Ads in lower left corner of all browsers

[jpmil]

My PC was recently infected by something that makes ads appear in the lower left corner of all browsers. I read a couple of forums and tried to do all of the stuff that was listed, but this thing will not go away. It's worse than Bonzi Buddy way back when. It's completely undetected by every single virus scan I've done.

[kevinf80]

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

• Double click on AdwCleaner.exe to run the tool.
  
• Vista/Windows 7/8 users right-click and select Run As Administrator
  
• Click on the Scan button.
  
• AdwCleaner will begin...be patient as the scan may take some time to complete.
  
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  
• Look over the log especially under Files/Folders for any program you want to save.
  
• If there's a program you want to save, just uncheck it from AdwCleaner.
  
• If you're not sure, post the log for review.
  
• If you're ready to clean it all up.....click the Clean button.
  
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  
• To restore an item that has been deleted:
  
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

 

Next,

 

download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Kevin..

[jpmil]

Ok, I've done what you said so far, here are the reports in order:

 

# AdwCleaner v3.003 - Report created 10/09/2013 at 11:13:16
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Walter - WALTER-PC
# Running from : C:\Users\Walter\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Walter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\ul8yw8vw.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Walter\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R1].txt - [1012 octets] - [10/09/2013 11:12:09]
AdwCleaner[s1].txt - [937 octets] - [10/09/2013 11:13:16]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [996 octets] ##########

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 01
Ran by Walter at 2013-09-10 11:18:48
Running from C:\Users\Walter\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
"Oblivion ÇÎËÎÒÎÅ ÈÇÄÀÍÈÅ" âåðñèè 1.2.0416 (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Aegisub 2.1.9 (x32 Version: 2.1.9)
Amazon Kindle (HKCU)
Amazon MP3 Downloader 1.0.15 (x32 Version: 1.0.15)
AMD Catalyst Control Center (x32 Version: 2013.0604.1838.31590)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80604.1838)
AMD Wireless Display v3.0 (Version: 1.0.0.12)
Anki (x32)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft MediaConverter 7.5 (x32 Version: 7.5.0.114)
ARMA 2 Operation Arrowhead Uninstall (x32)
ArmA 2 Uninstall (x32)
Audacity 2.0 (x32)
AudibleManager (x32 Version: 2003647726.48.56.3935466)
Bamboo (x32)
BattlEye for OA Uninstall (x32)
BattlEye Uninstall (x32)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0604.1838.31590)
Catalyst Control Center InstallProxy (x32 Version: 2013.0604.1838.31590)
Catalyst Control Center Localization All (x32 Version: 2013.0604.1838.31590)
CCC Help Chinese Standard (x32 Version: 2013.0604.1837.31590)
CCC Help Chinese Traditional (x32 Version: 2013.0604.1837.31590)
CCC Help Czech (x32 Version: 2013.0604.1837.31590)
CCC Help Danish (x32 Version: 2013.0604.1837.31590)
CCC Help Dutch (x32 Version: 2013.0604.1837.31590)
CCC Help English (x32 Version: 2013.0604.1837.31590)
CCC Help Finnish (x32 Version: 2013.0604.1837.31590)
CCC Help French (x32 Version: 2013.0604.1837.31590)
CCC Help German (x32 Version: 2013.0604.1837.31590)
CCC Help Greek (x32 Version: 2013.0604.1837.31590)
CCC Help Hungarian (x32 Version: 2013.0604.1837.31590)
CCC Help Italian (x32 Version: 2013.0604.1837.31590)
CCC Help Japanese (x32 Version: 2013.0604.1837.31590)
CCC Help Korean (x32 Version: 2013.0604.1837.31590)
CCC Help Norwegian (x32 Version: 2013.0604.1837.31590)
CCC Help Polish (x32 Version: 2013.0604.1837.31590)
CCC Help Portuguese (x32 Version: 2013.0604.1837.31590)
CCC Help Russian (x32 Version: 2013.0604.1837.31590)
CCC Help Spanish (x32 Version: 2013.0604.1837.31590)
CCC Help Swedish (x32 Version: 2013.0604.1837.31590)
CCC Help Thai (x32 Version: 2013.0604.1837.31590)
CCC Help Turkish (x32 Version: 2013.0604.1837.31590)
ccc-utility64 (Version: 2013.0604.1838.31590)
Cool & Quiet (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.46.1.0328)
Define Ext (HKCU Version: 8)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dokan Library 0.6.0 (x32)
Dropbox (HKCU Version: 2.0.26)
eaner (Version: 3.25)
EPSON Connect version 1.0 (x32 Version: 1.0)
Epson Customer Participation (Version: 1.4.0.0)
Epson Event Manager (x32 Version: 3.01.0003)
Epson FAX Utility (x32 Version: 1.30.00)
EPSON Scan (x32)
EPSON WF-2540 Series Printer Uninstall
EpsonNet Print (x32 Version: 2.5.00)
EVE Online (remove only) (x32)
EVEMon (x32 Version: 1.8.0.3971)
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Talk Plugin (x32 Version: 4.5.3.14917)
Google Update Helper (x32 Version: 1.3.21.153)
Homeworld2 Demo (x32)
Java Auto Updater (x32 Version: 2.0.7.2)
Java 6 Update 37 (x32 Version: 6.0.370)
JNLP (HKCU)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft AppLocale (x32 Version: 1.0.0)
Microsoft Games for Windows - LIVE  (x32 Version: 2.0.675.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access MUI (Russian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Russian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (Russian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Language Pack 2010 - Russian/русский (x32 Version: 14.0.6029.1000)
Microsoft Office O MUI (Russian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Russian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (Russian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Russian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Ukrainian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (Russian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Russian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (Russian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Russian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (Russian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office X MUI (Russian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (x32)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 4.0 x64 ENU (Version: 4.0.8482.1)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Windows Application Compatibility Database
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0)
Oblivion (x32 Version: 1.00.0000)
Origin (x32 Version: 8.4.1.210)
Pando Media Booster (x32 Version: 2.6.0.8)
Paragon Migrate OS to SSD™ (x32 Version: 90.00.0003)
Photo Gallery (x32 Version: 16.4.3505.0912)
Pidgin (x32 Version: 2.10.0)
Play withSIX (x32 Version: 1.30.0476)
Punto Switcher 3.2.9 (x32 Version: 3.2.9.240)
QuickTime (x32 Version: 7.73.80.64)
Safari (x32 Version: 5.34.57.2)
Skype™ 6.1 (x32 Version: 6.1.129)
Software Updater (x32 Version: 4.1.1)
SpeedFan (remove only) (x32)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.11.1)
TechPowerUp GPU-Z (x32)
The Elder Scrolls V: Skyrim (x32)
The Sims™ 3 Create a Pattern Tool (x32 Version: 1.0.0)
The Sims™ 3 Create a World Tool - Beta (x32 Version: 1.19.4)
Trend Micro Titanium (Version: 6.0)
Trend Micro Titanium (Version: 6.00)
TWC WiFi (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
VLC media player 2.0.3 (x32 Version: 2.0.3)
Vuze (x32 Version: 4.9.0.0)
Vuze Remote Toolbar v7.6 (x32 Version: 7.6)
Warframe (x32 Version: 1.0.0)
WebTablet IE Plugin (x32 Version: 1.1.0.4)
WebTablet Netscape Plugin (x32 Version: 1.1.0.3)
WinDjView 2.0.1 (Version: 2.0.1)
Windows 7 Upgrade Advisor (x32 Version: 2.0.5000.0)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
World of Tanks v.0.6.7 (x32)
Yandex (HKCU Version: 25.0.1364.21027)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

==================== Restore Points  =========================

06-09-2013 21:09:02 Installed DirectX
06-09-2013 21:43:56 Installed DirectX
06-09-2013 23:22:52 Installed Play withSIX.
09-09-2013 20:22:41 ComboFix created restore point

==================== Hosts content: ==========================

2013-09-09 14:00 - 2013-09-10 00:57 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {1AA2A063-B477-4B8B-AA35-0F956F17CC33} - System32\Tasks\{A8EC05F1-08CC-4C7D-A633-3C9159FE44AF} => C:\Games\Warlords 3\war3.exe
Task: {276086B3-64E1-4933-BE07-43B5CFFB2972} - System32\Tasks\{50B6ADE2-10A7-4678-9CC5-AE9C76D3A7CE} => C:\Program Files (x86)\Electronic Arts\The Sims 3 Create a World Tool\CAW.exe [2013-05-07] ()
Task: {2AC88BC1-FD06-4F7F-9E4C-2BF8E21E3243} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {2FD9D344-203B-4B42-85B7-0CF8360D6C7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-18] (Google Inc.)
Task: {3656AC60-D2D3-49A5-BA66-BC195F1483A8} - System32\Tasks\RunAsStdUser Task => C:\Users\Walter\AppData\Local\appkikxSA\bin\1.0.5.0\AppKikxSA.exe
Task: {5881C348-0A99-434C-A85D-377DF186256C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {64FF7BCB-9559-4A47-AE1D-BF8F75D0EB1A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000UA => C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08] (Google Inc.)
Task: {66BDC609-25D9-4779-810F-0D39E57A75F9} - System32\Tasks\{181DFD84-E406-44F9-AE95-A1DABF03D60C} => C:\Games\Warlords 3\war3.exe
Task: {75037B7A-E381-4B3B-9E9F-BACA645DAAC6} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {784282DC-4620-45ED-BA03-AD57240926D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-18] (Google Inc.)
Task: {7EECFD01-E70D-48BE-8FC2-12438ECBB40E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8DFB2DBB-B9AE-49AE-9D9F-E0199A538D0A} - System32\Tasks\{9E88FFB0-FCBB-4B68-AD8E-6DCEFA79CC4B} => C:\Games\Warlords 3\war3.exe
Task: {952A4117-4445-46E4-B1D0-6C2952534990} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000Core => C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08] (Google Inc.)
Task: {9E5F37E0-DC03-4FBC-BEED-B3CE710A0300} - System32\Tasks\IHUninstallTrackingTASK => C:\Windows\System32\CMD
Task: {A175F485-9A48-47B2-A1D9-D69866E78BC4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {CC81A2F6-F74F-47D0-B157-33504B64A816} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {CE65104B-4B31-45D7-8FB6-CFB04FB3EFE8} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000Core.job => C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000UA.job => C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-07-13 17:22 - 2009-07-13 18:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2012-08-08 16:03 - 2009-11-23 17:53 - 00490280 _____ (Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.dll
2013-02-01 15:18 - 2013-02-01 15:18 - 00244696 _____ (Microsoft Corporation) C:\Users\Walter\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
2013-02-01 15:18 - 2013-02-01 15:18 - 00661448 _____ (Microsoft Corporation) C:\Users\Walter\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCP110.dll
2013-02-01 15:18 - 2013-02-01 15:18 - 00828872 _____ (Microsoft Corporation) C:\Users\Walter\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCR110.dll
2013-06-05 10:17 - 2013-06-05 10:17 - 00164016 _____ (Dropbox, Inc.) C:\Users\Walter\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2010-01-02 07:42 - 2010-01-02 07:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-04-08 22:03 - 2013-04-08 22:03 - 00103424 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\x64\3\E_YAUDIUE.DLL
2013-04-08 22:03 - 2013-04-08 22:03 - 00199680 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\x64\3\E_YMAIIUE.DLL
2013-04-08 22:03 - 2013-04-08 22:03 - 02013184 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\x64\3\E_YUICIUE.DLL
2013-06-04 18:32 - 2013-06-04 18:32 - 00217088 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2013-06-04 18:33 - 2013-06-04 18:33 - 00335872 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2013-06-04 18:36 - 2013-06-04 18:36 - 00028672 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2010-11-20 20:24 - 2010-11-20 20:24 - 01435648 _____ (Microsoft Corporation) C:\Windows\System32\Speech\Common\sapi.dll
2012-11-13 16:32 - 2012-11-13 16:32 - 03558400 _____ (wxWidgets development team) C:\Users\Walter\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 13:48 - 2013-03-13 13:48 - 24978944 _____ () C:\Users\Walter\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 13:48 - 2013-03-13 13:48 - 09956864 _____ (The ICU Project) C:\Users\Walter\AppData\Roaming\Dropbox\bin\icudt.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 00291328 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2011-04-14 09:16 - 2011-04-14 09:16 - 00136704 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\ScanEngine30.dll
2011-04-14 09:25 - 2011-04-14 09:25 - 00055808 _____ (SEIKO EPSON CORP.) C:\Program Files (x86)\EPSON Software\Event Manager\ScnMgr10.dll
2011-04-14 09:25 - 2011-04-14 09:25 - 00206336 _____ (SEIKO EPSON CORP.) C:\Program Files (x86)\EPSON Software\Event Manager\ScnCom10.dll
2011-04-14 09:25 - 2011-04-14 09:25 - 00082944 _____ (SEIKO EPSON CORP.) C:\Program Files (x86)\EPSON Software\Event Manager\ScnEps25.dll
2012-02-09 12:53 - 2012-02-09 12:53 - 00110080 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2005-01-13 10:47 - 2005-01-13 10:47 - 00049152 _____ (SEIKO EPSON CORP.) C:\Program Files (x86)\EPSON Software\Event Manager\ESPSUTL.dll
2013-04-08 22:06 - 2012-02-28 09:00 - 00081920 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
2013-04-08 22:06 - 2012-02-28 09:00 - 00241664 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00135168 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00303104 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00085504 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00262144 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll
2013-04-08 22:06 - 2012-02-28 09:00 - 00022016 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00335872 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00786432 _____ (SEIKO EPSON) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENCM.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00299008 _____ (SEIKO EPSON) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENUTIL.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00278528 _____ (SEIKO EPSON) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENNW.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00229376 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll
2013-04-08 22:06 - 2012-02-28 09:00 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00385024 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXLDB.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00278528 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCFG.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00430080 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCSR.DLL
2013-04-08 22:06 - 2012-02-29 01:00 - 00421888 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUIMGCDC.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00212992 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUADRFIL.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUSTMMSG.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00253952 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUVERDLG.dll
2013-04-08 22:06 - 2012-02-28 09:00 - 00090112 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll
2013-04-08 22:06 - 2012-02-29 01:00 - 00536576 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXTIF.dll
2013-04-08 22:06 - 2012-02-28 09:00 - 00106496 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll
2009-07-13 14:03 - 2009-07-13 18:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-05-19 11:10 - 2010-03-19 21:58 - 00325632 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtXml4.dll
2013-05-19 11:10 - 2010-03-19 21:58 - 01954304 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtCore4.dll
2013-05-19 11:10 - 2010-03-19 21:58 - 07187456 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtGui4.dll
2013-05-19 11:10 - 2010-03-19 21:58 - 00847360 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtNetwork4.dll
2009-11-23 14:10 - 2009-11-23 14:10 - 00349184 ____R (Wacom Technology, Corp.) C:\Windows\system32\wintab32.DLL
2013-05-19 11:10 - 2013-02-27 13:56 - 00309248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\DigiDoFlavor.dll
2013-05-19 11:10 - 2012-01-31 14:43 - 00119808 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\imageformats\qjpeg4.dll
2013-05-19 11:10 - 2013-02-27 15:19 - 03435856 _____ (Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffStateMc.dll
2013-05-19 11:10 - 2013-02-27 15:19 - 00140112 _____ (Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffCrypto.dll
2013-05-19 11:10 - 2013-02-27 15:19 - 00365904 _____ (Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\affNdis.dll
2013-05-19 11:10 - 2012-01-31 15:01 - 00118784 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\W32N55.dll
2013-05-19 11:10 - 2013-02-27 15:19 - 00402768 _____ (Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffIpHelper.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2013-09-09 13:56 - 2013-09-10 11:14 - 00180224 _____ (Softanics) C:\Users\Walter\AppData\Local\Temp\AFF1.tmp\f_in_box.dll
2013-05-19 11:10 - 2013-02-27 14:34 - 01781248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisDG860ALOC.dll
2013-05-19 11:10 - 2013-02-27 14:30 - 01781248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisTG852GLOC.dll
2013-05-19 11:10 - 2013-02-27 14:32 - 01781248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisTG862GLOC.dll
2013-05-19 11:10 - 2013-02-27 14:25 - 01789952 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\MotorolaSBG900LOC.dll
2013-05-19 11:10 - 2013-02-27 14:29 - 01760256 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\NetgearWNR1000v3LOC.dll
2013-05-19 11:10 - 2013-02-27 14:35 - 01762816 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\UbeeDVW3201BLOC.dll
2013-05-19 11:10 - 2013-02-27 15:19 - 00023376 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyServicePS.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Walter\Downloads\60F566EC-00000282.eml:OECustomProperty
AlternateDataStreams: C:\Users\Walter\Downloads\60F566EC-00000282.eml:OEStandardProperty

