v16.0.1017 Professional Edition (32 & 64bit)
2014-09-07 12:50 - 2014-09-07 12:50 - 00017477 _____ () C:\Users\Han\Downloads\[rutracker.org].t4219398.torrent
2014-09-07 12:46 - 2014-09-07 12:43 - 00000000 ____D () C:\Users\Han\Downloads\Diskeeper Home Edition
2014-09-07 12:41 - 2014-09-07 12:41 - 00033797 _____ () C:\Users\Han\Downloads\Diskeeper Home Edition.torrent
2014-09-07 12:40 - 2014-09-07 12:40 - 00000687 _____ () C:\awh285E.tmp
2014-09-07 12:36 - 2014-09-07 12:20 - 00000000 ____D () C:\Users\Han\Downloads\Diskeeper Professional 2014 16.0.5 + Patch
2014-09-07 12:30 - 2014-09-07 12:30 - 00000000 ____D () C:\Users\Han\Documents\Quick Launch
2014-09-07 12:19 - 2014-09-07 12:19 - 00017340 _____ () C:\Users\Han\Downloads\2C1383DABC6A30883504482D312A3EF157CD3C39.torrent
2014-09-07 12:13 - 2014-09-07 12:13 - 00000117 _____ () C:\WINDOWS\system32\netcfg-43781.txt
2014-09-07 12:12 - 2014-09-07 12:11 - 00000025 _____ () C:\WINDOWS\Svchost.exe.tmp
2014-09-07 12:08 - 2014-09-07 12:08 - 00000117 _____ () C:\WINDOWS\system32\netcfg-262500.txt
2014-09-07 12:08 - 2014-09-07 12:08 - 00000000 ____D () C:\WINDOWS\pss
2014-09-07 12:03 - 2014-09-07 12:03 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3637281.txt
2014-09-07 12:03 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-07 11:59 - 2014-09-07 11:59 - 00000000 ____D () C:\Users\Han\AppData\Roaming\ESET
2014-09-07 11:59 - 2014-09-07 11:59 - 00000000 ____D () C:\Users\Han\AppData\Local\ESET
2014-09-07 11:58 - 2014-09-07 11:58 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3347953.txt
2014-09-07 11:58 - 2014-09-07 11:58 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3345031.txt
2014-09-07 11:58 - 2014-09-07 11:57 - 00000167 _____ () C:\WINDOWS\system32\netcfg-3288203.txt
2014-09-07 11:54 - 2014-09-07 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-09-07 11:54 - 2014-09-07 11:54 - 00000000 ____D () C:\ProgramData\ESET
2014-09-07 11:54 - 2014-09-07 11:54 - 00000000 ____D () C:\Program Files\ESET
2014-09-07 11:39 - 2014-09-07 11:39 - 00000000 ____D () C:\Users\Han\Downloads\ESET Smart Security 7.0.317.4 (x86x64)  + LifeTime Crack -==Eagle_ShaDow==-
2014-09-07 11:34 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-09-07 11:31 - 2014-09-07 11:31 - 00011703 _____ () C:\Users\Han\Downloads\ESET NOD32 Complete Pack Version 2014 7.0.317.4 + LifeTime Crack -==Eagle_ShaDow==- [3045315].torrent
2014-09-07 11:29 - 2014-09-07 11:29 - 00013349 _____ () C:\Users\Han\Downloads\[rutor.org]ESET Smart Security 7.0.317.4 Repack by SmokieB.torrent
2014-09-07 11:25 - 2014-09-07 11:13 - 136626988 _____ () C:\Users\Han\Downloads\eav7_offline_new.rar
2014-09-07 11:18 - 2014-09-07 11:18 - 00000000 ____D () C:\Program Files (x86)\StartIsBack
2014-09-07 11:17 - 2014-09-07 11:17 - 01362830 _____ () C:\Users\Han\Downloads\StartIsBackPlus.v1.0.5.MULTILINGUAL-CRD.rar
2014-09-07 11:17 - 2014-09-07 11:17 - 00000000 ____D () C:\Users\Han\AppData\Roaming\WinRAR
2014-09-07 11:14 - 2014-09-07 11:14 - 01141680 _____ () C:\Users\Han\Downloads\SteamSetup.exe
