1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer very slow, I think I might have a virus/malware problem

Discussion in 'Virus & Other Malware Removal' started by PorkCh0p, Nov 4, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. PorkCh0p

    PorkCh0p Thread Starter

    Joined:
    Nov 4, 2011
    Messages:
    11
    Hello there, for the past 2 months or so I've been experiencing issues when I open programs where they don't run at all or crash after a while. I would very much like to resolve the issue as soon as possible, as it has hindered me quite a bit lately so I finally sought to seek help thinking it is malware, or virus related.

    HijackThis Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:51:11 PM, on 11/2/2011
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16982)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Steam\Steam.exe
    C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Mumble\mumble.exe
    C:\Program Files\Heroes of Newerth\hon.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Jon\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [EADM] "C:\Program Files\Origin\Origin.exe" -AutoStart
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jon\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 5681 bytes

    DDS.txt:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6000.16982
    Run by Jon at 22:52:24 on 2011-11-02
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2047.383 [GMT -7:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\PnkBstrB.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Steam\Steam.exe
    C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Mumble\mumble.exe
    C:\Program Files\Heroes of Newerth\hon.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
    uRun: [Google Update] "c:\users\jon\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [EADM] "c:\program files\origin\Origin.exe" -AutoStart
    uRun: [Facebook Update] "c:\users\jon\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [<NO NAME>]
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{66D33798-47C6-44D6-8E05-509506CD34CB} : DhcpNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: igfxcui - igfxdev.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 MpKsl50d8f76e;MpKsl50d8f76e;c:\programdata\microsoft\microsoft antimalware\definition updates\{471d26cf-ea17-48f5-8866-95012fc87088}\MpKsl50d8f76e.sys [2011-11-2 28752]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-10-3 139368]
    S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-10-3 2255464]
    S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-8-3 379496]
    .
    =============== Created Last 30 ================
    .
    2011-11-02 08:48:16 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{471d26cf-ea17-48f5-8866-95012fc87088}\MpKsl50d8f76e.sys
    2011-11-02 08:47:32 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{471d26cf-ea17-48f5-8866-95012fc87088}\offreg.dll
    2011-11-02 08:47:24 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{471d26cf-ea17-48f5-8866-95012fc87088}\mpengine.dll
    2011-10-31 03:28:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-25 22:13:14 -------- d-----w- c:\users\jon\appdata\local\Facebook
    2011-10-21 02:29:34 -------- d-----w- c:\programdata\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
    2011-10-21 02:29:25 -------- d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
    2011-10-21 02:29:16 -------- d-----w- c:\users\jon\appdata\local\Seven Zip
    2011-10-21 02:28:36 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    2011-10-21 02:28:35 32592 ----a-w- c:\windows\system32\msonpmon.dll
    2011-10-21 02:27:08 -------- d-----w- c:\windows\PCHEALTH
    2011-10-21 02:25:31 -------- d-----w- c:\users\jon\appdata\local\Microsoft Help
    2011-10-19 08:44:18 -------- d-----w- c:\users\jon\appdata\roaming\NeopleLauncherDFO
    2011-10-15 10:48:59 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll
    2011-10-15 10:43:54 97800 ----a-w- c:\windows\system32\infocardapi.dll
    2011-10-15 10:43:54 622080 ----a-w- c:\windows\system32\icardagt.exe
    2011-10-15 10:43:54 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
    2011-10-15 10:43:54 11264 ----a-w- c:\windows\system32\icardres.dll
    2011-10-15 10:43:50 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2011-10-15 10:43:49 326160 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-10-15 10:43:48 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2011-10-15 10:43:48 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-10-15 10:15:55 96760 ----a-w- c:\windows\system32\dfshim.dll
    2011-10-15 10:15:54 41984 ----a-w- c:\windows\system32\netfxperf.dll
    2011-10-15 10:15:52 83968 ----a-w- c:\windows\system32\mscories.dll
    2011-10-15 10:15:52 282112 ----a-w- c:\windows\system32\mscoree.dll
    2011-10-15 10:15:52 158720 ----a-w- c:\windows\system32\mscorier.dll
    2011-10-14 10:00:21 148992 ----a-w- c:\windows\system32\drivers\ks.sys
    2011-10-13 10:02:09 378368 ----a-w- c:\windows\system32\winhttp.dll
    2011-10-13 10:01:46 268800 ----a-w- c:\windows\system32\es.dll
    2011-10-13 02:06:18 -------- d-----w- c:\users\jon\appdata\local\Logitech® Webcam Software
    2011-10-13 02:04:16 -------- d-----w- c:\users\jon\appdata\local\LogiShrd
    2011-10-13 02:02:26 53248 ----a-r- c:\users\jon\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
    2011-10-13 01:59:19 -------- d-----w- c:\program files\common files\LWS
    2011-10-12 11:08:52 156672 ----a-w- c:\windows\system32\t2embed.dll
    2011-10-12 11:08:51 72704 ----a-w- c:\windows\system32\fontsub.dll
    2011-10-12 11:08:51 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-10-12 11:08:51 289792 ----a-w- c:\windows\system32\atmfd.dll
    2011-10-12 11:08:51 24064 ----a-w- c:\windows\system32\lpk.dll
    2011-10-12 11:08:51 10240 ----a-w- c:\windows\system32\dciman32.dll
    2011-10-12 11:03:51 61440 ----a-w- c:\windows\system32\winipsec.dll
    2011-10-12 11:03:51 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
    2011-10-12 11:03:51 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
    2011-10-12 11:03:50 272896 ----a-w- c:\windows\system32\polstore.dll
    2011-10-12 11:03:03 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-10-12 11:03:03 306688 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-10-12 11:01:51 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
    2011-10-12 11:01:51 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
    2011-10-12 11:01:51 15360 ----a-w- c:\windows\system32\netevent.dll
    2011-10-12 11:01:51 11264 ----a-w- c:\windows\system32\MRINFO.EXE
    2011-10-12 11:01:51 103936 ----a-w- c:\windows\system32\netiohlp.dll
    2011-10-12 11:01:51 10240 ----a-w- c:\windows\system32\finger.exe
    2011-10-12 11:01:50 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
    2011-10-12 11:01:50 19968 ----a-w- c:\windows\system32\ARP.EXE
    2011-10-12 11:01:50 17920 ----a-w- c:\windows\system32\ROUTE.EXE
    2011-10-12 10:59:18 194560 ----a-w- c:\windows\system32\WebClnt.dll
    2011-10-12 10:59:18 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2011-10-12 10:58:31 123904 ----a-w- c:\windows\system32\L2SecHC.dll
    2011-10-12 10:58:30 67584 ----a-w- c:\windows\system32\wlanhlp.dll
    2011-10-12 10:58:30 502272 ----a-w- c:\windows\system32\wlansvc.dll
    2011-10-12 10:58:30 47104 ----a-w- c:\windows\system32\wlanapi.dll
    2011-10-12 10:58:30 297984 ----a-w- c:\windows\system32\wlansec.dll
    2011-10-12 10:58:30 290816 ----a-w- c:\windows\system32\wlanmsm.dll
    2011-10-12 10:57:24 1260032 ----a-w- c:\windows\system32\msxml3.dll
    2011-10-12 10:57:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2011-10-12 10:57:22 2048 ----a-w- c:\windows\system32\msxml6r.dll
    2011-10-12 10:57:22 1406464 ----a-w- c:\windows\system32\msxml6.dll
    2011-10-12 10:56:23 216576 ----a-w- c:\windows\system32\msv1_0.dll
    2011-10-12 10:55:32 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-10-12 10:55:31 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-10-12 10:55:31 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-10-12 10:54:32 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-10-12 10:54:32 52736 ----a-w- c:\windows\system32\rrinstaller.exe
    2011-10-12 10:54:32 2855424 ----a-w- c:\windows\system32\mf.dll
    2011-10-12 10:54:32 2048 ----a-w- c:\windows\system32\mferror.dll
    2011-10-12 10:54:31 24576 ----a-w- c:\windows\system32\mfpmp.exe
    2011-10-12 10:53:04 3504008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-12 10:53:03 3470216 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-12 10:50:24 434176 ----a-w- c:\windows\system32\vbscript.dll
    2011-10-12 10:49:36 71680 ----a-w- c:\windows\system32\atl.dll
    2011-10-12 10:48:48 297472 ----a-w- c:\windows\system32\gdi32.dll
    2011-10-12 10:46:51 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
    2011-10-12 10:46:06 500736 ----a-w- c:\windows\system32\msdtcprx.dll
    2011-10-12 10:46:06 30208 ----a-w- c:\windows\system32\xolehlp.dll
    2011-10-12 10:45:13 156160 ----a-w- c:\windows\system32\wkssvc.dll
    2011-10-12 10:44:17 116736 ----a-w- c:\windows\system32\aaclient.dll
    2011-10-12 10:44:16 36352 ----a-w- c:\windows\system32\tsgqec.dll
    2011-10-12 10:44:16 1871872 ----a-w- c:\windows\system32\mstscax.dll
    2011-10-12 10:43:20 303616 ----a-w- c:\windows\system32\wmpeffects.dll
    2011-10-12 10:41:42 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
    2011-10-12 10:41:42 396800 ----a-w- c:\windows\system32\MPSSVC.dll
    2011-10-12 10:41:42 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
    2011-10-12 10:41:41 86016 ----a-w- c:\windows\system32\icfupgd.dll
    2011-10-12 10:41:41 61952 ----a-w- c:\windows\system32\cmifw.dll
    2011-10-12 10:41:41 16896 ----a-w- c:\windows\system32\wfapigp.dll
    2011-10-12 10:40:13 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
    2011-10-12 10:40:10 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
    2011-10-12 10:40:10 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
