jpmil

All processes killed ========== FILES ========== C:\Users\Walter\AppData\Local\{132C60DD-1177-11E2-8271-B8AC6F996F26}\chrome\content\browser.xul moved successfully. C:\Users\Walter\Downloads\google translate desktop setup.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Walter ->Temp folder emptied: 520415 bytes ->Temporary Internet Files folder emptied: 51282712 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 602 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 608 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 49.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 09112013_180238 Files\Folders moved on Reboot... C:\Users\Walter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAKWJS96\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAKWJS96\fastbutton[1].htm moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAKWJS96\like[1].htm moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAKWJS96\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAKWJS96\xd_arbiter[1].htm moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5S471GDU\malwarebytes_org[1].htm moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B7VDWLC\index[3].htm moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B7VDWLC\postmessageRelay[1].htm moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B7VDWLC\sunday[1].htm moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1A0MOVM7\xd_arbiter[1].htm moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...

All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91397D20-1446-11D4-8AF4-0040CA1127B6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000000 deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\$talisma_url$\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blank\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully. Starting removal of ActiveX control Garmin Communicator Plug-In Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. File Protocol\Handler\livecall - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. File Protocol\Handler\msnim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully. File Protocol\Handler\skype4com - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmtbim\ deleted successfully. File Protocol\Handler\tmtbim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. File Protocol\Handler\wlpg - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. C:\Windows\msdownld.tmp folder deleted successfully. C:\Users\Walter\Desktop\~WRL2552.tmp deleted successfully. ========== FILES ========== C:\FRST\Quarantine folder moved successfully. C:\FRST\Logs folder moved successfully. C:\FRST\Hives\Users\00000002 folder moved successfully. C:\FRST\Hives\Users\00000001 folder moved successfully. C:\FRST\Hives\Users folder moved successfully. C:\FRST\Hives folder moved successfully. C:\FRST folder moved successfully. C:\Users\Walter\Desktop\FRST64.exe moved successfully. C:\Windows\SWREG.exe moved successfully. C:\Windows\SWSC.exe moved successfully. C:\Windows\PEV.exe moved successfully. C:\Windows\MBR.exe moved successfully. C:\Windows\sed.exe moved successfully. C:\Windows\grep.exe moved successfully. File\Folder C:\Windows\zip.exews\NIRCMD.exe not found. C:\Windows\erdnt\Hiv-backup\Users\00000004 folder moved successfully. C:\Windows\erdnt\Hiv-backup\Users\00000003 folder moved successfully. C:\Windows\erdnt\Hiv-backup\Users\00000002 folder moved successfully. C:\Windows\erdnt\Hiv-backup\Users\00000001 folder moved successfully. C:\Windows\erdnt\Hiv-backup\Users folder moved successfully. C:\Windows\erdnt\Hiv-backup folder moved successfully. C:\Windows\erdnt\cache86 folder moved successfully. C:\Windows\erdnt\cache64 folder moved successfully. C:\Windows\erdnt folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Walter ->Temp folder emptied: 458968 bytes ->Temporary Internet Files folder emptied: 84529034 bytes ->Java cache emptied: 1780350 bytes ->Google Chrome cache emptied: 380728895 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 799 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1216 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95336 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 446.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 09112013_115506 Files\Folders moved on Reboot... C:\Users\Walter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U47YVRJA\postmessageRelay[1].htm moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U47YVRJA\xd_arbiter[1].htm moved successfully. File\Folder C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JZZIPME6\like[1].htm not found! C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB9RGWA6\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB9RGWA6\malwarebytes_org[1].htm moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB9RGWA6\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO9BF0ET\sunday[1].htm moved successfully. File\Folder C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO9BF0ET\webscr[1].htm not found! C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ANFKS51E\xd_arbiter[1].htm moved successfully. File\Folder C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T36EQ69\fastbutton[1].htm not found! C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T36EQ69\index[3].htm moved successfully. C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... C:\Users\Walter\AppData\Local\{132C60DD-1177-11E2-8271-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NCL trojan C:\Users\Walter\Downloads\google translate desktop setup.exe a variant of Win32/Soft32Downloader.D application

OTL Extras logfile created on: 9/11/2013 1:27:07 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Walter\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16660) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 23.99 Gb Total Physical Memory | 20.89 Gb Available Physical Memory | 87.06% Memory free 47.98 Gb Paging File | 44.74 Gb Available in Paging File | 93.25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 238.47 Gb Total Space | 25.61 Gb Free Space | 10.74% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 5.46 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: WALTER-PC | User Name: Walter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{040283FA-4AA7-45BE-B6BD-6F3988146ABA}" = rport=80 | protocol=6 | dir=out | app=c:\users\walter\appdata\local\warframe\downloaded\public\warframe.x64.exe | "{2F46F387-197A-4A40-8765-D88B72774CBF}" = lport=58342 | protocol=6 | dir=in | name=pando media booster | "{3BD6528A-4D47-4F4F-828A-F3A179F455DE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{4267E6B5-CDE6-4C02-946D-ADB9FA186D70}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{8083B650-0A8A-4078-94BE-FA27F4EADEFD}" = lport=58342 | protocol=17 | dir=in | name=pando media booster | "{84477676-EFED-4187-BD14-3DEAE459139C}" = rport=80 | protocol=6 | dir=out | app=c:\users\walter\appdata\local\warframe\downloaded\public\tools\launcher.exe | "{BD8E12B3-6A98-4B10-81F7-31D04341CC49}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{DD16FC29-B92E-4EC5-A7B0-A5137433A4A2}" = lport=58342 | protocol=17 | dir=in | name=pando media booster | "{FE6B4282-E5F4-44D9-B83B-EAFE4D05A438}" = lport=58342 | protocol=6 | dir=in | name=pando media booster | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B596893-94D1-445C-871A-75B8EB1E52BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0D6CA1C4-2FE6-4E9D-8260-F1066D4A0D76}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{26FE1525-0527-4EE3-BBB3-4E8234965F1F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2770E9FD-AE04-42D7-A523-12E987F44DBE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{330EB8B0-4CA4-4897-84AB-AB50DBA200E3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{371757D4-4849-44BA-8750-843AAC0F73FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{46B5DA2E-6097-460D-93F3-96868BD0C030}" = protocol=17 | dir=in | app=c:\program files (x86)\time warner cable\twc wifi\twc wifi.exe | "{485660EA-2E46-47E4-9A50-2D65A446570C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{53367BD5-DE2F-49E3-B26B-B488D9C289BF}" = protocol=6 | dir=in | app=c:\users\walter\appdata\local\google\google talk plugin\googletalkplugin.exe | "{5707EC0F-FD96-4D40-8BBB-5E89A4506FE3}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{587511B2-73B7-4CC2-AAD6-573B09338438}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{65A209F0-B8CA-43DC-87BB-6FFB6147F309}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{66AACD95-E204-444A-9E07-49B07010BFB8}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{69616D86-D4F3-41E9-AE80-BDE6B5717954}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{6E6F8A04-CE8D-4905-B591-02D3BF3376EA}" = dir=in | app=c:\program files (x86)\time warner cable\twc wifi\twc wifi.exe | "{6F5F2F3C-C41C-4168-9966-DE90FA270427}" = protocol=17 | dir=in | app=c:\users\walter\appdata\roaming\dropbox\bin\dropbox.exe | "{734BF6C6-193E-48F2-9DFF-EC394D16E53F}" = protocol=17 | dir=in | app=c:\users\walter\appdata\local\warframe\downloaded\public\warframe.x64.exe | "{7A105893-0221-44ED-A1D6-C03D4DAB3334}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "{7AB6742A-EF31-4C61-A64A-4FAE73E5E25A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{81CBB9E5-D654-47B1-B8C3-912324482788}" = protocol=17 | dir=out | app=c:\users\walter\appdata\local\warframe\downloaded\public\warframe.x64.exe | "{8B0209D1-9D27-4FDE-A751-97D74B5F6E93}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{8FAB3A9B-B6B1-48EF-8EF6-603124C9CD64}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{9119C547-306A-48FE-A7FB-2B7C2D819988}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{91DA6CCF-2D18-467D-B7A9-21DABA8693B8}" = protocol=6 | dir=in | app=c:\users\walter\appdata\roaming\dropbox\bin\dropbox.exe | "{968399A0-0807-4343-95BB-35A9DD74C9DC}" = protocol=17 | dir=in | app=c:\users\walter\appdata\local\google\google talk plugin\googletalkplugin.exe | "{9DE15D02-EE13-469E-A743-ED5FFD970DE5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{9FED901C-4EFC-4128-A54B-DB0F6F563FE1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{A113DE94-34DF-46D3-83A0-0B35CAB2493D}" = protocol=17 | dir=in | app=c:\program files (x86)\time warner cable\twc wifi\twc wifi.exe | "{A5C6BCA3-E6E4-4BF9-92C2-AD4BB9802773}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{A6B86391-FF71-43BD-BAE8-5C124B673A39}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2oa.exe | "{B2EA9976-EA17-4C57-B00D-68736B5464DF}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2oa.exe | "{B5700B95-16C0-4CC5-B1E1-97FEA88B3D27}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B607DA71-F7AE-472E-9746-DFB3E5B34575}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{BAB8FB32-AD09-473E-ACEC-54B2837DE38D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BEA6359C-4479-47A6-B9B3-B5773CE1AB79}" = protocol=6 | dir=in | app=c:\program files (x86)\time warner cable\twc wifi\twc wifi.exe | "{C07C6403-158D-4AEE-B54D-190253806FEC}" = protocol=6 | dir=in | app=c:\program files (x86)\time warner cable\twc wifi\twc wifi.exe | "{C3CDBFEC-E6D2-4C9C-8C06-0B5DF1BCF3B8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{C68CD279-2796-4DA6-8D2A-CD4D347050C8}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "{D08DEC3D-FE08-42E4-85BB-B2BDCB0CDD0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{D15A701B-A21E-4325-BA49-88F501557430}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D58FEC76-2883-4345-9C07-68750D55E68D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{DF79C5A8-75F9-4365-BDAC-B26151D982A4}" = dir=in | app=c:\users\walter\appdata\local\microsoft\skydrive\skydrive.exe | "{DF95E601-B24A-42E8-A267-085F0A41CF5F}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2.exe | "{F3158922-FC9A-44C6-B6B1-2BB589A42BB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{FA50310A-3FEC-4C1F-B023-58FC5D0D460B}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2.exe | "TCP Query User{2B15BEED-1779-4726-8E0C-B46B31FC4034}C:\users\walter\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\walter\documents\arma 2\expansion\beta\arma2oa.exe | "TCP Query User{33B9879B-ADDA-4B7E-9EF9-E6D7E4FA5AE4}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{5769BE5A-0844-4132-AA80-BC31C6A17A43}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "TCP Query User{5FB49085-AEEC-46FE-9436-2A26B911788F}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "TCP Query User{AB09EF4A-DBC3-4073-8ED3-9D677EC75D1A}C:\users\walter\appdata\local\warframe\downloaded\public\warframe.x64.exe" = protocol=6 | dir=in | app=c:\users\walter\appdata\local\warframe\downloaded\public\warframe.x64.exe | "TCP Query User{D622D6DB-ECD2-4738-ADF0-5401FB24E703}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "TCP Query User{F2CC4D91-0BD6-43DF-9039-619174056591}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | "TCP Query User{F341A90C-A51B-4E7D-8B06-962B01B42FBA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{0CF065DD-D91D-4FB2-B4AE-7DAFA9AFAD02}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{36708350-7285-4B70-82E7-996D9B96E9F3}C:\users\walter\appdata\local\warframe\downloaded\public\warframe.x64.exe" = protocol=17 | dir=in | app=c:\users\walter\appdata\local\warframe\downloaded\public\warframe.x64.exe | "UDP Query User{550B98EA-9FAD-449B-8557-5CC2537A0CB5}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "UDP Query User{58EA7CBE-04BF-495A-804A-9CB422CC6CCE}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "UDP Query User{62D17A67-D481-447E-9A43-D8AA95E1ED8B}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "UDP Query User{A1847177-C9AC-48FD-9EDB-77893ADFF4C4}C:\users\walter\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\walter\documents\arma 2\expansion\beta\arma2oa.exe | "UDP Query User{BE191B43-3429-4B27-A045-429AD8772600}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{E5A2F524-773E-4098-8FCB-689097C6428C}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{4224C58B-0A19-8C66-0897-700775DB3A19}" = AMD Catalyst Install Manager "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8424B163-D1E0-48B7-88A2-C7A61767B3D7}" = Microsoft SQL Server Compact 4.0 x64 ENU "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-002A-0419-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Russian) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{90CB7AF3-1219-1C56-83E1-99286793D350}" = ccc-utility64 "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium "{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{BFB9CC78-4542-4C4E-44F4-C33C70F61094}" = AMD Media Foundation Decoders "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F65A4306-D971-407B-0A8F-D8E3F200971E}" = AMD Wireless Display v3.0 "{F98BDD51-A432-0A50-9FCB-2315F19F579D}" = AMD Drag and Drop Transcoding "CCleaner" = CCleaner "EPSON WF-2540 Series" = EPSON WF-2540 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinDjView" = WinDjView 2.0.1 "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{10CC0A29-A014-AB9F-BC28-B1E467F74586}" = CCC Help English "{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{18CB9BC6-595D-0ABC-EEF2-61D686446E25}" = CCC Help Hungarian "{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet "{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.7 "{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources "{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.9 "{259538CF-28DE-4A33-811D-E044DE698A93}" = Warframe "{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java 6 Update 37 "{2DFDD53C-AB31-9487-AE13-A7812E86138A}" = CCC Help Dutch "{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{38062962-8248-0B1F-2AF8-533581E21A43}" = CCC Help Greek "{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{3EADA474-926C-4440-BEAA-F0FF9F11325B}" = CCC Help Italian "{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = The Sims™ 3 Create a Pattern Tool "{44F72193-F59C-4303-BAE8-E3E4BC1C122C}" = Epson Event Manager "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{55833E1D-38A3-3BAC-ED58-64B8A9AA5A94}" = CCC Help Danish "{593E4E45-16B7-DF4E-DCD7-737DBB15184C}" = CCC Help Turkish "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{62C0CBD1-9CCB-C171-A1E8-D3D0E2FD7763}" = CCC Help Polish "{65761BAE-11E8-48FE-B30F-1F01011AB906}" = The Sims™ 3 Create a World Tool - Beta "{66396BEB-6324-9507-0385-726F7077B52F}" = CCC Help Norwegian "{667896F3-B39A-C83E-8194-0CD386C8486A}" = Catalyst Control Center Graphics Previews Common "{69039A13-9ABB-4264-A570-0023FB2D4F18}" = ArcSoft MediaConverter 7.5 "{690883B6-F592-E486-AAAD-F2CE72507A83}" = CCC Help Portuguese "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6AA54C87-0696-52B9-17C5-6398B9ECEE7E}" = CCC Help Chinese Standard "{6DC3A9B0-1C97-42BA-382F-457218ABBC48}" = CCC Help Finnish "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in "{7AA8BDDA-71B5-33EF-8D92-C658527D0B6F}" = CCC Help Korean "{7FAA19D2-3CF3-4FF6-9746-C0B8DB88757D}" = Vuze Remote Toolbar v7.6 "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8536F1C3-6658-CCAC-8040-CA130786DFF1}" = CCC Help Japanese "{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer "{8840FA46-5582-3332-CF12-589B018A25F2}" = CCC Help Thai "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8B29685B-F8C7-6C56-E6D1-EDC70FC26B78}" = Catalyst Control Center InstallProxy "{8DB73DEA-5E56-7F08-3305-0A75CFEBC714}" = Catalyst Control Center Localization All "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0419-0000-0000000FF1CE}" = Microsoft Office Access MUI (Russian) 2010 "{90140000-0015-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0419-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Russian) 2010 "{90140000-0016-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0017-0419-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Russian) 2010 "{90140000-0017-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{E92D5B1E-D2F2-4F1C-B2B3-247C2D4DAB27}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0419-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Russian) 2010 "{90140000-0018-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0419-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Russian) 2010 "{90140000-0019-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0419-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Russian) 2010 "{90140000-001A-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0419-0000-0000000FF1CE}" = Microsoft Office Word MUI (Russian) 2010 "{90140000-001B-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010 "{90140000-001F-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{DD6E7CDF-BDFF-43CF-8CCE-84FBEC5ABB77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2010 "{90140000-001F-0422-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{C8998656-7C0A-417B-A5AC-5ABF2E34DDD7}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0419-1000-0000000FF1CE}_Office14.OMUI.ru-ru_{6918D8EF-5CF6-44C8-A02E-A87EE19C0C1B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0419-0000-0000000FF1CE}" = Microsoft Office Proofing (Russian) 2010 "{90140000-002C-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{A467FAE2-79B5-4E96-BE95-0623A86683C8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0419-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Russian) 2010 "{90140000-0044-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0419-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Russian) 2010 "{90140000-006E-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{F911AB06-002C-42A4-8AD9-F3D72B05DE4B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0419-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Russian) 2010 "{90140000-00A1-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0419-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Russian) 2010 "{90140000-00BA-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0100-0419-0000-0000000FF1CE}" = Microsoft Office O MUI (Russian) 2010 "{90140000-0100-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{D45270B6-9ECB-48D3-ABC4-DA8EDF361396}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1) "{90140000-0101-0419-0000-0000000FF1CE}" = Microsoft Office X MUI (Russian) 2010 "{90140000-0101-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{67C2DDA0-5C64-4D8B-ACE1-E59E1E224DD5}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit "{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B0B282B-06AC-F41D-0216-314ABFD89812}" = CCC Help French "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A737E18A-5171-40D0-8034-7DD243420081}" = Software Updater "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7) "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{BF548270-367E-DDEC-85F2-622C922C1206}" = CCC Help Spanish "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C22F2403-B438-CD79-9C46-1BAEFD929B6A}" = AMD Catalyst Control Center "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CCBDF6E1-A8DE-C06D-19A5-556B54ADA254}" = CCC Help Swedish "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D392B004-73F0-7B76-03DE-D9BA33885A9A}" = CCC Help Russian "{D4378A80-C713-11DF-9399-005056C00008}" = Paragon Migrate OS to SSD™ "{D6807091-A72E-9C5E-7678-4CC8B4B19471}" = CCC Help German "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{D7F3EEAD-183C-47DE-BDC5-593539573F97}" = Play withSIX "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EB38C3E0-4863-3123-9114-5BE86EC8E5C7}" = Google Talk Plugin "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{EE680C8E-23FE-4717-A2B8-E99878A7C0AE}" = Punto Switcher 3.2.9 "{F0848023-FB59-8C92-E62E-31F58EDD54DA}" = CCC Help Chinese Traditional "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{F5EFCF65-EB44-CE97-E019-13E3289C9B10}" = CCC Help Czech "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery "{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15 "Anki" = Anki "ArmA 2" = ArmA 2 Uninstall "ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall "Audacity_is1" = Audacity 2.0 "AudibleManager" = AudibleManager "BattlEye for A2" = BattlEye Uninstall "BattlEye for OA" = BattlEye for OA Uninstall "DAEMON Tools Lite" = DAEMON Tools Lite "DokanLibrary" = Dokan Library 0.6.0 "EPSON Connect_is1" = EPSON Connect version 1.0 "EPSON Scanner" = EPSON Scan "EVE" = EVE Online (remove only) "EVEMon" = EVEMon "FileZilla Client" = FileZilla Client 3.6.0.2 "Homeworld2 Demo" = Homeworld2 Demo "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Oblivion Gold_is1" = "Oblivion ÇÎËÎÒÎÅ ÈÇÄÀÍÈÅ" âåðñèè 1.2.0416 "Office14.OMUI.ru-ru" = Microsoft Office Language Pack 2010 - Russian/русский "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Origin" = Origin "Pen Tablet Driver" = Bamboo "Pidgin" = Pidgin "SpeedFan" = SpeedFan (remove only) "Steam App 72850" = The Elder Scrolls V: Skyrim "TechPowerUp GPU-Z" = TechPowerUp GPU-Z "TWC WiFi_is1" = TWC WiFi "VLC media player" = VLC media player 2.0.3 "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "Define Ext" = Define Ext "Dropbox" = Dropbox "JNLP" = JNLP "SkyDriveSetup.exe" = Microsoft SkyDrive "YandexBrowser" = Yandex ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 9/9/2013 4:29:31 PM | Computer Name = Walter-PC | Source = WinMgmt | ID = 10 Description = Error - 9/9/2013 4:58:26 PM | Computer Name = Walter-PC | Source = WinMgmt | ID = 10 Description = Error - 9/9/2013 5:04:43 PM | Computer Name = Walter-PC | Source = WinMgmt | ID = 10 Description = Error - 9/10/2013 3:21:03 AM | Computer Name = Walter-PC | Source = Application Hang | ID = 1002 Description = The program IEXPLORE.EXE version 10.0.9200.16660 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e74 Start Time: 01ceadf5626026ba Termination Time: 16 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error - 9/10/2013 1:36:03 PM | Computer Name = Walter-PC | Source = WinMgmt | ID = 10 Description = Error - 9/10/2013 2:16:36 PM | Computer Name = Walter-PC | Source = WinMgmt | ID = 10 Description = Error - 9/10/2013 2:51:19 PM | Computer Name = Walter-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 9/10/2013 8:25:37 PM | Computer Name = Walter-PC | Source = WinMgmt | ID = 10 Description = Error - 9/11/2013 12:58:32 AM | Computer Name = Walter-PC | Source = Application Hang | ID = 1002 Description = The program TS3SP03.exe version 0.1.0.1089 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: f84 Start Time: 01ceaeab7a1677b2 Termination Time: 22 Application Path: C:\Program Files (x86)\The Sims 3.Gold Edition.v 7.0.55.010001\The Sims 3.Outdoor Living Stuff.v 7.0.55.010001\Game\Bin\TS3SP03.exe Report Id: Error - 9/11/2013 3:31:17 AM | Computer Name = Walter-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. [ System Events ] Error - 9/2/2013 1:14:46 PM | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. Error - 9/2/2013 1:14:46 PM | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7000 Description = The Windows Search service failed to start due to the following error: %%1053 Error - 9/2/2013 1:14:46 PM | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. Error - 9/2/2013 1:14:46 PM | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7000 Description = The Windows Search service failed to start due to the following error: %%1053 Error - 9/6/2013 4:53:33 PM | Computer Name = Walter-PC | Source = volsnap | ID = 393252 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error - 9/9/2013 9:53:34 AM | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7034 Description = The Trend Micro Solution Platform service terminated unexpectedly. It has done this 1 time(s). Error - 9/9/2013 4:23:25 PM | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7034 Description = The DokanMounter service terminated unexpectedly. It has done this 1 time(s). Error - 9/9/2013 4:24:53 PM | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 9/9/2013 4:26:21 PM | Computer Name = Walter-PC | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 9/9/2013 4:26:42 PM | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. < End of report >

There aren't any more ads in my browsers, but I have not rebooted the PC since I was prompted to by Adwcleaner. Here's the files OTL logfile created on: 9/11/2013 1:27:07 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Walter\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16660) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 23.99 Gb Total Physical Memory | 20.89 Gb Available Physical Memory | 87.06% Memory free 47.98 Gb Paging File | 44.74 Gb Available in Paging File | 93.25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 238.47 Gb Total Space | 25.61 Gb Free Space | 10.74% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 5.46 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: WALTER-PC | User Name: Walter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/09/11 01:26:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.com PRC - [2013/06/05 10:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\Walter\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/02/27 15:19:38 | 001,158,480 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe PRC - [2013/02/27 15:19:38 | 000,592,720 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe PRC - [2013/02/27 15:19:36 | 007,926,096 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe PRC - [2012/02/29 16:47:32 | 000,863,360 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe PRC - [2012/02/29 16:47:30 | 000,502,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe PRC - [2012/02/15 19:46:42 | 000,043,112 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe PRC - [2012/01/26 17:07:52 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe PRC - [2011/01/10 05:49:20 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe PRC - [2010/01/22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ========== Modules (No Company Name) ========== MOD - [2013/03/13 13:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013/02/27 15:19:40 | 000,023,376 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyServicePS.dll MOD - [2013/02/27 14:35:22 | 001,762,816 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\UbeeDVW3201BLOC.dll MOD - [2013/02/27 14:34:02 | 001,781,248 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisDG860ALOC.dll MOD - [2013/02/27 14:32:50 | 001,781,248 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisTG862GLOC.dll MOD - [2013/02/27 14:30:26 | 001,781,248 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisTG852GLOC.dll MOD - [2013/02/27 14:29:08 | 001,760,256 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\NetgearWNR1000v3LOC.dll MOD - [2013/02/27 14:25:12 | 001,789,952 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\MotorolaSBG900LOC.dll MOD - [2013/02/27 13:56:48 | 000,309,248 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\DigiDoFlavor.dll MOD - [2012/11/13 16:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012/01/31 14:43:04 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\imageformats\qjpeg4.dll MOD - [2010/03/19 21:58:56 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtGui4.dll MOD - [2010/03/19 21:58:30 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtXml4.dll MOD - [2010/03/19 21:58:24 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtCore4.dll MOD - [2010/03/19 21:58:24 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtNetwork4.dll ========== Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV:64bit: - [2013/06/04 15:02:24 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2013/04/08 22:03:05 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE -- (EPSON_PM_RPCV4_05) SRV:64bit: - [2012/05/10 14:00:00 | 000,608,864 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation) SRV:64bit: - [2011/12/12 00:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc) SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV:64bit: - [2009/11/23 17:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService) SRV:64bit: - [2009/11/23 17:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen) SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/09/10 13:35:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/05/03 16:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/02/27 15:19:38 | 000,592,720 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe -- (AffinegyService) SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/11/25 10:07:15 | 003,995,760 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2012/02/15 19:46:42 | 000,043,112 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange) SRV - [2011/01/10 05:49:20 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (All) ========== DRV:64bit: - [2013/07/05 23:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcpip.sys -- (TCPIP6) DRV:64bit: - [2013/07/05 23:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tcpip.sys -- (Tcpip) DRV:64bit: - [2013/06/14 21:32:16 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tssecsrv.sys -- (tssecsrv) DRV:64bit: - [2013/06/04 16:09:44 | 011,833,856 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013/06/04 14:35:04 | 000,608,768 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013/04/24 09:31:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2013/04/12 07:45:08 | 001,656,680 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\ntfs.sys -- (Ntfs) DRV:64bit: - [2013/04/09 23:01:53 | 000,983,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dxgkrnl.sys -- (DXGKrnl) DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/01/23 23:01:01 | 000,223,752 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol) DRV:64bit: - [2013/01/22 07:20:39 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013/01/19 23:16:48 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:64bit: - [2012/12/21 19:50:12 | 000,174,016 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2012/12/21 19:50:12 | 000,108,584 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2012/12/21 19:50:12 | 000,077,184 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/12/07 11:33:04 | 000,094,520 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw) DRV:64bit: - [2012/10/03 09:07:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tcpipreg.sys -- (tcpipreg) DRV:64bit: - [2012/08/24 11:13:17 | 000,154,480 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg) DRV:64bit: - [2012/08/24 11:09:34 | 000,458,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG) DRV:64bit: - [2012/08/24 06:07:14 | 000,046,392 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TMEBC64.sys -- (TMEBC) DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/22 11:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ndis.sys -- (NDIS) DRV:64bit: - [2012/07/25 21:55:47 | 000,785,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Wdf01000.sys -- (Wdf01000) DRV:64bit: - [2012/07/25 19:26:45 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf) DRV:64bit: - [2012/07/25 19:26:06 | 000,198,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WUDFRd.sys -- (WUDFRd) DRV:64bit: - [2012/07/05 20:35:58 | 000,210,232 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmnciesc.sys -- (tmnciesc) DRV:64bit: - [2012/06/01 22:48:16 | 000,095,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecdd.sys -- (KSecDD) DRV:64bit: - [2012/05/02 12:27:22 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2012/04/27 20:55:21 | 000,210,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpwd.sys -- (RDPWD) DRV:64bit: - [2012/03/17 00:58:57 | 000,075,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\partmgr.sys -- (partmgr) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/16 21:57:32 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdtcp.sys -- (TDTCP) DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011/12/28 23:47:25 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afd.sys -- (AFD) DRV:64bit: - [2011/09/09 07:00:34 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64) DRV:64bit: - [2011/09/09 07:00:34 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64) DRV:64bit: - [2011/07/08 19:46:28 | 000,288,768 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb10.sys -- (mrxsmb10) DRV:64bit: - [2011/04/28 20:06:10 | 000,467,456 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv.sys -- (srv) DRV:64bit: - [2011/04/28 20:05:49 | 000,410,112 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv2.sys -- (srv2) DRV:64bit: - [2011/04/28 20:05:37 | 000,168,448 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srvnet.sys -- (srvnet) DRV:64bit: - [2011/04/26 19:40:40 | 000,158,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb.sys -- (mrxsmb) DRV:64bit: - [2011/04/26 19:39:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb20.sys -- (mrxsmb20) DRV:64bit: - [2011/03/24 20:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbhub.sys -- (usbhub) DRV:64bit: - [2011/03/24 20:29:14 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbccgp.sys -- (usbccgp) DRV:64bit: - [2011/03/24 20:29:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbehci.sys -- (usbehci) DRV:64bit: - [2011/03/24 20:29:04 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci) DRV:64bit: - [2011/03/24 20:29:03 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbuhci.sys -- (usbuhci) DRV:64bit: - [2011/03/10 23:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor) DRV:64bit: - [2011/03/10 23:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid) DRV:64bit: - [2011/03/10 23:41:26 | 000,410,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorV.sys -- (iaStorV) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/10 21:37:16 | 000,091,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBSTOR.SYS -- (USBSTOR) DRV:64bit: - [2011/02/22 21:55:04 | 000,090,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bowser.sys -- (bowser) DRV:64bit: - [2011/01/10 05:51:40 | 000,120,408 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\dokan.sys -- (Dokan) DRV:64bit: - [2010/11/20 20:25:07 | 000,165,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpdr.sys -- (RDPDR) DRV:64bit: - [2010/11/20 20:24:41 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC) DRV:64bit: - [2010/11/20 20:24:36 | 000,140,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mrxdav.sys -- (MRxDAV) DRV:64bit: - [2010/11/20 20:24:33 | 000,213,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost) DRV:64bit: - [2010/11/20 20:24:33 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rasl2tp.sys -- (Rasl2tp) DRV:64bit: - [2010/11/20 20:24:33 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspptp.sys -- (PptpMiniport) DRV:64bit: - [2010/11/20 20:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tdx.sys -- (tdx) DRV:64bit: - [2010/11/20 20:24:32 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfsc.sys -- (DfsC) DRV:64bit: - [2010/11/20 20:24:32 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndisuio.sys -- (Ndisuio) DRV:64bit: - [2010/11/20 20:24:27 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipfltdrv.sys -- (IpFilterDriver) DRV:64bit: - [2010/11/20 20:24:25 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID) DRV:64bit: - [2010/11/20 20:24:24 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy) DRV:64bit: - [2010/11/20 20:24:15 | 000,366,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msrpc.sys -- (MsRPC) DRV:64bit: - [2010/11/20 20:24:15 | 000,363,392 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgrx.sys -- (volmgrx) DRV:64bit: - [2010/11/20 20:24:15 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tunnel.sys -- (tunnel) DRV:64bit: - [2010/11/20 20:24:14 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndproxy.sys -- (NDProxy) DRV:64bit: - [2010/11/20 20:24:11 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wanarp.sys -- (Wanarpv6) DRV:64bit: - [2010/11/20 20:24:11 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanarp.sys -- (WANARP) DRV:64bit: - [2010/11/20 20:24:09 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter) DRV:64bit: - [2010/11/20 20:24:08 | 000,309,248 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\rdbss.sys -- (rdbss) DRV:64bit: - [2010/11/20 20:24:08 | 000,164,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndiswan.sys -- (NdisWan) DRV:64bit: - [2010/11/20 20:24:08 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pacer.sys -- (Psched) DRV:64bit: - [2010/11/20 20:24:00 | 000,289,664 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fltMgr.sys -- (FltMgr) DRV:64bit: - [2010/11/20 20:23:55 | 000,753,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\http.sys -- (HTTP) DRV:64bit: - [2010/11/20 20:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010/11/20 20:23:53 | 000,094,592 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mountmgr.sys -- (mountmgr) DRV:64bit: - [2010/11/20 20:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netbt.sys -- (NetBT) DRV:64bit: - [2010/11/20 20:23:48 | 000,273,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msiscsi.sys -- (iScsiPrt) DRV:64bit: - [2010/11/20 20:23:48 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IPMIDrv.sys -- (IPMIDRV) DRV:64bit: - [2010/11/20 20:23:47 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService) DRV:64bit: - [2010/11/20 20:23:47 | 000,334,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpi.sys -- (ACPI) DRV:64bit: - [2010/11/20 20:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volsnap.sys -- (volsnap) DRV:64bit: - [2010/11/20 20:23:47 | 000,229,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci) DRV:64bit: - [2010/11/20 20:23:47 | 000,215,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp) DRV:64bit: - [2010/11/20 20:23:47 | 000,184,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) DRV:64bit: - [2010/11/20 20:23:47 | 000,184,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pci.sys -- (pci) DRV:64bit: - [2010/11/20 20:23:47 | 000,155,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio) DRV:64bit: - [2010/11/20 20:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrom.sys -- (cdrom) DRV:64bit: - [2010/11/20 20:23:47 | 000,140,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm) DRV:64bit: - [2010/11/20 20:23:47 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hdaudbus.sys -- (HDAudBus) DRV:64bit: - [2010/11/20 20:23:47 | 000,109,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) DRV:64bit: - [2010/11/20 20:23:47 | 000,103,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port) DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 20:23:47 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgr.sys -- (volmgr) DRV:64bit: - [2010/11/20 20:23:47 | 000,063,360 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\termdd.sys -- (TermDD) DRV:64bit: - [2010/11/20 20:23:47 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umbus.sys -- (umbus) DRV:64bit: - [2010/11/20 20:23:47 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUSB) DRV:64bit: - [2010/11/20 20:23:47 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus) DRV:64bit: - [2010/11/20 20:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdhid.sys -- (kbdhid) DRV:64bit: - [2010/11/20 20:23:47 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msahci.sys -- (msahci) DRV:64bit: - [2010/11/20 20:23:47 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidusb.sys -- (HidUsb) DRV:64bit: - [2010/11/20 20:23:47 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_sd.sys -- (sffp_sd) DRV:64bit: - [2010/11/20 20:23:47 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi) DRV:64bit: - [2010/07/29 01:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb) DRV:64bit: - [2010/02/12 07:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount) DRV:64bit: - [2010/01/22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/01/22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009/08/27 16:06:34 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009/07/13 18:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\clfs.sys -- (CLFS) DRV:64bit: - [2009/07/13 18:52:31 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt) DRV:64bit: - [2009/07/13 18:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide) DRV:64bit: - [2009/07/13 18:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx) DRV:64bit: - [2009/07/13 18:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci) DRV:64bit: - [2009/07/13 18:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320) DRV:64bit: - [2009/07/13 18:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas) DRV:64bit: - [2009/07/13 18:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc) DRV:64bit: - [2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AGP440.sys -- (agp440) DRV:64bit: - [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\atapi.sys -- (atapi) DRV:64bit: - [2009/07/13 18:52:21 | 000,015,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide) DRV:64bit: - [2009/07/13 18:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:27 | 000,060,496 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mup.sys -- (Mup) DRV:64bit: - [2009/07/13 18:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouclass.sys -- (mouclass) DRV:64bit: - [2009/07/13 18:48:27 | 000,032,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mssmbios.sys -- (mssmbios) DRV:64bit: - [2009/07/13 18:48:27 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\msisadrv.sys -- (msisadrv) DRV:64bit: - [2009/07/13 18:48:26 | 000,122,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NV_AGP.SYS -- (nv_agp) DRV:64bit: - [2009/07/13 18:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960) DRV:64bit: - [2009/07/13 18:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR.sys -- (MegaSR) DRV:64bit: - [2009/07/13 18:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV:64bit: - [2009/07/13 18:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC) DRV:64bit: - [2009/07/13 18:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdclass.sys -- (kbdclass) DRV:64bit: - [2009/07/13 18:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp) DRV:64bit: - [2009/07/13 18:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas) DRV:64bit: - [2009/07/13 18:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp) DRV:64bit: - [2009/07/13 18:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelide.sys -- (intelide) DRV:64bit: - [2009/07/13 18:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends) DRV:64bit: - [2009/07/13 18:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor) DRV:64bit: - [2009/07/13 18:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\disk.sys -- (Disk) DRV:64bit: - [2009/07/13 18:47:48 | 000,070,224 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fileinfo.sys -- (FileInfo) DRV:64bit: - [2009/07/13 18:47:48 | 000,065,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GAGP30KX.SYS -- (gagp30kx) DRV:64bit: - [2009/07/13 18:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009/07/13 18:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount) DRV:64bit: - [2009/07/13 18:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid) DRV:64bit: - [2009/07/13 18:45:55 | 000,064,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ULIAGPKX.SYS -- (uliagpkx) DRV:64bit: - [2009/07/13 18:45:55 | 000,064,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UAGP35.SYS -- (uagp35) DRV:64bit: - [2009/07/13 18:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 18:45:55 | 000,021,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd) DRV:64bit: - [2009/07/13 18:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spldr.sys -- (spldr) DRV:64bit: - [2009/07/13 18:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide) DRV:64bit: - [2009/07/13 18:45:55 | 000,012,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swenum.sys -- (swenum) DRV:64bit: - [2009/07/13 18:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300) DRV:64bit: - [2009/07/13 18:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4) DRV:64bit: - [2009/07/13 18:45:45 | 000,220,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia) DRV:64bit: - [2009/07/13 18:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx) DRV:64bit: - [2009/07/13 18:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw) DRV:64bit: - [2009/07/13 18:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2) DRV:64bit: - [2009/07/13 18:45:45 | 000,012,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide) DRV:64bit: - [2009/07/13 18:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerId.sys -- (Brserid) DRV:64bit: - [2009/07/13 18:01:48 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bridge.sys -- (BridgeMP) DRV:64bit: - [2009/07/13 18:01:19 | 000,651,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PEAuth.sys -- (PEAUTH) DRV:64bit: - [2009/07/13 17:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbprint.sys -- (usbprint) DRV:64bit: - [2009/07/13 17:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbscan.sys -- (usbscan) DRV:64bit: - [2009/07/13 17:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus) DRV:64bit: - [2009/07/13 17:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP) DRV:64bit: - [2009/07/13 17:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPENCDD.sys -- (RDPENCDD) DRV:64bit: - [2009/07/13 17:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPCDD.sys -- (RDPCDD) DRV:64bit: - [2009/07/13 17:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdpipe.sys -- (TDPIPE) DRV:64bit: - [2009/07/13 17:10:48 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modem.sys -- (Modem) DRV:64bit: - [2009/07/13 17:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009/07/13 17:10:25 | 000,083,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rassstp.sys -- (RasSstp) DRV:64bit: - [2009/07/13 17:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) DRV:64bit: - [2009/07/13 17:10:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspppoe.sys -- (RasPppoe) DRV:64bit: - [2009/07/13 17:10:13 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asyncmac.sys -- (AsyncMac) DRV:64bit: - [2009/07/13 17:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rasacd.sys -- (RasAcd) DRV:64bit: - [2009/07/13 17:10:03 | 000,116,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipnat.sys -- (IPNAT) DRV:64bit: - [2009/07/13 17:10:00 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndistapi.sys -- (NdisTapi) DRV:64bit: - [2009/07/13 17:09:48 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qwavedrv.sys -- (QWAVEdrv) DRV:64bit: - [2009/07/13 17:09:26 | 000,044,544 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\netbios.sys -- (NetBIOS) DRV:64bit: - [2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf) DRV:64bit: - [2009/07/13 17:09:09 | 000,093,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smb.sys -- (Smb) DRV:64bit: - [2009/07/13 17:08:59 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irenum.sys -- (IRENUM) DRV:64bit: - [2009/07/13 17:08:51 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rspndr.sys -- (rspndr) DRV:64bit: - [2009/07/13 17:08:51 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lltdio.sys -- (lltdio) DRV:64bit: - [2009/07/13 17:08:25 | 000,077,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mpsdrv.sys -- (mpsdrv) DRV:64bit: - [2009/07/13 17:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap) DRV:64bit: - [2009/07/13 17:07:23 | 000,318,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwifi.sys -- (NativeWifiP) DRV:64bit: - [2009/07/13 17:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus) DRV:64bit: - [2009/07/13 17:06:52 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth) DRV:64bit: - [2009/07/13 17:06:52 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM) DRV:64bit: - [2009/07/13 17:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass) DRV:64bit: - [2009/07/13 17:06:45 | 000,072,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ohci1394.sys -- (ohci1394) DRV:64bit: - [2009/07/13 17:06:37 | 000,100,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir) DRV:64bit: - [2009/07/13 17:06:34 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass) DRV:64bit: - [2009/07/13 17:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf) DRV:64bit: - [2009/07/13 17:06:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr) DRV:64bit: - [2009/07/13 17:06:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drmkaud.sys -- (drmkaud) DRV:64bit: - [2009/07/13 17:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig) DRV:64bit: - [2009/07/13 17:02:07 | 000,027,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen) DRV:64bit: - [2009/07/13 17:01:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_mmc.sys -- (sffp_mmc) DRV:64bit: - [2009/07/13 17:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy) DRV:64bit: - [2009/07/13 17:01:01 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk) DRV:64bit: - [2009/07/13 17:00:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdc.sys -- (fdc) DRV:64bit: - [2009/07/13 17:00:54 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\flpydisk.sys -- (flpydisk) DRV:64bit: - [2009/07/13 17:00:41 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport) DRV:64bit: - [2009/07/13 17:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serial.sys -- (Serial) DRV:64bit: - [2009/07/13 17:00:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serenum.sys -- (Serenum) DRV:64bit: - [2009/07/13 17:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouhid.sys -- (mouhid) DRV:64bit: - [2009/07/13 17:00:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse) DRV:64bit: - [2009/07/13 17:00:19 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksthunk.sys -- (ksthunk) DRV:64bit: - [2009/07/13 17:00:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mskssrv.sys -- (MSKSSRV) DRV:64bit: - [2009/07/13 17:00:17 | 000,008,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstee.sys -- (MSTEE) DRV:64bit: - [2009/07/13 17:00:17 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspclock.sys -- (MSPCLOCK) DRV:64bit: - [2009/07/13 17:00:17 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspqm.sys -- (MSPQM) DRV:64bit: - [2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep) DRV:64bit: - [2009/07/13 16:38:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\monitor.sys -- (monitor) DRV:64bit: - [2009/07/13 16:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vga.sys -- (VgaSave) DRV:64bit: - [2009/07/13 16:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vgapnp.sys -- (vga) DRV:64bit: - [2009/07/13 16:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache) DRV:64bit: - [2009/07/13 16:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive) DRV:64bit: - [2009/07/13 16:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt) DRV:64bit: - [2009/07/13 16:31:04 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev) DRV:64bit: - [2009/07/13 16:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt) DRV:64bit: - [2009/07/13 16:31:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi) DRV:64bit: - [2009/07/13 16:26:13 | 000,113,152 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\luafv.sys -- (luafv) DRV:64bit: - [2009/07/13 16:25:40 | 000,034,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\filetrace.sys -- (Filetrace) DRV:64bit: - [2009/07/13 16:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fastfat.sys -- (fastfat) DRV:64bit: - [2009/07/13 16:23:29 | 000,195,072 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\exfat.sys -- (exfat) DRV:64bit: - [2009/07/13 16:21:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nsiproxy.sys -- (nsiproxy) DRV:64bit: - [2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\i8042prt.sys -- (i8042prt) DRV:64bit: - [2009/07/13 16:19:48 | 000,044,032 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\npfs.sys -- (Npfs) DRV:64bit: - [2009/07/13 16:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009/07/13 16:19:47 | 000,026,112 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\msfs.sys -- (Msfs) DRV:64bit: - [2009/07/13 16:19:38 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\null.sys -- (Null) DRV:64bit: - [2009/07/13 16:19:25 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8) DRV:64bit: - [2009/07/13 16:19:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelppm.sys -- (intelppm) DRV:64bit: - [2009/07/13 16:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM) DRV:64bit: - [2009/07/13 16:19:25 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor) DRV:64bit: - [2009/06/10 13:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerWdm.sys -- (BrSerWdm) DRV:64bit: - [2009/06/10 13:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV:64bit: - [2009/06/10 13:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSer.sys -- (BrUsbSer) DRV:64bit: - [2009/06/10 13:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltLo.sys -- (BrFiltLo) DRV:64bit: - [2009/06/10 13:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltUp.sys -- (BrFiltUp) DRV:64bit: - [2009/06/10 13:37:19 | 000,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\secdrv.sys -- (secdrv) DRV:64bit: - [2009/06/10 13:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/20 12:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2008/03/31 09:29:38 | 000,178,432 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH0464.sys -- (SaiH0464) DRV:64bit: - [2007/02/16 12:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2011/09/09 07:00:28 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2011/09/09 07:00:28 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2011/03/01 08:55:42 | 000,019,024 | ---- | M] (Paragon Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Paragon Software\Migrate OS to SSD\program\biontdrv.sys -- (BioNTDrv) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 0D 6B 46 64 A4 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {A3D6A8F5-ADE9-445E-95DF-78A3FA35E8D6} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{A3D6A8F5-ADE9-445E-95DF-78A3FA35E8D6}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Walter\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Walter\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Walter\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Walter\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Walter\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff-7.5@trendmicro.com: C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\7.5.1136\7.5.1136\FIREFOXEXTENSION [2013/09/09 12:49:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff-7.5@trendmicro.com: C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\firefoxextension [2013/09/09 12:49:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012/10/05 04:48:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2013/09/09 12:50:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{132C60DD-1177-11E2-8271-B8AC6F996F26}: C:\Users\Walter\AppData\Local\{132C60DD-1177-11E2-8271-B8AC6F996F26}\ [2012/10/08 11:36:44 | 000,000,000 | ---D | M] [2013/09/06 16:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/08/17 00:12:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013/09/06 16:19:24 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\zgvstddqqjlabihif@opvrjrelhkc.org [2013/08/17 00:12:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/08/17 00:12:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== O1 HOSTS File: ([2013/09/10 17:33:28 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe32.dll (Trend Micro Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found. O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [DigiDo] C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe (Affinegy, Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2540 Series" /EF "HKCU" File not found O4 - Startup: C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Walter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk = C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe (ООО Яндекс) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: blank ([]about in Computer) O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47CDC08E-3843-4ACB-B294-32B003290C45}: DhcpNameServer = 209.18.47.61 209.18.47.62 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/01/18 15:57:15 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ] O32 - AutoRun File - [2007/06/01 04:35:44 | 000,092,160 | R--- | M] () - F:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2007/06/01 04:11:04 | 000,000,048 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/09/11 01:26:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.com [2013/09/10 17:24:19 | 000,000,000 | ---D | C] -- C:\Users\Walter\Desktop\RK_Quarantine [2013/09/10 13:56:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/09/10 13:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/09/10 13:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/09/10 13:55:48 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Walter\Desktop\mbam-setup-1.75.0.1300.exe [2013/09/10 12:06:01 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Local\Overwolf [2013/09/10 11:18:31 | 000,000,000 | ---D | C] -- C:\FRST [2013/09/10 11:17:41 | 001,949,196 | ---- | C] (Farbar) -- C:\Users\Walter\Desktop\FRST64.exe [2013/09/10 11:12:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013/09/09 14:00:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\etc [2013/09/09 13:57:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/09/09 13:27:46 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\WTouch [2013/09/09 13:26:40 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/09/09 13:22:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/09/09 13:22:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/09/09 13:22:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/09/09 13:22:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/09/09 12:33:54 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Malwarebytes [2013/09/09 12:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/09/09 06:53:23 | 000,000,000 | ---D | C] -- C:\Users\Walter\Desktop\lps [2013/09/09 06:50:02 | 000,000,000 | R--D | C] -- C:\Users\Walter\Dropbox [2013/09/09 06:48:24 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013/09/09 06:47:38 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Dropbox [2013/09/06 16:34:29 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Local\SIX Updater [2013/09/06 16:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio [2013/09/06 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Play withSIX [2013/09/06 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Local\Play withSIX [2013/09/06 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Local\IsolatedStorage [2013/09/06 16:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIX Networks [2013/09/06 16:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Networks [2013/09/06 16:19:25 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext [2013/09/06 14:44:18 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Local\ArmA 2 OA [2013/09/06 14:09:20 | 000,000,000 | ---D | C] -- C:\Users\Walter\Documents\ArmA 2 [2013/09/06 14:09:20 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Local\ArmA 2 [2013/09/06 14:09:02 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2013/09/06 14:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2013/09/06 13:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive [2013/09/06 13:32:05 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Local\GameFly [2013/09/06 12:53:25 | 000,000,000 | ---D | C] -- C:\Users\Walter\Documents\GameFly [2013/09/06 12:53:22 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\GameFly [2013/08/17 00:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/08/15 03:04:09 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/08/15 03:04:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/08/15 03:04:08 