2014-09-07 11:13 - 2014-09-07 11:13 - 01922688 _____ () C:\Users\Han\Downloads\winrar-x64-511.exe
2014-09-07 11:13 - 2014-09-07 11:13 - 00042074 _____ () C:\Users\Han\Downloads\Eset NOD32 Antivirus 7 (x86 - x64) - Offline Installer.torrent
2014-09-07 11:13 - 2014-09-07 11:13 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-07 11:13 - 2014-09-07 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-07 11:13 - 2014-09-07 11:13 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-07 11:12 - 2014-09-07 11:12 - 00000802 _____ () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-09-07 11:11 - 2014-09-07 11:11 - 01942352 _____ (BitTorrent Inc.) C:\Users\Han\Downloads\uTorrent.exe
2014-09-07 11:08 - 2014-09-07 11:08 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-07 11:08 - 2014-09-07 11:08 - 00003640 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-07 11:08 - 2014-09-07 11:08 - 00000000 ____D () C:\Users\Han\AppData\Local\Google
2014-09-07 11:08 - 2014-09-07 11:08 - 00000000 ____D () C:\Users\Han\AppData\Local\Apps\2.0
2014-09-07 11:08 - 2014-09-07 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-07 11:08 - 2014-09-07 11:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-07 11:04 - 2014-09-07 11:04 - 00000117 _____ () C:\WINDOWS\system32\netcfg-82343.txt
2014-09-07 11:04 - 2012-11-06 03:29 - 00000000 ____D () C:\ProgramData\McAfee
2014-09-07 11:02 - 2014-09-07 11:02 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2409343.txt
2014-09-07 11:01 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-09-07 10:30 - 2014-09-07 10:30 - 00000000 ____D () C:\ProgramData\Atheros
2014-09-07 10:29 - 2014-09-07 10:29 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Atheros
2014-09-07 10:28 - 2014-09-07 10:28 - 00001441 _____ () C:\Users\Han\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-07 10:28 - 2014-09-07 10:28 - 00000000 ____D () C:\ProgramData\eBay
2014-09-07 10:28 - 2014-09-07 10:24 - 00000000 ____D () C:\Users\Han\AppData\Local\Packages
2014-09-07 10:25 - 2014-09-07 10:25 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Macromedia
2014-09-07 10:25 - 2014-09-07 10:25 - 00000000 ____D () C:\Users\Han\AppData\Roaming\Adobe
2014-09-07 10:24 - 2014-09-07 10:24 - 00000000 ____D () C:\Users\Han\AppData\Local\VirtualStore
2014-09-07 10:24 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-07 10:23 - 2014-09-07 10:23 - 00000117 _____ () C:\WINDOWS\system32\netcfg-102890.txt
2014-09-07 10:23 - 2014-09-07 10:23 - 00000020 ___SH () C:\Users\Han\ntuser.ini
2014-09-07 10:21 - 2014-09-07 10:21 - 00000117 _____ () C:\WINDOWS\system32\netcfg-351562.txt
2014-09-07 10:20 - 2014-09-07 10:20 - 00000117 _____ () C:\WINDOWS\system32\netcfg-286265.txt
2014-09-07 10:20 - 2014-09-07 10:20 - 00000117 _____ () C:\WINDOWS\system32\netcfg-285703.txt
2014-09-07 10:19 - 2014-09-07 10:19 - 00000117 _____ () C:\WINDOWS\system32\netcfg-230234.txt
2014-09-07 10:19 - 2014-09-07 10:19 - 00000117 _____ () C:\WINDOWS\system32\netcfg-227187.txt