    2011-10-12 10:40:10 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll
    2011-10-12 10:36:21 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2011-10-12 10:35:50 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-10-12 10:34:59 696832 ----a-w- c:\windows\system32\localspl.dll
    2011-10-12 10:34:24 2923520 ----a-w- c:\windows\explorer.exe
    2011-10-12 10:33:08 171520 ----a-w- c:\windows\system32\wintrust.dll
    2011-10-12 10:32:25 494592 ----a-w- c:\windows\system32\kerberos.dll
    2011-10-12 10:32:25 175104 ----a-w- c:\windows\system32\wdigest.dll
    2011-10-12 10:32:24 7680 ----a-w- c:\windows\system32\lsass.exe
    2011-10-12 10:32:24 72704 ----a-w- c:\windows\system32\secur32.dll
    2011-10-12 10:32:24 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2011-10-12 10:32:24 1233920 ----a-w- c:\windows\system32\lsasrv.dll
    2011-10-12 10:32:22 272384 ----a-w- c:\windows\system32\schannel.dll
    2011-10-12 10:31:42 24064 ----a-w- c:\windows\system32\netcfg.exe
    2011-10-12 10:27:30 549888 ----a-w- c:\windows\system32\rpcss.dll
    2011-10-12 10:27:29 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-10-12 10:27:28 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-10-12 10:27:28 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
    2011-10-12 10:27:28 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
    2011-10-12 10:27:27 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
    2011-10-12 10:27:27 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
    2011-10-12 10:27:26 97280 ----a-w- c:\windows\system32\iasrecst.dll
    2011-10-12 10:27:26 53248 ----a-w- c:\windows\system32\iasads.dll
    2011-10-12 10:27:26 37888 ----a-w- c:\windows\system32\iasdatastore.dll
    2011-10-12 10:27:26 158720 ----a-w- c:\windows\system32\sdohlp.dll
    2011-10-12 10:26:46 62464 ----a-w- c:\windows\system32\l3codeca.acm
    2011-10-12 10:26:46 220672 ----a-w- c:\windows\system32\l3codecp.acm
    2011-10-12 10:25:37 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2011-10-12 10:25:37 22016 ----a-w- c:\windows\system32\netiougc.exe
    2011-10-12 10:25:37 213592 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-10-12 10:25:37 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
    2011-10-12 10:25:37 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
    2011-10-12 10:25:37 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
    2011-10-12 10:25:36 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-10-12 10:25:01 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
    2011-10-12 10:24:32 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
    2011-10-12 10:24:32 223232 ----a-w- c:\windows\system32\WMASF.DLL
    2011-10-12 10:24:32 2048 ----a-w- c:\windows\system32\asferror.dll
    2011-10-12 10:24:01 25600 ----a-w- c:\windows\system32\amxread.dll
    2011-10-12 10:24:00 14848 ----a-w- c:\windows\system32\apilogen.dll
    2011-10-12 10:23:22 97792 ----a-w- c:\windows\system32\cabview.dll
    2011-10-12 10:22:51 441856 ----a-w- c:\windows\system32\win32spl.dll
    2011-10-12 10:22:51 37376 ----a-w- c:\windows\system32\printcom.dll
    2011-10-12 10:22:13 2032128 ----a-w- c:\windows\system32\win32k.sys
    2011-10-12 10:19:58 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll
    2011-10-12 10:19:58 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe
    2011-10-12 10:19:57 11776 ----a-w- c:\windows\system32\sbunattend.exe
    2011-10-12 10:19:04 84480 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-10-12 10:19:04 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-10-12 10:17:33 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
    2011-10-12 10:17:33 94720 ----a-w- c:\windows\system32\logagent.exe
    2011-10-12 10:16:40 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
    2011-10-12 10:16:25 84480 ----a-w- c:\windows\system32\INETRES.dll
    2011-10-12 10:16:25 737792 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-12 10:16:02 60928 ----a-w- c:\windows\system32\msasn1.dll
    2011-10-12 10:15:35 788992 ----a-w- c:\windows\system32\rpcrt4.dll
    2011-10-12 10:14:47 31232 ----a-w- c:\windows\system32\httpapi.dll
    2011-10-12 10:14:46 396800 ----a-w- c:\windows\system32\drivers\http.sys
    2011-10-12 10:14:46 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2011-10-12 10:11:35 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-10-12 10:10:45 274432 ----a-w- c:\windows\system32\raschap.dll
    2011-10-12 10:10:45 232960 ----a-w- c:\windows\system32\rastls.dll
    2011-10-12 10:10:20 321536 ----a-w- c:\windows\system32\WSDApi.dll
    2011-10-12 10:10:02 99840 ----a-w- c:\windows\system32\poqexec.exe
    2011-10-12 10:09:40 -------- d-----w- c:\program files\MSXML 4.0
    2011-10-12 10:08:36 50176 ----a-w- c:\windows\system32\iyuv_32.dll
    2011-10-12 10:08:36 22528 ----a-w- c:\windows\system32\msyuv.dll
    2011-10-12 10:08:36 1327616 ----a-w- c:\windows\system32\quartz.dll
    2011-10-12 10:08:36 11776 ----a-w- c:\windows\system32\tsbyuv.dll
    2011-10-12 10:08:35 88576 ----a-w- c:\windows\system32\avifil32.dll
    2011-10-12 10:08:35 82944 ----a-w- c:\windows\system32\mciavi32.dll
    2011-10-12 10:08:35 65024 ----a-w- c:\windows\system32\avicap32.dll
    2011-10-12 10:08:35 31232 ----a-w- c:\windows\system32\msvidc32.dll
    2011-10-12 10:08:35 13312 ----a-w- c:\windows\system32\msrle32.dll
    2011-10-12 10:08:35 123904 ----a-w- c:\windows\system32\msvfw32.dll
    2011-10-12 10:08:03 750080 ----a-w- c:\windows\system32\qmgr.dll
    2011-10-12 10:07:38 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
    2011-10-11 19:36:24 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-10-10 17:29:03 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d25350f4-0f16-4264-8c9c-18c0347fdea9}\gapaengine.dll
    2011-10-10 17:28:32 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-10-10 17:26:00 2421760 ----a-w- c:\windows\system32\wucltux.dll
    2011-10-10 17:25:31 87552 ----a-w- c:\windows\system32\wudriver.dll
    2011-10-10 17:24:52 33792 ----a-w- c:\windows\system32\wuapp.exe
    2011-10-10 17:24:52 171608 ----a-w- c:\windows\system32\wuwebv.dll
    2011-10-10 17:23:42 -------- d-----w- c:\program files\Microsoft Security Client
    2011-10-08 02:07:24 -------- d-----w- c:\users\jon\riotsGamesLogs
    2011-10-08 02:06:50 -------- d-----w- c:\users\jon\appdata\roaming\LolClient
    2011-10-08 01:52:21 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
    2011-10-08 01:52:20 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
    2011-10-08 01:52:19 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
    2011-10-08 01:45:51 -------- d-----w- C:\Riot Games
    2011-10-04 08:54:56 -------- d-----w- c:\program files\Ventrilo
    2011-10-04 08:53:14 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2011-10-04 08:44:32 -------- d-----w- c:\programdata\Nexon
    2011-10-04 07:13:07 -------- d-----w- c:\programdata\NexonUS
    2011-10-04 07:13:07 -------- d-----w- C:\Nexon
    2011-10-04 06:45:15 -------- d-----w- c:\users\jon\appdata\local\PMB Files
    2011-10-04 06:45:13 -------- d-----w- c:\programdata\PMB Files
    2011-10-04 06:45:01 -------- d-----w- c:\program files\Pando Networks
    .
    ==================== Find3M ====================
    .
    2011-10-15 10:48:58 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
    2011-10-13 10:00:59 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
    2011-10-12 11:06:21 72704 ----a-w- c:\windows\system32\admparse.dll
    2011-10-12 11:06:19 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-10-12 11:06:19 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
    2011-10-12 11:06:11 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-10-12 11:06:11 48128 ----a-w- c:\windows\system32\mshtmler.dll
    2011-10-12 11:06:11 389120 ----a-w- c:\windows\system32\html.iec
    2011-10-12 11:06:09 1383424 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-12 11:06:05 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-10-12 11:06:03 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-10-12 11:06:00 56320 ----a-w- c:\windows\system32\iesetup.dll
    2011-10-12 10:24:01 40960 ----a-w- c:\windows\apppatch\apihex86.dll
    2011-10-12 10:21:45 14848 ----a-w- c:\windows\system32\wshrm.dll
    2011-10-12 10:21:45 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
    2011-10-12 10:21:14 8147968 ----a-w- c:\windows\system32\wmploc.DLL
    2011-10-12 10:21:11 7680 ----a-w- c:\windows\system32\spwmp.dll
    2011-10-12 10:21:10 4096 ----a-w- c:\windows\system32\msdxm.ocx
    2011-10-12 10:21:10 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2011-10-12 10:21:03 43520 ----a-w- c:\windows\system32\msdxm.tlb
    2011-10-12 10:21:03 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2011-10-12 10:21:03 18432 ----a-w- c:\windows\system32\amcompat.tlb
    2011-10-04 07:25:42 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-10-04 07:25:42 138056 ----a-w- c:\users\jon\appdata\roaming\PnkBstrK.sys
    2011-10-04 07:25:32 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-10-04 07:25:28 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2011-10-04 07:25:26 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
    2011-08-19 09:26:50 545056 ----a-w- c:\windows\system32\LVUI2.dll
    2011-08-19 09:26:50 540960 ----a-w- c:\windows\system32\LVUI2RC.dll
    2011-08-19 09:26:50 4334624 ----a-w- c:\windows\system32\drivers\lvuvc.sys
    2011-08-19 09:26:46 315808 ----a-w- c:\windows\system32\drivers\lvrs.sys
    2011-08-19 09:26:46 307488 ----a-w- c:\windows\system32\lvcodec2.dll
    2011-08-19 09:26:46 196896 ----a-w- c:\windows\system32\lvci13301394.dll
    2011-08-19 09:26:20 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
    2011-08-19 09:26:20 10898456 ----a-w- c:\windows\system32\LogiDPP.dll
    2011-08-19 09:26:20 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
    2011-08-12 19:20:14 15896 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
    .
    ============= FINISH: 22:53:31.33 ===============