==================== Faulty Device Manager Devices =============

Name: Marvell 91xx Config ATA Device
Description: Marvell 91xx Config ATA Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2013 11:16:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2013 10:36:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2013 00:21:03 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16660 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e74

Start Time: 01ceadf5626026ba

Termination Time: 16

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/09/2013 02:04:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 01:58:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 01:29:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 01:16:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 00:51:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 07:40:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/09/2013 06:33:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (09/09/2013 01:26:42 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/09/2013 01:26:21 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/09/2013 01:24:53 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/09/2013 01:23:25 PM) (Source: Service Control Manager) (User: )
Description: The DokanMounter service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/09/2013 06:53:34 AM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/06/2013 01:53:33 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/02/2013 10:14:46 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (09/02/2013 10:14:46 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (09/02/2013 10:14:46 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (09/02/2013 10:14:46 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Microsoft Office Sessions:
=========================
Error: (09/10/2013 11:16:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2013 10:36:03 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2013 00:21:03 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16660e7401ceadf5626026ba16C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/09/2013 02:04:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 01:58:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 01:29:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 01:16:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 00:51:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2013 07:40:53 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE

Error: (09/09/2013 06:33:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2013-09-09 13:26:21.753
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-09 13:26:21.706
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 24567.11 MB
Available physical RAM: 22092.77 MB
Total Pagefile: 49132.41 MB
Available Pagefile: 46353.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (New Volume) (Fixed) (Total:238.47 GB) (Free:26.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (OBLIVION_GOTY) (CDROM) (Total:5.46 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: EC5DB2F6)
Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Walter (administrator) on WALTER-PC on 10-09-2013 11:18:32
Running from C:\Users\Walter\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(Dropbox, Inc.) C:\Users\Walter\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Wacom Technology, Corp.) C:\Windows\system32\WTablet\Pen_TabletUser.exe
(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe
(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1374328 2013-05-29] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [209712 2013-02-04] (Trend Micro Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2013-04-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [DigiDo] - C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe [1158480 2013-02-27] (Affinegy, Inc.)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-06-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] -  [x]
Startup: C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Walter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk
ShortcutTarget: Punto Switcher.lnk -> C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe (ООО Яндекс)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {A3D6A8F5-ADE9-445E-95DF-78A3FA35E8D6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {A3D6A8F5-ADE9-445E-95DF-78A3FA35E8D6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\ul8yw8vw.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Walter\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Walter\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Walter\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Walter\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Walter\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Extension: Define Ext - C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\ul8yw8vw.default\Extensions\zgvstddqqjlabihif@opvrjrelhkc.org
FF Extension: Address Bar Search - C:\Users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\ul8yw8vw.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\zgvstddqqjlabihif@opvrjrelhkc.org
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF HKCU\...\Firefox\Extensions: [{132C60DD-1177-11E2-8271-B8AC6F996F26}] C:\Users\Walter\AppData\Local\{132C60DD-1177-11E2-8271-B8AC6F996F26}\
FF Extension: Mozilla Safe Browsing - C:\Users\Walter\AppData\Local\{132C60DD-1177-11E2-8271-B8AC6F996F26}\

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\chrome_tmbep.crx
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\chrome_tmbep.crx
CHR HKLM-x32\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - C:\Users\Walter\AppData\Local\chromeupdate.crx
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

==================== Services (Whitelisted) =================

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-15] (ArcSoft Inc.)
R2 AffinegyService; C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe [592720 2013-02-27] (Affinegy, Inc.)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-11-10] (Alcatel-Lucent)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3995760 2012-11-25] (INCA Internet Co., Ltd.)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127784 2009-11-23] (Wacom Technology, Corp.)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]

==================== Drivers (Whitelisted) ====================

S3 BioNTDrv; C:\Program Files (x86)\Paragon Software\Migrate OS to SSD\program\BioNTDrv.SYS [19024 2011-03-01] (Paragon Software GmbH)
S3 BioNTDrv; C:\Program Files (x86)\Paragon Software\Migrate OS to SSD\program\BioNTDrv.SYS [19024 2011-03-01] (Paragon Software GmbH)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-22] (DT Soft Ltd)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2011-12-28] ()
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [178432 2008-03-31] (Saitek)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-19] (Anchorfree Inc.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [108584 2012-12-21] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-12-21] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2012-12-21] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-05] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U2 TMAgent;
U2 V2iMount;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-10 11:17 - 2013-09-10 11:17 - 01949196 _____ (Farbar) C:\Users\Walter\Desktop\FRST64.exe
2013-09-10 11:12 - 2013-09-10 11:13 - 00000000 ____D C:\AdwCleaner
2013-09-10 11:07 - 2013-09-10 11:07 - 00001451 _____ C:\Users\Walter\Desktop\New Text Document.txt
2013-09-10 11:06 - 2013-09-10 11:06 - 01037278 _____ C:\Users\Walter\Desktop\AdwCleaner.exe
2013-09-09 14:07 - 2013-09-09 14:07 - 00007168 _____ C:\Users\Walter\Documents\cc_20130909_140727.reg
2013-09-09 14:00 - 2009-06-10 14:00 - 00017463 _____ C:\Windows\system32\Drivers\etc\services
2013-09-09 14:00 - 2009-06-10 14:00 - 00003683 _____ C:\Windows\system32\Drivers\etc\lmhosts.sam
2013-09-09 14:00 - 2009-06-10 14:00 - 00001358 _____ C:\Windows\system32\Drivers\etc\protocol
2013-09-09 14:00 - 2009-06-10 14:00 - 00000407 _____ C:\Windows\system32\Drivers\etc\networks
2013-09-09 13:27 - 2013-09-09 13:56 - 00000000 ____D C:\Users\Walter\AppData\Roaming\WTouch
2013-09-09 13:22 - 2013-09-09 13:28 - 00000000 ____D C:\Windows\erdnt
2013-09-09 13:22 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-09 13:22 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-09 13:22 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-09 13:22 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-09 13:22 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-09 13:22 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-09 13:22 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-09 13:22 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-09 13:12 - 2013-09-09 13:12 - 01037278 _____ C:\Users\Walter\Downloads\adwcleaner.exe
2013-09-09 13:07 - 2013-09-09 13:07 - 00891144 _____ C:\Users\Walter\Downloads\SecurityCheck.exe
2013-09-09 12:33 - 2013-09-09 12:33 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Malwarebytes
2013-09-09 12:33 - 2013-09-09 12:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 06:53 - 2013-09-09 07:47 - 00000000 ____D C:\Users\Walter\Desktop\lps
2013-09-09 06:50 - 2013-09-10 11:14 - 00000000 ___RD C:\Users\Walter\Dropbox
2013-09-09 06:50 - 2013-09-09 06:50 - 00001053 _____ C:\Users\Walter\Desktop\Dropbox.lnk
2013-09-09 06:48 - 2013-09-09 06:48 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-09 06:47 - 2013-09-10 11:14 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Dropbox
2013-09-09 06:47 - 2013-09-09 06:47 - 32966136 _____ (Dropbox, Inc.) C:\Users\Walter\Downloads\Dropbox 2.0.26.exe
2013-09-07 21:47 - 2013-09-07 21:47 - 00002669 _____ C:\Users\Walter\Desktop\Play withSIX.lnk
2013-09-07 13:55 - 2013-09-07 13:56 - 00000022 _____ C:\Users\Walter\Downloads\Outlook (1).zip
2013-09-06 16:34 - 2013-09-06 16:34 - 00000000 ____D C:\Users\Walter\AppData\Local\SIX Updater
2013-09-06 16:34 - 2013-09-06 16:34 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
2013-09-06 16:23 - 2013-09-06 16:34 - 00000000 ____D C:\Users\Walter\AppData\Local\Play withSIX
2013-09-06 16:23 - 2013-09-06 16:23 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Play withSIX
2013-09-06 16:23 - 2013-09-06 16:23 - 00000000 ____D C:\Users\Walter\AppData\Local\IsolatedStorage
2013-09-06 16:22 - 2013-09-06 16:22 - 12161296 _____ (SIX Networks) C:\Users\Walter\Downloads\Play withSIX setup.exe
2013-09-06 16:22 - 2013-09-06 16:22 - 00000000 ____D C:\Program Files (x86)\SIX Networks
2013-09-06 16:19 - 2013-09-06 16:19 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
2013-09-06 16:18 - 2013-09-06 16:18 - 01081496 _____ (InstallManager) C:\Users\Walter\Downloads\Express_Installer.exe
2013-09-06 16:17 - 2013-09-06 16:17 - 00825768 _____ (AirInstaller                                  ) C:\Users\Walter\Downloads\Setup(1).exe
2013-09-06 14:44 - 2013-09-09 22:28 - 00000000 ____D C:\Users\Walter\AppData\Local\ArmA 2 OA
2013-09-06 14:16 - 2013-09-06 14:16 - 00290825 _____ C:\Users\Walter\Downloads\Download ArmA 2 Operation Arrowhead.exe
2013-09-06 14:09 - 2013-09-06 17:30 - 00000000 ____D C:\Users\Walter\Documents\ArmA 2
2013-09-06 14:09 - 2013-09-06 14:44 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2013-09-06 14:09 - 2013-09-06 14:09 - 00000000 ____D C:\Users\Walter\AppData\Local\ArmA 2
2013-09-06 13:58 - 2013-09-06 13:58 - 00000000 ____D C:\Program Files (x86)\Bohemia Interactive
2013-09-06 13:32 - 2013-09-06 13:32 - 00000000 ____D C:\Users\Walter\AppData\Local\GameFly
2013-09-06 12:53 - 2013-09-06 12:53 - 00000000 ____D C:\Users\Walter\Documents\GameFly
2013-09-06 12:53 - 2013-09-06 12:53 - 00000000 ____D C:\Users\Walter\AppData\Roaming\GameFly
2013-09-06 12:51 - 2013-09-06 12:51 - 00490808 _____ () C:\Users\Walter\Downloads\setup.exe
2013-08-30 19:41 - 2013-08-30 19:41 - 00067584 _____ C:\Users\Walter\Downloads\Milius_Rachel_Timesheet_1334-1335.xls
2013-08-17 00:12 - 2013-08-17 00:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 03:04 - 2013-07-25 22:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 03:04 - 2013-07-25 22:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 03:04 - 2013-07-25 22:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 03:04 - 2013-07-25 22:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 03:04 - 2013-07-25 22:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 03:04 - 2013-07-25 22:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 03:04 - 2013-07-25 22:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 03:04 - 2013-07-25 22:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 03:04 - 2013-07-25 22:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 03:04 - 2013-07-25 22:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 03:04 - 2013-07-25 22:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 03:04 - 2013-07-25 22:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 03:04 - 2013-07-25 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 03:04 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 03:04 - 2013-07-25 20:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 03:04 - 2013-07-25 20:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 03:04 - 2013-07-25 20:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 03:04 - 2013-07-25 20:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 03:04 - 2013-07-25 20:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 03:04 - 2013-07-25 20:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 03:04 - 2013-07-25 20:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 03:04 - 2013-07-25 20:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 03:04 - 2013-07-25 20:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 03:04 - 2013-07-25 20:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 03:04 - 2013-07-25 20:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 03:04 - 2013-07-25 20:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 03:04 - 2013-07-25 20:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 03:04 - 2013-07-25 19:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 03:04 - 2013-07-25 19:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 03:04 - 2013-07-25 18:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 03:03 - 2013-07-25 20:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 17:26 - 2013-09-07 19:11 - 00000000 ____D C:\Users\Walter\Desktop\Recipes
2013-08-14 06:04 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 06:04 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 06:04 - 2013-07-18 18:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 06:04 - 2013-07-18 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 06:04 - 2013-07-08 23:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 06:04 - 2013-07-08 22:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 06:04 - 2013-07-08 22:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 06:04 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 06:04 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 06:04 - 2013-07-08 22:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 06:04 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 06:04 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 06:04 - 2013-07-08 22:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 06:04 - 2013-07-08 22:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 06:04 - 2013-07-08 21:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 06:04 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 06:04 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 06:04 - 2013-07-08 21:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 06:04 - 2013-07-08 21:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 06:04 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 06:04 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 06:04 - 2013-07-08 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 06:04 - 2013-07-08 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 06:04 - 2013-07-08 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 06:04 - 2013-07-08 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 06:04 - 2013-07-05 23:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 06:04 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 09:25 - 2013-08-11 09:25 - 00000000 ____D C:\Program Files (x86)\Yandex

