Computer very slow, I think I might have a virus/malware problem

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

PorkCh0p

Thread Starter
Joined
Nov 4, 2011
Messages
11
Hello there, for the past 2 months or so I've been experiencing issues when I open programs where they don't run at all or crash after a while. I would very much like to resolve the issue as soon as possible, as it has hindered me quite a bit lately so I finally sought to seek help thinking it is malware, or virus related.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:51:11 PM, on 11/2/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Steam\Steam.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mumble\mumble.exe
C:\Program Files\Heroes of Newerth\hon.exe
C:\Windows\system32\rundll32.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jon\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EADM] "C:\Program Files\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jon\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5681 bytes

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.16982
Run by Jon at 22:52:24 on 2011-11-02
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2047.383 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Steam\Steam.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mumble\mumble.exe
C:\Program Files\Heroes of Newerth\hon.exe
C:\Windows\system32\rundll32.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [Google Update] "c:\users\jon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [EADM] "c:\program files\origin\Origin.exe" -AutoStart
uRun: [Facebook Update] "c:\users\jon\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [<NO NAME>]
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{66D33798-47C6-44D6-8E05-509506CD34CB} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl50d8f76e;MpKsl50d8f76e;c:\programdata\microsoft\microsoft antimalware\definition updates\{471d26cf-ea17-48f5-8866-95012fc87088}\MpKsl50d8f76e.sys [2011-11-2 28752]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-10-3 139368]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-10-3 2255464]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-8-3 379496]
.
=============== Created Last 30 ================
.
2011-11-02 08:48:16 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{471d26cf-ea17-48f5-8866-95012fc87088}\MpKsl50d8f76e.sys
2011-11-02 08:47:32 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{471d26cf-ea17-48f5-8866-95012fc87088}\offreg.dll
2011-11-02 08:47:24 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{471d26cf-ea17-48f5-8866-95012fc87088}\mpengine.dll
2011-10-31 03:28:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-25 22:13:14 -------- d-----w- c:\users\jon\appdata\local\Facebook
2011-10-21 02:29:34 -------- d-----w- c:\programdata\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
2011-10-21 02:29:25 -------- d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2011-10-21 02:29:16 -------- d-----w- c:\users\jon\appdata\local\Seven Zip
2011-10-21 02:28:36 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-10-21 02:28:35 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-10-21 02:27:08 -------- d-----w- c:\windows\PCHEALTH
2011-10-21 02:25:31 -------- d-----w- c:\users\jon\appdata\local\Microsoft Help
2011-10-19 08:44:18 -------- d-----w- c:\users\jon\appdata\roaming\NeopleLauncherDFO
2011-10-15 10:48:59 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll
2011-10-15 10:43:54 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-10-15 10:43:54 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-10-15 10:43:54 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-10-15 10:43:54 11264 ----a-w- c:\windows\system32\icardres.dll
2011-10-15 10:43:50 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-10-15 10:43:49 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-15 10:43:48 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-10-15 10:43:48 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-15 10:15:55 96760 ----a-w- c:\windows\system32\dfshim.dll
2011-10-15 10:15:54 41984 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-15 10:15:52 83968 ----a-w- c:\windows\system32\mscories.dll
2011-10-15 10:15:52 282112 ----a-w- c:\windows\system32\mscoree.dll
2011-10-15 10:15:52 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-10-14 10:00:21 148992 ----a-w- c:\windows\system32\drivers\ks.sys
2011-10-13 10:02:09 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-10-13 10:01:46 268800 ----a-w- c:\windows\system32\es.dll
2011-10-13 02:06:18 -------- d-----w- c:\users\jon\appdata\local\Logitech® Webcam Software
2011-10-13 02:04:16 -------- d-----w- c:\users\jon\appdata\local\LogiShrd
2011-10-13 02:02:26 53248 ----a-r- c:\users\jon\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2011-10-13 01:59:19 -------- d-----w- c:\program files\common files\LWS
2011-10-12 11:08:52 156672 ----a-w- c:\windows\system32\t2embed.dll
2011-10-12 11:08:51 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-10-12 11:08:51 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-10-12 11:08:51 289792 ----a-w- c:\windows\system32\atmfd.dll
2011-10-12 11:08:51 24064 ----a-w- c:\windows\system32\lpk.dll
2011-10-12 11:08:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-10-12 11:03:51 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-10-12 11:03:51 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-10-12 11:03:51 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2011-10-12 11:03:50 272896 ----a-w- c:\windows\system32\polstore.dll
2011-10-12 11:03:03 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-12 11:03:03 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-12 11:01:51 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-10-12 11:01:51 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-10-12 11:01:51 15360 ----a-w- c:\windows\system32\netevent.dll
2011-10-12 11:01:51 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-10-12 11:01:51 103936 ----a-w- c:\windows\system32\netiohlp.dll
2011-10-12 11:01:51 10240 ----a-w- c:\windows\system32\finger.exe
2011-10-12 11:01:50 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-10-12 11:01:50 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-10-12 11:01:50 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-10-12 10:59:18 194560 ----a-w- c:\windows\system32\WebClnt.dll
2011-10-12 10:59:18 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2011-10-12 10:58:31 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2011-10-12 10:58:30 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2011-10-12 10:58:30 502272 ----a-w- c:\windows\system32\wlansvc.dll
2011-10-12 10:58:30 47104 ----a-w- c:\windows\system32\wlanapi.dll
2011-10-12 10:58:30 297984 ----a-w- c:\windows\system32\wlansec.dll
2011-10-12 10:58:30 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2011-10-12 10:57:24 1260032 ----a-w- c:\windows\system32\msxml3.dll
2011-10-12 10:57:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-10-12 10:57:22 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-10-12 10:57:22 1406464 ----a-w- c:\windows\system32\msxml6.dll
2011-10-12 10:56:23 216576 ----a-w- c:\windows\system32\msv1_0.dll
2011-10-12 10:55:32 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-10-12 10:55:31 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-10-12 10:55:31 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-12 10:54:32 98816 ----a-w- c:\windows\system32\mfps.dll
2011-10-12 10:54:32 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2011-10-12 10:54:32 2855424 ----a-w- c:\windows\system32\mf.dll
2011-10-12 10:54:32 2048 ----a-w- c:\windows\system32\mferror.dll
2011-10-12 10:54:31 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-10-12 10:53:04 3504008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-12 10:53:03 3470216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-12 10:50:24 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-10-12 10:49:36 71680 ----a-w- c:\windows\system32\atl.dll
2011-10-12 10:48:48 297472 ----a-w- c:\windows\system32\gdi32.dll
2011-10-12 10:46:51 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2011-10-12 10:46:06 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2011-10-12 10:46:06 30208 ----a-w- c:\windows\system32\xolehlp.dll
2011-10-12 10:45:13 156160 ----a-w- c:\windows\system32\wkssvc.dll
2011-10-12 10:44:17 116736 ----a-w- c:\windows\system32\aaclient.dll
2011-10-12 10:44:16 36352 ----a-w- c:\windows\system32\tsgqec.dll
2011-10-12 10:44:16 1871872 ----a-w- c:\windows\system32\mstscax.dll
2011-10-12 10:43:20 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2011-10-12 10:41:42 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2011-10-12 10:41:42 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2011-10-12 10:41:42 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2011-10-12 10:41:41 86016 ----a-w- c:\windows\system32\icfupgd.dll
2011-10-12 10:41:41 61952 ----a-w- c:\windows\system32\cmifw.dll
2011-10-12 10:41:41 16896 ----a-w- c:\windows\system32\wfapigp.dll
2011-10-12 10:40:13 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2011-10-12 10:40:10 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2011-10-12 10:40:10 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2011-10-12 10:40:10 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2011-10-12 10:36:21 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-10-12 10:35:50 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-12 10:34:59 696832 ----a-w- c:\windows\system32\localspl.dll
2011-10-12 10:34:24 2923520 ----a-w- c:\windows\explorer.exe
2011-10-12 10:33:08 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-10-12 10:32:25 494592 ----a-w- c:\windows\system32\kerberos.dll
2011-10-12 10:32:25 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-10-12 10:32:24 7680 ----a-w- c:\windows\system32\lsass.exe
2011-10-12 10:32:24 72704 ----a-w- c:\windows\system32\secur32.dll
2011-10-12 10:32:24 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-10-12 10:32:24 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2011-10-12 10:32:22 272384 ----a-w- c:\windows\system32\schannel.dll
2011-10-12 10:31:42 24064 ----a-w- c:\windows\system32\netcfg.exe
2011-10-12 10:27:30 549888 ----a-w- c:\windows\system32\rpcss.dll
2011-10-12 10:27:29 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-10-12 10:27:28 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-10-12 10:27:28 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2011-10-12 10:27:28 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2011-10-12 10:27:27 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-10-12 10:27:27 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2011-10-12 10:27:26 97280 ----a-w- c:\windows\system32\iasrecst.dll
2011-10-12 10:27:26 53248 ----a-w- c:\windows\system32\iasads.dll
2011-10-12 10:27:26 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2011-10-12 10:27:26 158720 ----a-w- c:\windows\system32\sdohlp.dll
2011-10-12 10:26:46 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-10-12 10:26:46 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-10-12 10:25:37 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-10-12 10:25:37 22016 ----a-w- c:\windows\system32\netiougc.exe
2011-10-12 10:25:37 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2011-10-12 10:25:37 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-10-12 10:25:37 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2011-10-12 10:25:37 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-10-12 10:25:36 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-12 10:25:01 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2011-10-12 10:24:32 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2011-10-12 10:24:32 223232 ----a-w- c:\windows\system32\WMASF.DLL
2011-10-12 10:24:32 2048 ----a-w- c:\windows\system32\asferror.dll
2011-10-12 10:24:01 25600 ----a-w- c:\windows\system32\amxread.dll
2011-10-12 10:24:00 14848 ----a-w- c:\windows\system32\apilogen.dll
2011-10-12 10:23:22 97792 ----a-w- c:\windows\system32\cabview.dll
2011-10-12 10:22:51 441856 ----a-w- c:\windows\system32\win32spl.dll
2011-10-12 10:22:51 37376 ----a-w- c:\windows\system32\printcom.dll
2011-10-12 10:22:13 2032128 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 10:19:58 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll
2011-10-12 10:19:58 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe
2011-10-12 10:19:57 11776 ----a-w- c:\windows\system32\sbunattend.exe
2011-10-12 10:19:04 84480 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-10-12 10:19:04 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-10-12 10:17:33 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-10-12 10:17:33 94720 ----a-w- c:\windows\system32\logagent.exe
2011-10-12 10:16:40 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-10-12 10:16:25 84480 ----a-w- c:\windows\system32\INETRES.dll
2011-10-12 10:16:25 737792 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-12 10:16:02 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-10-12 10:15:35 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2011-10-12 10:14:47 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-10-12 10:14:46 396800 ----a-w- c:\windows\system32\drivers\http.sys
2011-10-12 10:14:46 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-10-12 10:11:35 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-10-12 10:10:45 274432 ----a-w- c:\windows\system32\raschap.dll
2011-10-12 10:10:45 232960 ----a-w- c:\windows\system32\rastls.dll
2011-10-12 10:10:20 321536 ----a-w- c:\windows\system32\WSDApi.dll
2011-10-12 10:10:02 99840 ----a-w- c:\windows\system32\poqexec.exe
2011-10-12 10:09:40 -------- d-----w- c:\program files\MSXML 4.0
2011-10-12 10:08:36 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-10-12 10:08:36 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-10-12 10:08:36 1327616 ----a-w- c:\windows\system32\quartz.dll
2011-10-12 10:08:36 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2011-10-12 10:08:35 88576 ----a-w- c:\windows\system32\avifil32.dll
2011-10-12 10:08:35 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-10-12 10:08:35 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-10-12 10:08:35 31232 ----a-w- c:\windows\system32\msvidc32.dll
2011-10-12 10:08:35 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-10-12 10:08:35 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-10-12 10:08:03 750080 ----a-w- c:\windows\system32\qmgr.dll
2011-10-12 10:07:38 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-10-11 19:36:24 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-10 17:29:03 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d25350f4-0f16-4264-8c9c-18c0347fdea9}\gapaengine.dll
2011-10-10 17:28:32 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-10 17:26:00 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-10-10 17:25:31 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-10-10 17:24:52 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-10-10 17:24:52 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-10-10 17:23:42 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-08 02:07:24 -------- d-----w- c:\users\jon\riotsGamesLogs
2011-10-08 02:06:50 -------- d-----w- c:\users\jon\appdata\roaming\LolClient
2011-10-08 01:52:21 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-10-08 01:52:20 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-10-08 01:52:19 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-10-08 01:45:51 -------- d-----w- C:\Riot Games
2011-10-04 08:54:56 -------- d-----w- c:\program files\Ventrilo
2011-10-04 08:53:14 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-10-04 08:44:32 -------- d-----w- c:\programdata\Nexon
2011-10-04 07:13:07 -------- d-----w- c:\programdata\NexonUS
2011-10-04 07:13:07 -------- d-----w- C:\Nexon
2011-10-04 06:45:15 -------- d-----w- c:\users\jon\appdata\local\PMB Files
2011-10-04 06:45:13 -------- d-----w- c:\programdata\PMB Files
2011-10-04 06:45:01 -------- d-----w- c:\program files\Pando Networks
.
==================== Find3M ====================
.
2011-10-15 10:48:58 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2011-10-13 10:00:59 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2011-10-12 11:06:21 72704 ----a-w- c:\windows\system32\admparse.dll
2011-10-12 11:06:19 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-12 11:06:19 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2011-10-12 11:06:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-12 11:06:11 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-12 11:06:11 389120 ----a-w- c:\windows\system32\html.iec
2011-10-12 11:06:09 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-12 11:06:05 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-12 11:06:03 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-12 11:06:00 56320 ----a-w- c:\windows\system32\iesetup.dll
2011-10-12 10:24:01 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2011-10-12 10:21:45 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-10-12 10:21:45 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2011-10-12 10:21:14 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2011-10-12 10:21:11 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-10-12 10:21:10 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-10-12 10:21:10 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-10-12 10:21:03 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-10-12 10:21:03 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-10-12 10:21:03 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-10-04 07:25:42 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-10-04 07:25:42 138056 ----a-w- c:\users\jon\appdata\roaming\PnkBstrK.sys
2011-10-04 07:25:32 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-10-04 07:25:28 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-10-04 07:25:26 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-08-19 09:26:50 545056 ----a-w- c:\windows\system32\LVUI2.dll
2011-08-19 09:26:50 540960 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-08-19 09:26:50 4334624 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2011-08-19 09:26:46 315808 ----a-w- c:\windows\system32\drivers\lvrs.sys
2011-08-19 09:26:46 307488 ----a-w- c:\windows\system32\lvcodec2.dll
2011-08-19 09:26:46 196896 ----a-w- c:\windows\system32\lvci13301394.dll
2011-08-19 09:26:20 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-08-19 09:26:20 10898456 ----a-w- c:\windows\system32\LogiDPP.dll
2011-08-19 09:26:20 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-08-12 19:20:14 15896 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
.
============= FINISH: 22:53:31.33 ===============