    Ark.txt:


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-03 16:10:02
    Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD320KJ rev.CP100-10
    Running: 2td1158s.exe; Driver: C:\Users\Jon\AppData\Local\Temp\kfrdypow.sys


    ---- System - GMER 1.0.15 ----

    INT 0x51 ? C2C2B050
    INT 0x61 ? C2C2B7D0
    INT 0x71 ? C2273CD0
    INT 0x82 ? C22732D0
    INT 0x92 ? C22737D0
    INT 0xA2 ? C2C2B2D0
    INT 0xB1 ? C2C2BCD0
    INT 0xB2 ? C2C2B550

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Steam\Steam.exe[2364] kernel32.dll!LoadLibraryW 76EA971F 6 Bytes PUSH 6772DE50; RET C:\Program Files\Mumble\mumble_ol.dll
    .text C:\Program Files\Steam\Steam.exe[2364] kernel32.dll!LoadLibraryA 76EA9A96 6 Bytes PUSH 6772DFB0; RET C:\Program Files\Mumble\mumble_ol.dll
    .text C:\Windows\system32\Dwm.exe[2548] kernel32.dll!LoadLibraryW 76EA971F 6 Bytes PUSH 6772DE50; RET C:\Program Files\Mumble\mumble_ol.dll
    .text C:\Windows\system32\Dwm.exe[2548] kernel32.dll!LoadLibraryA 76EA9A96 6 Bytes PUSH 6772DFB0; RET C:\Program Files\Mumble\mumble_ol.dll
    .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2944] kernel32.dll!SetUnhandledExceptionFilter 76EAD177 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtCreateFile + 6 77ADF41A 4 Bytes [28, 00, 16, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtCreateFile + B 77ADF41F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtMapViewOfSection + 6 77ADFB6A 1 Byte [28]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtMapViewOfSection + 6 77ADFB6A 4 Bytes [28, 03, 16, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtMapViewOfSection + B 77ADFB6F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenFile + 6 77ADFBFA 4 Bytes [68, 00, 16, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenFile + B 77ADFBFF 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcess + 6 77ADFC7A 4 Bytes [A8, 01, 16, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcess + B 77ADFC7F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcessToken + B 77ADFC8F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcessTokenEx + 6 77ADFC9A 4 Bytes [A8, 02, 16, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenProcessTokenEx + B 77ADFC9F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThread + 6 77ADFCEA 4 Bytes [68, 01, 16, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThread + B 77ADFCEF 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThreadToken + 6 77ADFCFA 4 Bytes [68, 02, 16, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThreadToken + B 77ADFCFF 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtOpenThreadTokenEx + B 77ADFD0F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtQueryAttributesFile + 6 77ADFD9A 4 Bytes [A8, 00, 16, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtQueryAttributesFile + B 77ADFD9F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtQueryFullAttributesFile + B 77ADFE4F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtSetInformationFile + 6 77AE036A 4 Bytes [28, 01, 16, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtSetInformationFile + B 77AE036F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtSetInformationThread + 6 77AE03BA 4 Bytes [28, 02, 16, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtSetInformationThread + B 77AE03BF 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtUnmapViewOfSection + 6 77AE065A 1 Byte [68]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtUnmapViewOfSection + 6 77AE065A 4 Bytes [68, 03, 16, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[2972] ntdll.dll!NtUnmapViewOfSection + B 77AE065F 1 Byte [E2]
    .text C:\Program Files\Origin\Origin.exe[3052] kernel32.dll!CreateProcessW 76E81D27 5 Bytes JMP 679AC160 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
    .text C:\Program Files\Origin\Origin.exe[3052] kernel32.dll!CreateProcessA 76E81D5C 5 Bytes JMP 679AC0C0 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
    .text C:\Program Files\Origin\Origin.exe[3052] kernel32.dll!LoadLibraryW 76EA971F 6 Bytes PUSH 6772DE50; RET C:\Program Files\Mumble\mumble_ol.dll
    .text C:\Program Files\Origin\Origin.exe[3052] kernel32.dll!LoadLibraryA 76EA9A96 6 Bytes PUSH 6772DFB0; RET C:\Program Files\Mumble\mumble_ol.dll
    .text C:\Program Files\Origin\Origin.exe[3052] USER32.dll!ShowWindowAsync 76BB2116 5 Bytes JMP 000D3AD0 C:\Program Files\Origin\Origin.exe (Origin/Electronic Arts)
    .text C:\Program Files\Origin\Origin.exe[3052] USER32.dll!SetActiveWindow 76BB32E3 5 Bytes JMP 000D3BD0 C:\Program Files\Origin\Origin.exe (Origin/Electronic Arts)
    .text C:\Program Files\Origin\Origin.exe[3052] USER32.dll!ShowWindow 76BB8B8C 5 Bytes JMP 000D3B20 C:\Program Files\Origin\Origin.exe (Origin/Electronic Arts)
    .text C:\Program Files\Origin\Origin.exe[3052] USER32.dll!SetWindowPos 76BB969F 5 Bytes JMP 000D3B90 C:\Program Files\Origin\Origin.exe (Origin/Electronic Arts)
    .text C:\Program Files\Origin\Origin.exe[3052] USER32.dll!SetFocus 76BB96C0 5 Bytes JMP 000D3B70 C:\Program Files\Origin\Origin.exe (Origin/Electronic Arts)
    .text C:\Program Files\Origin\Origin.exe[3052] USER32.dll!SetForegroundWindow 76BBAA8C 5 Bytes JMP 000D3A70 C:\Program Files\Origin\Origin.exe (Origin/Electronic Arts)
    .text C:\Program Files\Origin\Origin.exe[3052] USER32.dll!SwitchToThisWindow 76BBAB36 5 Bytes JMP 000D3AB0 C:\Program Files\Origin\Origin.exe (Origin/Electronic Arts)
    .text C:\Program Files\Origin\Origin.exe[3052] USER32.dll!BringWindowToTop 76BDA7E0 5 Bytes JMP 000D3A90 C:\Program Files\Origin\Origin.exe (Origin/Electronic Arts)
    .text C:\Program Files\Origin\Origin.exe[3052] ADVAPI32.dll!CreateProcessAsUserW 76DE0544 5 Bytes JMP 679AC2B0 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
    .text C:\Program Files\Origin\Origin.exe[3052] ADVAPI32.dll!CreateProcessAsUserA 76E22420 5 Bytes JMP 679AC200 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
    .text C:\Program Files\Origin\Origin.exe[3052] SHELL32.dll!ShellExecuteEx 76F69D48 5 Bytes JMP 679AC360 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
    .text C:\Program Files\Origin\Origin.exe[3052] SHELL32.dll!ShellExecuteW 76F7CD45 5 Bytes JMP 679AC470 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
    .text C:\Program Files\Origin\Origin.exe[3052] SHELL32.dll!ShellExecuteExW 76F7E65C 5 Bytes JMP 679AC3B0 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
    .text C:\Program Files\Origin\Origin.exe[3052] SHELL32.dll!ShellExecuteA 7715A678 5 Bytes JMP 679AC400 C:\Program Files\Origin\igo32.dll (Origin IGO/Electronic Arts)
    .text C:\Program Files\Skype\Phone\Skype.exe[3260] kernel32.dll!LoadLibraryW 76EA971F 6 Bytes PUSH 6772DE50; RET C:\Program Files\Mumble\mumble_ol.dll
    .text C:\Program Files\Skype\Phone\Skype.exe[3260] kernel32.dll!LoadLibraryA 76EA9A96 6 Bytes PUSH 6772DFB0; RET C:\Program Files\Mumble\mumble_ol.dll
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtCreateFile + 6 77ADF41A 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtCreateFile + B 77ADF41F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtMapViewOfSection + 6 77ADFB6A 1 Byte [28]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtMapViewOfSection + 6 77ADFB6A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtMapViewOfSection + B 77ADFB6F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenFile + 6 77ADFBFA 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenFile + B 77ADFBFF 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenProcess + 6 77ADFC7A 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenProcess + B 77ADFC7F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenProcessToken + B 77ADFC8F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenProcessTokenEx + 6 77ADFC9A 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenProcessTokenEx + B 77ADFC9F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenThread + 6 77ADFCEA 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenThread + B 77ADFCEF 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenThreadToken + 6 77ADFCFA 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenThreadToken + B 77ADFCFF 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenThreadTokenEx + B 77ADFD0F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtQueryAttributesFile + 6 77ADFD9A 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtQueryAttributesFile + B 77ADFD9F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtQueryFullAttributesFile + B 77ADFE4F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtSetInformationFile + 6 77AE036A 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtSetInformationFile + B 77AE036F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtSetInformationThread + 6 77AE03BA 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtSetInformationThread + B 77AE03BF 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtUnmapViewOfSection + 6 77AE065A 1 Byte [68]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtUnmapViewOfSection + 6 77AE065A 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtUnmapViewOfSection + B 77AE065F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtCreateFile + 6 77ADF41A 4 Bytes [28, 00, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtCreateFile + B 77ADF41F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + 6 77ADFB6A 1 Byte [28]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + 6 77ADFB6A 4 Bytes [28, 03, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + B 77ADFB6F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenFile + 6 77ADFBFA 4 Bytes [68, 00, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenFile + B 77ADFBFF 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcess + 6 77ADFC7A 4 Bytes [A8, 01, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcess + B 77ADFC7F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessToken + B 77ADFC8F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessTokenEx + 6 77ADFC9A 4 Bytes [A8, 02, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessTokenEx + B 77ADFC9F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThread + 6 77ADFCEA 4 Bytes [68, 01, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThread + B 77ADFCEF 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadToken + 6 77ADFCFA 4 Bytes [68, 02, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadToken + B 77ADFCFF 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadTokenEx + B 77ADFD0F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryAttributesFile + 6 77ADFD9A 4 Bytes [A8, 00, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryAttributesFile + B 77ADFD9F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryFullAttributesFile + B 77ADFE4F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationFile + 6 77AE036A 4 Bytes [28, 01, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationFile + B 77AE036F 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationThread + 6 77AE03BA 4 Bytes [28, 02, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationThread + B 77AE03BF 1 Byte [E2]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + 6 77AE065A 1 Byte [68]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + 6 77AE065A 4 Bytes [68, 03, 06, 00]
    .text C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + B 77AE065F 1 Byte [E2]
    .text C:\Program Files\Mumble\mumble.exe[4200] USER32.dll!WindowFromPoint 76BAC98E 4 Bytes [68, 60, 4E, 17]
    .text C:\Program Files\Mumble\mumble.exe[4200] USER32.dll!WindowFromPoint + 5 76BAC993 1 Byte [C3]
    .text C:\Program Files\Mumble\mumble.exe[4200] USER32.dll!SetForegroundWindow 76BBAA8C 6 Bytes PUSH 00174E10; RET C:\Program Files\Mumble\mumble.exe (Mumble - Low-latency VoIP client/Thorvald Natvig)
    .text C:\Users\Jon\Downloads\2td1158s.exe[5028] kernel32.dll!LoadLibraryW 76EA971F 6 Bytes PUSH 6772DE50; RET C:\Program Files\Mumble\mumble_ol.dll
    .text C:\Users\Jon\Downloads\2td1158s.exe[5028] kernel32.dll!LoadLibraryA 76EA9A96 6 Bytes PUSH 6772DFB0; RET C:\Program Files\Mumble\mumble_ol.dll