==================== One Month Modified Files and Folders =======

2013-09-10 11:18 - 2012-09-05 15:10 - 01144742 _____ C:\Windows\WindowsUpdate.log
2013-09-10 11:17 - 2013-09-10 11:17 - 01949196 _____ (Farbar) C:\Users\Walter\Desktop\FRST64.exe
2013-09-10 11:14 - 2013-09-09 06:50 - 00000000 ___RD C:\Users\Walter\Dropbox
2013-09-10 11:14 - 2013-09-09 06:47 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Dropbox
2013-09-10 11:14 - 2013-01-18 15:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 11:14 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 11:14 - 2009-07-13 21:51 - 25484160 _____ C:\Windows\setupact.log
2013-09-10 11:13 - 2013-09-10 11:12 - 00000000 ____D C:\AdwCleaner
2013-09-10 11:07 - 2013-09-10 11:07 - 00001451 _____ C:\Users\Walter\Desktop\New Text Document.txt
2013-09-10 11:06 - 2013-09-10 11:06 - 01037278 _____ C:\Users\Walter\Desktop\AdwCleaner.exe
2013-09-10 11:06 - 2013-01-18 15:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 10:52 - 2011-10-08 10:51 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000UA.job
2013-09-10 10:41 - 2009-07-13 21:45 - 00026912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 10:41 - 2009-07-13 21:45 - 00026912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 10:38 - 2009-07-13 22:13 - 00779358 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 10:35 - 2012-09-15 13:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 00:55 - 2012-10-08 11:37 - 00234544 _____ C:\Windows\RegBootClean64.exe
2013-09-09 22:28 - 2013-09-06 14:44 - 00000000 ____D C:\Users\Walter\AppData\Local\ArmA 2 OA
2013-09-09 22:28 - 2011-10-08 15:27 - 00000000 ____D C:\Users\Walter\AppData\Roaming\TS3Client
2013-09-09 22:27 - 2013-06-14 19:49 - 00000000 ____D C:\Users\Walter\AppData\Local\Warframe
2013-09-09 19:52 - 2011-10-08 10:51 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000Core.job
2013-09-09 14:07 - 2013-09-09 14:07 - 00007168 _____ C:\Users\Walter\Documents\cc_20130909_140727.reg
2013-09-09 14:02 - 2010-11-20 20:47 - 00032124 _____ C:\Windows\PFRO.log
2013-09-09 13:56 - 2013-09-09 13:27 - 00000000 ____D C:\Users\Walter\AppData\Roaming\WTouch
2013-09-09 13:28 - 2013-09-09 13:22 - 00000000 ____D C:\Windows\erdnt
2013-09-09 13:27 - 2009-07-13 19:34 - 00000215 ____N C:\Windows\system.ini
2013-09-09 13:12 - 2013-09-09 13:12 - 01037278 _____ C:\Users\Walter\Downloads\adwcleaner.exe
2013-09-09 13:07 - 2013-09-09 13:07 - 00891144 _____ C:\Users\Walter\Downloads\SecurityCheck.exe
2013-09-09 12:50 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-09 12:33 - 2013-09-09 12:33 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Malwarebytes
2013-09-09 12:33 - 2013-09-09 12:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-09 12:30 - 2011-10-15 17:57 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-09 07:47 - 2013-09-09 06:53 - 00000000 ____D C:\Users\Walter\Desktop\lps
2013-09-09 06:50 - 2013-09-09 06:50 - 00001053 _____ C:\Users\Walter\Desktop\Dropbox.lnk
2013-09-09 06:50 - 2012-09-05 14:40 - 00000000 ____D C:\Users\Walter
2013-09-09 06:48 - 2013-09-09 06:48 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-09 06:48 - 2011-10-07 22:12 - 00000000 ___RD C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-09 06:47 - 2013-09-09 06:47 - 32966136 _____ (Dropbox, Inc.) C:\Users\Walter\Downloads\Dropbox 2.0.26.exe
2013-09-07 21:47 - 2013-09-07 21:47 - 00002669 _____ C:\Users\Walter\Desktop\Play withSIX.lnk
2013-09-07 19:11 - 2013-08-14 17:26 - 00000000 ____D C:\Users\Walter\Desktop\Recipes
2013-09-07 19:11 - 2013-06-20 12:46 - 00000000 ____D C:\Users\Walter\Desktop\Prepware School LAN
2013-09-07 13:56 - 2013-09-07 13:55 - 00000022 _____ C:\Users\Walter\Downloads\Outlook (1).zip
2013-09-06 18:14 - 2012-11-07 03:02 - 00000000 ____D C:\Users\Walter\AppData\Local\Deployment
2013-09-06 17:30 - 2013-09-06 14:09 - 00000000 ____D C:\Users\Walter\Documents\ArmA 2
2013-09-06 16:34 - 2013-09-06 16:34 - 00000000 ____D C:\Users\Walter\AppData\Local\SIX Updater
2013-09-06 16:34 - 2013-09-06 16:34 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
2013-09-06 16:34 - 2013-09-06 16:23 - 00000000 ____D C:\Users\Walter\AppData\Local\Play withSIX
2013-09-06 16:23 - 2013-09-06 16:23 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Play withSIX
2013-09-06 16:23 - 2013-09-06 16:23 - 00000000 ____D C:\Users\Walter\AppData\Local\IsolatedStorage
2013-09-06 16:22 - 2013-09-06 16:22 - 12161296 _____ (SIX Networks) C:\Users\Walter\Downloads\Play withSIX setup.exe
2013-09-06 16:22 - 2013-09-06 16:22 - 00000000 ____D C:\Program Files (x86)\SIX Networks
2013-09-06 16:22 - 2011-12-28 23:45 - 00000000 ____D C:\Users\Walter\AppData\Local\Downloaded Installations
2013-09-06 16:19 - 2013-09-06 16:19 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
2013-09-06 16:18 - 2013-09-06 16:18 - 01081496 _____ (InstallManager) C:\Users\Walter\Downloads\Express_Installer.exe
2013-09-06 16:17 - 2013-09-06 16:17 - 00825768 _____ (AirInstaller                                  ) C:\Users\Walter\Downloads\Setup(1).exe
2013-09-06 14:44 - 2013-09-06 14:09 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2013-09-06 14:44 - 2012-09-01 08:08 - 00075534 _____ C:\Windows\DirectX.log
2013-09-06 14:16 - 2013-09-06 14:16 - 00290825 _____ C:\Users\Walter\Downloads\Download ArmA 2 Operation Arrowhead.exe
2013-09-06 14:09 - 2013-09-06 14:09 - 00000000 ____D C:\Users\Walter\AppData\Local\ArmA 2
2013-09-06 13:58 - 2013-09-06 13:58 - 00000000 ____D C:\Program Files (x86)\Bohemia Interactive
2013-09-06 13:32 - 2013-09-06 13:32 - 00000000 ____D C:\Users\Walter\AppData\Local\GameFly
2013-09-06 12:53 - 2013-09-06 12:53 - 00000000 ____D C:\Users\Walter\Documents\GameFly
2013-09-06 12:53 - 2013-09-06 12:53 - 00000000 ____D C:\Users\Walter\AppData\Roaming\GameFly
2013-09-06 12:51 - 2013-09-06 12:51 - 00490808 _____ () C:\Users\Walter\Downloads\setup.exe
2013-09-05 22:41 - 2012-09-22 11:03 - 00000000 ____D C:\Users\Walter\Desktop\Rachel's Wacky Russian Extravaganza!
2013-08-30 19:41 - 2013-08-30 19:41 - 00067584 _____ C:\Users\Walter\Downloads\Milius_Rachel_Timesheet_1334-1335.xls
2013-08-29 21:58 - 2012-02-17 21:55 - 00000000 ____D C:\Users\Walter\AppData\Roaming\DAEMON Tools Lite
2013-08-29 16:53 - 2012-01-28 02:08 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Mozilla
2013-08-22 21:41 - 2012-10-05 04:46 - 00000000 ____D C:\ProgramData\Trend Micro
2013-08-21 01:35 - 2012-09-15 13:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 01:35 - 2012-09-05 13:05 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 01:35 - 2012-09-05 13:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-18 16:30 - 2013-01-18 19:01 - 00000000 ____D C:\Users\Walter\AppData\Roaming\.minecraft
2013-08-17 07:53 - 2012-10-30 06:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 07:53 - 2012-08-08 16:05 - 00000000 ____D C:\Users\Walter\AppData\Roaming\WTablet
2013-08-17 00:12 - 2013-08-17 00:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 03:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 03:01 - 2013-07-15 03:00 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 03:00 - 2012-11-29 06:38 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-11 09:25 - 2013-08-11 09:25 - 00000000 ____D C:\Program Files (x86)\Yandex

Files to move or delete:
====================
C:\Users\Walter\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-01 10:54

==================== End Of Log ============================

[kevinf80]

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

 

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from one of the following links and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

Double Click mbam-setup.exe to install the application.