2014-09-07 10:19 - 2014-09-07 10:19 - 00000117 _____ () C:\WINDOWS\system32\netcfg-227156.txt
2014-09-07 10:19 - 2014-09-07 10:19 - 00000117 _____ () C:\WINDOWS\system32\netcfg-224343.txt
2014-09-07 10:19 - 2014-09-07 10:17 - 00049533 _____ () C:\WINDOWS\diagwrn.xml
2014-09-07 10:19 - 2014-09-07 10:17 - 00049533 _____ () C:\WINDOWS\diagerr.xml
2014-09-07 10:19 - 2014-09-07 10:17 - 00000000 ____D () C:\Users\Test
2014-09-07 10:19 - 2014-09-07 10:17 - 00000000 ____D () C:\Users\DefaultAppPool
2014-09-07 10:19 - 2014-09-07 10:17 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-09-07 10:19 - 2014-09-07 10:17 - 00000000 ____D () C:\Users\.NET v2.0 Classic
2014-09-07 10:19 - 2014-09-07 10:17 - 00000000 ____D () C:\Users\.NET v2.0
2014-09-07 10:19 - 2012-07-26 09:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-07 10:19 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2014-09-07 10:18 - 2014-09-07 10:18 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-09-07 10:17 - 2014-09-07 10:17 - 00000117 _____ () C:\WINDOWS\system32\netcfg-92156.txt
2014-09-06 20:32 - 2014-09-06 20:32 - 31013800 _____ (Oracle Corporation) C:\Users\Han\Downloads\jre-7u67-windows-x64.exe
2014-09-06 18:36 - 2014-09-06 18:36 - 00000000 ____D () C:\Users\Han\Intel
2014-09-06 18:36 - 2014-09-06 18:35 - 11585520 _____ (Intel Corporation) C:\Users\Han\Downloads\SetupRST.exe
2014-09-06 18:35 - 2014-09-06 18:35 - 00387901 _____ () C:\Users\Han\Downloads\f6flpy-x64.zip
2014-09-06 17:15 - 2014-09-06 14:54 - 125683715 _____ (Realtek Semiconductor Corp.) C:\Users\Han\Downloads\64bit_Win7_Win8_Win81_R275.exe
2014-09-05 20:41 - 2014-09-05 20:41 - 04901352 _____ (Piriform Ltd) C:\Users\Han\Downloads\ccsetup417.exe
2014-09-04 20:25 - 2014-09-04 20:25 - 01674864 _____ () C:\Users\Han\Downloads\wwwwwwwwwwwwwww.7z
2014-09-03 19:29 - 2013-01-25 17:58 - 00000000 ___RD () C:\Users\Han\Clearing House
2014-09-02 19:28 - 2014-09-02 19:28 - 01928550 _____ () C:\Users\Han\Downloads\HoxHud P6 Self-installer.exe
2014-08-29 22:01 - 2014-08-29 22:01 - 06052529 _____ (Tim Kosse) C:\Users\Han\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-28 19:03 - 2014-08-28 19:03 - 00027312 _____ () C:\Users\Han\Downloads\pixel-sagas_quantum.zip
2014-08-28 18:46 - 2014-08-28 18:46 - 00734751 _____ () C:\Users\Han\Downloads\businessman_pack03.zip
2014-08-28 18:28 - 2014-08-28 18:28 - 00082169 _____ () C:\Users\Han\Downloads\businessmen-silhouettes.zip
2014-08-28 18:03 - 2014-08-28 18:03 - 01588532 _____ () C:\Users\Han\Downloads\office_people_silhouettes_58282.zip
2014-08-28 17:47 - 2014-08-28 17:47 - 01443262 _____ () C:\Users\Han\Downloads\businessman_vectors_58710.zip
2014-08-28 17:45 - 2014-08-28 17:45 - 00642563 _____ () C:\Users\Han\Downloads\business_men_silhouettes_58311.zip
2014-08-25 21:32 - 2014-08-25 21:32 - 00224840 _____ () C:\Users\Han\Downloads\good-.tiff
2014-08-22 21:47 - 2012-12-29 15:49 - 00000000 ____D () C:\Users\Han\Documents\Biopanda
2014-08-16 14:51 - 2014-08-16 14:51 - 01058200 _____ (Adobe) C:\Users\Han\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
 