Ark.txt:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-03 16:10:02
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD320KJ rev.CP100-10
Running: 2td1158s.exe; Driver: C:\Users\Jon\AppData\Local\Temp\kfrdypow.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? C2C2B050
INT 0x61 ? C2C2B7D0
INT 0x71 ? C2273CD0
INT 0x82 ? C22732D0
INT 0x92 ? C22737D0
INT 0xA2 ? C2C2B2D0
INT 0xB1 ? C2C2BCD0
INT 0xB2 ? C2C2B550

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Steam\Steam.exe[2364] kernel32.dll!LoadLibraryW 76EA971F 6 Bytes PUSH 6772DE50; RET C:\Program Files\Mumble\mumble_ol.dll
.text C:\Program Files\Steam\Steam.exe[2364] kernel32.dll!LoadLibraryA 76EA9A96 6 Bytes PUSH 6772DFB0; RET C:\Program Files\Mumble\mumble_ol.dll
.text C:\Windows\system32\Dwm.exe[2548] kernel32.dll!LoadLibraryW 76EA971F 6 Bytes PUSH 6772DE50; RET C:\Program Files\Mumble\mumble_ol.dll
.text C:\Windows\system32\Dwm.exe[2548] kernel32.dll!LoadLibraryA 76EA9A96 6 Bytes PUSH 6772DFB0; RET C:\Program Files\Mumble\mumble_ol.dll
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2944] kernel32.dll!SetUnhandledExceptionFilter 76EAD177 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtCreateFile + 6 77ADF41A 4 Bytes [28, 00, 16, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtCreateFile + B 77ADF41F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtMapViewOfSection + 6 77ADFB6A 1 Byte [28]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtMapViewOfSection + 6 77ADFB6A 4 Bytes [28, 03, 16, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtMapViewOfSection + B 77ADFB6F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenFile + 6 77ADFBFA 4 Bytes [68, 00, 16, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenFile + B 77ADFBFF 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcess + 6 77ADFC7A 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcess + B 77ADFC7F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcessToken + B 77ADFC8F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcessTokenEx + 6 77ADFC9A 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcessTokenEx + B 77ADFC9F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThread + 6 77ADFCEA 4 Bytes [68, 01, 16, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThread + B 77ADFCEF 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThreadToken + 6 77ADFCFA 4 Bytes [68, 02, 16, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThreadToken + B 77ADFCFF 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThreadTokenEx + B 77ADFD0F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtQueryAttributesFile + 6 77ADFD9A 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtQueryAttributesFile + B 77ADFD9F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtQueryFullAttributesFile + B 77ADFE4F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtSetInformationFile + 6 77AE036A 4 Bytes [28, 01, 16, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtSetInformationFile + B 77AE036F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtSetInformationThread + 6 77AE03BA 4 Bytes [28, 02, 16, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtSetInformationThread + B 77AE03BF 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtUnmapViewOfSection + 6 77AE065A 1 Byte [68]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtUnmapViewOfSection + 6 77AE065A 4 Bytes [68, 03, 16, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtUnmapViewOfSection + B 77AE065F 1 Byte [E2]
.text C:\Program Files\Origin\Origin.exe[3052] kernel32.dll!CreateProcessW 76E81D27 5 Bytes JMP 679AC160 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
.text C:\Program Files\Origin\Origin.exe[3052] kernel32.dll!CreateProcessA 76E81D5C 5 Bytes JMP 679AC0C0 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
.text C:\Program Files\Origin\Origin.exe[3052] kernel32.dll!LoadLibraryW 76EA971F 6 Bytes PUSH 6772DE50; RET C:\Program Files\Mumble\mumble_ol.dll
.text C:\Program Files\Origin\Origin.exe[3052] kernel32.dll!LoadLibraryA 76EA9A96 6 Bytes PUSH 6772DFB0; RET C:\Program Files\Mumble\mumble_ol.dll
.text C:\Program Files\Origin\Origin.exe[3052] USER32.dll!ShowWindowAsync 76BB2116 5 Bytes JMP 000D3AD0 C:\Program Files\Origin\Origin.exe (Origin/Electronic Arts)
.text C:\Program Files\Origin\Origin.exe[3052] USER32.dll!SetActiveWindow 76BB32E3 5 Bytes JMP 000D3BD0 C:\Program Files\Origin\Origin.exe (Origin/Electronic Arts)
.text C:\Program Files\Origin\Origin.exe[3052] USER32.dll!ShowWindow 76BB8B8C 5 Bytes JMP 000D3B20 C:\Program Files\Origin\Origin.exe (Origin/Electronic Arts)
.text C:\Program Files\Origin\Origin.exe[3052] USER32.dll!SetWindowPos 76BB969F 5 Bytes JMP 000D3B90 C:\Program Files\Origin\Origin.exe (Origin/Electronic Arts)
.text C:\Program Files\Origin\Origin.exe[3052] USER32.dll!SetFocus 76BB96C0 5 Bytes JMP 000D3B70 C:\Program Files\Origin\Origin.exe (Origin/Electronic Arts)
.text C:\Program Files\Origin\Origin.exe[3052] USER32.dll!SetForegroundWindow 76BBAA8C 5 Bytes JMP 000D3A70 C:\Program Files\Origin\Origin.exe (Origin/Electronic Arts)
.text C:\Program Files\Origin\Origin.exe[3052] USER32.dll!SwitchToThisWindow 76BBAB36 5 Bytes JMP 000D3AB0 C:\Program Files\Origin\Origin.exe (Origin/Electronic Arts)
.text C:\Program Files\Origin\Origin.exe[3052] USER32.dll!BringWindowToTop 76BDA7E0 5 Bytes JMP 000D3A90 C:\Program Files\Origin\Origin.exe (Origin/Electronic Arts)
.text C:\Program Files\Origin\Origin.exe[3052] ADVAPI32.dll!CreateProcessAsUserW 76DE0544 5 Bytes JMP 679AC2B0 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
.text C:\Program Files\Origin\Origin.exe[3052] ADVAPI32.dll!CreateProcessAsUserA 76E22420 5 Bytes JMP 679AC200 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
.text C:\Program Files\Origin\Origin.exe[3052] SHELL32.dll!ShellExecuteEx 76F69D48 5 Bytes JMP 679AC360 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
.text C:\Program Files\Origin\Origin.exe[3052] SHELL32.dll!ShellExecuteW 76F7CD45 5 Bytes JMP 679AC470 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
.text C:\Program Files\Origin\Origin.exe[3052] SHELL32.dll!ShellExecuteExW 76F7E65C 5 Bytes JMP 679AC3B0 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
.text C:\Program Files\Origin\Origin.exe[3052] SHELL32.dll!ShellExecuteA 7715A678 5 Bytes JMP 679AC400 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
.text C:\Program Files\Skype\Phone\Skype.exe[3260] kernel32.dll!LoadLibraryW 76EA971F 6 Bytes PUSH 6772DE50; RET C:\Program Files\Mumble\mumble_ol.dll
.text C:\Program Files\Skype\Phone\Skype.exe[3260] kernel32.dll!LoadLibraryA 76EA9A96 6 Bytes PUSH 6772DFB0; RET C:\Program Files\Mumble\mumble_ol.dll
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtCreateFile + 6 77ADF41A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtCreateFile + B 77ADF41F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtMapViewOfSection + 6 77ADFB6A 1 Byte [28]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtMapViewOfSection + 6 77ADFB6A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtMapViewOfSection + B 77ADFB6F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenFile + 6 77ADFBFA 4 Bytes [68, 00, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenFile + B 77ADFBFF 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenProcess + 6 77ADFC7A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenProcess + B 77ADFC7F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenProcessToken + B 77ADFC8F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenProcessTokenEx + 6 77ADFC9A 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenProcessTokenEx + B 77ADFC9F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenThread + 6 77ADFCEA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenThread + B 77ADFCEF 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenThreadToken + 6 77ADFCFA 4 Bytes [68, 02, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenThreadToken + B 77ADFCFF 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenThreadTokenEx + B 77ADFD0F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtQueryAttributesFile + 6 77ADFD9A 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtQueryAttributesFile + B 77ADFD9F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtQueryFullAttributesFile + B 77ADFE4F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtSetInformationFile + 6 77AE036A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtSetInformationFile + B 77AE036F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtSetInformationThread + 6 77AE03BA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtSetInformationThread + B 77AE03BF 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtUnmapViewOfSection + 6 77AE065A 1 Byte [68]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtUnmapViewOfSection + 6 77AE065A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtUnmapViewOfSection + B 77AE065F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtCreateFile + 6 77ADF41A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtCreateFile + B 77ADF41F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + 6 77ADFB6A 1 Byte [28]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + 6 77ADFB6A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + B 77ADFB6F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenFile + 6 77ADFBFA 4 Bytes [68, 00, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenFile + B 77ADFBFF 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcess + 6 77ADFC7A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcess + B 77ADFC7F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessToken + B 77ADFC8F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessTokenEx + 6 77ADFC9A 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessTokenEx + B 77ADFC9F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThread + 6 77ADFCEA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThread + B 77ADFCEF 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadToken + 6 77ADFCFA 4 Bytes [68, 02, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadToken + B 77ADFCFF 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadTokenEx + B 77ADFD0F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryAttributesFile + 6 77ADFD9A 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryAttributesFile + B 77ADFD9F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryFullAttributesFile + B 77ADFE4F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationFile + 6 77AE036A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationFile + B 77AE036F 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationThread + 6 77AE03BA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationThread + B 77AE03BF 1 Byte [E2]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + 6 77AE065A 1 Byte [68]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + 6 77AE065A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + B 77AE065F 1 Byte [E2]
.text C:\Program Files\Mumble\mumble.exe[4200] USER32.dll!WindowFromPoint 76BAC98E 4 Bytes [68, 60, 4E, 17]
.text C:\Program Files\Mumble\mumble.exe[4200] USER32.dll!WindowFromPoint + 5 76BAC993 1 Byte [C3]
.text C:\Program Files\Mumble\mumble.exe[4200] USER32.dll!SetForegroundWindow 76BBAA8C 6 Bytes PUSH 00174E10; RET C:\Program Files\Mumble\mumble.exe (Mumble - Low-latency VoIP client/Thorvald Natvig)
.text C:\Users\Jon\Downloads\2td1158s.exe[5028] kernel32.dll!LoadLibraryW 76EA971F 6 Bytes PUSH 6772DE50; RET C:\Program Files\Mumble\mumble_ol.dll
.text C:\Users\Jon\Downloads\2td1158s.exe[5028] kernel32.dll!LoadLibraryA 76EA9A96 6 Bytes PUSH 6772DFB0; RET C:\Program Files\Mumble\mumble_ol.dll

---- EOF - GMER 1.0.15 ----

Thank you very much for your time/consideration in advance. I greatly appreciate it. If I am missing any information, let me know. Thanks!
 

Attachments

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


Having said that....Let's get going!! :thumbup:
----------

I will look over your malware logs and get back as quickly as I can. :)
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi Porkch0p,

Please RUN HijackThis.

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis.
  • Place a check mark beside each one of the following items:

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window. Reboot your system.
----------

Download TFC to your desktop
  • Close any open windows.
  • Right-click and Run as Administrator the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
----------

Please download Malwarebytes' Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.


  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:
C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
  • Do not use this instance of your browser for anything besides doing this scan
  • When the scan is complete and the results saved, close that instance of your browser
  • Open a new one the usual way and post the results in this topic.


  1. Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      icon on your desktop.
  4. Check
  5. Click the Start button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
  12. Push
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the Back button.
  14. Push Finish
http://www.eset.com/onlinescan/
----------

In your next reply please post the logs created by Malwarebytes and ESET online scanner.
 

PorkCh0p

Thread Starter
Joined
Nov 4, 2011
Messages
11
No threats were found in either of those scans. I hope there's something else I can do to find out whats wrong with my computer.
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi PorkCh0p,

So far I am not seeing any malware in your logs. What type of symptoms are you experiencing? :)
 

PorkCh0p

Thread Starter
Joined
Nov 4, 2011
Messages
11
Everything I do on my computer takes 5 times longer than to load it used to. Also programs that I run seem to crash every now and then.
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi PorkCh0p,

Please download aswMBR to your desktop.

  • Right click and Run as Administrator the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.


Click the image to enlarge it
----------

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

In your next reply please post the logs created by aswMBR and OTL.
 

PorkCh0p

Thread Starter
Joined
Nov 4, 2011
Messages
11
Every time I run run the aswMBR it scans for like 5 seconds and then causes my computer to crash and restart so I don't know whats wrong with that but here are the logs from the OTL scan

OTL.Txt

OTL logfile created on: 11/7/2011 5:40:09 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jon\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.36% Memory free
4.23 Gb Paging File | 2.27 Gb Available in Paging File | 53.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.39 Gb Total Space | 203.25 Gb Free Space | 70.23% Space Free | Partition Type: NTFS
Drive D: | 8.70 Gb Total Space | 1.18 Gb Free Space | 13.51% Space Free | Partition Type: NTFS