• 
  

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Next,

 

download RogueKiller from here:

 

] <- 32 bit version

] <- 64 bit version

 

Make sure to get the correct version for your system.
Quit all running programs
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
Wait until Prescan has finished...
The following EULA will appear, please select accept
 

 
Ensure MBR scan, Check faked and AntiRootkit are checked
Select Scan
 

 
When the scan completes select Report, copy and paste that to your reply.
 

 
The log should be found in RKreport[?].txt on your Desktop
Exit/Close RogueKiller


 
Post logs from FRST, Malwarebytes and RogueKiller. I also see you`ve ran Combofix, can you post that log also. Should be here: C:\Combofix.txt
 
 
Kevin...

[jpmil]

I am unsure of how to view attachments in this forum, I do not see an attached fixlist.txt file.

[jpmil]

Alos, Combifix froze at the last step for a couple of hours, never generated the .txt file in my C:\ directory.

[kevinf80]

File attached, apologies...

fixlist.txt

[jpmil]

Ok, done, here are the reports in order:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-09-2013 01
Ran by Walter at 2013-09-10 17:04:06 Run:1
Running from C:\Users\Walter\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Task: {3656AC60-D2D3-49A5-BA66-BC195F1483A8} - System32\Tasks\RunAsStdUser Task => C:\Users\Walter\AppData\Local\appkikxSA\bin\1.0.5.0\AppKikxSA.exe
C:\Users\Walter\AppData\Local\appkikxSA
C:\Users\Walter\AppData\Local\Temp\Quarantine.exe
End

*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3656AC60-D2D3-49A5-BA66-BC195F1483A8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3656AC60-D2D3-49A5-BA66-BC195F1483A8} => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => Key deleted successfully.
"C:\Users\Walter\AppData\Local\appkikxSA" => File/Directory not found.
C:\Users\Walter\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.10.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Walter :: WALTER-PC [administrator]

Protection: Enabled

9/10/2013 5:05:34 PM
mbam-log-2013-09-10 (17-05-34).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 454181
Time elapsed: 15 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Program Files (x86)\Vuze\.install4j\user\mism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Walter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\4fe200f5-65d4fc69 (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Walter\Downloads\Express_Installer.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
C:\Users\Walter\Downloads\Setup(1).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.

(end)

 

RogueKiller V8.6.10 _x64_ [sep  9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Walter [Admin rights]
Mode : Scan -- Date : 09/10/2013 17:24:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 5 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000UA.job : C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000Core.job : C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000Core : C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-4250198920-4133650428-703862527-1000UA : C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Walter\AppData\Local\Temp\IHUDCA7.tmp.exe [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SSD 830 Series ATA Device +++++
--- User ---
[MBR] 60431515e1bc7e83a3384446164be275
[bSP] 9bbcb71e648ec831e8eaf95bf3417d60 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 244197 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09102013_172448.txt >>

 

 

[kevinf80]

How does your system respond now, any issues/concerns? Continue please...

 

Download OTL from any of the following links and save to your desktop.

 

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

 

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

 

• 
  

  When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

 

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

 

Kevin..

[jpmil]

There aren't any more ads in my browsers, but I have not rebooted the PC since I was prompted to by Adwcleaner. Here's the files

 

 

OTL logfile created on: 9/11/2013 1:27:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Walter\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
23.99 Gb Total Physical Memory | 20.89 Gb Available Physical Memory | 87.06% Memory free
47.98 Gb Paging File | 44.74 Gb Available in Paging File | 93.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.47 Gb Total Space | 25.61 Gb Free Space | 10.74% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 5.46 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: WALTER-PC | User Name: Walter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/09/11 01:26:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.com
PRC - [2013/06/05 10:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\Walter\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/27 15:19:38 | 001,158,480 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe
PRC - [2013/02/27 15:19:38 | 000,592,720 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe
PRC - [2013/02/27 15:19:36 | 007,926,096 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe
PRC - [2012/02/29 16:47:32 | 000,863,360 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
PRC - [2012/02/29 16:47:30 | 000,502,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
PRC - [2012/02/15 19:46:42 | 000,043,112 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
PRC - [2012/01/26 17:07:52 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2011/01/10 05:49:20 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
PRC - [2010/01/22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/13 13:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/02/27 15:19:40 | 000,023,376 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyServicePS.dll
MOD - [2013/02/27 14:35:22 | 001,762,816 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\UbeeDVW3201BLOC.dll
MOD - [2013/02/27 14:34:02 | 001,781,248 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisDG860ALOC.dll
MOD - [2013/02/27 14:32:50 | 001,781,248 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisTG862GLOC.dll
MOD - [2013/02/27 14:30:26 | 001,781,248 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisTG852GLOC.dll
MOD - [2013/02/27 14:29:08 | 001,760,256 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\NetgearWNR1000v3LOC.dll
MOD - [2013/02/27 14:25:12 | 001,789,952 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\MotorolaSBG900LOC.dll
MOD - [2013/02/27 13:56:48 | 000,309,248 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\DigiDoFlavor.dll
MOD - [2012/11/13 16:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/01/31 14:43:04 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\imageformats\qjpeg4.dll
MOD - [2010/03/19 21:58:56 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtGui4.dll
MOD - [2010/03/19 21:58:30 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtXml4.dll
MOD - [2010/03/19 21:58:24 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtCore4.dll
MOD - [2010/03/19 21:58:24 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtNetwork4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2013/06/04 15:02:24 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/08 22:03:05 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE -- (EPSON_PM_RPCV4_05)
SRV:64bit: - [2012/05/10 14:00:00 | 000,608,864 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/12/12 00:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/11/23 17:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 17:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/10 13:35:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/03 16:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/27 15:19:38 | 000,592,720 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe -- (AffinegyService)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/25 10:07:15 | 003,995,760 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012/02/15 19:46:42 | 000,043,112 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2011/01/10 05:49:20 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (All) ==========
 