    ---- EOF - GMER 1.0.15 ----

    Thank you very much for your time/consideration in advance. I greatly appreciate it. If I am missing any information, let me know. Thanks!
     

    Attached Files:

  2. PorkCh0p

    PorkCh0p Thread Starter

    Joined:
    Nov 4, 2011
    Messages:
    11
  3. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.
    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


    Having said that....Let's get going!! :thumbup:
    ----------

    I will look over your malware logs and get back as quickly as I can. :)
     
  4. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi Porkch0p,

    Please RUN HijackThis.

    Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis.
    • Place a check mark beside each one of the following items:

      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window. Reboot your system.
    ----------

    Download TFC to your desktop
    • Close any open windows.
    • Right-click and Run as Administrator the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    ----------

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

      [​IMG]
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


    The log can also be found here:
    C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ----------

    ESET Online Scanner
    I'd like us to scan your machine with ESET Online Scan

    Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



    As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
    • Do not use this instance of your browser for anything besides doing this scan
    • When the scan is complete and the results saved, close that instance of your browser
    • Open a new one the usual way and post the results in this topic.


    1. Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the [​IMG] button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the [​IMG] icon on your desktop.
    4. Check [​IMG]
    5. Click the Start button.
    6. Accept any security warnings from your browser.
    7. Check [​IMG]
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push [​IMG]
    12. Push [​IMG], and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the Back button.
    14. Push Finish
    http://www.eset.com/onlinescan/
    ----------

    In your next reply please post the logs created by Malwarebytes and ESET online scanner.
     
  5. PorkCh0p

    PorkCh0p Thread Starter

    Joined:
    Nov 4, 2011
    Messages:
    11
    No threats were found in either of those scans. I hope there's something else I can do to find out whats wrong with my computer.
     
  6. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi PorkCh0p,

    So far I am not seeing any malware in your logs. What type of symptoms are you experiencing? :)
     
  7. PorkCh0p

    PorkCh0p Thread Starter

    Joined:
    Nov 4, 2011
    Messages:
    11
    Everything I do on my computer takes 5 times longer than to load it used to. Also programs that I run seem to crash every now and then.
     
  8. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi PorkCh0p,

    Please download aswMBR to your desktop.

    • Right click and Run as Administrator the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

    [​IMG]
    Click the image to enlarge it
    ----------

    • Download OTL to your desktop.
    • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

    In your next reply please post the logs created by aswMBR and OTL.
     
  9. PorkCh0p

    PorkCh0p Thread Starter

    Joined:
    Nov 4, 2011
    Messages:
    11
    Every time I run run the aswMBR it scans for like 5 seconds and then causes my computer to crash and restart so I don't know whats wrong with that but here are the logs from the OTL scan

    OTL.Txt

    OTL logfile created on: 11/7/2011 5:40:09 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jon\Desktop
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16982)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.36% Memory free
    4.23 Gb Paging File | 2.27 Gb Available in Paging File | 53.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 289.39 Gb Total Space | 203.25 Gb Free Space | 70.23% Space Free | Partition Type: NTFS
    Drive D: | 8.70 Gb Total Space | 1.18 Gb Free Space | 13.51% Space Free | Partition Type: NTFS

    Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Jon\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Users\Jon\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
    PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    PRC - c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)
    PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Mumble\mumble.exe (Thorvald Natvig)
    PRC - C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Steam\bin\libcef.dll ()
    MOD - C:\Program Files\Steam\bin\chromehtml.dll ()
    MOD - C:\Program Files\Steam\bin\avutil-50.dll ()
    MOD - C:\Program Files\Steam\bin\avcodec-52.dll ()
    MOD - C:\Program Files\Steam\bin\avformat-52.dll ()
    MOD - C:\Program Files\Mumble\plugins\bfbc2.dll ()
    MOD - C:\Program Files\Mumble\plugins\css.dll ()
    MOD - C:\Program Files\Mumble\plugins\lotro.dll ()
    MOD - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\manual.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\insurgency.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\hl2dm.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\wow.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\sto.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\l4d2.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\l4d.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\ut2004.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\link.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\gmod.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\dys.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\dods.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\tf2.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\etqw.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\cod4.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\cs.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\wolfet.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\ut3.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\gtaiv.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\codmw2so.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\codmw2.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\cod5.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\cod2.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\breach.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\bf2.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\aoc.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\borderlands.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\bf2142.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\bf1942.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\bfheroes.dll ()
    MOD - C:\Users\Jon\AppData\Roaming\Mumble\Plugins\arma2.dll ()
    MOD - C:\Program Files\Common Files\LogiShrd\SharedBin\LvApi11.dll ()
    MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll ()
    MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
    MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
    MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll ()
    MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll ()
    MOD - C:\Program Files\WinRAR\RarExt.dll ()
    MOD - C:\Program Files\Mumble\speex.dll ()
    MOD - C:\Program Files\Mumble\mumble_ol.dll ()
    MOD - C:\Program Files\Mumble\celt0.0.7.0.sse2.dll ()
    MOD - C:\Program Files\Mumble\celt0.0.11.0.sse2.dll ()
    MOD - C:\Program Files\Mumble\libprotobuf.dll ()
    MOD - C:\Program Files\Mumble\QtPlugins\iconengines\qsvgicon4.dll ()
    MOD - C:\Program Files\Mumble\QtPlugins\imageformats\qtiff4.dll ()
    MOD - C:\Program Files\Mumble\QtPlugins\imageformats\qsvg4.dll ()
    MOD - C:\Program Files\Mumble\QtPlugins\imageformats\qmng4.dll ()
    MOD - C:\Program Files\Mumble\QtPlugins\imageformats\qjpeg4.dll ()
    MOD - C:\Program Files\Mumble\QtPlugins\imageformats\qico4.dll ()
    MOD - C:\Program Files\Mumble\QtPlugins\imageformats\qgif4.dll ()
    MOD - C:\Program Files\Mumble\QtGui4.dll ()
    MOD - C:\Program Files\Mumble\QtNetwork4.dll ()
    MOD - C:\Program Files\Mumble\QtSvg4.dll ()
    MOD - C:\Program Files\Mumble\QtOpenGL4.dll ()
    MOD - C:\Program Files\Mumble\QtSql4.dll ()
    MOD - C:\Program Files\Mumble\QtXml4.dll ()
    MOD - C:\Program Files\Mumble\QtCore4.dll ()
    MOD - C:\Program Files\Logitech\Vid HD\vpxmd.dll ()
    MOD - C:\Program Files\Logitech\Vid HD\SDL.dll ()
    MOD - C:\Program Files\Mumble\libsndfile-1.dll ()
    MOD - C:\Program Files\Mumble\libmysql.dll ()
    MOD - C:\Program Files\Mumble\zlib1.dll ()
    MOD - C:\Program Files\Logitech\Vid HD\QtNetwork4.dll ()
    MOD - C:\Program Files\Logitech\Vid HD\QtCore4.dll ()
    MOD - C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
    MOD - C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
    MOD - C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
    MOD - C:\Program Files\Logitech\Vid HD\QtWebKit4.dll ()
    MOD - C:\Program Files\Logitech\Vid HD\QtXml4.dll ()
    MOD - C:\Program Files\Logitech\Vid HD\QtSql4.dll ()
    MOD - C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll ()
    MOD - C:\Program Files\Logitech\Vid HD\QtGui4.dll ()
    MOD - C:\Program Files\Logitech\Vid HD\phonon4.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
    SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (MpKslfa89fbb3) -- File not found
    DRV - (MpKsld64b33eb) -- File not found
    DRV - (MpKsl6c3d8b98) -- File not found
    DRV - (MpKsld7730632) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{022D77F4-E330-4D2E-BB1D-906BAD2910ED}\MpKsld7730632.sys (Microsoft Corporation)
    DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (LVUVC) Logitech HD Webcam C310(UVC) -- C:\WINDOWS\System32\drivers\lvuvc.sys (Logitech Inc.)
    DRV - (LVRS) -- C:\WINDOWS\System32\drivers\lvrs.sys (Logitech Inc.)
    DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (NVHDA) -- C:\WINDOWS\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
    DRV - (MpNWMon) -- C:\WINDOWS\System32\drivers\MpNWMon.sys (Microsoft Corporation)
    DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
    DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Jon\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
    O4 - HKCU..\Run: [Facebook Update] C:\Users\Jon\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
    O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66D33798-47C6-44D6-8E05-509506CD34CB}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
    O24 - Desktop WallPaper: C:\Users\Jon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Jon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/08/11 05:51:10 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/07 17:31:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.exe
    [2011/11/07 17:21:00 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Jon\Desktop\aswMBR.exe
    [2011/11/07 03:59:11 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\PunkBuster
    [2011/11/07 03:59:06 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Ubisoft
    [2011/11/07 03:54:29 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Ubisoft Game Launcher
    [2011/11/07 03:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
    [2011/11/07 03:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
    [2011/11/07 03:52:26 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
    [2011/11/07 03:52:26 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
    [2011/11/07 03:52:25 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
    [2011/11/07 03:52:22 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
    [2011/11/07 03:52:22 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
    [2011/11/07 03:52:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
    [2011/11/07 03:52:20 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
    [2011/11/07 03:52:18 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
    [2011/11/07 03:52:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
    [2011/11/07 03:52:17 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
    [2011/11/07 03:52:15 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
    [2011/11/07 03:52:15 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
    [2011/11/07 03:52:15 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
    [2011/11/07 03:52:14 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
    [2011/11/07 03:52:12 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
    [2011/11/07 03:52:12 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
    [2011/11/07 03:52:10 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
    [2011/11/07 03:52:09 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
    [2011/11/07 03:52:09 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
    [2011/11/07 03:52:08 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
    [2011/11/07 03:52:07 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
    [2011/11/07 03:52:06 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
    [2011/11/07 03:52:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
    [2011/11/07 03:52:06 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
    [2011/11/07 03:52:03 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
    [2011/11/07 03:52:03 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
    [2011/11/07 03:52:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
    [2011/11/07 03:52:01 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
    [2011/11/07 03:52:00 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
    [2011/11/07 03:52:00 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
    [2011/11/07 03:51:57 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
    [2011/11/07 03:51:56 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
    [2011/11/07 03:51:56 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
    [2011/11/07 03:51:55 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
    [2011/11/07 03:51:54 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
    [2011/11/07 03:51:54 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
    [2011/11/07 03:51:52 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
    [2011/11/07 03:51:51 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
    [2011/11/07 03:51:47 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
    [2011/11/07 03:51:47 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
    [2011/11/07 03:51:40 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
    [2011/11/07 03:51:39 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
    [2011/11/07 03:51:37 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
    [2011/11/07 03:51:36 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
    [2011/11/07 03:51:34 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
    [2011/11/07 03:51:33 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
    [2011/11/07 03:51:33 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
    [2011/11/07 03:51:32 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
    [2011/11/07 03:51:32 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
    [2011/11/07 03:51:30 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
    [2011/11/07 03:51:30 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
    [2011/11/07 03:51:29 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
    [2011/11/07 03:51:28 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
    [2011/11/07 03:51:28 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
    [2011/11/07 03:51:26 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
    [2011/11/07 03:51:25 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
    [2011/11/07 03:51:24 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
    [2011/11/07 03:51:24 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
    [2011/11/07 03:51:21 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
    [2011/11/07 03:51:20 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
    [2011/11/07 03:51:20 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
    [2011/11/07 03:51:19 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
    [2011/11/07 03:51:18 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
    [2011/11/07 03:51:17 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
    [2011/11/07 03:51:17 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
    [2011/11/07 03:51:16 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
    [2011/11/07 03:51:15 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
    [2011/11/07 03:50:58 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
    [2011/11/07 03:50:57 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
    [2011/11/07 03:50:57 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
    [2011/11/07 03:50:56 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
    [2011/11/07 03:50:54 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
    [2011/11/07 03:50:53 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
    [2011/11/07 03:50:51 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
    [2011/11/07 03:50:49 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
    [2011/11/07 03:50:47 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
    [2011/11/06 19:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/11/06 18:51:40 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Malwarebytes
    [2011/11/06 18:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/06 18:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/11/06 18:51:27 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/11/06 18:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/11/04 21:31:56 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\MTG Decks
    [2011/11/04 00:21:09 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCTGN
    [2011/11/03 03:09:47 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2011/11/02 23:43:24 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Octgn
    [2011/11/02 23:23:32 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
    [2011/11/02 23:23:32 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
    [2011/11/02 23:23:31 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
    [2011/11/02 21:58:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/11/01 07:44:45 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\Hannah Pics
    [2011/10/30 19:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2011/10/30 19:28:12 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
    [2011/10/30 19:28:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2011/10/30 19:28:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2011/10/30 19:28:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2011/10/29 16:08:58 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Roxio
    [2011/10/29 15:32:05 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    [2011/10/27 21:53:44 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Mozilla
    [2011/10/25 14:13:14 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Facebook
    [2011/10/20 18:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
    [2011/10/20 18:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [2011/10/20 18:29:16 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Seven Zip
    [2011/10/20 18:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2011/10/20 18:28:35 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
    [2011/10/20 18:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2011/10/20 18:27:08 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2011/10/20 18:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2011/10/20 18:25:31 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Microsoft Help
    [2011/10/20 18:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2011/10/20 18:22:24 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2011/10/19 00:44:18 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\NeopleLauncherDFO
    [2011/10/15 02:49:24 | 001,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
    [2011/10/15 02:49:24 | 001,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
    [2011/10/15 02:49:23 | 001,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
    [2011/10/15 02:49:23 | 001,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
    [2011/10/15 02:49:23 | 001,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
    [2011/10/15 02:49:23 | 001,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
    [2011/10/15 02:49:22 | 005,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
    [2011/10/15 02:49:22 | 002,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
    [2011/10/15 02:49:19 | 007,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
    [2011/10/15 02:49:18 | 005,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
    [2011/10/15 02:49:17 | 006,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
    [2011/10/15 02:49:16 | 004,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
    [2011/10/15 02:49:15 | 004,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
    [2011/10/15 02:49:15 | 002,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
    [2011/10/15 02:49:14 | 006,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
    [2011/10/15 02:49:14 | 003,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