Files to move or delete:
====================
C:\Users\Han\dtwpc.dat
C:\Users\Han\fg740p.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2012-08-01 16:51
 
==================== End Of Log ============================
 
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Han at 2014-09-09 17:31:08
Running from C:\Users\Han\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.33497 - BitTorrent Inc.)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Outlook Addin 2010 (HKCU\...\BB108A893815B64BF41C4574C3324FB7371AA244) (Version: 1.0.0.0 - Microsoft)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)
Diskeeper 12 (HKLM\...\{1A6D6767-B771-4752-81C2-1CC30BE941BA}) (Version: 16.0.1017.64 - Condusiv Technologies)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version:  - Larian Studios)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
EMET 5.0 (HKLM-x32\...\{FDDEBC40-9491-4978-8EF7-3FABA86595FB}) (Version: 5.0 - Microsoft Corporation)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
ESET Smart Security (HKLM\...\{5E6F6CE8-1A35-4629-A550-376D4FF74F9B}) (Version: 7.0.317.4 - ESET, spol s r. o.)
f.lux (HKCU\...\Flux) (Version:  - )
Gang Beasts (HKLM-x32\...\Steam App 285900) (Version:  - Boneloaf)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HydraIRC (HKLM-x32\...\HydraIRC) (Version: 0.3.165 - Hydra Productions)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intelligent Touchpad (HKLM-x32\...\{DD7D6D84-93AB-48CA-A759-94324E341CBA}) (Version: 2.00.0012.0723 - Lenovo)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro)
Lenovo MuteSync (HKLM-x32\...\{16D5D9E9-C8DE-4014-A09C-B9B5ABA0F7FA}) (Version: 1.0.10 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-0081-0409-1000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Nidhogg (HKLM-x32\...\Steam App 94400) (Version:  - Messhof)
NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.0.9 - Lenovo)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StartIsBack (HKLM-x32\...\StartIsBack) (Version: 2.1.2 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
08-09-2014 17:53:38 Installed Microsoft Outlook Hotmail Connector 64-bit
08-09-2014 18:00:06 Installed Java 7 Update 67
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 06:26 - 2014-09-09 14:08 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1AF2D588-BBFC-48D5-822C-9C6DE2828EFD} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {30ACC39C-D6B2-463E-AA3C-5F08B6027307} - System32\Tasks\AutoKMS => C:\windows\AutoKMS\AutoKMS.exe [2014-09-07] ()
Task: {3FF64B3C-0496-4920-9BE2-C7005BEB1749} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-07] (Google Inc.)
Task: {449DBD2C-D496-4A82-8932-E57352CB7854} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {51F8AB57-C6E8-4EC1-8C7C-A710FE5D9BFE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5635039C-40CC-476E-8C5A-0BB86F28B11E} - System32\Tasks\{4646CC40-4C38-4ADD-BFED-0E26D3F5A9D3} => Chrome.exe http://ui.skype.com/ui/0/6.20.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {58CFE2E9-E3E0-49F3-961D-BA3F9843820E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-07] (Google Inc.)
Task: {5EE0BCF9-876C-4E12-BD8C-72EDBC99D829} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-31] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {ABCE92D5-C859-4A71-B05C-F991D40669C7} - System32\Tasks\Microsoft\Windows\SysResetLogSuccess => Rundll32.exe ResetEng.dll,RjvLogSuccessEntryPoint
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F2E3F1D1-27FE-46B6-9ADB-374C37ED5E31} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS\AutoKMS.exe [2014-09-07] ()
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-30 19:11 - 2014-07-30 19:11 - 00166032 _____ () C:\Program Files (x86)\EMET 5.0\HelperLib.dll
2014-07-30 19:11 - 2014-07-30 19:11 - 00027784 _____ () C:\Program Files (x86)\EMET 5.0\ReportingSubsystem.dll
2014-07-30 19:11 - 2014-07-30 19:11 - 00061576 _____ () C:\Program Files (x86)\EMET 5.0\PKIPinningSubsystem.dll
2012-11-06 02:58 - 2014-07-02 21:48 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-11-06 02:59 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-07 12:47 - 2014-09-07 12:47 - 03140096 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-22 09:14 - 2012-08-21 08:58 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-20 06:55 - 2012-08-20 06:55 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-07-26 03:20 - 2012-07-26 03:19 - 00134144 __RSH () C:\Users\Han\AppData\Roaming\Microsoft\Windows\IEUpdate\wuapp.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-07 15:11 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-07 15:11 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-07 15:11 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-07 15:11 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-07 15:11 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-11-06 02:53 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-11-06 02:58 - 2014-07-02 21:48 - 00013272 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-09-07 11:08 - 2014-08-30 03:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-07 11:08 - 2014-08-30 03:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-07 11:08 - 2014-08-30 03:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-07 11:08 - 2014-08-30 03:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-07 11:08 - 2014-08-30 03:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Han\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "OnekeyStudio"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "SDTray"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/09/2014 01:47:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x2ed0
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3
Faulting package full name: mtee.3XE4
Faulting package-relative application ID: mtee.3XE5
 