DRV:64bit: - [2013/07/05 23:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcpip.sys -- (TCPIP6)
DRV:64bit: - [2013/07/05 23:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tcpip.sys -- (Tcpip)
DRV:64bit: - [2013/06/14 21:32:16 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tssecsrv.sys -- (tssecsrv)
DRV:64bit: - [2013/06/04 16:09:44 | 011,833,856 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/06/04 14:35:04 | 000,608,768 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/04/24 09:31:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/04/12 07:45:08 | 001,656,680 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\ntfs.sys -- (Ntfs)
DRV:64bit: - [2013/04/09 23:01:53 | 000,983,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/23 23:01:01 | 000,223,752 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2013/01/22 07:20:39 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/01/19 23:16:48 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/12/21 19:50:12 | 000,174,016 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2012/12/21 19:50:12 | 000,108,584 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2012/12/21 19:50:12 | 000,077,184 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/07 11:33:04 | 000,094,520 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw)
DRV:64bit: - [2012/10/03 09:07:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tcpipreg.sys -- (tcpipreg)
DRV:64bit: - [2012/08/24 11:13:17 | 000,154,480 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2012/08/24 11:09:34 | 000,458,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2012/08/24 06:07:14 | 000,046,392 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TMEBC64.sys -- (TMEBC)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/22 11:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ndis.sys -- (NDIS)
DRV:64bit: - [2012/07/25 21:55:47 | 000,785,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Wdf01000.sys -- (Wdf01000)
DRV:64bit: - [2012/07/25 19:26:45 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2012/07/25 19:26:06 | 000,198,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WUDFRd.sys -- (WUDFRd)
DRV:64bit: - [2012/07/05 20:35:58 | 000,210,232 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmnciesc.sys -- (tmnciesc)
DRV:64bit: - [2012/06/01 22:48:16 | 000,095,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecdd.sys -- (KSecDD)
DRV:64bit: - [2012/05/02 12:27:22 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2012/04/27 20:55:21 | 000,210,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpwd.sys -- (RDPWD)
DRV:64bit: - [2012/03/17 00:58:57 | 000,075,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\partmgr.sys -- (partmgr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/16 21:57:32 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdtcp.sys -- (TDTCP)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/12/28 23:47:25 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afd.sys -- (AFD)
DRV:64bit: - [2011/09/09 07:00:34 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2011/09/09 07:00:34 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2011/07/08 19:46:28 | 000,288,768 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV:64bit: - [2011/04/28 20:06:10 | 000,467,456 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv.sys -- (srv)
DRV:64bit: - [2011/04/28 20:05:49 | 000,410,112 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv2.sys -- (srv2)
DRV:64bit: - [2011/04/28 20:05:37 | 000,168,448 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srvnet.sys -- (srvnet)
DRV:64bit: - [2011/04/26 19:40:40 | 000,158,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb.sys -- (mrxsmb)
DRV:64bit: - [2011/04/26 19:39:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV:64bit: - [2011/03/24 20:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbhub.sys -- (usbhub)
DRV:64bit: - [2011/03/24 20:29:14 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbccgp.sys -- (usbccgp)
DRV:64bit: - [2011/03/24 20:29:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbehci.sys -- (usbehci)
DRV:64bit: - [2011/03/24 20:29:04 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci)
DRV:64bit: - [2011/03/24 20:29:03 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbuhci.sys -- (usbuhci)
DRV:64bit: - [2011/03/10 23:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor)
DRV:64bit: - [2011/03/10 23:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid)
DRV:64bit: - [2011/03/10 23:41:26 | 000,410,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorV.sys -- (iaStorV)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 21:37:16 | 000,091,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBSTOR.SYS -- (USBSTOR)
DRV:64bit: - [2011/02/22 21:55:04 | 000,090,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bowser.sys -- (bowser)
DRV:64bit: - [2011/01/10 05:51:40 | 000,120,408 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\dokan.sys -- (Dokan)
DRV:64bit: - [2010/11/20 20:25:07 | 000,165,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpdr.sys -- (RDPDR)
DRV:64bit: - [2010/11/20 20:24:41 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2010/11/20 20:24:36 | 000,140,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mrxdav.sys -- (MRxDAV)
DRV:64bit: - [2010/11/20 20:24:33 | 000,213,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2010/11/20 20:24:33 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rasl2tp.sys -- (Rasl2tp)
DRV:64bit: - [2010/11/20 20:24:33 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspptp.sys -- (PptpMiniport)
DRV:64bit: - [2010/11/20 20:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tdx.sys -- (tdx)
DRV:64bit: - [2010/11/20 20:24:32 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfsc.sys -- (DfsC)
DRV:64bit: - [2010/11/20 20:24:32 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndisuio.sys -- (Ndisuio)
DRV:64bit: - [2010/11/20 20:24:27 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV:64bit: - [2010/11/20 20:24:25 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2010/11/20 20:24:24 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2010/11/20 20:24:15 | 000,366,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msrpc.sys -- (MsRPC)
DRV:64bit: - [2010/11/20 20:24:15 | 000,363,392 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgrx.sys -- (volmgrx)
DRV:64bit: - [2010/11/20 20:24:15 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tunnel.sys -- (tunnel)
DRV:64bit: - [2010/11/20 20:24:14 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndproxy.sys -- (NDProxy)
DRV:64bit: - [2010/11/20 20:24:11 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wanarp.sys -- (Wanarpv6)
DRV:64bit: - [2010/11/20 20:24:11 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanarp.sys -- (WANARP)
DRV:64bit: - [2010/11/20 20:24:09 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2010/11/20 20:24:08 | 000,309,248 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\rdbss.sys -- (rdbss)
DRV:64bit: - [2010/11/20 20:24:08 | 000,164,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndiswan.sys -- (NdisWan)
DRV:64bit: - [2010/11/20 20:24:08 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pacer.sys -- (Psched)
DRV:64bit: - [2010/11/20 20:24:00 | 000,289,664 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fltMgr.sys -- (FltMgr)
DRV:64bit: - [2010/11/20 20:23:55 | 000,753,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\http.sys -- (HTTP)
DRV:64bit: - [2010/11/20 20:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/11/20 20:23:53 | 000,094,592 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mountmgr.sys -- (mountmgr)
DRV:64bit: - [2010/11/20 20:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netbt.sys -- (NetBT)
DRV:64bit: - [2010/11/20 20:23:48 | 000,273,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msiscsi.sys -- (iScsiPrt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV:64bit: - [2010/11/20 20:23:47 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2010/11/20 20:23:47 | 000,334,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpi.sys -- (ACPI)
DRV:64bit: - [2010/11/20 20:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volsnap.sys -- (volsnap)
DRV:64bit: - [2010/11/20 20:23:47 | 000,229,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2010/11/20 20:23:47 | 000,215,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2010/11/20 20:23:47 | 000,184,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2010/11/20 20:23:47 | 000,184,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pci.sys -- (pci)
DRV:64bit: - [2010/11/20 20:23:47 | 000,155,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio)
DRV:64bit: - [2010/11/20 20:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrom.sys -- (cdrom)
DRV:64bit: - [2010/11/20 20:23:47 | 000,140,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm)
DRV:64bit: - [2010/11/20 20:23:47 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hdaudbus.sys -- (HDAudBus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio)
DRV:64bit: - [2010/11/20 20:23:47 | 000,103,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgr.sys -- (volmgr)
DRV:64bit: - [2010/11/20 20:23:47 | 000,063,360 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\termdd.sys -- (TermDD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umbus.sys -- (umbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUSB)
DRV:64bit: - [2010/11/20 20:23:47 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdhid.sys -- (kbdhid)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msahci.sys -- (msahci)
DRV:64bit: - [2010/11/20 20:23:47 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidusb.sys -- (HidUsb)
DRV:64bit: - [2010/11/20 20:23:47 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_sd.sys -- (sffp_sd)
DRV:64bit: - [2010/11/20 20:23:47 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2010/07/29 01:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/02/12 07:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2010/01/22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/08/27 16:06:34 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 18:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\clfs.sys -- (CLFS)
DRV:64bit: - [2009/07/13 18:52:31 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt)
DRV:64bit: - [2009/07/13 18:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide)
DRV:64bit: - [2009/07/13 18:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2009/07/13 18:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci)
DRV:64bit: - [2009/07/13 18:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320)
DRV:64bit: - [2009/07/13 18:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas)
DRV:64bit: - [2009/07/13 18:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc)
DRV:64bit: - [2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AGP440.sys -- (agp440)
DRV:64bit: - [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\atapi.sys -- (atapi)
DRV:64bit: - [2009/07/13 18:52:21 | 000,015,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide)
DRV:64bit: - [2009/07/13 18:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:27 | 000,060,496 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mup.sys -- (Mup)
DRV:64bit: - [2009/07/13 18:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouclass.sys -- (mouclass)
DRV:64bit: - [2009/07/13 18:48:27 | 000,032,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mssmbios.sys -- (mssmbios)
DRV:64bit: - [2009/07/13 18:48:27 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\msisadrv.sys -- (msisadrv)
DRV:64bit: - [2009/07/13 18:48:26 | 000,122,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NV_AGP.SYS -- (nv_agp)
DRV:64bit: - [2009/07/13 18:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2009/07/13 18:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR.sys -- (MegaSR)
DRV:64bit: - [2009/07/13 18:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2009/07/13 18:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2009/07/13 18:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdclass.sys -- (kbdclass)
DRV:64bit: - [2009/07/13 18:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp)
DRV:64bit: - [2009/07/13 18:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas)
DRV:64bit: - [2009/07/13 18:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp)
DRV:64bit: - [2009/07/13 18:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelide.sys -- (intelide)
DRV:64bit: - [2009/07/13 18:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 18:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor)
DRV:64bit: - [2009/07/13 18:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\disk.sys -- (Disk)
DRV:64bit: - [2009/07/13 18:47:48 | 000,070,224 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fileinfo.sys -- (FileInfo)
DRV:64bit: - [2009/07/13 18:47:48 | 000,065,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GAGP30KX.SYS -- (gagp30kx)
DRV:64bit: - [2009/07/13 18:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 18:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 18:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2009/07/13 18:45:55 | 000,064,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV:64bit: - [2009/07/13 18:45:55 | 000,064,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UAGP35.SYS -- (uagp35)
DRV:64bit: - [2009/07/13 18:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:45:55 | 000,021,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd)
DRV:64bit: - [2009/07/13 18:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spldr.sys -- (spldr)
DRV:64bit: - [2009/07/13 18:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide)
DRV:64bit: - [2009/07/13 18:45:55 | 000,012,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swenum.sys -- (swenum)
DRV:64bit: - [2009/07/13 18:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300)
DRV:64bit: - [2009/07/13 18:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2009/07/13 18:45:45 | 000,220,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia)
DRV:64bit: - [2009/07/13 18:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2009/07/13 18:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 18:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2)
DRV:64bit: - [2009/07/13 18:45:45 | 000,012,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide)
DRV:64bit: - [2009/07/13 18:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerId.sys -- (Brserid)
DRV:64bit: - [2009/07/13 18:01:48 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bridge.sys -- (BridgeMP)
DRV:64bit: - [2009/07/13 18:01:19 | 000,651,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PEAuth.sys -- (PEAUTH)
DRV:64bit: - [2009/07/13 17:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbprint.sys -- (usbprint)
DRV:64bit: - [2009/07/13 17:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbscan.sys -- (usbscan)
DRV:64bit: - [2009/07/13 17:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 17:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 17:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV:64bit: - [2009/07/13 17:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPCDD.sys -- (RDPCDD)
DRV:64bit: - [2009/07/13 17:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdpipe.sys -- (TDPIPE)
DRV:64bit: - [2009/07/13 17:10:48 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modem.sys -- (Modem)
DRV:64bit: - [2009/07/13 17:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/13 17:10:25 | 000,083,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rassstp.sys -- (RasSstp)
DRV:64bit: - [2009/07/13 17:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn)
DRV:64bit: - [2009/07/13 17:10:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspppoe.sys -- (RasPppoe)
DRV:64bit: - [2009/07/13 17:10:13 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asyncmac.sys -- (AsyncMac)
DRV:64bit: - [2009/07/13 17:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rasacd.sys -- (RasAcd)
DRV:64bit: - [2009/07/13 17:10:03 | 000,116,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipnat.sys -- (IPNAT)
DRV:64bit: - [2009/07/13 17:10:00 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndistapi.sys -- (NdisTapi)
DRV:64bit: - [2009/07/13 17:09:48 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV:64bit: - [2009/07/13 17:09:26 | 000,044,544 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\netbios.sys -- (NetBIOS)
DRV:64bit: - [2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 17:09:09 | 000,093,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smb.sys -- (Smb)
DRV:64bit: - [2009/07/13 17:08:59 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irenum.sys -- (IRENUM)
DRV:64bit: - [2009/07/13 17:08:51 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rspndr.sys -- (rspndr)
DRV:64bit: - [2009/07/13 17:08:51 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lltdio.sys -- (lltdio)
DRV:64bit: - [2009/07/13 17:08:25 | 000,077,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mpsdrv.sys -- (mpsdrv)
DRV:64bit: - [2009/07/13 17:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 17:07:23 | 000,318,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwifi.sys -- (NativeWifiP)
DRV:64bit: - [2009/07/13 17:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 17:06:52 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth)
DRV:64bit: - [2009/07/13 17:06:52 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM)
DRV:64bit: - [2009/07/13 17:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 17:06:45 | 000,072,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ohci1394.sys -- (ohci1394)
DRV:64bit: - [2009/07/13 17:06:37 | 000,100,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir)
DRV:64bit: - [2009/07/13 17:06:34 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass)
DRV:64bit: - [2009/07/13 17:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 17:06:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr)
DRV:64bit: - [2009/07/13 17:06:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drmkaud.sys -- (drmkaud)
DRV:64bit: - [2009/07/13 17:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 17:02:07 | 000,027,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen)
DRV:64bit: - [2009/07/13 17:01:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV:64bit: - [2009/07/13 17:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy)
DRV:64bit: - [2009/07/13 17:01:01 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk)
DRV:64bit: - [2009/07/13 17:00:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdc.sys -- (fdc)
DRV:64bit: - [2009/07/13 17:00:54 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\flpydisk.sys -- (flpydisk)
DRV:64bit: - [2009/07/13 17:00:41 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport)
DRV:64bit: - [2009/07/13 17:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serial.sys -- (Serial)
DRV:64bit: - [2009/07/13 17:00:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serenum.sys -- (Serenum)
DRV:64bit: - [2009/07/13 17:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouhid.sys -- (mouhid)
DRV:64bit: - [2009/07/13 17:00:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse)
DRV:64bit: - [2009/07/13 17:00:19 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksthunk.sys -- (ksthunk)
DRV:64bit: - [2009/07/13 17:00:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mskssrv.sys -- (MSKSSRV)
DRV:64bit: - [2009/07/13 17:00:17 | 000,008,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstee.sys -- (MSTEE)
DRV:64bit: - [2009/07/13 17:00:17 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspclock.sys -- (MSPCLOCK)
DRV:64bit: - [2009/07/13 17:00:17 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspqm.sys -- (MSPQM)
DRV:64bit: - [2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 16:38:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\monitor.sys -- (monitor)
DRV:64bit: - [2009/07/13 16:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vga.sys -- (VgaSave)
DRV:64bit: - [2009/07/13 16:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vgapnp.sys -- (vga)
DRV:64bit: - [2009/07/13 16:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 16:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive)
DRV:64bit: - [2009/07/13 16:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 16:31:04 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev)
DRV:64bit: - [2009/07/13 16:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 16:31:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:64bit: - [2009/07/13 16:26:13 | 000,113,152 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\luafv.sys -- (luafv)
DRV:64bit: - [2009/07/13 16:25:40 | 000,034,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\filetrace.sys -- (Filetrace)
DRV:64bit: - [2009/07/13 16:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fastfat.sys -- (fastfat)
DRV:64bit: - [2009/07/13 16:23:29 | 000,195,072 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\exfat.sys -- (exfat)
DRV:64bit: - [2009/07/13 16:21:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nsiproxy.sys -- (nsiproxy)
DRV:64bit: - [2009/07/13 16:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\i8042prt.sys -- (i8042prt)
DRV:64bit: - [2009/07/13 16:19:48 | 000,044,032 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\npfs.sys -- (Npfs)
DRV:64bit: - [2009/07/13 16:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/07/13 16:19:47 | 000,026,112 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\msfs.sys -- (Msfs)
DRV:64bit: - [2009/07/13 16:19:38 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\null.sys -- (Null)
DRV:64bit: - [2009/07/13 16:19:25 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8)
DRV:64bit: - [2009/07/13 16:19:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelppm.sys -- (intelppm)
DRV:64bit: - [2009/07/13 16:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/13 16:19:25 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor)
DRV:64bit: - [2009/06/10 13:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV:64bit: - [2009/06/10 13:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV:64bit: - [2009/06/10 13:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV:64bit: - [2009/06/10 13:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltLo.sys -- (BrFiltLo)
DRV:64bit: - [2009/06/10 13:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltUp.sys -- (BrFiltUp)
DRV:64bit: - [2009/06/10 13:37:19 | 000,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\secdrv.sys -- (secdrv)
DRV:64bit: - [2009/06/10 13:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 12:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/03/31 09:29:38 | 000,178,432 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH0464.sys -- (SaiH0464)
DRV:64bit: - [2007/02/16 12:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2011/09/09 07:00:28 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/09/09 07:00:28 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/03/01 08:55:42 | 000,019,024 | ---- | M] (Paragon Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Paragon Software\Migrate OS to SSD\program\biontdrv.sys -- (BioNTDrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 0D 6B 46 64 A4 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {A3D6A8F5-ADE9-445E-95DF-78A3FA35E8D6}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{A3D6A8F5-ADE9-445E-95DF-78A3FA35E8D6}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Walter\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Walter\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Walter\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Walter\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Walter\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff-7.5@trendmicro.com: C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\7.5.1136\7.5.1136\FIREFOXEXTENSION [2013/09/09 12:49:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff-7.5@trendmicro.com: C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\firefoxextension [2013/09/09 12:49:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012/10/05 04:48:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2013/09/09 12:50:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{132C60DD-1177-11E2-8271-B8AC6F996F26}: C:\Users\Walter\AppData\Local\{132C60DD-1177-11E2-8271-B8AC6F996F26}\ [2012/10/08 11:36:44 | 000,000,000 | ---D | M]
 