    [2011/10/15 02:49:12 | 011,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
    [2011/10/15 02:49:12 | 004,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
    [2011/10/15 02:49:12 | 001,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
    [2011/10/15 02:49:11 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
    [2011/10/15 02:49:11 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
    [2011/10/15 02:49:10 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
    [2011/10/15 02:49:10 | 001,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
    [2011/10/15 02:49:09 | 004,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
    [2011/10/15 02:49:09 | 001,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
    [2011/10/15 02:49:08 | 004,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
    [2011/10/15 02:49:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
    [2011/10/15 02:49:07 | 006,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
    [2011/10/15 02:49:06 | 006,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
    [2011/10/15 02:49:04 | 006,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
    [2011/10/15 02:49:03 | 009,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
    [2011/10/15 02:49:02 | 006,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
    [2011/10/15 02:49:02 | 001,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
    [2011/10/15 02:49:00 | 005,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
    [2011/10/15 02:48:59 | 004,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
    [2011/10/15 02:48:57 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
    [2011/10/15 02:48:57 | 005,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
    [2011/10/15 02:48:55 | 007,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
    [2011/10/15 02:48:54 | 005,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
    [2011/10/15 02:48:54 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
    [2011/10/15 02:48:53 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
    [2011/10/15 02:48:53 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
    [2011/10/15 02:48:52 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
    [2011/10/15 02:48:52 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
    [2011/10/15 02:48:52 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
    [2011/10/15 02:48:51 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
    [2011/10/15 02:48:51 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
    [2011/10/15 02:48:51 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
    [2011/10/15 02:48:50 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
    [2011/10/15 02:48:50 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
    [2011/10/15 02:48:50 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
    [2011/10/15 02:48:49 | 002,655,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
    [2011/10/15 02:48:48 | 003,464,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
    [2011/10/15 02:48:48 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
    [2011/10/15 02:48:47 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
    [2011/10/15 02:48:47 | 001,523,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
    [2011/10/15 02:48:46 | 002,597,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
    [2011/10/15 02:48:46 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
    [2011/10/15 02:48:46 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
    [2011/10/15 02:48:45 | 004,874,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
    [2011/10/15 02:48:45 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
    [2011/10/15 02:48:45 | 002,241,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
    [2011/10/15 02:48:44 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
    [2011/10/15 02:48:44 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
    [2011/10/15 02:48:44 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
    [2011/10/15 02:48:43 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
    [2011/10/15 02:48:43 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
    [2011/10/15 02:48:43 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
    [2011/10/15 02:48:42 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
    [2011/10/15 02:48:42 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
    [2011/10/15 02:48:41 | 009,845,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
    [2011/10/15 02:48:41 | 002,641,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
    [2011/10/15 02:48:40 | 002,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
    [2011/10/15 02:48:40 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
    [2011/10/15 02:48:39 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
    [2011/10/15 02:48:38 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
    [2011/10/15 02:48:38 | 000,797,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
    [2011/10/15 02:48:37 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
    [2011/10/15 02:48:37 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
    [2011/10/15 02:48:35 | 006,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
    [2011/10/15 02:48:34 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
    [2011/10/15 02:43:54 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
    [2011/10/15 02:43:54 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
    [2011/10/15 02:43:54 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
    [2011/10/15 02:43:54 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
    [2011/10/15 02:43:50 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    [2011/10/15 02:43:48 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
    [2011/10/15 02:15:52 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
    [2011/10/15 02:15:52 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
    [2011/10/14 02:00:21 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
    [2011/10/12 18:18:51 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Logitech
    [2011/10/12 18:06:18 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Logitech® Webcam Software
    [2011/10/12 18:04:19 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\SightSpeed Recordings
    [2011/10/12 18:04:16 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\LogiShrd
    [2011/10/12 18:02:27 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Leadertech
    [2011/10/12 17:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
    [2011/10/12 17:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
    [2011/10/12 17:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    [2011/10/12 17:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
    [2011/10/12 17:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
    [2011/10/12 17:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [2011/10/12 03:08:52 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
    [2011/10/12 03:08:51 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2011/10/12 03:08:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
    [2011/10/12 03:08:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2011/10/12 03:08:51 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
    [2011/10/12 03:06:21 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2011/10/12 03:06:21 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
    [2011/10/12 03:06:20 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
    [2011/10/12 03:06:20 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
    [2011/10/12 03:06:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
    [2011/10/12 03:06:19 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
    [2011/10/12 03:06:18 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2011/10/12 03:06:18 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2011/10/12 03:06:17 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2011/10/12 03:06:16 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2011/10/12 03:06:15 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2011/10/12 03:06:11 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2011/10/12 03:06:11 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
    [2011/10/12 03:06:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
    [2011/10/12 03:06:09 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2011/10/12 03:06:06 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2011/10/12 03:06:05 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2011/10/12 03:06:03 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2011/10/12 03:06:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
    [2011/10/12 03:06:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2011/10/12 03:06:00 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2011/10/12 03:06:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2011/10/12 03:03:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
    [2011/10/12 03:03:50 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
    [2011/10/12 03:01:51 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
    [2011/10/12 03:01:51 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
    [2011/10/12 03:01:51 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
    [2011/10/12 03:01:51 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
    [2011/10/12 03:01:51 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
    [2011/10/12 03:01:50 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
    [2011/10/12 03:01:50 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
    [2011/10/12 03:01:50 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
    [2011/10/12 02:58:31 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
    [2011/10/12 02:58:30 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
    [2011/10/12 02:58:30 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
    [2011/10/12 02:58:30 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
    [2011/10/12 02:58:30 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
    [2011/10/12 02:57:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
    [2011/10/12 02:57:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
    [2011/10/12 02:54:32 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
    [2011/10/12 02:54:32 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
    [2011/10/12 02:54:32 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
    [2011/10/12 02:54:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
    [2011/10/12 02:54:31 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
    [2011/10/12 02:54:30 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
    [2011/10/12 02:53:04 | 003,504,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2011/10/12 02:53:03 | 003,470,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2011/10/12 02:46:51 | 000,374,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
    [2011/10/12 02:46:06 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
    [2011/10/12 02:46:06 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
    [2011/10/12 02:44:17 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
    [2011/10/12 02:44:16 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
    [2011/10/12 02:43:20 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
    [2011/10/12 02:41:42 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
    [2011/10/12 02:41:41 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
    [2011/10/12 02:41:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
    [2011/10/12 02:41:41 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
    [2011/10/12 02:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [2011/10/12 02:35:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2011/10/12 02:34:24 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
    [2011/10/12 02:31:42 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
    [2011/10/12 02:29:16 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
    [2011/10/12 02:29:16 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
    [2011/10/12 02:29:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
    [2011/10/12 02:29:15 | 000,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
    [2011/10/12 02:29:15 | 000,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
    [2011/10/12 02:29:15 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
    [2011/10/12 02:29:15 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
    [2011/10/12 02:29:14 | 000,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
    [2011/10/12 02:29:14 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
    [2011/10/12 02:29:13 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
    [2011/10/12 02:29:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
    [2011/10/12 02:29:12 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
    [2011/10/12 02:29:12 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
    [2011/10/12 02:29:12 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
    [2011/10/12 02:29:12 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
    [2011/10/12 02:29:10 | 000,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
    [2011/10/12 02:29:10 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
    [2011/10/12 02:29:10 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
    [2011/10/12 02:29:09 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
    [2011/10/12 02:27:29 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
    [2011/10/12 02:27:28 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
    [2011/10/12 02:27:26 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
    [2011/10/12 02:27:26 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
    [2011/10/12 02:27:26 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
    [2011/10/12 02:27:26 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
    [2011/10/12 02:26:46 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
    [2011/10/12 02:26:46 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
    [2011/10/12 02:25:37 | 000,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
    [2011/10/12 02:25:37 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
    [2011/10/12 02:25:37 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
    [2011/10/12 02:24:32 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
    [2011/10/12 02:24:32 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
    [2011/10/12 02:24:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
    [2011/10/12 02:24:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
    [2011/10/12 02:24:00 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
    [2011/10/12 02:22:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
    [2011/10/12 02:22:13 | 002,032,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2011/10/12 02:21:45 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
    [2011/10/12 02:21:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
    [2011/10/12 02:21:13 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
    [2011/10/12 02:21:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
    [2011/10/12 02:21:10 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
    [2011/10/12 02:21:10 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
    [2011/10/12 02:21:03 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
    [2011/10/12 02:21:03 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
    [2011/10/12 02:19:57 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
    [2011/10/12 02:19:04 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
    [2011/10/12 02:17:33 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
    [2011/10/12 02:17:33 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
    [2011/10/12 02:16:25 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
    [2011/10/12 02:14:46 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
    [2011/10/12 02:10:20 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
    [2011/10/12 02:10:02 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
    [2011/10/12 02:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
    [2011/10/12 02:08:36 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
    [2011/10/12 02:08:35 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
    [2011/10/12 02:08:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
    [2011/10/12 02:07:38 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
    [2011/10/10 09:28:32 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [2011/10/10 09:26:00 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
    [2011/10/10 09:26:00 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
    [2011/10/10 09:25:31 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
    [2011/10/10 09:25:31 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
    [2011/10/10 09:25:31 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
    [2011/10/10 09:24:52 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
    [2011/10/10 09:24:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
    [2011/10/10 09:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011/10/10 00:40:52 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\HB