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Jon\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Mumble\mumble.exe (Thorvald Natvig)
PRC - C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Steam\bin\libcef.dll ()
MOD - C:\Program Files\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files\Steam\bin\avutil-50.dll ()
MOD - C:\Program Files\Steam\bin\avcodec-52.dll ()
MOD - C:\Program Files\Steam\bin\avformat-52.dll ()
MOD - C:\Program Files\Mumble\plugins\bfbc2.dll ()
MOD - C:\Program Files\Mumble\plugins\css.dll ()
MOD - C:\Program Files\Mumble\plugins\lotro.dll ()
MOD - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\manual.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\insurgency.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\hl2dm.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\wow.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\sto.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\l4d2.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\l4d.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\ut2004.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\link.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\gmod.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\dys.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\dods.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\tf2.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\etqw.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\cod4.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\cs.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\wolfet.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\ut3.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\gtaiv.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\codmw2so.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\codmw2.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\cod5.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\cod2.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\breach.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\bf2.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\aoc.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\borderlands.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\bf2142.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\bf1942.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\bfheroes.dll ()
MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\arma2.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\SharedBin\LvApi11.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Mumble\speex.dll ()
MOD - C:\Program Files\Mumble\mumble_ol.dll ()
MOD - C:\Program Files\Mumble\celt0.0.7.0.sse2.dll ()
MOD - C:\Program Files\Mumble\celt0.0.11.0.sse2.dll ()
MOD - C:\Program Files\Mumble\libprotobuf.dll ()
MOD - C:\Program Files\Mumble\QtPlugins\iconengines\qsvgicon4.dll ()
MOD - C:\Program Files\Mumble\QtPlugins\imageformats\qtiff4.dll ()
MOD - C:\Program Files\Mumble\QtPlugins\imageformats\qsvg4.dll ()
MOD - C:\Program Files\Mumble\QtPlugins\imageformats\qmng4.dll ()
MOD - C:\Program Files\Mumble\QtPlugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Mumble\QtPlugins\imageformats\qico4.dll ()
MOD - C:\Program Files\Mumble\QtPlugins\imageformats\qgif4.dll ()
MOD - C:\Program Files\Mumble\QtGui4.dll ()
MOD - C:\Program Files\Mumble\QtNetwork4.dll ()
MOD - C:\Program Files\Mumble\QtSvg4.dll ()
MOD - C:\Program Files\Mumble\QtOpenGL4.dll ()
MOD - C:\Program Files\Mumble\QtSql4.dll ()
MOD - C:\Program Files\Mumble\QtXml4.dll ()
MOD - C:\Program Files\Mumble\QtCore4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files\Mumble\libsndfile-1.dll ()
MOD - C:\Program Files\Mumble\libmysql.dll ()
MOD - C:\Program Files\Mumble\zlib1.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\phonon4.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKslfa89fbb3) -- File not found
DRV - (MpKsld64b33eb) -- File not found
DRV - (MpKsl6c3d8b98) -- File not found
DRV - (MpKsld7730632) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{022D77F4-E330-4D2E-BB1D-906BAD2910ED}\MpKsld7730632.sys (Microsoft Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (LVUVC) Logitech HD Webcam C310(UVC) -- C:\WINDOWS\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\WINDOWS\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (MpNWMon) -- C:\WINDOWS\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jon\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Jon\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66D33798-47C6-44D6-8E05-509506CD34CB}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Jon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/11 05:51:10 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 17:31:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.exe
[2011/11/07 17:21:00 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Jon\Desktop\aswMBR.exe
[2011/11/07 03:59:11 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\PunkBuster
[2011/11/07 03:59:06 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Ubisoft
[2011/11/07 03:54:29 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Ubisoft Game Launcher
[2011/11/07 03:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011/11/07 03:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011/11/07 03:52:26 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/11/07 03:52:26 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2011/11/07 03:52:25 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011/11/07 03:52:22 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011/11/07 03:52:22 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011/11/07 03:52:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011/11/07 03:52:20 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011/11/07 03:52:18 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011/11/07 03:52:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011/11/07 03:52:17 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011/11/07 03:52:15 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011/11/07 03:52:15 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011/11/07 03:52:15 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/11/07 03:52:14 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011/11/07 03:52:12 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011/11/07 03:52:12 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011/11/07 03:52:10 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011/11/07 03:52:09 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011/11/07 03:52:09 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011/11/07 03:52:08 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011/11/07 03:52:07 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011/11/07 03:52:06 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011/11/07 03:52:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011/11/07 03:52:06 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011/11/07 03:52:03 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011/11/07 03:52:03 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011/11/07 03:52:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011/11/07 03:52:01 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011/11/07 03:52:00 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011/11/07 03:52:00 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011/11/07 03:51:57 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011/11/07 03:51:56 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011/11/07 03:51:56 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011/11/07 03:51:55 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011/11/07 03:51:54 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011/11/07 03:51:54 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011/11/07 03:51:52 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011/11/07 03:51:51 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011/11/07 03:51:47 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011/11/07 03:51:47 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011/11/07 03:51:40 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011/11/07 03:51:39 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011/11/07 03:51:37 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011/11/07 03:51:36 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011/11/07 03:51:34 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011/11/07 03:51:33 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011/11/07 03:51:33 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011/11/07 03:51:32 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011/11/07 03:51:32 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011/11/07 03:51:30 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011/11/07 03:51:30 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011/11/07 03:51:29 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011/11/07 03:51:28 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011/11/07 03:51:28 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011/11/07 03:51:26 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011/11/07 03:51:25 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011/11/07 03:51:24 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011/11/07 03:51:24 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011/11/07 03:51:21 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/11/07 03:51:20 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011/11/07 03:51:20 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011/11/07 03:51:19 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011/11/07 03:51:18 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011/11/07 03:51:17 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011/11/07 03:51:17 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011/11/07 03:51:16 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011/11/07 03:51:15 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011/11/07 03:50:58 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011/11/07 03:50:57 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011/11/07 03:50:57 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011/11/07 03:50:56 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011/11/07 03:50:54 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011/11/07 03:50:53 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011/11/07 03:50:51 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011/11/07 03:50:49 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011/11/07 03:50:47 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011/11/06 19:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/06 18:51:40 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Malwarebytes
[2011/11/06 18:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/06 18:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/06 18:51:27 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/06 18:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/04 21:31:56 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\MTG Decks
[2011/11/04 00:21:09 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCTGN
[2011/11/03 03:09:47 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/02 23:43:24 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Octgn
[2011/11/02 23:23:32 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/11/02 23:23:32 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/11/02 23:23:31 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/11/02 21:58:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/01 07:44:45 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\Hannah Pics
[2011/10/30 19:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/10/30 19:28:12 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/10/30 19:28:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/30 19:28:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/30 19:28:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/29 16:08:58 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Roxio
[2011/10/29 15:32:05 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/10/27 21:53:44 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Mozilla
[2011/10/25 14:13:14 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Facebook
[2011/10/20 18:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
[2011/10/20 18:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2011/10/20 18:29:16 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Seven Zip
[2011/10/20 18:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/10/20 18:28:35 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2011/10/20 18:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/10/20 18:27:08 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/10/20 18:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/10/20 18:25:31 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Microsoft Help
[2011/10/20 18:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/10/20 18:22:24 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/10/19 00:44:18 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\NeopleLauncherDFO