[2013/09/06 16:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/17 00:12:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/09/06 16:19:24 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\zgvstddqqjlabihif@opvrjrelhkc.org
[2013/08/17 00:12:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/17 00:12:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2013/09/10 17:33:28 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [DigiDo] C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2540 Series" /EF "HKCU" File not found
O4 - Startup: C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Walter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk = C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe (ООО Яндекс)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: blank ([]about in Computer)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47CDC08E-3843-4ACB-B294-32B003290C45}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/18 15:57:15 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2007/06/01 04:35:44 | 000,092,160 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/06/01 04:11:04 | 000,000,048 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/11 01:26:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.com
[2013/09/10 17:24:19 | 000,000,000 | ---D | C] -- C:\Users\Walter\Desktop\RK_Quarantine
[2013/09/10 13:56:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/10 13:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/10 13:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/10 13:55:48 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Walter\Desktop\mbam-setup-1.75.0.1300.exe
[2013/09/10 12:06:01 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Local\Overwolf
[2013/09/10 11:18:31 | 000,000,000 | ---D | C] -- C:\FRST
[2013/09/10 11:17:41 | 001,949,196 | ---- | C] (Farbar) -- C:\Users\Walter\Desktop\FRST64.exe
[2013/09/10 11:12:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/09 14:00:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\etc
[2013/09/09 13:57:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/09 13:27:46 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\WTouch
[2013/09/09 13:26:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/09/09 13:22:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/09 13:22:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/09 13:22:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/09 13:22:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/09 12:33:54 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Malwarebytes
[2013/09/09 12:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/09 06:53:23 | 000,000,000 | ---D | C] -- C:\Users\Walter\Desktop\lps
[2013/09/09 06:50:02 | 000,000,000 | R--D | C] -- C:\Users\Walter\Dropbox
[2013/09/09 06:48:24 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/09/09 06:47:38 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Dropbox
[2013/09/06 16:34:29 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Local\SIX Updater
[2013/09/06 16:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio
[2013/09/06 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Play withSIX
[2013/09/06 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Local\Play withSIX
[2013/09/06 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Local\IsolatedStorage
[2013/09/06 16:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIX Networks
[2013/09/06 16:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Networks
[2013/09/06 16:19:25 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
[2013/09/06 14:44:18 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Local\ArmA 2 OA
[2013/09/06 14:09:20 | 000,000,000 | ---D | C] -- C:\Users\Walter\Documents\ArmA 2
[2013/09/06 14:09:20 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Local\ArmA 2
[2013/09/06 14:09:02 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2013/09/06 14:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2013/09/06 13:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive
[2013/09/06 13:32:05 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Local\GameFly
[2013/09/06 12:53:25 | 000,000,000 | ---D | C] -- C:\Users\Walter\Documents\GameFly
[2013/09/06 12:53:22 | 000,000,000 | ---D | C] -- C:\Users\Walter\AppData\Roaming\GameFly
[2013/08/17 00:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/15 03:04:09 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/15 03:04:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/15 03:04:08 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/15 03:04:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/15 03:04:08 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/15 03:04:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/15 03:04:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/15 03:04:08 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/15 03:04:08 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/15 03:04:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/15 03:04:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/15 03:04:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/15 03:04:06 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/15 03:04:06 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/15 03:04:05 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/14 17:26:06 | 000,000,000 | ---D | C] -- C:\Users\Walter\Desktop\Recipes
[2013/08/14 06:04:23 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 06:04:23 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 06:04:23 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 06:04:16 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 06:04:16 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/14 06:04:16 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/14 06:04:15 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/14 06:04:15 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/14 06:04:14 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/14 06:04:14 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/14 06:04:14 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/14 06:04:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/14 06:04:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/14 06:04:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/14 06:04:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/14 06:04:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Walter\Desktop\*.tmp files -> C:\Users\Walter\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/11 01:26:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Walter\Desktop\OTL.com
[2013/09/11 01:06:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/11 00:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/10 23:06:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/10 17:33:28 | 000,000,741 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/10 17:30:55 | 000,026,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/10 17:30:55 | 000,026,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/10 17:29:26 | 000,779,358 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/10 17:29:26 | 000,660,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/10 17:29:26 | 000,121,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/10 17:23:56 | 000,001,091 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk
[2013/09/10 17:23:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/10 17:23:44 | 2140,491,772 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/10 13:59:19 | 003,788,288 | ---- | M] () -- C:\Users\Walter\Desktop\RogueKillerX64.exe
[2013/09/10 13:56:13 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/10 13:55:48 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Walter\Desktop\mbam-setup-1.75.0.1300.exe
[2013/09/10 13:35:04 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/10 13:35:04 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/10 11:17:41 | 001,949,196 | ---- | M] (Farbar) -- C:\Users\Walter\Desktop\FRST64.exe
[2013/09/10 11:06:38 | 001,037,278 | ---- | M] () -- C:\Users\Walter\Desktop\AdwCleaner.exe
[2013/09/10 00:55:58 | 000,234,544 | ---- | M] () -- C:\Windows\RegBootClean64.exe
[2013/09/09 14:07:31 | 000,007,168 | ---- | M] () -- C:\Users\Walter\Documents\cc_20130909_140727.reg
[2013/09/09 06:50:02 | 000,001,053 | ---- | M] () -- C:\Users\Walter\Desktop\Dropbox.lnk
[2013/09/09 06:48:43 | 000,001,063 | ---- | M] () -- C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/09/07 21:47:01 | 000,002,669 | ---- | M] () -- C:\Users\Walter\Desktop\Play withSIX.lnk
[2013/08/16 21:35:18 | 000,002,472 | ---- | M] () -- C:\Users\Walter\Application Data\Microsoft\Internet Explorer\Quick Launch\Yandex.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Walter\Desktop\*.tmp files -> C:\Users\Walter\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/11 01:24:31 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\drivers\BrFiltLo.sys.bak
[2013/09/10 13:59:19 | 003,788,288 | ---- | C] () -- C:\Users\Walter\Desktop\RogueKillerX64.exe
[2013/09/10 13:56:13 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/10 11:06:36 | 001,037,278 | ---- | C] () -- C:\Users\Walter\Desktop\AdwCleaner.exe
[2013/09/09 14:07:30 | 000,007,168 | ---- | C] () -- C:\Users\Walter\Documents\cc_20130909_140727.reg
[2013/09/09 14:00:39 | 000,017,463 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\services
[2013/09/09 14:00:39 | 000,003,683 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\lmhosts.sam
[2013/09/09 14:00:39 | 000,001,358 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\protocol
[2013/09/09 14:00:39 | 000,000,741 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/09 14:00:39 | 000,000,407 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\networks
[2013/09/09 13:22:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/09 13:22:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/09 13:22:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/09 13:22:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/09 13:22:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/09/09 06:50:02 | 000,001,053 | ---- | C] () -- C:\Users\Walter\Desktop\Dropbox.lnk
[2013/09/09 06:48:43 | 000,001,063 | ---- | C] () -- C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/09/07 21:47:01 | 000,002,669 | ---- | C] () -- C:\Users\Walter\Desktop\Play withSIX.lnk
[2013/06/04 15:51:06 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/06/04 15:51:06 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/06/04 15:03:28 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/06/04 15:03:28 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/05/30 15:41:44 | 000,007,605 | ---- | C] () -- C:\Users\Walter\AppData\Local\Resmon.ResmonCfg
[2012/12/14 16:25:51 | 000,002,298 | ---- | C] () -- C:\Users\Walter\AppData\Roaming\ASSDraw3.cfg
[2012/12/14 01:46:31 | 000,773,082 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/02 23:54:27 | 000,000,111 | ---- | C] () -- C:\Users\Walter\AppData\Roaming\adu.xml
[2012/10/08 11:37:08 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/10/08 11:37:08 | 000,022,064 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2012/10/05 04:48:24 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/10/05 04:25:53 | 000,846,662 | ---- | C] () -- C:\Users\Walter\AppData\Local\census.cache
[2012/10/05 04:25:46 | 000,105,765 | ---- | C] () -- C:\Users\Walter\AppData\Local\ars.cache
[2012/10/05 04:20:54 | 000,000,036 | ---- | C] () -- C:\Users\Walter\AppData\Local\housecall.guid.cache
[2012/09/06 18:07:32 | 000,186,076 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/05 14:38:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/28 23:47:47 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/12/28 23:47:47 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/12/28 23:47:40 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/12/28 23:47:40 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/12/28 23:45:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/12/18 21:19:09 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/10 14:31:42 | 000,116,224 | ---- | C] () -- C:\Windows\SysWow64\ICOMP.EXE
[2011/12/10 14:31:42 | 000,083,456 | ---- | C] () -- C:\Windows\SysWow64\SMACKW32.DLL
[2011/12/10 14:31:42 | 000,006,765 | ---- | C] () -- C:\Windows\SysWow64\NETID.exe
[2011/12/10 14:31:42 | 000,000,748 | ---- | C] () -- C:\Windows\SysWow64\AREA.DAT
[2011/12/10 14:31:42 | 000,000,168 | ---- | C] () -- C:\Windows\SysWow64\HISTORY.DAT
[2011/12/10 14:31:42 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\net.ini
[2011/12/10 14:31:42 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\SCREEN.INI
[2011/12/10 14:31:42 | 000,000,002 | ---- | C] () -- C:\Windows\SysWow64\VIDEO.INI
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/01/10 10:27:31 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\.anki
[2012/11/01 23:22:20 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\.matplotlib
[2013/08/18 16:30:38 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\.minecraft
[2012/09/05 14:53:59 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\.purple
[2012/09/05 14:54:00 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Aegisub
[2012/09/05 14:54:00 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Amazon
[2012/10/05 15:35:43 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Audacity
[2013/07/02 13:47:45 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Azureus
[2013/08/29 21:58:53 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\DAEMON Tools Lite
[2012/02/17 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\DAEMON Tools Pro
[2013/09/10 17:24:00 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Dropbox
[2013/05/08 21:09:53 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Epson
[2012/11/11 17:26:47 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\EveHQ
[2012/12/14 01:48:17 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\EVEMon
[2013/03/02 00:18:57 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\FileZilla
[2013/09/06 12:53:22 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\GameFly
[2012/09/14 15:43:24 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Garmin
[2012/09/05 14:54:03 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Indicium Technologies
[2012/09/05 14:54:03 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\LolClient
[2012/09/05 14:54:16 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Origin
[2013/09/06 16:23:15 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Play withSIX
[2013/05/08 09:22:06 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Seas0nPass
[2013/06/09 11:00:42 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\theHunter
[2013/09/10 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\TS3Client
[2012/09/24 21:40:21 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\wargaming.net
[2012/09/05 14:54:17 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Windows Live Writer
[2013/06/09 13:17:42 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\WOT Statistics
[2013/09/09 13:56:45 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\WTouch
[2013/01/10 11:00:31 | 000,000,000 | ---D | M] -- C:\Users\Walter\AppData\Roaming\Yandex
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/02/27 11:07:53 | 000,002,790 | ---- | M] ()(C:\Users\Public\Desktop\???? 3.??????? Edition.v 7.0.55.010001.lnk) -- C:\Users\Public\Desktop\Симс 3.Золотой Edition.v 7.0.55.010001.lnk
[2013/02/27 11:07:53 | 000,002,790 | ---- | C] ()(C:\Users\Public\Desktop\???? 3.??????? Edition.v 7.0.55.010001.lnk) -- C:\Users\Public\Desktop\Симс 3.Золотой Edition.v 7.0.55.010001.lnk
[2013/01/22 08:53:07 | 000,001,279 | ---- | M] ()(C:\Users\Walter\Desktop\????????.lnk) -- C:\Users\Walter\Desktop\Обливион.lnk
[2013/01/22 08:53:07 | 000,001,279 | ---- | C] ()(C:\Users\Walter\Desktop\????????.lnk) -- C:\Users\Walter\Desktop\Обливион.lnk
[2012/10/09 20:51:08 | 000,021,906 | ---- | M] ()(C:\Users\Walter\Documents\????-????.docx) -- C:\Users\Walter\Documents\Жили-были.docx
[2012/10/07 22:31:54 | 000,021,906 | ---- | C] ()(C:\Users\Walter\Documents\????-????.docx) -- C:\Users\Walter\Documents\Жили-были.docx
[2012/08/18 12:17:14 | 000,000,162 | -H-- | M] ()(C:\Users\Walter\Desktop\~$?????.docx) -- C:\Users\Walter\Desktop\~$Шесть.docx
[2012/08/18 12:17:14 | 000,000,162 | -H-- | C] ()(C:\Users\Walter\Desktop\~$?????.docx) -- C:\Users\Walter\Desktop\~$Шесть.docx
[2012/08/18 09:26:50 | 000,000,162 | -H-- | M] ()(C:\Users\Walter\Desktop\~$? ????? ?????_corr.docx) -- C:\Users\Walter\Desktop\~$о любит Мишка_corr.docx
[2012/08/18 09:26:50 | 000,000,162 | -H-- | C] ()(C:\Users\Walter\Desktop\~$? ????? ?????_corr.docx) -- C:\Users\Walter\Desktop\~$о любит Мишка_corr.docx
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Яндекс