Error: (09/09/2014 01:46:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x24b0
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3
Faulting package full name: mtee.3XE4
Faulting package-relative application ID: mtee.3XE5
 
Error: (09/09/2014 01:45:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x22f4
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3
Faulting package full name: mtee.3XE4
Faulting package-relative application ID: mtee.3XE5
 
Error: (09/09/2014 01:45:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x224c
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3
Faulting package full name: mtee.3XE4
Faulting package-relative application ID: mtee.3XE5
 
Error: (09/09/2014 01:45:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x1fec
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3
Faulting package full name: mtee.3XE4
Faulting package-relative application ID: mtee.3XE5
 
Error: (09/09/2014 01:45:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x2cec
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3
Faulting package full name: mtee.3XE4
Faulting package-relative application ID: mtee.3XE5
 
Error: (09/09/2014 01:45:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x14f4
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3
Faulting package full name: mtee.3XE4
Faulting package-relative application ID: mtee.3XE5
 
Error: (09/09/2014 01:44:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x1670
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3
Faulting package full name: mtee.3XE4
Faulting package-relative application ID: mtee.3XE5
 
Error: (09/09/2014 01:44:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x1a5c
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3
Faulting package full name: mtee.3XE4
Faulting package-relative application ID: mtee.3XE5
 
Error: (09/09/2014 01:44:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x1b8c
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3
Faulting package full name: mtee.3XE4
Faulting package-relative application ID: mtee.3XE5
 
 
System errors:
=============
Error: (09/09/2014 05:25:29 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (09/09/2014 02:06:59 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000004, 0x000000000000012c, 0xfffffa8010582300, 0xfffff880009bd800)C:\WINDOWS\MEMORY.DMP090914-66468-01
 
Error: (09/09/2014 02:05:28 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (09/09/2014 01:59:32 PM) (Source: DCOM) (EventID: 10010) (User: Karla)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (09/09/2014 01:59:32 PM) (Source: DCOM) (EventID: 10010) (User: Karla)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (09/09/2014 01:59:32 PM) (Source: DCOM) (EventID: 10010) (User: Karla)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (09/09/2014 01:57:06 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/09/2014 01:56:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/09/2014 01:39:30 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/09/2014 10:32:56 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
 