    ========== Files - Modified Within 30 Days ==========

    [2011/11/07 17:53:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2855272657-587928351-1394285907-1000UA.job
    [2011/11/07 17:35:24 | 000,662,868 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/11/07 17:35:24 | 000,120,830 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/11/07 17:31:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.exe
    [2011/11/07 17:29:05 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/07 17:29:05 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/07 17:28:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/07 17:28:50 | 2146,820,096 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/07 17:28:49 | 221,499,942 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/11/07 17:21:09 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Jon\Desktop\aswMBR.exe
    [2011/11/07 15:53:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2855272657-587928351-1394285907-1000Core.job
    [2011/11/07 15:18:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2855272657-587928351-1394285907-1000UA.job
    [2011/11/07 15:18:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2855272657-587928351-1394285907-1000Core.job
    [2011/11/07 14:19:03 | 000,138,536 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2011/11/07 14:18:51 | 000,270,408 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
    [2011/11/07 03:59:19 | 000,270,408 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
    [2011/11/06 19:02:24 | 000,000,905 | ---- | M] () -- C:\Users\Jon\Desktop\esetsmartinstaller_enu - Shortcut.lnk
    [2011/11/06 18:51:33 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/06 18:44:03 | 000,000,804 | ---- | M] () -- C:\Users\Jon\Desktop\TFC - Shortcut.lnk
    [2011/11/06 18:42:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2011/11/05 01:46:22 | 000,000,215 | ---- | M] () -- C:\Users\Jon\Desktop\Assassin's Creed Brotherhood.url
    [2011/11/04 20:35:40 | 021,240,431 | ---- | M] () -- C:\Users\Jon\Desktop\Scars of Mirrodin.[brine].[53].[GO].o8s
    [2011/11/04 20:35:01 | 012,418,331 | ---- | M] () -- C:\Users\Jon\Desktop\Mirrodin Besieged.[brine].[GO].o8s
    [2011/11/04 20:34:33 | 021,844,331 | ---- | M] () -- C:\Users\Jon\Desktop\Innistrad.[GO].[brine].o8s
    [2011/11/04 20:34:26 | 013,991,524 | ---- | M] () -- C:\Users\Jon\Desktop\New Phyrexia.[GO][brine].o8s
    [2011/11/04 20:33:42 | 004,028,534 | ---- | M] () -- C:\Users\Jon\Desktop\InnistradDFCs.o8s
    [2011/11/04 00:29:56 | 047,317,693 | ---- | M] () -- C:\Users\Jon\Desktop\Markers&Tokens.o8s
    [2011/11/04 00:29:17 | 013,846,727 | ---- | M] () -- C:\Users\Jon\Desktop\Magic 2012.[GO].[brine].o8s
    [2011/11/04 00:21:57 | 000,761,755 | ---- | M] () -- C:\Users\Jon\Desktop\Magic-v2.0.16[brine].o8g
    [2011/11/02 23:34:31 | 000,002,126 | ---- | M] () -- C:\Users\Jon\Desktop\OCTGN.application
    [2011/11/02 23:23:32 | 000,295,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
    [2011/11/02 23:23:32 | 000,099,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
    [2011/11/02 23:23:32 | 000,049,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
    [2011/10/30 19:27:41 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2011/10/30 19:27:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
    [2011/10/30 19:27:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2011/10/30 19:27:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2011/10/30 19:03:12 | 000,000,875 | ---- | M] () -- C:\Users\Jon\Desktop\Batman Villains.lnk
    [2011/10/29 15:32:05 | 000,000,214 | ---- | M] () -- C:\Users\Jon\Desktop\Killing Floor.url
    [2011/10/28 17:54:50 | 000,002,038 | ---- | M] () -- C:\Users\Jon\Desktop\Google Chrome.lnk
    [2011/10/28 17:54:50 | 000,002,000 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/10/25 15:23:36 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
    [2011/10/24 19:40:32 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
    [2011/10/22 22:02:52 | 000,349,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/10/20 18:29:33 | 000,002,158 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
    [2011/10/19 12:46:16 | 000,144,588 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
    [2011/10/19 00:44:17 | 000,000,202 | ---- | M] () -- C:\Users\Public\Desktop\Dungeon Fighter Online.url
    [2011/10/15 02:49:24 | 001,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
    [2011/10/15 02:49:24 | 001,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
    [2011/10/15 02:49:24 | 001,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
    [2011/10/15 02:49:23 | 002,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
    [2011/10/15 02:49:23 | 001,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
    [2011/10/15 02:49:23 | 001,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
    [2011/10/15 02:49:23 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
    [2011/10/15 02:49:22 | 007,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
    [2011/10/15 02:49:22 | 005,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
    [2011/10/15 02:49:19 | 005,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
    [2011/10/15 02:49:18 | 006,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
    [2011/10/15 02:49:17 | 004,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
    [2011/10/15 02:49:15 | 004,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
    [2011/10/15 02:49:15 | 002,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
    [2011/10/15 02:49:14 | 011,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
    [2011/10/15 02:49:14 | 006,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
    [2011/10/15 02:49:14 | 003,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
    [2011/10/15 02:49:12 | 012,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
    [2011/10/15 02:49:12 | 004,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
    [2011/10/15 02:49:12 | 001,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
    [2011/10/15 02:49:11 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
    [2011/10/15 02:49:11 | 002,644,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
    [2011/10/15 02:49:10 | 001,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
    [2011/10/15 02:49:09 | 004,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
    [2011/10/15 02:49:09 | 001,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
    [2011/10/15 02:49:08 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
    [2011/10/15 02:49:08 | 004,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
    [2011/10/15 02:49:08 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
    [2011/10/15 02:49:07 | 006,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
    [2011/10/15 02:49:05 | 006,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
    [2011/10/15 02:49:04 | 009,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
    [2011/10/15 02:49:03 | 006,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
    [2011/10/15 02:49:02 | 005,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
    [2011/10/15 02:49:02 | 001,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
    [2011/10/15 02:49:00 | 004,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
    [2011/10/15 02:48:58 | 005,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
    [2011/10/15 02:48:57 | 005,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
    [2011/10/15 02:48:56 | 007,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
    [2011/10/15 02:48:55 | 005,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
    [2011/10/15 02:48:54 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
    [2011/10/15 02:48:54 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
    [2011/10/15 02:48:53 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
    [2011/10/15 02:48:53 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
    [2011/10/15 02:48:52 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
    [2011/10/15 02:48:52 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
    [2011/10/15 02:48:51 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
    [2011/10/15 02:48:51 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
    [2011/10/15 02:48:51 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
    [2011/10/15 02:48:51 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
    [2011/10/15 02:48:50 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
    [2011/10/15 02:48:50 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
    [2011/10/15 02:48:49 | 003,464,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
    [2011/10/15 02:48:49 | 002,655,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
    [2011/10/15 02:48:48 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
    [2011/10/15 02:48:47 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
    [2011/10/15 02:48:47 | 001,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
    [2011/10/15 02:48:46 | 002,597,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
    [2011/10/15 02:48:46 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
    [2011/10/15 02:48:46 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
    [2011/10/15 02:48:45 | 004,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
    [2011/10/15 02:48:45 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
    [2011/10/15 02:48:45 | 002,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
    [2011/10/15 02:48:44 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
    [2011/10/15 02:48:44 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
    [2011/10/15 02:48:44 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
    [2011/10/15 02:48:44 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
    [2011/10/15 02:48:43 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
    [2011/10/15 02:48:43 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
    [2011/10/15 02:48:42 | 009,845,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
    [2011/10/15 02:48:42 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
    [2011/10/15 02:48:42 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
    [2011/10/15 02:48:41 | 002,641,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
    [2011/10/15 02:48:40 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
    [2011/10/15 02:48:40 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
    [2011/10/15 02:48:39 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
    [2011/10/15 02:48:39 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
    [2011/10/15 02:48:38 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
    [2011/10/15 02:48:38 | 000,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
    [2011/10/15 02:48:37 | 006,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
    [2011/10/15 02:48:37 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
    [2011/10/15 02:48:35 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
    [2011/10/15 02:43:54 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
    [2011/10/15 02:43:54 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
    [2011/10/15 02:43:54 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
    [2011/10/15 02:43:54 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
    [2011/10/15 02:43:50 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    [2011/10/15 02:43:48 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
    [2011/10/15 02:35:53 | 037,093,376 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
    [2011/10/15 02:35:53 | 000,458,752 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
    [2011/10/15 02:35:52 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
    [2011/10/15 02:15:52 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
    [2011/10/15 02:15:52 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
    [2011/10/14 02:00:21 | 000,148,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
    [2011/10/13 02:00:59 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\http.sys.mui
    [2011/10/12 18:03:31 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
    [2011/10/12 17:58:28 | 000,001,479 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
    [2011/10/12 07:31:40 | 000,000,949 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/10/12 03:08:52 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
    [2011/10/12 03:08:51 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2011/10/12 03:08:51 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
    [2011/10/12 03:08:51 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2011/10/12 03:08:51 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
    [2011/10/12 03:06:21 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2011/10/12 03:06:21 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
    [2011/10/12 03:06:21 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
    [2011/10/12 03:06:20 | 002,452,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
    [2011/10/12 03:06:20 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
    [2011/10/12 03:06:20 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
    [2011/10/12 03:06:18 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2011/10/12 03:06:18 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2011/10/12 03:06:17 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2011/10/12 03:06:16 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2011/10/12 03:06:15 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2011/10/12 03:06:11 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2011/10/12 03:06:11 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
    [2011/10/12 03:06:11 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
    [2011/10/12 03:06:09 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2011/10/12 03:06:07 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2011/10/12 03:06:05 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2011/10/12 03:06:03 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2011/10/12 03:06:01 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
    [2011/10/12 03:06:00 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2011/10/12 03:06:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2011/10/12 03:06:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2011/10/12 03:03:51 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
    [2011/10/12 03:03:50 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
    [2011/10/12 03:01:51 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
    [2011/10/12 03:01:51 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
    [2011/10/12 03:01:51 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
    [2011/10/12 03:01:51 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
    [2011/10/12 03:01:51 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
    [2011/10/12 03:01:51 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
    [2011/10/12 03:01:50 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
    [2011/10/12 03:01:50 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
    [2011/10/12 02:58:31 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf
    [2011/10/12 02:58:31 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
    [2011/10/12 02:58:30 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
    [2011/10/12 02:58:30 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
    [2011/10/12 02:58:30 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
    [2011/10/12 02:58:30 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
    [2011/10/12 02:57:23 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
    [2011/10/12 02:57:22 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
    [2011/10/12 02:54:32 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
    [2011/10/12 02:54:32 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
    [2011/10/12 02:54:32 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
    [2011/10/12 02:54:32 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
    [2011/10/12 02:54:32 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
    [2011/10/12 02:54:30 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
    [2011/10/12 02:53:05 | 003,504,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2011/10/12 02:53:04 | 003,470,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2011/10/12 02:46:51 | 000,374,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
    [2011/10/12 02:46:06 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
    [2011/10/12 02:46:06 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
    [2011/10/12 02:44:17 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
    [2011/10/12 02:44:17 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
    [2011/10/12 02:43:20 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
    [2011/10/12 02:41:42 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
    [2011/10/12 02:41:41 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
    [2011/10/12 02:41:41 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
    [2011/10/12 02:41:41 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
    [2011/10/12 02:35:50 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2011/10/12 02:34:24 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    [2011/10/12 02:31:42 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
    [2011/10/12 02:29:19 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouclass.sys.mui
    [2011/10/12 02:29:19 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouhid.sys.mui
    [2011/10/12 02:29:18 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\i8042prt.sys.mui
    [2011/10/12 02:29:18 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\sermouse.sys.mui
    [2011/10/12 02:29:18 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
    [2011/10/12 02:29:18 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
    [2011/10/12 02:29:16 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
    [2011/10/12 02:29:16 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
    [2011/10/12 02:29:16 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
    [2011/10/12 02:29:15 | 000,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
    [2011/10/12 02:29:15 | 000,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
    [2011/10/12 02:29:15 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
    [2011/10/12 02:29:15 | 000,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
    [2011/10/12 02:29:14 | 000,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
    [2011/10/12 02:29:14 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
    [2011/10/12 02:29:13 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
    [2011/10/12 02:29:13 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
    [2011/10/12 02:29:12 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
    [2011/10/12 02:29:12 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
    [2011/10/12 02:29:12 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
    [2011/10/12 02:29:12 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
    [2011/10/12 02:29:10 | 000,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
    [2011/10/12 02:29:10 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
    [2011/10/12 02:29:10 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
    [2011/10/12 02:29:09 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
    [2011/10/12 02:27:29 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
    [2011/10/12 02:27:28 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
    [2011/10/12 02:27:26 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
    [2011/10/12 02:27:26 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
    [2011/10/12 02:27:26 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
    [2011/10/12 02:27:26 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
    [2011/10/12 02:26:46 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
    [2011/10/12 02:26:46 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
    [2011/10/12 02:25:37 | 000,213,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
    [2011/10/12 02:25:37 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
    [2011/10/12 02:25:37 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
    [2011/10/12 02:24:32 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
    [2011/10/12 02:24:32 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
    [2011/10/12 02:24:32 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
    [2011/10/12 02:24:01 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
    [2011/10/12 02:24:00 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
    [2011/10/12 02:22:51 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
    [2011/10/12 02:22:13 | 002,032,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2011/10/12 02:21:45 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
    [2011/10/12 02:21:45 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
    [2011/10/12 02:21:14 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
    [2011/10/12 02:21:11 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
    [2011/10/12 02:21:10 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
    [2011/10/12 02:21:03 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
    [2011/10/12 02:21:03 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
    [2011/10/12 02:19:58 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
    [2011/10/12 02:19:04 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
    [2011/10/12 02:17:33 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
    [2011/10/12 02:17:33 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
    [2011/10/12 02:16:25 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
    [2011/10/12 02:14:46 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
    [2011/10/12 02:10:20 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
    [2011/10/12 02:10:02 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
    [2011/10/12 02:08:35 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
    [2011/10/12 02:08:35 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
    [2011/10/12 02:07:38 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
    [2011/10/12 00:49:12 | 000,000,944 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/10/10 09:26:00 | 002,421,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
    [2011/10/10 09:26:00 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
    [2011/10/10 09:25:31 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
    [2011/10/10 09:25:31 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
    [2011/10/10 09:25:31 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
    [2011/10/10 09:24:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2011/10/10 09:24:52 | 000,171,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
    [2011/10/10 09:24:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
    [2011/10/08 23:09:25 | 000,000,926 | ---- | M] () -- C:\Users\Jon\Desktop\Heroes of Newerth.lnk