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/08/15 03:04:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/08/15 03:04:08 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/08/15 03:04:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/08/15 03:04:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/08/15 03:04:08 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/08/15 03:04:08 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/08/15 03:04:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/08/15 03:04:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/08/15 03:04:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/08/15 03:04:06 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/08/15 03:04:06 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/08/15 03:04:05 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/08/14 17:26:06 | 000,000,000 | ---D | C] -- C:\Users\Walter\Desktop\Recipes [2013/08/14 06:04:23 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013/08/14 06:04:23 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013/08/14 06:04:23 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013/08/14 06:04:16 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013/08/14 06:04:16 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013/08/14 06:04:16 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2013/08/14 06:04:15 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/08/14 06:04:15 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/08/14 06:04:14 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/08/14 06:04:14 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013/08/14 06:04:14 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/08/14 06:04:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/08/14 06:04:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/08/14 06:04:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/08/14 06:04:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/08/14 06:04:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Walter\Desktop\*.tmp files -> C:\Users\Walter\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/09/11 01:26:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.com [2013/09/11 01:06:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/09/11 00:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/09/10 23:06:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/09/10 17:33:28 | 000,000,741 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/09/10 17:30:55 | 000,026,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/09/10 17:30:55 | 000,026,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/09/10 17:29:26 | 000,779,358 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/09/10 17:29:26 | 000,660,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/09/10 17:29:26 | 000,121,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/09/10 17:23:56 | 000,001,091 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk [2013/09/10 17:23:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/09/10 17:23:44 | 2140,491,772 | -HS- | M] () -- C:\hiberfil.sys [2013/09/10 13:59:19 | 003,788,288 | ---- | M] () -- C:\Users\Walter\Desktop\RogueKillerX64.exe [2013/09/10 13:56:13 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/09/10 13:55:48 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Walter\Desktop\mbam-setup-1.75.0.1300.exe [2013/09/10 13:35:04 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/09/10 13:35:04 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/09/10 11:17:41 | 001,949,196 | ---- | M] (Farbar) -- C:\Users\Walter\Desktop\FRST64.exe [2013/09/10 11:06:38 | 001,037,278 | ---- | M] () -- C:\Users\Walter\Desktop\AdwCleaner.exe [2013/09/10 00:55:58 | 000,234,544 | ---- | M] () -- C:\Windows\RegBootClean64.exe [2013/09/09 14:07:31 | 000,007,168 | ---- | M] () -- C:\Users\Walter\Documents\cc_20130909_140727.reg [2013/09/09 06:50:02 | 000,001,053 | ---- | M] () -- C:\Users\Walter\Desktop\Dropbox.lnk [2013/09/09 06:48:43 | 000,001,063 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/09/07 21:47:01 | 000,002,669 | ---- | M] () -- C:\Users\Walter\Desktop\Play withSIX.lnk [2013/08/16 21:35:18 | 000,002,472 | ---- | M] () -- C:\Users\Walter\Application Data\Microsoft\Internet Explorer\Quick Launch\Yandex.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Walter\Desktop\*.tmp files -> C:\Users\Walter\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/09/11 01:24:31 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\drivers\BrFiltLo.sys.bak [2013/09/10 13:59:19 | 003,788,288 | ---- | C] () -- C:\Users\Walter\Desktop\RogueKillerX64.exe [2013/09/10 13:56:13 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/09/10 11:06:36 | 001,037,278 | ---- | C] () -- C:\Users\Walter\Desktop\AdwCleaner.exe [2013/09/09 14:07:30 | 000,007,168 | ---- | C] () -- C:\Users\Walter\Documents\cc_20130909_140727.reg [2013/09/09 14:00:39 | 000,017,463 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\services [2013/09/09 14:00:39 | 000,003,683 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\lmhosts.sam [2013/09/09 14:00:39 | 000,001,358 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\protocol [2013/09/09 14:00:39 | 000,000,741 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/09/09 14:00:39 | 000,000,407 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\networks [2013/09/09 13:22:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/09/09 13:22:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/09/09 13:22:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/09/09 13:22:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/09/09 13:22:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/09/09 06:50:02 | 000,001,053 | ---- | C] () -- C:\Users\Walter\Desktop\Dropbox.lnk [2013/09/09 06:48:43 | 000,001,063 | ---- | C] () -- C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/09/07 21:47:01 | 000,002,669 | ---- | C] () -- C:\Users\Walter\Desktop\Play withSIX.lnk [2013/06/04 15:51:06 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013/06/04 15:51:06 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013/06/04 15:03:28 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013/06/04 15:03:28 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2013/05/30 15:41:44 | 000,007,605 | ---- | C] () -- C:\Users\Walter\AppData\Local\Resmon.ResmonCfg [2012/12/14 16:25:51 | 000,002,298 | ---- | C] () -- C:\Users\Walter\AppData\Roaming\ASSDraw3.cfg [2012/12/14 01:46:31 | 000,773,082 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/12/02 23:54:27 | 000,000,111 | ---- | C] () -- C:\Users\Walter\AppData\Roaming\adu.xml [2012/10/08 11:37:08 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe [2012/10/08 11:37:08 | 000,022,064 | ---- | C] () -- C:\Windows\DCEBoot64.exe [2012/10/05 04:48:24 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/10/05 04:25:53 | 000,846,662 | ---- | C] () -- C:\Users\Walter\AppData\Local\census.cache [2012/10/05 04:25:46 | 000,105,765 | ---- | C] () -- C:\Users\Walter\AppData\Local\ars.cache [2012/10/05 04:20:54 | 000,000,036 | ---- | C] () -- C:\Users\Walter\AppData\Local\housecall.guid.cache [2012/09/06 18:07:32 | 000,186,076 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012/09/05 14:38:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/12/28 23:47:47 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011/12/28 23:47:47 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011/12/28 23:47:40 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011/12/28 23:47:40 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011/12/28 23:45:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011/12/18 21:19:09 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2011/12/10 14:31:42 | 000,116,224 | ---- | C] () -- C:\Windows\SysWow64\ICOMP.EXE [2011/12/10 14:31:42 | 000,083,456 | ---- | C] () -- C:\Windows\SysWow64\SMACKW32.DLL [2011/12/10 14:31:42 | 000,006,765 | ---- | C] () -- C:\Windows\SysWow64\NETID.exe [2011/12/10 14:31:42 | 000,000,748 | ---- | C] () -- C:\Windows\SysWow64\AREA.DAT [2011/12/10 14:31:42 | 000,000,168 | ---- | C] () -- C:\Windows\SysWow64\HISTORY.DAT [2011/12/10 14:31:42 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\net.ini [2011/12/10 14:31:42 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\SCREEN.INI [2011/12/10 14:31:42 | 000,000,002 | ---- | C] () -- C:\Windows\SysWow64\VIDEO.INI [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/01/10 10:27:31 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\.anki [2012/11/01 23:22:20 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\.matplotlib [2013/08/18 16:30:38 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\.minecraft [2012/09/05 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\.purple [2012/09/05 14:54:00 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Aegisub [2012/09/05 14:54:00 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Amazon [2012/10/05 15:35:43 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Audacity [2013/07/02 13:47:45 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Azureus [2013/08/29 21:58:53 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\DAEMON Tools Lite [2012/02/17 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\DAEMON Tools Pro [2013/09/10 17:24:00 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Dropbox [2013/05/08 21:09:53 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Epson [2012/11/11 17:26:47 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\EveHQ [2012/12/14 01:48:17 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\EVEMon [2013/03/02 00:18:57 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\FileZilla [2013/09/06 12:53:22 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\GameFly [2012/09/14 15:43:24 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Garmin [2012/09/05 14:54:03 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Indicium Technologies [2012/09/05 14:54:03 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\LolClient [2012/09/05 14:54:16 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Origin [2013/09/06 16:23:15 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Play withSIX [2013/05/08 09:22:06 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Seas0nPass [2013/06/09 11:00:42 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\theHunter [2013/09/10 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\TS3Client [2012/09/24 21:40:21 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\wargaming.net [2012/09/05 14:54:17 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Windows Live Writer [2013/06/09 13:17:42 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\WOT Statistics [2013/09/09 13:56:45 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\WTouch [2013/01/10 11:00:31 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Yandex ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013/02/27 11:07:53 | 000,002,790 | ---- | M] ()(C:\Users\Public\Desktop\???? 3.??????? Edition.v 7.0.55.010001.lnk) -- C:\Users\Public\Desktop\Симс 3.Золотой Edition.v 7.0.55.010001.lnk [2013/02/27 11:07:53 | 000,002,790 | ---- | C] ()(C:\Users\Public\Desktop\???? 3.??????? Edition.v 7.0.55.010001.lnk) -- C:\Users\Public\Desktop\Симс 3.Золотой Edition.v 7.0.55.010001.lnk [2013/01/22 08:53:07 | 000,001,279 | ---- | M] ()(C:\Users\Walter\Desktop\????????.lnk) -- C:\Users\Walter\Desktop\Обливион.lnk [2013/01/22 08:53:07 | 000,001,279 | ---- | C] ()(C:\Users\Walter\Desktop\????????.lnk) -- C:\Users\Walter\Desktop\Обливион.lnk [2012/10/09 20:51:08 | 000,021,906 | ---- | M] ()(C:\Users\Walter\Documents\????-????.docx) -- C:\Users\Walter\Documents\Жили-были.docx [2012/10/07 22:31:54 | 000,021,906 | ---- | C] ()(C:\Users\Walter\Documents\????-????.docx) -- C:\Users\Walter\Documents\Жили-были.docx [2012/08/18 12:17:14 | 000,000,162 | -H-- | M] ()(C:\Users\Walter\Desktop\~$?????.docx) -- C:\Users\Walter\Desktop\~$Шесть.docx [2012/08/18 12:17:14 | 000,000,162 | -H-- | C] ()(C:\Users\Walter\Desktop\~$?????.docx) -- C:\Users\Walter\Desktop\~$Шесть.docx [2012/08/18 09:26:50 | 000,000,162 | -H-- | M] ()(C:\Users\Walter\Desktop\~$? ????? ?????_corr.docx) -- C:\Users\Walter\Desktop\~$о любит Мишка_corr.docx [2012/08/18 09:26:50 | 000,000,162 | -H-- | C] ()(C:\Users\Walter\Desktop\~$? ????? ?????_corr.docx) -- C:\Users\Walter\Desktop\~$о любит Мишка_corr.docx (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Яндекс < End of report >

Ok, done, here are the reports in order: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-09-2013 01 Ran by Walter at 2013-09-10 17:04:06 Run:1 Running from C:\Users\Walter\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start Task: {3656AC60-D2D3-49A5-BA66-BC195F1483A8} - System32\Tasks\RunAsStdUser Task => C:\Users\Walter\AppData\Local\appkikxSA\bin\1.0.5.0\AppKikxSA.exe C:\Users\Walter\AppData\Local\appkikxSA C:\Users\Walter\AppData\Local\Temp\Quarantine.exe End ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3656AC60-D2D3-49A5-BA66-BC195F1483A8} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3656AC60-D2D3-49A5-BA66-BC195F1483A8} => Key deleted successfully. C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => Key deleted successfully. "C:\Users\Walter\AppData\Local\appkikxSA" => File/Directory not found. C:\Users\Walter\AppData\Local\Temp\Quarantine.exe => Moved successfully. ==== End of Fixlog ==== Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.10.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Walter :: WALTER-PC [administrator] Protection: Enabled 9/10/2013 5:05:34 PM mbam-log-2013-09-10 (17-05-34).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 454181 Time elapsed: 15 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Program Files (x86)\Vuze\.install4j\user\mism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\4fe200f5-65d4fc69 (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Walter\Downloads\Express_Installer.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully. C:\Users\Walter\Downloads\Setup(1).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully. (end) RogueKiller V8.6.10 _x64_ [sep 9 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Walter [Admin rights] Mode : Scan -- Date : 09/10/2013 17:24:48 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 5 ¤¤¤ [V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000UA.job : C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND [V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000Core.job : C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND [V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000Core : C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND [V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000UA : C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND [V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Walter\AppData\Local\Temp\IHUDCA7.tmp.exe [x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SSD 830 Series ATA Device +++++ --- User --- [MBR] 60431515e1bc7e83a3384446164be275 [bSP] 9bbcb71e648ec831e8eaf95bf3417d60 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 244197 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_09102013_172448.txt >>

Alos, Combifix froze at the last step for a couple of hours, never generated the .txt file in my C:\ directory.

I am unsure of how to view attachments in this forum, I do not see an attached fixlist.txt file.