< End of report >

[jpmil]

OTL Extras logfile created on: 9/11/2013 1:27:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Walter\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
23.99 Gb Total Physical Memory | 20.89 Gb Available Physical Memory | 87.06% Memory free
47.98 Gb Paging File | 44.74 Gb Available in Paging File | 93.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.47 Gb Total Space | 25.61 Gb Free Space | 10.74% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 5.46 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: WALTER-PC | User Name: Walter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040283FA-4AA7-45BE-B6BD-6F3988146ABA}" = rport=80 | protocol=6 | dir=out | app=c:\users\walter\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{2F46F387-197A-4A40-8765-D88B72774CBF}" = lport=58342 | protocol=6 | dir=in | name=pando media booster |
"{3BD6528A-4D47-4F4F-828A-F3A179F455DE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4267E6B5-CDE6-4C02-946D-ADB9FA186D70}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8083B650-0A8A-4078-94BE-FA27F4EADEFD}" = lport=58342 | protocol=17 | dir=in | name=pando media booster |
"{84477676-EFED-4187-BD14-3DEAE459139C}" = rport=80 | protocol=6 | dir=out | app=c:\users\walter\appdata\local\warframe\downloaded\public\tools\launcher.exe |
"{BD8E12B3-6A98-4B10-81F7-31D04341CC49}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DD16FC29-B92E-4EC5-A7B0-A5137433A4A2}" = lport=58342 | protocol=17 | dir=in | name=pando media booster |
"{FE6B4282-E5F4-44D9-B83B-EAFE4D05A438}" = lport=58342 | protocol=6 | dir=in | name=pando media booster |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B596893-94D1-445C-871A-75B8EB1E52BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0D6CA1C4-2FE6-4E9D-8260-F1066D4A0D76}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{26FE1525-0527-4EE3-BBB3-4E8234965F1F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2770E9FD-AE04-42D7-A523-12E987F44DBE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{330EB8B0-4CA4-4897-84AB-AB50DBA200E3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{371757D4-4849-44BA-8750-843AAC0F73FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{46B5DA2E-6097-460D-93F3-96868BD0C030}" = protocol=17 | dir=in | app=c:\program files (x86)\time warner cable\twc wifi\twc wifi.exe |
"{485660EA-2E46-47E4-9A50-2D65A446570C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{53367BD5-DE2F-49E3-B26B-B488D9C289BF}" = protocol=6 | dir=in | app=c:\users\walter\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{5707EC0F-FD96-4D40-8BBB-5E89A4506FE3}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{587511B2-73B7-4CC2-AAD6-573B09338438}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{65A209F0-B8CA-43DC-87BB-6FFB6147F309}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{66AACD95-E204-444A-9E07-49B07010BFB8}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{69616D86-D4F3-41E9-AE80-BDE6B5717954}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{6E6F8A04-CE8D-4905-B591-02D3BF3376EA}" = dir=in | app=c:\program files (x86)\time warner cable\twc wifi\twc wifi.exe |
"{6F5F2F3C-C41C-4168-9966-DE90FA270427}" = protocol=17 | dir=in | app=c:\users\walter\appdata\roaming\dropbox\bin\dropbox.exe |
"{734BF6C6-193E-48F2-9DFF-EC394D16E53F}" = protocol=17 | dir=in | app=c:\users\walter\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{7A105893-0221-44ED-A1D6-C03D4DAB3334}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{7AB6742A-EF31-4C61-A64A-4FAE73E5E25A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{81CBB9E5-D654-47B1-B8C3-912324482788}" = protocol=17 | dir=out | app=c:\users\walter\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{8B0209D1-9D27-4FDE-A751-97D74B5F6E93}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8FAB3A9B-B6B1-48EF-8EF6-603124C9CD64}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9119C547-306A-48FE-A7FB-2B7C2D819988}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{91DA6CCF-2D18-467D-B7A9-21DABA8693B8}" = protocol=6 | dir=in | app=c:\users\walter\appdata\roaming\dropbox\bin\dropbox.exe |
"{968399A0-0807-4343-95BB-35A9DD74C9DC}" = protocol=17 | dir=in | app=c:\users\walter\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9DE15D02-EE13-469E-A743-ED5FFD970DE5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9FED901C-4EFC-4128-A54B-DB0F6F563FE1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{A113DE94-34DF-46D3-83A0-0B35CAB2493D}" = protocol=17 | dir=in | app=c:\program files (x86)\time warner cable\twc wifi\twc wifi.exe |
"{A5C6BCA3-E6E4-4BF9-92C2-AD4BB9802773}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{A6B86391-FF71-43BD-BAE8-5C124B673A39}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2oa.exe |
"{B2EA9976-EA17-4C57-B00D-68736B5464DF}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2oa.exe |
"{B5700B95-16C0-4CC5-B1E1-97FEA88B3D27}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B607DA71-F7AE-472E-9746-DFB3E5B34575}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BAB8FB32-AD09-473E-ACEC-54B2837DE38D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BEA6359C-4479-47A6-B9B3-B5773CE1AB79}" = protocol=6 | dir=in | app=c:\program files (x86)\time warner cable\twc wifi\twc wifi.exe |
"{C07C6403-158D-4AEE-B54D-190253806FEC}" = protocol=6 | dir=in | app=c:\program files (x86)\time warner cable\twc wifi\twc wifi.exe |
"{C3CDBFEC-E6D2-4C9C-8C06-0B5DF1BCF3B8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C68CD279-2796-4DA6-8D2A-CD4D347050C8}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{D08DEC3D-FE08-42E4-85BB-B2BDCB0CDD0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{D15A701B-A21E-4325-BA49-88F501557430}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D58FEC76-2883-4345-9C07-68750D55E68D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DF79C5A8-75F9-4365-BDAC-B26151D982A4}" = dir=in | app=c:\users\walter\appdata\local\microsoft\skydrive\skydrive.exe |
"{DF95E601-B24A-42E8-A267-085F0A41CF5F}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2.exe |
"{F3158922-FC9A-44C6-B6B1-2BB589A42BB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{FA50310A-3FEC-4C1F-B023-58FC5D0D460B}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2.exe |
"TCP Query User{2B15BEED-1779-4726-8E0C-B46B31FC4034}C:\users\walter\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\walter\documents\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{33B9879B-ADDA-4B7E-9EF9-E6D7E4FA5AE4}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{5769BE5A-0844-4132-AA80-BC31C6A17A43}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{5FB49085-AEEC-46FE-9436-2A26B911788F}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{AB09EF4A-DBC3-4073-8ED3-9D677EC75D1A}C:\users\walter\appdata\local\warframe\downloaded\public\warframe.x64.exe" = protocol=6 | dir=in | app=c:\users\walter\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"TCP Query User{D622D6DB-ECD2-4738-ADF0-5401FB24E703}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{F2CC4D91-0BD6-43DF-9039-619174056591}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{F341A90C-A51B-4E7D-8B06-962B01B42FBA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{0CF065DD-D91D-4FB2-B4AE-7DAFA9AFAD02}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{36708350-7285-4B70-82E7-996D9B96E9F3}C:\users\walter\appdata\local\warframe\downloaded\public\warframe.x64.exe" = protocol=17 | dir=in | app=c:\users\walter\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"UDP Query User{550B98EA-9FAD-449B-8557-5CC2537A0CB5}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{58EA7CBE-04BF-495A-804A-9CB422CC6CCE}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{62D17A67-D481-447E-9A43-D8AA95E1ED8B}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{A1847177-C9AC-48FD-9EDB-77893ADFF4C4}C:\users\walter\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\walter\documents\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{BE191B43-3429-4B27-A045-429AD8772600}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{E5A2F524-773E-4098-8FCB-689097C6428C}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4224C58B-0A19-8C66-0897-700775DB3A19}" = AMD Catalyst Install Manager
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8424B163-D1E0-48B7-88A2-C7A61767B3D7}" = Microsoft SQL Server Compact 4.0 x64 ENU
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-002A-0419-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Russian) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90CB7AF3-1219-1C56-83E1-99286793D350}" = ccc-utility64
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BFB9CC78-4542-4C4E-44F4-C33C70F61094}" = AMD Media Foundation Decoders
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F65A4306-D971-407B-0A8F-D8E3F200971E}" = AMD Wireless Display v3.0
"{F98BDD51-A432-0A50-9FCB-2315F19F579D}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"EPSON WF-2540 Series" = EPSON WF-2540 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinDjView" = WinDjView 2.0.1
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{10CC0A29-A014-AB9F-BC28-B1E467F74586}" = CCC Help English
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{18CB9BC6-595D-0ABC-EEF2-61D686446E25}" = CCC Help Hungarian
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.7
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.9
"{259538CF-28DE-4A33-811D-E044DE698A93}" = Warframe
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java 6 Update 37
"{2DFDD53C-AB31-9487-AE13-A7812E86138A}" = CCC Help Dutch
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{38062962-8248-0B1F-2AF8-533581E21A43}" = CCC Help Greek
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EADA474-926C-4440-BEAA-F0FF9F11325B}" = CCC Help Italian
"{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = The Sims™ 3 Create a Pattern Tool
"{44F72193-F59C-4303-BAE8-E3E4BC1C122C}" = Epson Event Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{55833E1D-38A3-3BAC-ED58-64B8A9AA5A94}" = CCC Help Danish
"{593E4E45-16B7-DF4E-DCD7-737DBB15184C}" = CCC Help Turkish
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{62C0CBD1-9CCB-C171-A1E8-D3D0E2FD7763}" = CCC Help Polish
"{65761BAE-11E8-48FE-B30F-1F01011AB906}" = The Sims™ 3 Create a World Tool - Beta
"{66396BEB-6324-9507-0385-726F7077B52F}" = CCC Help Norwegian
"{667896F3-B39A-C83E-8194-0CD386C8486A}" = Catalyst Control Center Graphics Previews Common
"{69039A13-9ABB-4264-A570-0023FB2D4F18}" = ArcSoft MediaConverter 7.5
"{690883B6-F592-E486-AAAD-F2CE72507A83}" = CCC Help Portuguese
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AA54C87-0696-52B9-17C5-6398B9ECEE7E}" = CCC Help Chinese Standard
"{6DC3A9B0-1C97-42BA-382F-457218ABBC48}" = CCC Help Finnish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7AA8BDDA-71B5-33EF-8D92-C658527D0B6F}" = CCC Help Korean
"{7FAA19D2-3CF3-4FF6-9746-C0B8DB88757D}" = Vuze Remote Toolbar v7.6
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8536F1C3-6658-CCAC-8040-CA130786DFF1}" = CCC Help Japanese
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8840FA46-5582-3332-CF12-589B018A25F2}" = CCC Help Thai
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B29685B-F8C7-6C56-E6D1-EDC70FC26B78}" = Catalyst Control Center InstallProxy
"{8DB73DEA-5E56-7F08-3305-0A75CFEBC714}" = Catalyst Control Center Localization All
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0419-0000-0000000FF1CE}" = Microsoft Office Access MUI (Russian) 2010
"{90140000-0015-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0419-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Russian) 2010
"{90140000-0016-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0419-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Russian) 2010
"{90140000-0017-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{E92D5B1E-D2F2-4F1C-B2B3-247C2D4DAB27}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0419-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Russian) 2010
"{90140000-0018-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0419-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Russian) 2010
"{90140000-0019-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0419-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Russian) 2010
"{90140000-001A-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0419-0000-0000000FF1CE}" = Microsoft Office Word MUI (Russian) 2010
"{90140000-001B-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{DD6E7CDF-BDFF-43CF-8CCE-84FBEC5ABB77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2010
"{90140000-001F-0422-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{C8998656-7C0A-417B-A5AC-5ABF2E34DDD7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0419-1000-0000000FF1CE}_Office14.OMUI.ru-ru_{6918D8EF-5CF6-44C8-A02E-A87EE19C0C1B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0419-0000-0000000FF1CE}" = Microsoft Office Proofing (Russian) 2010
"{90140000-002C-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{A467FAE2-79B5-4E96-BE95-0623A86683C8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0419-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Russian) 2010
"{90140000-0044-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0419-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Russian) 2010
"{90140000-006E-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{F911AB06-002C-42A4-8AD9-F3D72B05DE4B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0419-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Russian) 2010
"{90140000-00A1-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0419-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Russian) 2010
"{90140000-00BA-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{3675A89E-B724-4200-A1B7-33B16E7192DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0419-0000-0000000FF1CE}" = Microsoft Office O MUI (Russian) 2010
"{90140000-0100-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{D45270B6-9ECB-48D3-ABC4-DA8EDF361396}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0419-0000-0000000FF1CE}" = Microsoft Office X MUI (Russian) 2010
"{90140000-0101-0419-0000-0000000FF1CE}_Office14.OMUI.ru-ru_{67C2DDA0-5C64-4D8B-ACE1-E59E1E224DD5}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0B282B-06AC-F41D-0216-314ABFD89812}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A737E18A-5171-40D0-8034-7DD243420081}" = Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{BF548270-367E-DDEC-85F2-622C922C1206}" = CCC Help Spanish
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C22F2403-B438-CD79-9C46-1BAEFD929B6A}" = AMD Catalyst Control Center
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CCBDF6E1-A8DE-C06D-19A5-556B54ADA254}" = CCC Help Swedish
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D392B004-73F0-7B76-03DE-D9BA33885A9A}" = CCC Help Russian
"{D4378A80-C713-11DF-9399-005056C00008}" = Paragon Migrate OS to SSD™
"{D6807091-A72E-9C5E-7678-4CC8B4B19471}" = CCC Help German
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D7F3EEAD-183C-47DE-BDC5-593539573F97}" = Play withSIX
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB38C3E0-4863-3123-9114-5BE86EC8E5C7}" = Google Talk Plugin
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE680C8E-23FE-4717-A2B8-E99878A7C0AE}" = Punto Switcher 3.2.9
"{F0848023-FB59-8C92-E62E-31F58EDD54DA}" = CCC Help Chinese Traditional
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F5EFCF65-EB44-CE97-E019-13E3289C9B10}" = CCC Help Czech
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Anki" = Anki
"ArmA 2" = ArmA 2 Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"Audacity_is1" = Audacity 2.0
"AudibleManager" = AudibleManager
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"DAEMON Tools Lite" = DAEMON Tools Lite
"DokanLibrary" = Dokan Library 0.6.0
"EPSON Connect_is1" = EPSON Connect version 1.0
"EPSON Scanner" = EPSON Scan
"EVE" = EVE Online (remove only)
"EVEMon" = EVEMon
"FileZilla Client" = FileZilla Client 3.6.0.2
"Homeworld2 Demo" = Homeworld2 Demo
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Oblivion Gold_is1" = "Oblivion ÇÎËÎÒÎÅ ÈÇÄÀÍÈÅ" âåðñèè 1.2.0416
"Office14.OMUI.ru-ru" = Microsoft Office Language Pack 2010 - Russian/русский
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"Pen Tablet Driver" = Bamboo
"Pidgin" = Pidgin
"SpeedFan" = SpeedFan (remove only)
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TWC WiFi_is1" = TWC WiFi
"VLC media player" = VLC media player 2.0.3
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Define Ext" = Define Ext
"Dropbox" = Dropbox
"JNLP" = JNLP
"SkyDriveSetup.exe" = Microsoft SkyDrive
"YandexBrowser" = Yandex
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/9/2013 4:29:31 PM | Computer Name = Walter-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 9/9/2013 4:58:26 PM | Computer Name = Walter-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 9/9/2013 5:04:43 PM | Computer Name = Walter-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 9/10/2013 3:21:03 AM | Computer Name = Walter-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16660 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: e74    Start
 Time: 01ceadf5626026ba    Termination Time: 16    Application Path: C:\Program Files (x86)\Internet
 Explorer\IEXPLORE.EXE    Report Id:  
 