[2011/10/15 02:49:24 | 001,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2011/10/15 02:49:24 | 001,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2011/10/15 02:49:23 | 001,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2011/10/15 02:49:23 | 001,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2011/10/15 02:49:23 | 001,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2011/10/15 02:49:23 | 001,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2011/10/15 02:49:22 | 005,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2011/10/15 02:49:22 | 002,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2011/10/15 02:49:19 | 007,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2011/10/15 02:49:18 | 005,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2011/10/15 02:49:17 | 006,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2011/10/15 02:49:16 | 004,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2011/10/15 02:49:15 | 004,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2011/10/15 02:49:15 | 002,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2011/10/15 02:49:14 | 006,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2011/10/15 02:49:14 | 003,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2011/10/15 02:49:12 | 011,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2011/10/15 02:49:12 | 004,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2011/10/15 02:49:12 | 001,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2011/10/15 02:49:11 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011/10/15 02:49:11 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011/10/15 02:49:10 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2011/10/15 02:49:10 | 001,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2011/10/15 02:49:09 | 004,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2011/10/15 02:49:09 | 001,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2011/10/15 02:49:08 | 004,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2011/10/15 02:49:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2011/10/15 02:49:07 | 006,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2011/10/15 02:49:06 | 006,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2011/10/15 02:49:04 | 006,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2011/10/15 02:49:03 | 009,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2011/10/15 02:49:02 | 006,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2011/10/15 02:49:02 | 001,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2011/10/15 02:49:00 | 005,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2011/10/15 02:48:59 | 004,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2011/10/15 02:48:57 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2011/10/15 02:48:57 | 005,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2011/10/15 02:48:55 | 007,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2011/10/15 02:48:54 | 005,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2011/10/15 02:48:54 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2011/10/15 02:48:53 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2011/10/15 02:48:53 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2011/10/15 02:48:52 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2011/10/15 02:48:52 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2011/10/15 02:48:52 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2011/10/15 02:48:51 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2011/10/15 02:48:51 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2011/10/15 02:48:51 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2011/10/15 02:48:50 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2011/10/15 02:48:50 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2011/10/15 02:48:50 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2011/10/15 02:48:49 | 002,655,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2011/10/15 02:48:48 | 003,464,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2011/10/15 02:48:48 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2011/10/15 02:48:47 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2011/10/15 02:48:47 | 001,523,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2011/10/15 02:48:46 | 002,597,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2011/10/15 02:48:46 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2011/10/15 02:48:46 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2011/10/15 02:48:45 | 004,874,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2011/10/15 02:48:45 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2011/10/15 02:48:45 | 002,241,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2011/10/15 02:48:44 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2011/10/15 02:48:44 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2011/10/15 02:48:44 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2011/10/15 02:48:43 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2011/10/15 02:48:43 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2011/10/15 02:48:43 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2011/10/15 02:48:42 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2011/10/15 02:48:42 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2011/10/15 02:48:41 | 009,845,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2011/10/15 02:48:41 | 002,641,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2011/10/15 02:48:40 | 002,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2011/10/15 02:48:40 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2011/10/15 02:48:39 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2011/10/15 02:48:38 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2011/10/15 02:48:38 | 000,797,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/10/15 02:48:37 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2011/10/15 02:48:37 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2011/10/15 02:48:35 | 006,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2011/10/15 02:48:34 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2011/10/15 02:43:54 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/10/15 02:43:54 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011/10/15 02:43:54 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011/10/15 02:43:54 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011/10/15 02:43:50 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011/10/15 02:43:48 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011/10/15 02:15:52 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/10/15 02:15:52 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/10/14 02:00:21 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/10/12 18:18:51 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Logitech
[2011/10/12 18:06:18 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Logitech® Webcam Software
[2011/10/12 18:04:19 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\SightSpeed Recordings
[2011/10/12 18:04:16 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\LogiShrd
[2011/10/12 18:02:27 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Leadertech
[2011/10/12 17:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2011/10/12 17:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2011/10/12 17:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011/10/12 17:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2011/10/12 17:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2011/10/12 17:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/10/12 03:08:52 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/10/12 03:08:51 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/10/12 03:08:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/10/12 03:08:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/10/12 03:08:51 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011/10/12 03:06:21 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/12 03:06:21 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/10/12 03:06:20 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/10/12 03:06:20 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/10/12 03:06:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/10/12 03:06:19 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/10/12 03:06:18 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/10/12 03:06:18 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/12 03:06:17 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/10/12 03:06:16 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/12 03:06:15 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/12 03:06:11 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/12 03:06:11 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011/10/12 03:06:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/10/12 03:06:09 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/12 03:06:06 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/10/12 03:06:05 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/12 03:06:03 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/12 03:06:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/10/12 03:06:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/12 03:06:00 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/12 03:06:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/12 03:03:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2011/10/12 03:03:50 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2011/10/12 03:01:51 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/10/12 03:01:51 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011/10/12 03:01:51 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/10/12 03:01:51 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/10/12 03:01:51 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/10/12 03:01:50 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/10/12 03:01:50 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/10/12 03:01:50 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/10/12 02:58:31 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2011/10/12 02:58:30 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2011/10/12 02:58:30 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/10/12 02:58:30 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2011/10/12 02:58:30 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2011/10/12 02:57:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2011/10/12 02:57:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2011/10/12 02:54:32 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/10/12 02:54:32 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/10/12 02:54:32 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/10/12 02:54:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2011/10/12 02:54:31 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/10/12 02:54:30 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/10/12 02:53:04 | 003,504,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/10/12 02:53:03 | 003,470,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/10/12 02:46:51 | 000,374,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011/10/12 02:46:06 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011/10/12 02:46:06 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2011/10/12 02:44:17 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2011/10/12 02:44:16 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2011/10/12 02:43:20 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/10/12 02:41:42 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2011/10/12 02:41:41 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2011/10/12 02:41:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2011/10/12 02:41:41 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2011/10/12 02:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/10/12 02:35:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/10/12 02:34:24 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/10/12 02:31:42 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/10/12 02:29:16 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/10/12 02:29:16 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/10/12 02:29:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2011/10/12 02:29:15 | 000,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/10/12 02:29:15 | 000,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/10/12 02:29:15 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/10/12 02:29:15 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011/10/12 02:29:14 | 000,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/10/12 02:29:14 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/10/12 02:29:13 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2011/10/12 02:29:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2011/10/12 02:29:12 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2011/10/12 02:29:12 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2011/10/12 02:29:12 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/10/12 02:29:12 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2011/10/12 02:29:10 | 000,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011/10/12 02:29:10 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2011/10/12 02:29:10 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2011/10/12 02:29:09 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2011/10/12 02:27:29 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/10/12 02:27:28 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/10/12 02:27:26 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011/10/12 02:27:26 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/10/12 02:27:26 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011/10/12 02:27:26 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011/10/12 02:26:46 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2011/10/12 02:26:46 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011/10/12 02:25:37 | 000,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/10/12 02:25:37 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011/10/12 02:25:37 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/10/12 02:24:32 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2011/10/12 02:24:32 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2011/10/12 02:24:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2011/10/12 02:24:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2011/10/12 02:24:00 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2011/10/12 02:22:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2011/10/12 02:22:13 | 002,032,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/12 02:21:45 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/10/12 02:21:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2011/10/12 02:21:13 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/10/12 02:21:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/10/12 02:21:10 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/10/12 02:21:10 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011/10/12 02:21:03 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011/10/12 02:21:03 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011/10/12 02:19:57 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2011/10/12 02:19:04 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/10/12 02:17:33 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/10/12 02:17:33 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/10/12 02:16:25 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2011/10/12 02:14:46 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011/10/12 02:10:20 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011/10/12 02:10:02 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/10/12 02:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/10/12 02:08:36 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/10/12 02:08:35 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/10/12 02:08:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2011/10/12 02:07:38 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011/10/10 09:28:32 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/10/10 09:26:00 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011/10/10 09:26:00 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011/10/10 09:25:31 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011/10/10 09:25:31 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011/10/10 09:25:31 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011/10/10 09:24:52 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011/10/10 09:24:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/10/10 09:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/10 00:40:52 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\HB