Ok, I've done what you said so far, here are the reports in order: # AdwCleaner v3.003 - Report created 10/09/2013 at 11:13:16 # Updated 07/09/2013 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Walter - WALTER-PC # Running from : C:\Users\Walter\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Walter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\ul8yw8vw.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Walter\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R1].txt - [1012 octets] - [10/09/2013 11:12:09] AdwCleaner[s1].txt - [937 octets] - [10/09/2013 11:13:16] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [996 octets] ########## Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 01 Ran by Walter at 2013-09-10 11:18:48 Running from C:\Users\Walter\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= "Oblivion ÇÎËÎÒÎÅ ÈÇÄÀÍÈÅ" âåðñèè 1.2.0416 (x32) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe AIR (x32 Version: 3.1.0.4880) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader X (10.1.7) (x32 Version: 10.1.7) Aegisub 2.1.9 (x32 Version: 2.1.9) Amazon Kindle (HKCU) Amazon MP3 Downloader 1.0.15 (x32 Version: 1.0.15) AMD Catalyst Control Center (x32 Version: 2013.0604.1838.31590) AMD Catalyst Install Manager (Version: 8.0.915.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.80604.1838) AMD Wireless Display v3.0 (Version: 1.0.0.12) Anki (x32) Apple Application Support (x32 Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) ArcSoft MediaConverter 7.5 (x32 Version: 7.5.0.114) ARMA 2 Operation Arrowhead Uninstall (x32) ArmA 2 Uninstall (x32) Audacity 2.0 (x32) AudibleManager (x32 Version: 2003647726.48.56.3935466) Bamboo (x32) BattlEye for OA Uninstall (x32) BattlEye Uninstall (x32) Bonjour (Version: 3.0.0.10) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0604.1838.31590) Catalyst Control Center InstallProxy (x32 Version: 2013.0604.1838.31590) Catalyst Control Center Localization All (x32 Version: 2013.0604.1838.31590) CCC Help Chinese Standard (x32 Version: 2013.0604.1837.31590) CCC Help Chinese Traditional (x32 Version: 2013.0604.1837.31590) CCC Help Czech (x32 Version: 2013.0604.1837.31590) CCC Help Danish (x32 Version: 2013.0604.1837.31590) CCC Help Dutch (x32 Version: 2013.0604.1837.31590) CCC Help English (x32 Version: 2013.0604.1837.31590) CCC Help Finnish (x32 Version: 2013.0604.1837.31590) CCC Help French (x32 Version: 2013.0604.1837.31590) CCC Help German (x32 Version: 2013.0604.1837.31590) CCC Help Greek (x32 Version: 2013.0604.1837.31590) CCC Help Hungarian (x32 Version: 2013.0604.1837.31590) CCC Help Italian (x32 Version: 2013.0604.1837.31590) CCC Help Japanese (x32 Version: 2013.0604.1837.31590) CCC Help Korean (x32 Version: 2013.0604.1837.31590) CCC Help Norwegian (x32 Version: 2013.0604.1837.31590) CCC Help Polish (x32 Version: 2013.0604.1837.31590) CCC Help Portuguese (x32 Version: 2013.0604.1837.31590) CCC Help Russian (x32 Version: 2013.0604.1837.31590) CCC Help Spanish (x32 Version: 2013.0604.1837.31590) CCC Help Swedish (x32 Version: 2013.0604.1837.31590) CCC Help Thai (x32 Version: 2013.0604.1837.31590) CCC Help Turkish (x32 Version: 2013.0604.1837.31590) ccc-utility64 (Version: 2013.0604.1838.31590) Cool & Quiet (x32) D3DX10 (x32 Version: 15.4.2368.0902) DAEMON Tools Lite (x32 Version: 4.46.1.0328) Define Ext (HKCU Version: 8) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Dokan Library 0.6.0 (x32) Dropbox (HKCU Version: 2.0.26) eaner (Version: 3.25) EPSON Connect version 1.0 (x32 Version: 1.0) Epson Customer Participation (Version: 1.4.0.0) Epson Event Manager (x32 Version: 3.01.0003) Epson FAX Utility (x32 Version: 1.30.00) EPSON Scan (x32) EPSON WF-2540 Series Printer Uninstall EpsonNet Print (x32 Version: 2.5.00) EVE Online (remove only) (x32) EVEMon (x32 Version: 1.8.0.3971) FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2) Google Earth Plug-in (x32 Version: 7.1.1.1888) Google Talk Plugin (x32 Version: 4.5.3.14917) Google Update Helper (x32 Version: 1.3.21.153) Homeworld2 Demo (x32) Java Auto Updater (x32 Version: 2.0.7.2) Java 6 Update 37 (x32 Version: 6.0.370) JNLP (HKCU) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft AppLocale (x32 Version: 1.0.0) Microsoft Games for Windows - LIVE (x32 Version: 2.0.675.0) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0) Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Access MUI (Russian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (Russian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (Russian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (Russian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Language Pack 2010 - Russian/русский (x32 Version: 14.0.6029.1000) Microsoft Office O MUI (Russian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office OneNote MUI (Russian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook Connector (x32 Version: 14.0.6106.5001) Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (Russian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (Russian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Russian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Ukrainian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (Russian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (Russian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (Russian) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared MUI (Russian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office SharePoint Designer MUI (Russian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (Russian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office X MUI (Russian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000) Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (x32) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SkyDrive (HKCU Version: 16.4.6013.0910) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft SQL Server Compact 4.0 x64 ENU (Version: 4.0.8482.1) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727) Microsoft Windows Application Compatibility Database Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0) Movie Maker (x32 Version: 16.4.3505.0912) Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0) Oblivion (x32 Version: 1.00.0000) Origin (x32 Version: 8.4.1.210) Pando Media Booster (x32 Version: 2.6.0.8) Paragon Migrate OS to SSD™ (x32 Version: 90.00.0003) Photo Gallery (x32 Version: 16.4.3505.0912) Pidgin (x32 Version: 2.10.0) Play withSIX (x32 Version: 1.30.0476) Punto Switcher 3.2.9 (x32 Version: 3.2.9.240) QuickTime (x32 Version: 7.73.80.64) Safari (x32 Version: 5.34.57.2) Skype™ 6.1 (x32 Version: 6.1.129) Software Updater (x32 Version: 4.1.1) SpeedFan (remove only) (x32) Steam (x32 Version: 1.0.0.0) TeamSpeak 3 Client (Version: 3.0.11.1) TechPowerUp GPU-Z (x32) The Elder Scrolls V: Skyrim (x32) The Sims™ 3 Create a Pattern Tool (x32 Version: 1.0.0) The Sims™ 3 Create a World Tool - Beta (x32 Version: 1.19.4) Trend Micro Titanium (Version: 6.0) Trend Micro Titanium (Version: 6.00) TWC WiFi (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Ventrilo Client for Windows x64 (Version: 3.0.8.0) VLC media player 2.0.3 (x32 Version: 2.0.3) Vuze (x32 Version: 4.9.0.0) Vuze Remote Toolbar v7.6 (x32 Version: 7.6) Warframe (x32 Version: 1.0.0) WebTablet IE Plugin (x32 Version: 1.1.0.4) WebTablet Netscape Plugin (x32 Version: 1.1.0.3) WinDjView 2.0.1 (Version: 2.0.1) Windows 7 Upgrade Advisor (x32 Version: 2.0.5000.0) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Messenger (x32 Version: 16.4.3505.0912) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) Windows Live Writer (x32 Version: 16.4.3505.0912) Windows Live Writer Resources (x32 Version: 16.4.3505.0912) Windows Mobile Device Updater Component (Version: 04.08.2345.00) World of Tanks v.0.6.7 (x32) Yandex (HKCU Version: 25.0.1364.21027) Zune (Version: 04.08.2345.00) Zune Language Pack (CHS) (Version: 04.08.2345.00) Zune Language Pack (CHT) (Version: 04.08.2345.00) Zune Language Pack (CSY) (Version: 04.08.2345.00) Zune Language Pack (DAN) (Version: 04.08.2345.00) Zune Language Pack (DEU) (Version: 04.08.2345.00) Zune Language Pack (ELL) (Version: 04.08.2345.00) Zune Language Pack (ESP) (Version: 04.08.2345.00) Zune Language Pack (FIN) (Version: 04.08.2345.00) Zune Language Pack (FRA) (Version: 04.08.2345.00) Zune Language Pack (HUN) (Version: 04.08.2345.00) Zune Language Pack (IND) (Version: 04.08.2345.00) Zune Language Pack (ITA) (Version: 04.08.2345.00) Zune Language Pack (JPN) (Version: 04.08.2345.00) Zune Language Pack (KOR) (Version: 04.08.2345.00) Zune Language Pack (MSL) (Version: 04.08.2345.00) Zune Language Pack (NLD) (Version: 04.08.2345.00) Zune Language Pack (NOR) (Version: 04.08.2345.00) Zune Language Pack (PLK) (Version: 04.08.2345.00) Zune Language Pack (PTB) (Version: 04.08.2345.00) Zune Language Pack (PTG) (Version: 04.08.2345.00) Zune Language Pack (RUS) (Version: 04.08.2345.00) Zune Language Pack (SVE) (Version: 04.08.2345.00) ==================== Restore Points ========================= 06-09-2013 21:09:02 Installed DirectX 06-09-2013 21:43:56 Installed DirectX 06-09-2013 23:22:52 Installed Play withSIX. 09-09-2013 20:22:41 ComboFix created restore point ==================== Hosts content: ========================== 2013-09-09 14:00 - 2013-09-10 00:57 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {1AA2A063-B477-4B8B-AA35-0F956F17CC33} - System32\Tasks\{A8EC05F1-08CC-4C7D-A633-3C9159FE44AF} => C:\Games\Warlords 3\war3.exe Task: {276086B3-64E1-4933-BE07-43B5CFFB2972} - System32\Tasks\{50B6ADE2-10A7-4678-9CC5-AE9C76D3A7CE} => C:\Program Files (x86)\Electronic Arts\The Sims 3 Create a World Tool\CAW.exe [2013-05-07] () Task: {2AC88BC1-FD06-4F7F-9E4C-2BF8E21E3243} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation) Task: {2FD9D344-203B-4B42-85B7-0CF8360D6C7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-18] (Google Inc.) Task: {3656AC60-D2D3-49A5-BA66-BC195F1483A8} - System32\Tasks\RunAsStdUser Task => C:\Users\Walter\AppData\Local\appkikxSA\bin\1.0.5.0\AppKikxSA.exe Task: {5881C348-0A99-434C-A85D-377DF186256C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated) Task: {64FF7BCB-9559-4A47-AE1D-BF8F75D0EB1A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000UA => C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08] (Google Inc.) Task: {66BDC609-25D9-4779-810F-0D39E57A75F9} - System32\Tasks\{181DFD84-E406-44F9-AE95-A1DABF03D60C} => C:\Games\Warlords 3\war3.exe Task: {75037B7A-E381-4B3B-9E9F-BACA645DAAC6} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {784282DC-4620-45ED-BA03-AD57240926D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-18] (Google Inc.) Task: {7EECFD01-E70D-48BE-8FC2-12438ECBB40E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {8DFB2DBB-B9AE-49AE-9D9F-E0199A538D0A} - System32\Tasks\{9E88FFB0-FCBB-4B68-AD8E-6DCEFA79CC4B} => C:\Games\Warlords 3\war3.exe Task: {952A4117-4445-46E4-B1D0-6C2952534990} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000Core => C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08] (Google Inc.) Task: {9E5F37E0-DC03-4FBC-BEED-B3CE710A0300} - System32\Tasks\IHUninstallTrackingTASK => C:\Windows\System32\CMD Task: {A175F485-9A48-47B2-A1D9-D69866E78BC4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe Task: {CC81A2F6-F74F-47D0-B157-33504B64A816} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd) Task: {CE65104B-4B31-45D7-8FB6-CFB04FB3EFE8} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000Core.job => C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000UA.job => C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-07-13 17:22 - 2009-07-13 18:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm 2012-08-08 16:03 - 2009-11-23 17:53 - 00490280 _____ (Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.dll 2013-02-01 15:18 - 2013-02-01 15:18 - 00244696 _____ (Microsoft Corporation) C:\Users\Walter\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll 2013-02-01 15:18 - 2013-02-01 15:18 - 00661448 _____ (Microsoft Corporation) C:\Users\Walter\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCP110.dll 2013-02-01 15:18 - 2013-02-01 15:18 - 00828872 _____ (Microsoft Corporation) C:\Users\Walter\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCR110.dll 2013-06-05 10:17 - 2013-06-05 10:17 - 00164016 _____ (Dropbox, Inc.) C:\Users\Walter\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll 2010-01-02 07:42 - 2010-01-02 07:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2013-04-08 22:03 - 2013-04-08 22:03 - 00103424 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\x64\3\E_YAUDIUE.DLL 2013-04-08 22:03 - 2013-04-08 22:03 - 00199680 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\x64\3\E_YMAIIUE.DLL 2013-04-08 22:03 - 2013-04-08 22:03 - 02013184 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\x64\3\E_YUICIUE.DLL 2013-06-04 18:32 - 2013-06-04 18:32 - 00217088 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll 2013-06-04 18:33 - 2013-06-04 18:33 - 00335872 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll 2013-06-04 18:36 - 2013-06-04 18:36 - 00028672 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll 2010-11-20 20:24 - 2010-11-20 20:24 - 01435648 _____ (Microsoft Corporation) C:\Windows\System32\Speech\Common\sapi.dll 2012-11-13 16:32 - 2012-11-13 16:32 - 03558400 _____ (wxWidgets development team) C:\Users\Walter\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll 2013-03-13 13:48 - 2013-03-13 13:48 - 24978944 _____ () C:\Users\Walter\AppData\Roaming\Dropbox\bin\libcef.dll 2013-03-13 13:48 - 2013-03-13 13:48 - 09956864 _____ (The ICU Project) C:\Users\Walter\AppData\Roaming\Dropbox\bin\icudt.dll 2009-10-21 17:39 - 2009-10-21 17:39 - 00291328 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll 2011-04-14 09:16 - 2011-04-14 09:16 - 00136704 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\ScanEngine30.dll 2011-04-14 09:25 - 2011-04-14 09:25 - 00055808 _____ (SEIKO EPSON CORP.) C:\Program Files (x86)\EPSON Software\Event Manager\ScnMgr10.dll 2011-04-14 09:25 - 2011-04-14 09:25 - 00206336 _____ (SEIKO EPSON CORP.) C:\Program Files (x86)\EPSON Software\Event Manager\ScnCom10.dll 2011-04-14 09:25 - 2011-04-14 09:25 - 00082944 _____ (SEIKO EPSON CORP.) C:\Program Files (x86)\EPSON Software\Event Manager\ScnEps25.dll 2012-02-09 12:53 - 2012-02-09 12:53 - 00110080 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll 2005-01-13 10:47 - 2005-01-13 10:47 - 00049152 _____ (SEIKO EPSON CORP.) C:\Program Files (x86)\EPSON Software\Event Manager\ESPSUTL.dll 2013-04-08 22:06 - 2012-02-28 09:00 - 00081920 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll 2013-04-08 22:06 - 2012-02-28 09:00 - 00241664 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00135168 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00303104 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00085504 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00262144 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll 2013-04-08 22:06 - 2012-02-28 09:00 - 00022016 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00335872 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00786432 _____ (SEIKO EPSON) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENCM.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00299008 _____ (SEIKO EPSON) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENUTIL.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00278528 _____ (SEIKO EPSON) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENNW.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00229376 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll 2013-04-08 22:06 - 2012-02-28 09:00 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00385024 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXLDB.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00278528 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCFG.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00430080 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCSR.DLL 2013-04-08 22:06 - 2012-02-29 01:00 - 00421888 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUIMGCDC.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00212992 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUADRFIL.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUSTMMSG.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00253952 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUVERDLG.dll 2013-04-08 22:06 - 2012-02-28 09:00 - 00090112 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll 2013-04-08 22:06 - 2012-02-29 01:00 - 00536576 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXTIF.dll 2013-04-08 22:06 - 2012-02-28 09:00 - 00106496 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll 2009-07-13 14:03 - 2009-07-13 18:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll 2013-05-19 11:10 - 2010-03-19 21:58 - 00325632 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtXml4.dll 2013-05-19 11:10 - 2010-03-19 21:58 - 01954304 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtCore4.dll 2013-05-19 11:10 - 2010-03-19 21:58 - 07187456 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtGui4.dll 2013-05-19 11:10 - 2010-03-19 21:58 - 00847360 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtNetwork4.dll 2009-11-23 14:10 - 2009-11-23 14:10 - 00349184 ____R (Wacom Technology, Corp.) C:\Windows\system32\wintab32.DLL 2013-05-19 11:10 - 2013-02-27 13:56 - 00309248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\DigiDoFlavor.dll 2013-05-19 11:10 - 2012-01-31 14:43 - 00119808 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\imageformats\qjpeg4.dll 2013-05-19 11:10 - 2013-02-27 15:19 - 03435856 _____ (Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffStateMc.dll 2013-05-19 11:10 - 2013-02-27 15:19 - 00140112 _____ (Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffCrypto.dll 2013-05-19 11:10 - 2013-02-27 15:19 - 00365904 _____ (Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\affNdis.dll 2013-05-19 11:10 - 2012-01-31 15:01 - 00118784 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\W32N55.dll 2013-05-19 11:10 - 2013-02-27 15:19 - 00402768 _____ (Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffIpHelper.dll 2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll 2013-09-09 13:56 - 2013-09-10 11:14 - 00180224 _____ (Softanics) C:\Users\Walter\AppData\Local\Temp\AFF1.tmp\f_in_box.dll 2013-05-19 11:10 - 2013-02-27 14:34 - 01781248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisDG860ALOC.dll 2013-05-19 11:10 - 2013-02-27 14:30 - 01781248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisTG852GLOC.dll 2013-05-19 11:10 - 2013-02-27 14:32 - 01781248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisTG862GLOC.dll 2013-05-19 11:10 - 2013-02-27 14:25 - 01789952 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\MotorolaSBG900LOC.dll 2013-05-19 11:10 - 2013-02-27 14:29 - 01760256 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\NetgearWNR1000v3LOC.dll 2013-05-19 11:10 - 2013-02-27 14:35 - 01762816 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\UbeeDVW3201BLOC.dll 2013-05-19 11:10 - 2013-02-27 15:19 - 00023376 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyServicePS.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\Users\Walter\Downloads\60F566EC-00000282.eml:OECustomProperty AlternateDataStreams: C:\Users\Walter\Downloads\60F566EC-00000282.eml:OEStandardProperty ==================== Faulty Device Manager Devices ============= Name: Marvell 91xx Config ATA Device Description: Marvell 91xx Config ATA Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/10/2013 11:16:36 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/10/2013 10:36:03 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/10/2013 00:21:03 AM) (Source: Application Hang) (User: ) Description: The program IEXPLORE.EXE version 10.0.9200.16660 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e74 Start Time: 01ceadf5626026ba Termination Time: 16 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error: (09/09/2013 02:04:43 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/09/2013 01:58:26 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/09/2013 01:29:31 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/09/2013 01:16:09 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/09/2013 00:51:29 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/09/2013 07:40:53 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (09/09/2013 06:33:56 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (09/09/2013 01:26:42 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (09/09/2013 01:26:21 PM) (Source: Application Popup) (User: ) Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (09/09/2013 01:24:53 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (09/09/2013 01:23:25 PM) (Source: Service Control Manager) (User: ) Description: The DokanMounter service terminated unexpectedly. It has done this 1 time(s). Error: (09/09/2013 06:53:34 AM) (Source: Service Control Manager) (User: ) Description: The Trend Micro Solution Platform service terminated unexpectedly. It has done this 1 time(s). Error: (09/06/2013 01:53:33 PM) (Source: volsnap) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (09/02/2013 10:14:46 AM) (Source: Service Control Manager) (User: ) Description: The Windows Search service failed to start due to the following error: %%1053 Error: (09/02/2013 10:14:46 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. Error: (09/02/2013 10:14:46 AM) (Source: Service Control Manager) (User: ) Description: The Windows Search service failed to start due to the following error: %%1053 Error: (09/02/2013 10:14:46 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. Microsoft Office Sessions: ========================= Error: (09/10/2013 11:16:36 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/10/2013 10:36:03 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/10/2013 00:21:03 AM) (Source: Application Hang)(User: ) Description: IEXPLORE.EXE10.0.9200.16660e7401ceadf5626026ba16C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Error: (09/09/2013 02:04:43 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/09/2013 01:58:26 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/09/2013 01:29:31 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/09/2013 01:16:09 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/09/2013 00:51:29 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/09/2013 07:40:53 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE Error: (09/09/2013 06:33:56 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-09-09 13:26:21.753 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-09 13:26:21.706 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 24567.11 MB Available physical RAM: 22092.77 MB Total Pagefile: 49132.41 MB Available Pagefile: 46353.27 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (New Volume) (Fixed) (Total:238.47 GB) (Free:26.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive f: (OBLIVION_GOTY) (CDROM) (Total:5.46 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: EC5DB2F6) Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01 Ran by Walter (administrator) on WALTER-PC on 10-09-2013 11:18:32 Running from C:\Users\Walter\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe (Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE (Dropbox, Inc.) C:\Users\Walter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe (Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Wacom Technology, Corp.) C:\Windows\system32\WTablet\Pen_TabletUser.exe (Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe (Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1374328 2013-05-29] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [209712 2013-02-04] (Trend Micro Inc.) HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd) HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2013-04-08] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [DigiDo] - C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe [1158480 2013-02-27] (Affinegy, Inc.) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-06-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [] - [x] Startup: C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Walter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk ShortcutTarget: Punto Switcher.lnk -> C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe (ООО Яндекс) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {A3D6A8F5-ADE9-445E-95DF-78A3FA35E8D6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms} SearchScopes: HKCU - {A3D6A8F5-ADE9-445E-95DF-78A3FA35E8D6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms} BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe64.dll (Trend Micro Inc.) BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe32.dll (Trend Micro Inc.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKCU - No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe64.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe32.dll (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.) Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox: ======== FF ProfilePath: C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\ul8yw8vw.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Walter\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Walter\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Walter\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Walter\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Walter\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF Extension: Define Ext - C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\ul8yw8vw.default\Extensions\zgvstddqqjlabihif@opvrjrelhkc.org FF Extension: Address Bar Search - C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\ul8yw8vw.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\zgvstddqqjlabihif@opvrjrelhkc.org FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\firefoxextension FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\firefoxextension FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ FF HKCU\...\Firefox\Extensions: [{132C60DD-1177-11E2-8271-B8AC6F996F26}] C:\Users\Walter\AppData\Local\{132C60DD-1177-11E2-8271-B8AC6F996F26}\ FF Extension: Mozilla Safe Browsing - C:\Users\Walter\AppData\Local\{132C60DD-1177-11E2-8271-B8AC6F996F26}\ Chrome: ======= CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\chrome_tmbep.crx CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\chrome_tmbep.crx CHR HKLM-x32\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - C:\Users\Walter\AppData\Local\chromeupdate.crx CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx ==================== Services (Whitelisted) ================= R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-15] (ArcSoft Inc.) R2 AffinegyService; C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe [592720 2013-02-27] (Affinegy, Inc.) R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-11-10] (Alcatel-Lucent) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3995760 2012-11-25] (INCA Internet Co., Ltd.) S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation) R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127784 2009-11-23] (Wacom Technology, Corp.) S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x] ==================== Drivers (Whitelisted) ==================== S3 BioNTDrv; C:\Program Files (x86)\Paragon Software\Migrate OS to SSD\program\BioNTDrv.SYS [19024 2011-03-01] (Paragon Software GmbH) S3 BioNTDrv; C:\Program Files (x86)\Paragon Software\Migrate OS to SSD\program\BioNTDrv.SYS [19024 2011-03-01] (Paragon Software GmbH) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-22] (DT Soft Ltd) S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2011-12-28] () S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [178432 2008-03-31] (Saitek) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-19] (Anchorfree Inc.) R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [108584 2012-12-21] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-12-21] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.) R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.) R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2012-12-21] (Trend Micro Inc.) R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-05] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [x] U2 TMAgent; U2 V2iMount; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-10 11:17 - 2013-09-10 11:17 - 01949196 _____ (Farbar) C:\Users\Walter\Desktop\FRST64.exe 2013-09-10 11:12 - 2013-09-10 11:13 - 00000000 ____D C:\AdwCleaner 2013-09-10 11:07 - 2013-09-10 11:07 - 00001451 _____ C:\Users\Walter\Desktop\New Text Document.txt 2013-09-10 11:06 - 2013-09-10 11:06 - 01037278 _____ C:\Users\Walter\Desktop\AdwCleaner.exe 2013-09-09 14:07 - 2013-09-09 14:07 - 00007168 _____ C:\Users\Walter\Documents\cc_20130909_140727.reg 2013-09-09 14:00 - 2009-06-10 14:00 - 00017463 _____ C:\Windows\system32\Drivers\etc\services 2013-09-09 14:00 - 2009-06-10 14:00 - 00003683 _____ C:\Windows\system32\Drivers\etc\lmhosts.sam 2013-09-09 14:00 - 2009-06-10 14:00 - 00001358 _____ C:\Windows\system32\Drivers\etc\protocol 2013-09-09 14:00 - 2009-06-10 14:00 - 00000407 _____ C:\Windows\system32\Drivers\etc\networks 2013-09-09 13:27 - 2013-09-09 13:56 - 00000000 ____D C:\Users\Walter\AppData\Roaming\WTouch 2013-09-09 13:22 - 2013-09-09 13:28 - 00000000 ____D C:\Windows\erdnt 2013-09-09 13:22 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-09 13:22 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-09 13:22 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-09 13:22 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-09 13:22 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-09 13:22 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-09 13:22 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-09 13:22 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-09 13:12 - 2013-09-09 13:12 - 01037278 _____ C:\Users\Walter\Downloads\adwcleaner.exe 2013-09-09 13:07 - 2013-09-09 13:07 - 00891144 _____ C:\Users\Walter\Downloads\SecurityCheck.exe 2013-09-09 12:33 - 2013-09-09 12:33 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Malwarebytes 2013-09-09 12:33 - 2013-09-09 12:33 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-09 06:53 - 2013-09-09 07:47 - 00000000 ____D C:\Users\Walter\Desktop\lps 2013-09-09 06:50 - 2013-09-10 11:14 - 00000000 ___RD C:\Users\Walter\Dropbox 2013-09-09 06:50 - 2013-09-09 06:50 - 00001053 _____ C:\Users\Walter\Desktop\Dropbox.lnk 2013-09-09 06:48 - 2013-09-09 06:48 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2013-09-09 06:47 - 2013-09-10 11:14 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Dropbox 2013-09-09 06:47 - 2013-09-09 06:47 - 32966136 _____ (Dropbox, Inc.) C:\Users\Walter\Downloads\Dropbox 2.0.26.exe 2013-09-07 21:47 - 2013-09-07 21:47 - 00002669 _____ C:\Users\Walter\Desktop\Play withSIX.lnk 2013-09-07 13:55 - 2013-09-07 13:56 - 00000022 _____ C:\Users\Walter\Downloads\Outlook (1).zip 2013-09-06 16:34 - 2013-09-06 16:34 - 00000000 ____D C:\Users\Walter\AppData\Local\SIX Updater 2013-09-06 16:34 - 2013-09-06 16:34 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio 2013-09-06 16:23 - 2013-09-06 16:34 - 00000000 ____D C:\Users\Walter\AppData\Local\Play withSIX 2013-09-06 16:23 - 2013-09-06 16:23 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Play withSIX 2013-09-06 16:23 - 2013-09-06 16:23 - 00000000 ____D C:\Users\Walter\AppData\Local\IsolatedStorage 2013-09-06 16:22 - 2013-09-06 16:22 - 12161296 _____ (SIX Networks) C:\Users\Walter\Downloads\Play withSIX setup.exe 2013-09-06 16:22 - 2013-09-06 16:22 - 00000000 ____D C:\Program Files (x86)\SIX Networks 2013-09-06 16:19 - 2013-09-06 16:19 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext 2013-09-06 16:18 - 2013-09-06 16:18 - 01081496 _____ (InstallManager) C:\Users\Walter\Downloads\Express_Installer.exe 2013-09-06 16:17 - 2013-09-06 16:17 - 00825768 _____ (AirInstaller ) C:\Users\Walter\Downloads\Setup(1).exe 2013-09-06 14:44 - 2013-09-09 22:28 - 00000000 ____D C:\Users\Walter\AppData\Local\ArmA 2 OA 2013-09-06 14:16 - 2013-09-06 14:16 - 00290825 _____ C:\Users\Walter\Downloads\Download ArmA 2 Operation Arrowhead.exe 2013-09-06 14:09 - 2013-09-06 17:30 - 00000000 ____D C:\Users\Walter\Documents\ArmA 2 2013-09-06 14:09 - 2013-09-06 14:44 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive 2013-09-06 14:09 - 2013-09-06 14:09 - 00000000 ____D C:\Users\Walter\AppData\Local\ArmA 2 2013-09-06 13:58 - 2013-09-06 13:58 - 00000000 ____D C:\Program Files (x86)\Bohemia Interactive 2013-09-06 13:32 - 2013-09-06 13:32 - 00000000 ____D C:\Users\Walter\AppData\Local\GameFly 2013-09-06 12:53 - 2013-09-06 12:53 - 00000000 ____D C:\Users\Walter\Documents\GameFly 2013-09-06 12:53 - 2013-09-06 12:53 - 00000000 ____D C:\Users\Walter\AppData\Roaming\GameFly 2013-09-06 12:51 - 2013-09-06 12:51 - 00490808 _____ () C:\Users\Walter\Downloads\setup.exe 2013-08-30 19:41 - 2013-08-30 19:41 - 00067584 _____ C:\Users\Walter\Downloads\Milius_Rachel_Timesheet_1334-1335.xls 2013-08-17 00:12 - 2013-08-17 00:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-15 03:04 - 2013-07-25 22:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-15 03:04 - 2013-07-25 22:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-15 03:04 - 2013-07-25 22:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-15 03:04 - 2013-07-25 22:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-15 03:04 - 2013-07-25 22:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-15 03:04 - 2013-07-25 22:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-15 03:04 - 2013-07-25 22:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-15 03:04 - 2013-07-25 22:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-15 03:04 - 2013-07-25 22:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-15 03:04 - 2013-07-25 22:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-15 03:04 - 2013-07-25 22:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-15 03:04 - 2013-07-25 22:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-15 03:04 - 2013-07-25 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-15 03:04 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-15 03:04 - 2013-07-25 20:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-15 03:04 - 2013-07-25 20:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-15 03:04 - 2013-07-25 20:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-15 03:04 - 2013-07-25 20:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-15 03:04 - 2013-07-25 20:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-15 03:04 - 2013-07-25 20:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-15 03:04 - 2013-07-25 20:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-15 03:04 - 2013-07-25 20:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-15 03:04 - 2013-07-25 20:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-15 03:04 - 2013-07-25 20:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-15 03:04 - 2013-07-25 20:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-15 03:04 - 2013-07-25 20:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-15 03:04 - 2013-07-25 20:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-15 03:04 - 2013-07-25 19:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-15 03:04 - 2013-07-25 19:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-15 03:04 - 2013-07-25 18:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-15 03:03 - 2013-07-25 20:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 17:26 - 2013-09-07 19:11 - 00000000 ____D C:\Users\Walter\Desktop\Recipes 2013-08-14 06:04 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 06:04 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 06:04 - 2013-07-18 18:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 06:04 - 2013-07-18 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 06:04 - 2013-07-08 23:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 06:04 - 2013-07-08 22:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 06:04 - 2013-07-08 22:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-14 06:04 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 06:04 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 06:04 - 2013-07-08 22:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 06:04 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 06:04 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 06:04 - 2013-07-08 22:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 06:04 - 2013-07-08 22:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 06:04 - 2013-07-08 21:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 06:04 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 06:04 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 06:04 - 2013-07-08 21:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 06:04 - 2013-07-08 21:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 06:04 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 06:04 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 06:04 - 2013-07-08 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 06:04 - 2013-07-08 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 06:04 - 2013-07-08 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 06:04 - 2013-07-08 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 06:04 - 2013-07-05 23:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 06:04 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-11 09:25 - 2013-08-11 09:25 - 00000000 ____D C:\Program Files (x86)\Yandex ==================== One Month Modified Files and Folders ======= 2013-09-10 11:18 - 2012-09-05 15:10 - 01144742 _____ C:\Windows\WindowsUpdate.log 2013-09-10 11:17 - 2013-09-10 11:17 - 01949196 _____ (Farbar) C:\Users\Walter\Desktop\FRST64.exe 2013-09-10 11:14 - 2013-09-09 06:50 - 00000000 ___RD C:\Users\Walter\Dropbox 2013-09-10 11:14 - 2013-09-09 06:47 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Dropbox 2013-09-10 11:14 - 2013-01-18 15:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-10 11:14 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-10 11:14 - 2009-07-13 21:51 - 25484160 _____ C:\Windows\setupact.log 2013-09-10 11:13 - 2013-09-10 11:12 - 00000000 ____D C:\AdwCleaner 2013-09-10 11:07 - 2013-09-10 11:07 - 00001451 _____ C:\Users\Walter\Desktop\New Text Document.txt 2013-09-10 11:06 - 2013-09-10 11:06 - 01037278 _____ C:\Users\Walter\Desktop\AdwCleaner.exe 2013-09-10 11:06 - 2013-01-18 15:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-10 10:52 - 2011-10-08 10:51 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000UA.job 2013-09-10 10:41 - 2009-07-13 21:45 - 00026912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-10 10:41 - 2009-07-13 21:45 - 00026912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-10 10:38 - 2009-07-13 22:13 - 00779358 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-10 10:35 - 2012-09-15 13:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-10 00:55 - 2012-10-08 11:37 - 00234544 _____ C:\Windows\RegBootClean64.exe 2013-09-09 22:28 - 2013-09-06 14:44 - 00000000 ____D C:\Users\Walter\AppData\Local\ArmA 2 OA 2013-09-09 22:28 - 2011-10-08 15:27 - 00000000 ____D C:\Users\Walter\AppData\Roaming\TS3Client 2013-09-09 22:27 - 2013-06-14 19:49 - 00000000 ____D C:\Users\Walter\AppData\Local\Warframe 2013-09-09 19:52 - 2011-10-08 10:51 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000Core.job 2013-09-09 14:07 - 2013-09-09 14:07 - 00007168 _____ C:\Users\Walter\Documents\cc_20130909_140727.reg 2013-09-09 14:02 - 2010-11-20 20:47 - 00032124 _____ C:\Windows\PFRO.log 2013-09-09 13:56 - 2013-09-09 13:27 - 00000000 ____D C:\Users\Walter\AppData\Roaming\WTouch 2013-09-09 13:28 - 2013-09-09 13:22 - 00000000 ____D C:\Windows\erdnt 2013-09-09 13:27 - 2009-07-13 19:34 - 00000215 ____N C:\Windows\system.ini 2013-09-09 13:12 - 2013-09-09 13:12 - 01037278 _____ C:\Users\Walter\Downloads\adwcleaner.exe 2013-09-09 13:07 - 2013-09-09 13:07 - 00891144 _____ C:\Users\Walter\Downloads\SecurityCheck.exe 2013-09-09 12:50 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-09-09 12:33 - 2013-09-09 12:33 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Malwarebytes 2013-09-09 12:33 - 2013-09-09 12:33 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-09 12:30 - 2011-10-15 17:57 - 00000000 ____D C:\Program Files (x86)\Steam 2013-09-09 07:47 - 2013-09-09 06:53 - 00000000 ____D C:\Users\Walter\Desktop\lps 2013-09-09 06:50 - 2013-09-09 06:50 - 00001053 _____ C:\Users\Walter\Desktop\Dropbox.lnk 2013-09-09 06:50 - 2012-09-05 14:40 - 00000000 ____D C:\Users\Walter 2013-09-09 06:48 - 2013-09-09 06:48 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2013-09-09 06:48 - 2011-10-07 22:12 - 00000000 ___RD C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-09 06:47 - 2013-09-09 06:47 - 32966136 _____ (Dropbox, Inc.) C:\Users\Walter\Downloads\Dropbox 2.0.26.exe 2013-09-07 21:47 - 2013-09-07 21:47 - 00002669 _____ C:\Users\Walter\Desktop\Play withSIX.lnk 2013-09-07 19:11 - 2013-08-14 17:26 - 00000000 ____D C:\Users\Walter\Desktop\Recipes 2013-09-07 19:11 - 2013-06-20 12:46 - 00000000 ____D C:\Users\Walter\Desktop\Prepware School LAN 2013-09-07 13:56 - 2013-09-07 13:55 - 00000022 _____ C:\Users\Walter\Downloads\Outlook (1).zip 2013-09-06 18:14 - 2012-11-07 03:02 - 00000000 ____D C:\Users\Walter\AppData\Local\Deployment 2013-09-06 17:30 - 2013-09-06 14:09 - 00000000 ____D C:\Users\Walter\Documents\ArmA 2 2013-09-06 16:34 - 2013-09-06 16:34 - 00000000 ____D C:\Users\Walter\AppData\Local\SIX Updater 2013-09-06 16:34 - 2013-09-06 16:34 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio 2013-09-06 16:34 - 2013-09-06 16:23 - 00000000 ____D C:\Users\Walter\AppData\Local\Play withSIX 2013-09-06 16:23 - 2013-09-06 16:23 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Play withSIX 2013-09-06 16:23 - 2013-09-06 16:23 - 00000000 ____D C:\Users\Walter\AppData\Local\IsolatedStorage 2013-09-06 16:22 - 2013-09-06 16:22 - 12161296 _____ (SIX Networks) C:\Users\Walter\Downloads\Play withSIX setup.exe 2013-09-06 16:22 - 2013-09-06 16:22 - 00000000 ____D C:\Program Files (x86)\SIX Networks 2013-09-06 16:22 - 2011-12-28 23:45 - 00000000 ____D C:\Users\Walter\AppData\Local\Downloaded Installations 2013-09-06 16:19 - 2013-09-06 16:19 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext 2013-09-06 16:18 - 2013-09-06 16:18 - 01081496 _____ (InstallManager) C:\Users\Walter\Downloads\Express_Installer.exe 2013-09-06 16:17 - 2013-09-06 16:17 - 00825768 _____ (AirInstaller ) C:\Users\Walter\Downloads\Setup(1).exe 2013-09-06 14:44 - 2013-09-06 14:09 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive 2013-09-06 14:44 - 2012-09-01 08:08 - 00075534 _____ C:\Windows\DirectX.log 2013-09-06 14:16 - 2013-09-06 14:16 - 00290825 _____ C:\Users\Walter\Downloads\Download ArmA 2 Operation Arrowhead.exe 2013-09-06 14:09 - 2013-09-06 14:09 - 00000000 ____D C:\Users\Walter\AppData\Local\ArmA 2 2013-09-06 13:58 - 2013-09-06 13:58 - 00000000 ____D C:\Program Files (x86)\Bohemia Interactive 2013-09-06 13:32 - 2013-09-06 13:32 - 00000000 ____D C:\Users\Walter\AppData\Local\GameFly 2013-09-06 12:53 - 2013-09-06 12:53 - 00000000 ____D C:\Users\Walter\Documents\GameFly 2013-09-06 12:53 - 2013-09-06 12:53 - 00000000 ____D C:\Users\Walter\AppData\Roaming\GameFly 2013-09-06 12:51 - 2013-09-06 12:51 - 00490808 _____ () C:\Users\Walter\Downloads\setup.exe 2013-09-05 22:41 - 2012-09-22 11:03 - 00000000 ____D C:\Users\Walter\Desktop\Rachel's Wacky Russian Extravaganza! 2013-08-30 19:41 - 2013-08-30 19:41 - 00067584 _____ C:\Users\Walter\Downloads\Milius_Rachel_Timesheet_1334-1335.xls 2013-08-29 21:58 - 2012-02-17 21:55 - 00000000 ____D C:\Users\Walter\AppData\Roaming\DAEMON Tools Lite 2013-08-29 16:53 - 2012-01-28 02:08 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Mozilla 2013-08-22 21:41 - 2012-10-05 04:46 - 00000000 ____D C:\ProgramData\Trend Micro 2013-08-21 01:35 - 2012-09-15 13:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-21 01:35 - 2012-09-05 13:05 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-21 01:35 - 2012-09-05 13:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-18 16:30 - 2013-01-18 19:01 - 00000000 ____D C:\Users\Walter\AppData\Roaming\.minecraft 2013-08-17 07:53 - 2012-10-30 06:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-17 07:53 - 2012-08-08 16:05 - 00000000 ____D C:\Users\Walter\AppData\Roaming\WTablet 2013-08-17 00:12 - 2013-08-17 00:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-15 03:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache 2013-08-15 03:01 - 2013-07-15 03:00 - 00000000 ____D C:\Windows\system32\MRT 2013-08-15 03:00 - 2012-11-29 06:38 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-11 09:25 - 2013-08-11 09:25 - 00000000 ____D C:\Program Files (x86)\Yandex Files to move or delete: ==================== C:\Users\Walter\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-01 10:54 ==================== End Of Log ============================

My PC was recently infected by something that makes ads appear in the lower left corner of all browsers. I read a couple of forums and tried to do all of the stuff that was listed, but this thing will not go away. It's worse than Bonzi Buddy way back when. It's completely undetected by every single virus scan I've done.