Error - 9/10/2013 1:36:03 PM | Computer Name = Walter-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 9/10/2013 2:16:36 PM | Computer Name = Walter-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 9/10/2013 2:51:19 PM | Computer Name = Walter-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\EPSON
 Software\Download Navigator\EPSDNAVI.EXE".Error in manifest or policy file "" on
 line .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 9/10/2013 8:25:37 PM | Computer Name = Walter-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 9/11/2013 12:58:32 AM | Computer Name = Walter-PC | Source = Application Hang | ID = 1002
Description = The program TS3SP03.exe version 0.1.0.1089 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: f84    Start
 Time: 01ceaeab7a1677b2    Termination Time: 22    Application Path: C:\Program Files (x86)\The
 Sims 3.Gold Edition.v 7.0.55.010001\The Sims 3.Outdoor Living Stuff.v 7.0.55.010001\Game\Bin\TS3SP03.exe

Report
 Id:  
 
Error - 9/11/2013 3:31:17 AM | Computer Name = Walter-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\EPSON
 Software\Download Navigator\EPSDNAVI.EXE".Error in manifest or policy file "" on
 line .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ System Events ]
Error - 9/2/2013 1:14:46 PM | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Search service to connect.
 
Error - 9/2/2013 1:14:46 PM | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
   %%1053
 
Error - 9/2/2013 1:14:46 PM | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Search service to connect.
 
Error - 9/2/2013 1:14:46 PM | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
   %%1053
 
Error - 9/6/2013 4:53:33 PM | Computer Name = Walter-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 9/9/2013 9:53:34 AM | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7034
Description = The Trend Micro Solution Platform service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 9/9/2013 4:23:25 PM | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7034
Description = The DokanMounter service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 9/9/2013 4:24:53 PM | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 9/9/2013 4:26:21 PM | Computer Name = Walter-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
 with this system. Please contact your software vendor for a compatible version
of the driver.
 
Error - 9/9/2013 4:26:42 PM | Computer Name = Walter-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
 
< End of report >

[kevinf80]

Re-Run   by double left click, Vista and Widows 7 users accept UAC alert.

• Under the box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL
  
  

  :OTLO3 - HKCU\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2540 Series" /EF "HKCU" File not foundO15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)O15 - HKCU\..Trusted Domains: blank ([]about in Computer)O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\tmtbim - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\Users\Walter\Desktop\*.tmp files -> C:\Users\Walter\Desktop\*.tmp -> ]:FilesC:\FRSTC:\Users\Walter\Desktop\FRST64.exeC:\Windows\SWREG.exeC:\Windows\SWSC.exeC:\Windows\PEV.exeC:\Windows\MBR.exeC:\Windows\sed.exeC:\Windows\grep.exeC:\Windows\zip.exews\NIRCMD.exeC:\Windows\erdnt:Commands[emptytemp][ResetHosts][CREATERESTOREPOINT]

• Then click button at the top
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
• Please post that log in your next reply.
  

 

Next,

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

 

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• click on the Run ESET Online Scanner button
  
• Tick the box next to YES, I accept the Terms of Use.
  Click Start
  
• When asked, allow the add/on to be installed
  Click Start
  
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings, ensure the options
  
• Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  Click Scan
  
• wait for the virus definitions to be downloaded
  
• Wait for the scan to finish
  

 

When the scan is complete

 

• If no threats were found
  
• put a checkmark in "Uninstall application on close"
  
• close program
  
• report to me that nothing was found
  

 

If threats were found

 

• click on "list of threats found"
  
• click on "export to text file" and save it as ESET SCAN and save to the desktop
  
• Click on back
  
• put a checkmark in "Uninstall application on close"
  
• click on finish
  

 

close program

 

copy and paste the report here

 

Let me see those two logs, also let me know if any issues or concerns remain..

 

Kevin

[jpmil]

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91397D20-1446-11D4-8AF4-0040CA1127B6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000000 deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\$talisma_url$\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blank\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmtbim\ deleted successfully.
File Protocol\Handler\tmtbim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\Walter\Desktop\~WRL2552.tmp deleted successfully.
========== FILES ==========
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Users\Walter\Desktop\FRST64.exe moved successfully.
C:\Windows\SWREG.exe moved successfully.
C:\Windows\SWSC.exe moved successfully.
C:\Windows\PEV.exe moved successfully.
C:\Windows\MBR.exe moved successfully.
C:\Windows\sed.exe moved successfully.
C:\Windows\grep.exe moved successfully.
File\Folder C:\Windows\zip.exews\NIRCMD.exe not found.
C:\Windows\erdnt\Hiv-backup\Users\00000004 folder moved successfully.
C:\Windows\erdnt\Hiv-backup\Users\00000003 folder moved successfully.
C:\Windows\erdnt\Hiv-backup\Users\00000002 folder moved successfully.
C:\Windows\erdnt\Hiv-backup\Users\00000001 folder moved successfully.
C:\Windows\erdnt\Hiv-backup\Users folder moved successfully.
C:\Windows\erdnt\Hiv-backup folder moved successfully.
C:\Windows\erdnt\cache86 folder moved successfully.
C:\Windows\erdnt\cache64 folder moved successfully.
C:\Windows\erdnt folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Walter
->Temp folder emptied: 458968 bytes
->Temporary Internet Files folder emptied: 84529034 bytes
->Java cache emptied: 1780350 bytes
->Google Chrome cache emptied: 380728895 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 799 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95336 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 446.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 09112013_115506

Files\Folders moved on Reboot...
C:\Users\Walter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U47YVRJA\postmessageRelay[1].htm moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U47YVRJA\xd_arbiter[1].htm moved successfully.
File\Folder C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JZZIPME6\like[1].htm not found!
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB9RGWA6\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB9RGWA6\malwarebytes_org[1].htm moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB9RGWA6\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO9BF0ET\sunday[1].htm moved successfully.
File\Folder C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO9BF0ET\webscr[1].htm not found!
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ANFKS51E\xd_arbiter[1].htm moved successfully.
File\Folder C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T36EQ69\fastbutton[1].htm not found!
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T36EQ69\index[3].htm moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

C:\Users\Walter\AppData\Local\{132C60DD-1177-11E2-8271-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NCL trojan
C:\Users\Walter\Downloads\google translate desktop setup.exe a variant of Win32/Soft32Downloader.D application
 

[kevinf80]

Re-Run   by double left click, Vista and Widows 7 users accept UAC alert.

• Under the box at the bottom, paste in the following, start with and include the colon plus Files. :Files
  
  

  :FilesC:\Users\Walter\AppData\Local\{132C60DD-1177-11E2-8271-B8AC6F996F26}\chrome\content\browser.xulC:\Users\Walter\Downloads\google translate desktop setup.exe:Commands[emptytemp][ClearAllRestorePoints]

• Then click button at the top
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
• Please post that log in your next reply.
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter  *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
 

Let me see that log, also let me know if there are any remaining issues or concerns...

 

Thanks,

 

Kevin....

[jpmil]

All processes killed
========== FILES ==========
C:\Users\Walter\AppData\Local\{132C60DD-1177-11E2-8271-B8AC6F996F26}\chrome\content\browser.xul moved successfully.
C:\Users\Walter\Downloads\google translate desktop setup.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Walter
->Temp folder emptied: 520415 bytes
->Temporary Internet Files folder emptied: 51282712 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 602 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 49.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 09112013_180238

Files\Folders moved on Reboot...
C:\Users\Walter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAKWJS96\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAKWJS96\fastbutton[1].htm moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAKWJS96\like[1].htm moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAKWJS96\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAKWJS96\xd_arbiter[1].htm moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5S471GDU\malwarebytes_org[1].htm moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B7VDWLC\index[3].htm moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B7VDWLC\postmessageRelay[1].htm moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B7VDWLC\sunday[1].htm moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1A0MOVM7\xd_arbiter[1].htm moved successfully.
C:\Users\Walter\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[kevinf80]

How is your system responding now, are there any remaining issues or concerns? If all is now ok do the following:

 

Delete RogueKiller and its folder RK_Quarantine from the desktop.

 

Next,

 

Uninstall adwcleaner.exe

 

•   Please close all open programs and internet browsers.
  
•   Double click on adwcleaner.exe to run the tool.
  
•   Click on Uninstall
  
• Click Yes at Would you like to Uninstall Adwcleaner
  

 

Next,

 

Remove ESET online scanner  (Only If installed):

 

• 
  

Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

 

Next,

 

OTL Cleanup...

 

• Re-open to run it. (Vista and Win 7 users accept UAC alert)
  
• Click on the button.
  
• Click Yes to begin the cleanup process and remove tools, including this application
  
• You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes
  

 

Let me know if those steps complete OK, finally run the following and post its log:

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin....

 

 

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.