 
Microsoft Office Sessions:
=========================
Error: (09/09/2014 01:47:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mtee.3XE2.0.0.03f4d232amtee.3XE2.0.0.03f4d232ac0000005000028332ed001cfcc2c38180648C:\ComboFix\mtee.3XEC:\ComboFix\mtee.3XE75d06306-381f-11e4-be83-089e0133e2b3
 
Error: (09/09/2014 01:46:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mtee.3XE2.0.0.03f4d232amtee.3XE2.0.0.03f4d232ac00000050000283324b001cfcc2c07aba9c7C:\ComboFix\mtee.3XEC:\ComboFix\mtee.3XE45600e31-381f-11e4-be83-089e0133e2b3
 
Error: (09/09/2014 01:45:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mtee.3XE2.0.0.03f4d232amtee.3XE2.0.0.03f4d232ac00000050000283322f401cfcc2bfd2465a6C:\ComboFix\mtee.3XEC:\ComboFix\mtee.3XE3ad806d2-381f-11e4-be83-089e0133e2b3
 
Error: (09/09/2014 01:45:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mtee.3XE2.0.0.03f4d232amtee.3XE2.0.0.03f4d232ac000000500002833224c01cfcc2bfc4a5b74C:\ComboFix\mtee.3XEC:\ComboFix\mtee.3XE39fe71b1-381f-11e4-be83-089e0133e2b3
 
Error: (09/09/2014 01:45:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mtee.3XE2.0.0.03f4d232amtee.3XE2.0.0.03f4d232ac0000005000028331fec01cfcc2bfb439480C:\ComboFix\mtee.3XEC:\ComboFix\mtee.3XE38f82007-381f-11e4-be83-089e0133e2b3
 
Error: (09/09/2014 01:45:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mtee.3XE2.0.0.03f4d232amtee.3XE2.0.0.03f4d232ac0000005000028332cec01cfcc2bfa3be2b6C:\ComboFix\mtee.3XEC:\ComboFix\mtee.3XE37f5ed6b-381f-11e4-be83-089e0133e2b3
 
Error: (09/09/2014 01:45:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mtee.3XE2.0.0.03f4d232amtee.3XE2.0.0.03f4d232ac00000050000283314f401cfcc2bf210cf67C:\ComboFix\mtee.3XEC:\ComboFix\mtee.3XE2fc337ac-381f-11e4-be83-089e0133e2b3
 
Error: (09/09/2014 01:44:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mtee.3XE2.0.0.03f4d232amtee.3XE2.0.0.03f4d232ac000000500002833167001cfcc2bc414cb30C:\ComboFix\mtee.3XEC:\ComboFix\mtee.3XE01c956ab-381f-11e4-be83-089e0133e2b3
 
Error: (09/09/2014 01:44:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mtee.3XE2.0.0.03f4d232amtee.3XE2.0.0.03f4d232ac0000005000028331a5c01cfcc2bc198b101C:\ComboFix\mtee.3XEC:\ComboFix\mtee.3XEff50232f-381e-11e4-be83-089e0133e2b3
 
Error: (09/09/2014 01:44:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mtee.3XE2.0.0.03f4d232amtee.3XE2.0.0.03f4d232ac0000005000028331b8c01cfcc2bbdea2465C:\ComboFix\mtee.3XEC:\ComboFix\mtee.3XEfb9c1765-381e-11e4-be83-089e0133e2b3
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 24%
Total physical RAM: 8052.91 MB
Available physical RAM: 6078.01 MB
Total Pagefile: 16244.91 MB
Available Pagefile: 13952.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:350.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7FDB3270)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#15 AngryHan

AngryHan
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 09 September 2014 - 03:25 PM

I keep seeing a wuapp.exe in my task manager that uses around 30% of my cpu, and goes up to like 2GB of memory. When I kill it, it always comes back after a few minutes






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users