========== Files - Modified Within 30 Days ==========

[2011/11/07 17:53:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2855272657-587928351-1394285907-1000UA.job
[2011/11/07 17:35:24 | 000,662,868 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/07 17:35:24 | 000,120,830 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/07 17:31:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.exe
[2011/11/07 17:29:05 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 17:29:05 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 17:28:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/07 17:28:50 | 2146,820,096 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 17:28:49 | 221,499,942 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/07 17:21:09 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Jon\Desktop\aswMBR.exe
[2011/11/07 15:53:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2855272657-587928351-1394285907-1000Core.job
[2011/11/07 15:18:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2855272657-587928351-1394285907-1000UA.job
[2011/11/07 15:18:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2855272657-587928351-1394285907-1000Core.job
[2011/11/07 14:19:03 | 000,138,536 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/11/07 14:18:51 | 000,270,408 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011/11/07 03:59:19 | 000,270,408 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011/11/06 19:02:24 | 000,000,905 | ---- | M] () -- C:\Users\Jon\Desktop\esetsmartinstaller_enu - Shortcut.lnk
[2011/11/06 18:51:33 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/06 18:44:03 | 000,000,804 | ---- | M] () -- C:\Users\Jon\Desktop\TFC - Shortcut.lnk
[2011/11/06 18:42:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/05 01:46:22 | 000,000,215 | ---- | M] () -- C:\Users\Jon\Desktop\Assassin's Creed Brotherhood.url
[2011/11/04 20:35:40 | 021,240,431 | ---- | M] () -- C:\Users\Jon\Desktop\Scars of Mirrodin.[brine].[53].[GO].o8s
[2011/11/04 20:35:01 | 012,418,331 | ---- | M] () -- C:\Users\Jon\Desktop\Mirrodin Besieged.[brine].[GO].o8s
[2011/11/04 20:34:33 | 021,844,331 | ---- | M] () -- C:\Users\Jon\Desktop\Innistrad.[GO].[brine].o8s
[2011/11/04 20:34:26 | 013,991,524 | ---- | M] () -- C:\Users\Jon\Desktop\New Phyrexia.[GO][brine].o8s
[2011/11/04 20:33:42 | 004,028,534 | ---- | M] () -- C:\Users\Jon\Desktop\InnistradDFCs.o8s
[2011/11/04 00:29:56 | 047,317,693 | ---- | M] () -- C:\Users\Jon\Desktop\Markers&Tokens.o8s
[2011/11/04 00:29:17 | 013,846,727 | ---- | M] () -- C:\Users\Jon\Desktop\Magic 2012.[GO].[brine].o8s
[2011/11/04 00:21:57 | 000,761,755 | ---- | M] () -- C:\Users\Jon\Desktop\Magic-v2.0.16[brine].o8g
[2011/11/02 23:34:31 | 000,002,126 | ---- | M] () -- C:\Users\Jon\Desktop\OCTGN.application
[2011/11/02 23:23:32 | 000,295,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/11/02 23:23:32 | 000,099,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/11/02 23:23:32 | 000,049,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/10/30 19:27:41 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/30 19:27:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/10/30 19:27:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/30 19:27:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/30 19:03:12 | 000,000,875 | ---- | M] () -- C:\Users\Jon\Desktop\Batman Villains.lnk
[2011/10/29 15:32:05 | 000,000,214 | ---- | M] () -- C:\Users\Jon\Desktop\Killing Floor.url
[2011/10/28 17:54:50 | 000,002,038 | ---- | M] () -- C:\Users\Jon\Desktop\Google Chrome.lnk
[2011/10/28 17:54:50 | 000,002,000 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/25 15:23:36 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2011/10/24 19:40:32 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/10/22 22:02:52 | 000,349,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/20 18:29:33 | 000,002,158 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/10/19 12:46:16 | 000,144,588 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/10/19 00:44:17 | 000,000,202 | ---- | M] () -- C:\Users\Public\Desktop\Dungeon Fighter Online.url
[2011/10/15 02:49:24 | 001,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2011/10/15 02:49:24 | 001,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2011/10/15 02:49:24 | 001,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2011/10/15 02:49:23 | 002,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2011/10/15 02:49:23 | 001,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2011/10/15 02:49:23 | 001,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2011/10/15 02:49:23 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2011/10/15 02:49:22 | 007,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2011/10/15 02:49:22 | 005,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2011/10/15 02:49:19 | 005,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2011/10/15 02:49:18 | 006,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2011/10/15 02:49:17 | 004,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2011/10/15 02:49:15 | 004,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2011/10/15 02:49:15 | 002,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2011/10/15 02:49:14 | 011,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2011/10/15 02:49:14 | 006,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2011/10/15 02:49:14 | 003,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2011/10/15 02:49:12 | 012,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011/10/15 02:49:12 | 004,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2011/10/15 02:49:12 | 001,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2011/10/15 02:49:11 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2011/10/15 02:49:11 | 002,644,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011/10/15 02:49:10 | 001,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2011/10/15 02:49:09 | 004,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2011/10/15 02:49:09 | 001,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2011/10/15 02:49:08 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2011/10/15 02:49:08 | 004,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2011/10/15 02:49:08 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2011/10/15 02:49:07 | 006,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2011/10/15 02:49:05 | 006,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2011/10/15 02:49:04 | 009,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2011/10/15 02:49:03 | 006,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2011/10/15 02:49:02 | 005,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2011/10/15 02:49:02 | 001,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2011/10/15 02:49:00 | 004,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2011/10/15 02:48:58 | 005,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2011/10/15 02:48:57 | 005,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2011/10/15 02:48:56 | 007,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2011/10/15 02:48:55 | 005,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2011/10/15 02:48:54 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2011/10/15 02:48:54 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2011/10/15 02:48:53 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2011/10/15 02:48:53 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2011/10/15 02:48:52 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2011/10/15 02:48:52 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2011/10/15 02:48:51 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2011/10/15 02:48:51 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2011/10/15 02:48:51 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2011/10/15 02:48:51 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2011/10/15 02:48:50 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2011/10/15 02:48:50 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2011/10/15 02:48:49 | 003,464,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2011/10/15 02:48:49 | 002,655,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2011/10/15 02:48:48 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2011/10/15 02:48:47 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2011/10/15 02:48:47 | 001,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2011/10/15 02:48:46 | 002,597,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2011/10/15 02:48:46 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2011/10/15 02:48:46 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2011/10/15 02:48:45 | 004,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2011/10/15 02:48:45 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2011/10/15 02:48:45 | 002,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2011/10/15 02:48:44 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2011/10/15 02:48:44 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2011/10/15 02:48:44 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2011/10/15 02:48:44 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2011/10/15 02:48:43 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2011/10/15 02:48:43 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2011/10/15 02:48:42 | 009,845,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2011/10/15 02:48:42 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2011/10/15 02:48:42 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2011/10/15 02:48:41 | 002,641,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2011/10/15 02:48:40 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2011/10/15 02:48:40 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2011/10/15 02:48:39 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2011/10/15 02:48:39 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2011/10/15 02:48:38 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2011/10/15 02:48:38 | 000,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/10/15 02:48:37 | 006,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2011/10/15 02:48:37 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2011/10/15 02:48:35 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2011/10/15 02:43:54 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/10/15 02:43:54 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011/10/15 02:43:54 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011/10/15 02:43:54 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011/10/15 02:43:50 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011/10/15 02:43:48 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011/10/15 02:35:53 | 037,093,376 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2011/10/15 02:35:53 | 000,458,752 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2011/10/15 02:35:52 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2011/10/15 02:15:52 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/10/15 02:15:52 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/10/14 02:00:21 | 000,148,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/10/13 02:00:59 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\http.sys.mui
[2011/10/12 18:03:31 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2011/10/12 17:58:28 | 000,001,479 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2011/10/12 07:31:40 | 000,000,949 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/12 03:08:52 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/10/12 03:08:51 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/10/12 03:08:51 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/10/12 03:08:51 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/10/12 03:08:51 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011/10/12 03:06:21 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/12 03:06:21 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/10/12 03:06:21 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/10/12 03:06:20 | 002,452,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/10/12 03:06:20 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/10/12 03:06:20 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/10/12 03:06:18 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/10/12 03:06:18 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/12 03:06:17 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/10/12 03:06:16 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/12 03:06:15 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/12 03:06:11 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/12 03:06:11 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011/10/12 03:06:11 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/10/12 03:06:09 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/12 03:06:07 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/10/12 03:06:05 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/12 03:06:03 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/12 03:06:01 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/10/12 03:06:00 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/12 03:06:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/12 03:06:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/12 03:03:51 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2011/10/12 03:03:50 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2011/10/12 03:01:51 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/10/12 03:01:51 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/10/12 03:01:51 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011/10/12 03:01:51 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/10/12 03:01:51 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/10/12 03:01:51 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/10/12 03:01:50 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/10/12 03:01:50 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/10/12 02:58:31 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2011/10/12 02:58:31 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2011/10/12 02:58:30 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2011/10/12 02:58:30 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/10/12 02:58:30 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2011/10/12 02:58:30 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2011/10/12 02:57:23 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2011/10/12 02:57:22 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2011/10/12 02:54:32 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/10/12 02:54:32 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/10/12 02:54:32 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/10/12 02:54:32 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/10/12 02:54:32 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2011/10/12 02:54:30 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/10/12 02:53:05 | 003,504,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/10/12 02:53:04 | 003,470,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/10/12 02:46:51 | 000,374,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011/10/12 02:46:06 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011/10/12 02:46:06 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2011/10/12 02:44:17 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2011/10/12 02:44:17 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2011/10/12 02:43:20 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/10/12 02:41:42 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2011/10/12 02:41:41 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2011/10/12 02:41:41 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2011/10/12 02:41:41 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2011/10/12 02:35:50 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/10/12 02:34:24 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/10/12 02:31:42 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/10/12 02:29:19 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouclass.sys.mui
[2011/10/12 02:29:19 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouhid.sys.mui
[2011/10/12 02:29:18 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\i8042prt.sys.mui
[2011/10/12 02:29:18 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\sermouse.sys.mui
[2011/10/12 02:29:18 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
[2011/10/12 02:29:18 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
[2011/10/12 02:29:16 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/10/12 02:29:16 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/10/12 02:29:16 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2011/10/12 02:29:15 | 000,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/10/12 02:29:15 | 000,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/10/12 02:29:15 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/10/12 02:29:15 | 000,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011/10/12 02:29:14 | 000,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/10/12 02:29:14 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/10/12 02:29:13 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2011/10/12 02:29:13 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2011/10/12 02:29:12 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2011/10/12 02:29:12 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2011/10/12 02:29:12 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/10/12 02:29:12 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2011/10/12 02:29:10 | 000,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011/10/12 02:29:10 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2011/10/12 02:29:10 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2011/10/12 02:29:09 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2011/10/12 02:27:29 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/10/12 02:27:28 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/10/12 02:27:26 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011/10/12 02:27:26 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/10/12 02:27:26 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011/10/12 02:27:26 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011/10/12 02:26:46 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2011/10/12 02:26:46 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011/10/12 02:25:37 | 000,213,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/10/12 02:25:37 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011/10/12 02:25:37 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/10/12 02:24:32 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2011/10/12 02:24:32 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2011/10/12 02:24:32 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2011/10/12 02:24:01 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2011/10/12 02:24:00 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2011/10/12 02:22:51 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2011/10/12 02:22:13 | 002,032,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/12 02:21:45 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/10/12 02:21:45 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2011/10/12 02:21:14 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/10/12 02:21:11 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/10/12 02:21:10 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/10/12 02:21:03 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011/10/12 02:21:03 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011/10/12 02:19:58 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2011/10/12 02:19:04 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/10/12 02:17:33 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/10/12 02:17:33 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/10/12 02:16:25 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2011/10/12 02:14:46 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011/10/12 02:10:20 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011/10/12 02:10:02 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/10/12 02:08:35 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/10/12 02:08:35 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2011/10/12 02:07:38 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011/10/12 00:49:12 | 000,000,944 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/10 09:26:00 | 002,421,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011/10/10 09:26:00 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011/10/10 09:25:31 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011/10/10 09:25:31 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011/10/10 09:25:31 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011/10/10 09:24:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/10 09:24:52 | 000,171,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011/10/10 09:24:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/10/08 23:09:25 | 000,000,926 | ---- | M] () -- C:\Users\Jon\Desktop\Heroes of Newerth.lnk

========== Files Created - No Company Name ==========

[2011/11/07 03:59:16 | 000,270,408 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2011/11/06 19:02:24 | 000,000,905 | ---- | C] () -- C:\Users\Jon\Desktop\esetsmartinstaller_enu - Shortcut.lnk
[2011/11/06 18:51:33 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/06 18:44:03 | 000,000,804 | ---- | C] () -- C:\Users\Jon\Desktop\TFC - Shortcut.lnk
[2011/11/05 01:46:22 | 000,000,215 | ---- | C] () -- C:\Users\Jon\Desktop\Assassin's Creed Brotherhood.url
[2011/11/04 20:35:39 | 021,240,431 | ---- | C] () -- C:\Users\Jon\Desktop\Scars of Mirrodin.[brine].[53].[GO].o8s
[2011/11/04 20:34:59 | 012,418,331 | ---- | C] () -- C:\Users\Jon\Desktop\Mirrodin Besieged.[brine].[GO].o8s
[2011/11/04 20:34:32 | 021,844,331 | ---- | C] () -- C:\Users\Jon\Desktop\Innistrad.[GO].[brine].o8s
[2011/11/04 20:34:23 | 013,991,524 | ---- | C] () -- C:\Users\Jon\Desktop\New Phyrexia.[GO][brine].o8s
[2011/11/04 20:33:30 | 004,028,534 | ---- | C] () -- C:\Users\Jon\Desktop\InnistradDFCs.o8s
[2011/11/04 00:29:05 | 013,846,727 | ---- | C] () -- C:\Users\Jon\Desktop\Magic 2012.[GO].[brine].o8s
[2011/11/04 00:24:12 | 047,317,693 | ---- | C] () -- C:\Users\Jon\Desktop\Markers&Tokens.o8s
[2011/11/04 00:21:53 | 000,761,755 | ---- | C] () -- C:\Users\Jon\Desktop\Magic-v2.0.16[brine].o8g
[2011/11/02 23:34:31 | 000,002,126 | ---- | C] () -- C:\Users\Jon\Desktop\OCTGN.application
[2011/11/02 21:58:17 | 221,499,942 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/30 19:03:12 | 000,000,875 | ---- | C] () -- C:\Users\Jon\Desktop\Batman Villains.lnk
[2011/10/29 15:32:05 | 000,000,214 | ---- | C] () -- C:\Users\Jon\Desktop\Killing Floor.url
[2011/10/25 14:13:18 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2855272657-587928351-1394285907-1000UA.job
[2011/10/25 14:13:17 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2855272657-587928351-1394285907-1000Core.job
[2011/10/20 18:29:33 | 000,002,158 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/10/19 12:46:16 | 000,144,588 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/10/19 00:44:17 | 000,000,202 | ---- | C] () -- C:\Users\Public\Desktop\Dungeon Fighter Online.url
[2011/10/15 02:19:00 | 037,093,376 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2011/10/15 02:19:00 | 000,458,752 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2011/10/15 02:19:00 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2011/10/12 18:03:31 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2011/10/12 17:58:28 | 000,001,479 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2011/10/12 02:58:31 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/10/12 00:49:12 | 000,000,944 | ---- | C] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/10 09:24:57 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/10 09:23:50 | 000,001,814 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/08 23:09:13 | 000,000,926 | ---- | C] () -- C:\Users\Jon\Desktop\Heroes of Newerth.lnk
[2011/10/04 00:54:55 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/10/03 21:33:07 | 000,138,536 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/10/03 21:33:07 | 000,138,056 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\PnkBstrK.sys
[2011/10/03 21:32:46 | 000,270,408 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/10/03 21:32:43 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/10/03 07:18:04 | 000,000,680 | ---- | C] () -- C:\Users\Jon\AppData\Local\d3d9caps.dat
[2011/08/19 01:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 01:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 01:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 11:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/08/03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/07/25 22:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/08/11 05:39:00 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/11 05:26:01 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1277.dll
[2007/08/11 05:21:41 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/08/11 05:18:51 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/08/11 05:18:51 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/05/14 04:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,349,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,662,868 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,120,830 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 23:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/01 23:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

========== LOP Check ==========

[2011/10/12 18:02:27 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Leadertech
[2011/10/07 18:06:50 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\LolClient
[2011/11/07 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Mumble
[2011/10/19 00:59:11 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\NeopleLauncherDFO
[2011/10/28 21:25:45 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Origin
[2011/10/03 08:04:13 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Snapfish
[2011/11/07 03:59:06 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Ubisoft
[2011/11/07 15:18:00 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2855272657-587928351-1394285907-1000Core.job
[2011/11/07 15:18:02 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2855272657-587928351-1394285907-1000UA.job
[2011/11/06 18:45:38 | 000,010,942 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Extras.Txt

OTL Extras logfile created on: 11/7/2011 5:40:09 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jon\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.36% Memory free
4.23 Gb Paging File | 2.27 Gb Available in Paging File | 53.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.39 Gb Total Space | 203.25 Gb Free Space | 70.23% Space Free | Partition Type: NTFS
Drive D: | 8.70 Gb Total Space | 1.18 Gb Free Space | 13.51% Space Free | Partition Type: NTFS

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10BF0F68-BF8A-4569-8943-4FB1AE2F73FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A30F604-EC9F-42BB-8199-EAE8ED44D985}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F2A1B09-73B3-4954-8A7B-CA4440C7850B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F71D155-4ACD-4ABF-B674-905D6F423966}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A8FB65E1-DB7B-4459-9CFA-9F96D33A5FCC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD6CCA7E-7E77-45C1-94CA-A0CBF561CC57}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C45FF973-AA5B-4A23-8A9D-36581B32D789}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D78FE452-9114-49A8-8BEA-4AFF2BDA3CB0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EA46BE8B-4233-4A66-A81F-68C5E0A3E823}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025FF3DD-C578-47CB-B6A9-EB6DB50633EC}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{038DCEA4-6B90-4094-B6BE-AC45BB9F37A0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0DC5B943-E162-4926-9E75-96060DE1C36B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1203976E-E8F5-4A6B-9D82-550B6304D8E0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1650FD4C-3B88-4584-B68A-4AD2E2ABAEE9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{19771CDB-8702-48CD-9FC3-A3E73CECA346}" = dir=in | app=c:\users\jon\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{22FB2CB9-B811-444D-A747-75A8350A6FD6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{23C10FC7-3CAE-4238-856E-70528463B17A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{25B45326-7100-47C7-9B55-91A2E5378290}" = protocol=6 | dir=out | app=system |
"{2CE2568A-8C73-4FAE-A225-BFC475D9E8FA}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{32B069BB-7440-4C5A-9BEF-9A9448FEB618}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{35448048-E818-44D8-8ED2-8466BC53BD19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35BACCD1-1D27-47F3-A54C-C8FCF3CF58AE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3FD818E6-7252-48EA-8CEE-341C7B9E8288}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4DEA83A3-048F-4479-9A88-B720365B6823}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4FF4C67E-7712-44C1-A8F3-6F8631B2614E}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{582DF1FD-0C57-43C8-BDEE-AD19610B501D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AA453A3-5A8C-4C00-9AE6-73A9B0E2D433}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FC54D50-C7DE-4A3B-AB2B-B996F81B5309}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{6630B653-EA0F-4FF6-9B21-11A110E79DC5}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{69DB2F94-5294-4F8D-86A2-F0FB28A1D6C8}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{783E69D5-066A-4666-8597-98D9EFB940C7}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{7ACAAF84-B01D-4640-9BFF-805D00FFFC54}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{7B716819-34C5-4F07-A18C-E47AE184D417}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8010486F-0EA6-4552-AF31-F754EEA984AD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{80F7C08A-07CE-4F1F-9EC5-B2A70C1ED6C1}" = protocol=17 | dir=in | app=c:\users\jon\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{81A337F6-D7F8-4C67-8E96-AE9C639D16B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{98BA3614-C162-4CCA-8E21-245D306BAF89}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{992FAD21-52C0-4E77-98B9-47F156460232}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A8061CBF-886E-4D36-A1FA-B38F6E9D0016}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{AE4DC9A1-9560-4245-84A7-2F3175F01E1C}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B03A4068-DA5F-4E0D-818C-925F3EED02A4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
"{B1EC2E28-64D1-46F1-B114-A31266FBEC79}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B2D300BF-F4DA-4E27-9090-54E886C7C75C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BA0F4735-861B-4786-BB54-4CBD3D4026E0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C6FB1DAA-BD46-4B09-B5B9-FADFDFB97BE4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D53DF246-FA69-444D-A6F9-B0958DB08F41}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D5E75043-3927-4857-9785-E6B2B45B0935}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D60E2F8A-78DF-40F4-9D99-2A112CA012AB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D87173E0-26E7-440A-8724-52C73BE80F45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D8B99F42-38B1-4BA5-8A4A-F48BB7B24834}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DA9E3E80-5FAE-4414-9C8C-FDE8A7CBF602}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DED0974C-A002-46BC-8D5D-EAC7A09B8907}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E0F14F84-B272-4C02-93E3-0587632F676D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7B42D02-441E-4DC8-A5DF-0C59DE966881}" = protocol=6 | dir=in | app=c:\users\jon\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{ED3AD530-A0A3-430E-B5C9-A7268FB54333}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F8C43E9A-E38F-459F-846F-28D570263211}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
"TCP Query User{5AAB0B7C-C0B7-418E-B860-612E6935ACFE}C:\users\jon\appdata\local\apps\2.0\01d1bn6v.8ml\r39acd0b.4ra\octg..tion_0000000000000000_0000.000a_79847e37e4b4a88a\octgn.exe" = protocol=6 | dir=in | app=c:\users\jon\appdata\local\apps\2.0\01d1bn6v.8ml\r39acd0b.4ra\octg..tion_0000000000000000_0000.000a_79847e37e4b4a88a\octgn.exe |
"TCP Query User{706979AD-880E-42F5-8F6E-B208EF692D89}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"TCP Query User{77921628-088A-4A26-90B3-20D5B2D8D1A9}C:\program files\heroes of newerth private test\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth private test\hon.exe |
"UDP Query User{422B7DAC-458D-4334-A7BC-4AFF3ABE42A0}C:\users\jon\appdata\local\apps\2.0\01d1bn6v.8ml\r39acd0b.4ra\octg..tion_0000000000000000_0000.000a_79847e37e4b4a88a\octgn.exe" = protocol=17 | dir=in | app=c:\users\jon\appdata\local\apps\2.0\01d1bn6v.8ml\r39acd0b.4ra\octg..tion_0000000000000000_0000.000a_79847e37e4b4a88a\octgn.exe |
"UDP Query User{9D6CF812-F059-4714-BC54-520AA29D3AFA}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"UDP Query User{BC2EE3AA-A169-4C06-9BF2-A198884E6EB8}C:\program files\heroes of newerth private test\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth private test\hon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B}" = HP Total Care Advisor
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A66DBCC6-8802-3D15-9FDF-9552742C08B0}" = Google Talk Plugin
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype&#8482; 5.5
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED721ABC-423D-4F7D-AEBB-E1E39C388E84}" = Facebook Video Calling 1.0.0.8714
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip 9.20" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"DFO" = DFOLauncher
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hon" = Heroes of Newerth
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PunkBusterSvc" = PunkBuster Services
"Steam App 1250" = Killing Floor
"Steam App 48190" = Assassin's Creed Brotherhood
"SystemRequirementsLab" = System Requirements Lab
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"09e5f34d09ff8c7d" = OCTGN
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/5/2011 12:29:18 AM | Computer Name = Jon-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 11/5/2011 5:37:08 AM | Computer Name = Jon-PC | Source = Application Error | ID = 1000
Description = Faulting application DFO.exe, version 1.0.44.1, time stamp 0x4ea67d03,
faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception
code 0xc0000005, fault offset 0x00022a15, process id 0xd00, application start time
0x01cc9b98acff5290.

Error - 11/6/2011 10:42:22 PM | Computer Name = Jon-PC | Source = WerSvc | ID = 5007
Description =

Error - 11/6/2011 10:51:27 PM | Computer Name = Jon-PC | Source = WerSvc | ID = 5007
Description =

Error - 11/7/2011 4:23:09 AM | Computer Name = Jon-PC | Source = Application Error | ID = 1000
Description = Faulting application DFO.exe, version 1.0.44.1, time stamp 0x4ea67d03,
faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception
code 0xc0000005, fault offset 0x00022a15, process id 0x4e4, application start time
0x01cc9d25be4c892e.

Error - 11/7/2011 7:49:46 AM | Computer Name = Jon-PC | Source = VSS | ID = 8194
Description =

Error - 11/7/2011 7:52:27 AM | Computer Name = Jon-PC | Source = System Restore | ID = 8193
Description =

Error - 11/7/2011 7:56:36 AM | Computer Name = Jon-PC | Source = Application Error | ID = 1000
Description = Faulting application UbisoftGameLauncher.exe, version 0.0.0.0, time
stamp 0x4df1e9f0, faulting module UbisoftGameLauncher.exe, version 0.0.0.0, time
stamp 0x4df1e9f0, exception code 0xc0000005, fault offset 0x00282842, process id
0x105c, application start time 0x01cc9d44171b149e.

Error - 11/7/2011 5:47:33 PM | Computer Name = Jon-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 15.0.874.106 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: e1c Start Time: 01cc9d9670d561fe Termination Time: 11

Error - 11/7/2011 9:35:23 PM | Computer Name = Jon-PC | Source = WerSvc | ID = 5007
Description =

[ System Events ]
Error - 11/3/2011 4:14:56 AM | Computer Name = Jon-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:12:31 AM on 11/3/2011 was unexpected.

Error - 11/5/2011 7:55:25 PM | Computer Name = Jon-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.212 for the Network Card with network
address 001D60127D29 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 11/5/2011 8:08:57 PM | Computer Name = Jon-PC | Source = bowser | ID = 8003
Description =

Error - 11/6/2011 10:43:04 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/6/2011 10:44:39 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 11/6/2011 10:48:08 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/7/2011 9:23:22 PM | Computer Name = Jon-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:22:19 PM on 11/7/2011 was unexpected.

Error - 11/7/2011 9:25:03 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/7/2011 9:28:56 PM | Computer Name = Jon-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:27:16 PM on 11/7/2011 was unexpected.

Error - 11/7/2011 9:30:36 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi PorkCh0p,

While I am looking over this OTL log please do the following...

Download CKScanner by askey127 from Here & save it to your Desktop.
  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
----------

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.

==========================================

In your next reply please post the logs created by CKScanner and MBRCheck. :)
 

PorkCh0p

Thread Starter
Joined
Nov 4, 2011
Messages
11
CKFiles.txt

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\hp games\bejeweled 2 deluxe\sounds\firecrackle.ogg
c:\program files\hp games\blasterball 3\data\art\bitmaps\enemies\boss2_crack.jpg.wkz
c:\program files\hp games\mah jong quest\images\tile_firecracker-1.pnge
c:\program files\hp games\mah jong quest\images\tile_firecracker-2.pnge
c:\program files\hp games\mah jong quest\images\tile_firecracker-3.pnge
c:\program files\hp games\mah jong quest\images\tile_firecracker1.pnge
c:\program files\hp games\mah jong quest\images\kwazi3\level5-1cracktop.jpge
c:\program files\hp games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack1.jpge
c:\program files\hp games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack2.jpge
scanner sequence 3.ED.11.WUNADV
----- EOF -----

MBRCheck.txt

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Compaq-Presario
System Product Name: GV344AA-ABA SR5262NX
Logical Drives Mask: 0x000003dc

Kernel Drivers (total 147):
0xE2400000 \SystemRoot\system32\ntkrnlpa.exe
0xE27A2000 \SystemRoot\system32\hal.dll
0xC5EC6000 \SystemRoot\system32\kdcom.dll
0xC5E66000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0xC5E5D000 \SystemRoot\system32\PSHED.dll
0xC5E55000 \SystemRoot\system32\BOOTVID.dll
0xC5E1A000 \SystemRoot\system32\CLFS.SYS
0xC611F000 \SystemRoot\system32\CI.dll
0xC60A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0xC5E0D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0xC6061000 \SystemRoot\system32\drivers\acpi.sys
0xC5E04000 \SystemRoot\system32\drivers\WMILIB.SYS
0xC6059000 \SystemRoot\system32\drivers\msisadrv.sys
0xC6034000 \SystemRoot\system32\drivers\pci.sys
0xC6025000 \SystemRoot\system32\drivers\volmgr.sys
0xC6015000 \SystemRoot\System32\drivers\mountmgr.sys
0xC600E000 \SystemRoot\system32\drivers\intelide.sys
0xC6000000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0xC63B6000 \SystemRoot\System32\drivers\volmgrx.sys
0xC63AE000 \SystemRoot\system32\drivers\atapi.sys
0xC6390000 \SystemRoot\system32\drivers\ataport.SYS
0xC635F000 \SystemRoot\system32\drivers\fltmgr.sys
0xC634F000 \SystemRoot\system32\drivers\fileinfo.sys
0xC6346000 \SystemRoot\System32\Drivers\PxHelp20.sys
0xC6242000 \SystemRoot\system32\drivers\ndis.sys
0xC6217000 \SystemRoot\system32\drivers\msrpc.sys
0xC65C7000 \SystemRoot\system32\drivers\NETIO.SYS
0xC64BF000 \SystemRoot\System32\Drivers\Ntfs.sys
0xC6455000 \SystemRoot\System32\Drivers\ksecdd.sys
0xC641F000 \SystemRoot\system32\drivers\volsnap.sys
0xC620F000 \SystemRoot\System32\Drivers\spldr.sys
0xC6200000 \SystemRoot\System32\drivers\partmgr.sys
0xC6410000 \SystemRoot\System32\Drivers\mup.sys
0xC67DB000 \SystemRoot\System32\drivers\ecache.sys
0xC67CA000 \SystemRoot\system32\drivers\disk.sys
0xC67A9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0xC6407000 \SystemRoot\system32\drivers\crcdisk.sys
0xC7015000 \SystemRoot\system32\DRIVERS\tunnel.sys
0xC7007000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xCA01A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0xC9D64000 \SystemRoot\System32\drivers\dxgkrnl.sys
0xC9413000 \SystemRoot\System32\drivers\watchdog.sys
0xC9401000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xC94E9000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0xC9D59000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xC9D1C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xC9D0E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xC9CC2000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0xC9C98000 \SystemRoot\system32\DRIVERS\ks.sys
0xCAAFE000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
0xCAA49000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xC9C8B000 \SystemRoot\system32\drivers\modem.sys
0xC9C73000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xC9C48000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0xC9C08000 \SystemRoot\system32\DRIVERS\storport.sys
0xCA00F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xCAA32000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xCA004000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xCAA0F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xC6662000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xCADED000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xCADD1000 \SystemRoot\system32\DRIVERS\termdd.sys
0xCAA04000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xCADC6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xC71CC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xC95C4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xCADE0000 \SystemRoot\system32\DRIVERS\umbus.sys
0xCACC2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xC6D00000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xCAC9D000 \SystemRoot\system32\drivers\nvhda32v.sys
0xCAC70000 \SystemRoot\system32\drivers\portcls.sys
0xCAC4B000 \SystemRoot\system32\drivers\drmk.sys
0xCAE4B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0xCAE15000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xC948C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xC7055000 \SystemRoot\System32\Drivers\Null.SYS
0xC705C000 \SystemRoot\System32\Drivers\Beep.SYS
0xC7063000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xCAE09000 \SystemRoot\System32\drivers\vga.sys
0xCB1DF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xC712D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xC7135000 \SystemRoot\system32\drivers\rdpencdd.sys
0xCAC00000 \SystemRoot\System32\Drivers\Msfs.SYS
0xCB1B1000 \SystemRoot\System32\Drivers\Npfs.SYS
0xC949E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xCB09C000 \SystemRoot\System32\drivers\tcpip.sys
0xCB083000 \SystemRoot\System32\drivers\fwpkclnt.sys
0xCB06E000 \SystemRoot\system32\DRIVERS\tdx.sys
0xCB05A000 \SystemRoot\system32\DRIVERS\smb.sys
0xCB013000 \SystemRoot\system32\drivers\afd.sys
0xCB5CE000 \SystemRoot\System32\DRIVERS\netbt.sys
0xCB5B8000 \SystemRoot\system32\DRIVERS\pacer.sys
0xCB005000 \SystemRoot\system32\DRIVERS\netbios.sys
0xCB5A5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xCB56A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xC95CE000 \SystemRoot\system32\drivers\nsiproxy.sys
0xC9512000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5A2FEB0-399E-4CD0-99BD-0A9308DB0316}\MpKslfa89fbb3.sys
0xC9518000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5A2FEB0-399E-4CD0-99BD-0A9308DB0316}\MpKsld64b33eb.sys
0xC951E000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5A2FEB0-399E-4CD0-99BD-0A9308DB0316}\MpKsl6c3d8b98.sys
0xCB553000 \SystemRoot\System32\Drivers\dfsc.sys
0xCACF6000 \SystemRoot\System32\Drivers\crashdmp.sys
0xC7020000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0xC7125000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xCB49C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xC71CE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xD13DF000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0xCB48A000 \SystemRoot\system32\drivers\usbaudio.sys
0xCB43E000 \SystemRoot\system32\DRIVERS\lvrs.sys
0xD1E00000 \SystemRoot\System32\win32k.sys
0xC95D8000 \SystemRoot\System32\drivers\Dxapi.sys
0xCC21A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xCAE3C000 \SystemRoot\system32\DRIVERS\monitor.sys
0xC9456000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xC6D90000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xC945F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xD4600000 \SystemRoot\System32\TSDDD.dll
0xD4610000 \SystemRoot\System32\cdd.dll
0xD4278000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xD52E5000 \SystemRoot\system32\drivers\luafv.sys
0xD74B2000 \SystemRoot\system32\drivers\spsys.sys
0xC6DEC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xD7BED000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xD7B04000 \SystemRoot\system32\drivers\HTTP.sys
0xD7AA9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xD7A90000 \SystemRoot\system32\DRIVERS\bowser.sys
0xD7A7C000 \SystemRoot\System32\drivers\mpsdrv.sys
0xD7A5C000 \SystemRoot\system32\drivers\mrxdav.sys
0xD7A3E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xD7A05000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xD7FEE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xD7FCA000 \SystemRoot\System32\DRIVERS\srv2.sys
0xC95BA000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0xD7EF9000 \SystemRoot\System32\DRIVERS\srv.sys
0xD8D98000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xDA122000 \SystemRoot\system32\drivers\peauth.sys
0xC956A000 \SystemRoot\System32\Drivers\secdrv.SYS
0xCC3A8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xD4220000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xD7E00000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xD8C18000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xD94BA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xD4620000 \SystemRoot\System32\ATMFD.DLL
0xD45DC000 \SystemRoot\system32\drivers\qwavedrv.sys
0xE53A0000 \??\C:\Windows\system32\drivers\mbam.sys
0xE1040000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{022D77F4-E330-4D2E-BB1D-906BAD2910ED}\MpKsld7730632.sys
0xECA0F000 \??\C:\Windows\system32\drivers\EagleXNt.sys
0x76FA0000 \WINDOWS\System32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
424 C:\WINDOWS\System32\smss.exe
560 csrss.exe
616 C:\WINDOWS\System32\wininit.exe
628 csrss.exe
660 C:\WINDOWS\System32\services.exe
704 C:\WINDOWS\System32\lsass.exe
712 C:\WINDOWS\System32\lsm.exe
740 C:\WINDOWS\System32\winlogon.exe
884 C:\WINDOWS\System32\svchost.exe
940 C:\WINDOWS\System32\svchost.exe
976 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1076 C:\WINDOWS\System32\svchost.exe
1100 C:\WINDOWS\System32\svchost.exe
1112 C:\WINDOWS\System32\svchost.exe
1144 C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
1340 C:\WINDOWS\System32\audiodg.exe
1376 C:\WINDOWS\System32\SLsvc.exe
1408 C:\WINDOWS\System32\svchost.exe
1540 C:\WINDOWS\System32\svchost.exe
1708 C:\WINDOWS\System32\spoolsv.exe
1732 C:\WINDOWS\System32\svchost.exe
568 C:\WINDOWS\System32\taskeng.exe
652 C:\WINDOWS\System32\dwm.exe
1368 C:\WINDOWS\explorer.exe
2040 C:\Program Files\Microsoft Security Client\msseces.exe
2036 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
2068 C:\Program Files\Pando Networks\Media Booster\PMB.exe
2076 C:\WINDOWS\ehome\ehtray.exe
2100 C:\Program Files\Logitech\Vid HD\Vid.exe
2132 C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe
2144 C:\Program Files\Windows Media Player\wmpnscfg.exe
2164 C:\Users\Jon\AppData\Local\Facebook\Update\FacebookUpdate.exe
2200 C:\WINDOWS\ehome\ehmsas.exe
2340 C:\WINDOWS\System32\PnkBstrA.exe
2416 C:\WINDOWS\System32\svchost.exe
2504 C:\WINDOWS\System32\svchost.exe
2564 C:\WINDOWS\System32\svchost.exe
2612 C:\WINDOWS\System32\SearchIndexer.exe
2692 C:\WINDOWS\System32\drivers\XAudio.exe
2808 WUDFHost.exe
3048 C:\Program Files\Windows Media Player\wmpnetwk.exe
3100 C:\WINDOWS\System32\taskeng.exe
3144 C:\WINDOWS\System32\mobsync.exe
3772 C:\Program Files\Steam\Steam.exe
4032 C:\Program Files\Skype\Phone\Skype.exe
3260 C:\Program Files\Mumble\mumble.exe
4744 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4580 C:\WINDOWS\System32\wuauclt.exe
2928 C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
160 C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
4996 C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
6068 C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
5128 DFO.exe
4916 C:\Program Files\Ventrilo\Ventrilo.exe
5412 C:\WINDOWS\System32\rundll32.exe
2932 C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
4676 C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
1196 C:\WINDOWS\System32\SearchProtocolHost.exe
5040 C:\WINDOWS\System32\SearchFilterHost.exe
3912 C:\Users\Jon\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`58bca200 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD320KJ, Rev: CP100-10

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected
SHA1: 161E5DF10EB9B6EAC4AA8DF99305EF77B11BEBD8


Done!
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi PorkCh0p,

Is this a corporate or business computer?
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
This is my own personal computer at home.
Ok I just had to check. :)

I am still working on reviewing your OTL log. Its been a crazy day at work. :eek:
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top