    ========== Files Created - No Company Name ==========

    [2011/11/07 03:59:16 | 000,270,408 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
    [2011/11/06 19:02:24 | 000,000,905 | ---- | C] () -- C:\Users\Jon\Desktop\esetsmartinstaller_enu - Shortcut.lnk
    [2011/11/06 18:51:33 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/06 18:44:03 | 000,000,804 | ---- | C] () -- C:\Users\Jon\Desktop\TFC - Shortcut.lnk
    [2011/11/05 01:46:22 | 000,000,215 | ---- | C] () -- C:\Users\Jon\Desktop\Assassin's Creed Brotherhood.url
    [2011/11/04 20:35:39 | 021,240,431 | ---- | C] () -- C:\Users\Jon\Desktop\Scars of Mirrodin.[brine].[53].[GO].o8s
    [2011/11/04 20:34:59 | 012,418,331 | ---- | C] () -- C:\Users\Jon\Desktop\Mirrodin Besieged.[brine].[GO].o8s
    [2011/11/04 20:34:32 | 021,844,331 | ---- | C] () -- C:\Users\Jon\Desktop\Innistrad.[GO].[brine].o8s
    [2011/11/04 20:34:23 | 013,991,524 | ---- | C] () -- C:\Users\Jon\Desktop\New Phyrexia.[GO][brine].o8s
    [2011/11/04 20:33:30 | 004,028,534 | ---- | C] () -- C:\Users\Jon\Desktop\InnistradDFCs.o8s
    [2011/11/04 00:29:05 | 013,846,727 | ---- | C] () -- C:\Users\Jon\Desktop\Magic 2012.[GO].[brine].o8s
    [2011/11/04 00:24:12 | 047,317,693 | ---- | C] () -- C:\Users\Jon\Desktop\Markers&Tokens.o8s
    [2011/11/04 00:21:53 | 000,761,755 | ---- | C] () -- C:\Users\Jon\Desktop\Magic-v2.0.16[brine].o8g
    [2011/11/02 23:34:31 | 000,002,126 | ---- | C] () -- C:\Users\Jon\Desktop\OCTGN.application
    [2011/11/02 21:58:17 | 221,499,942 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/10/30 19:03:12 | 000,000,875 | ---- | C] () -- C:\Users\Jon\Desktop\Batman Villains.lnk
    [2011/10/29 15:32:05 | 000,000,214 | ---- | C] () -- C:\Users\Jon\Desktop\Killing Floor.url
    [2011/10/25 14:13:18 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2855272657-587928351-1394285907-1000UA.job
    [2011/10/25 14:13:17 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2855272657-587928351-1394285907-1000Core.job
    [2011/10/20 18:29:33 | 000,002,158 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
    [2011/10/19 12:46:16 | 000,144,588 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2011/10/19 00:44:17 | 000,000,202 | ---- | C] () -- C:\Users\Public\Desktop\Dungeon Fighter Online.url
    [2011/10/15 02:19:00 | 037,093,376 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
    [2011/10/15 02:19:00 | 000,458,752 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
    [2011/10/15 02:19:00 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
    [2011/10/12 18:03:31 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
    [2011/10/12 17:58:28 | 000,001,479 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
    [2011/10/12 02:58:31 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
    [2011/10/12 00:49:12 | 000,000,944 | ---- | C] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/10/10 09:24:57 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2011/10/10 09:23:50 | 000,001,814 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011/10/08 23:09:13 | 000,000,926 | ---- | C] () -- C:\Users\Jon\Desktop\Heroes of Newerth.lnk
    [2011/10/04 00:54:55 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2011/10/03 21:33:07 | 000,138,536 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2011/10/03 21:33:07 | 000,138,056 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\PnkBstrK.sys
    [2011/10/03 21:32:46 | 000,270,408 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
    [2011/10/03 21:32:43 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
    [2011/10/03 07:18:04 | 000,000,680 | ---- | C] () -- C:\Users\Jon\AppData\Local\d3d9caps.dat
    [2011/08/19 01:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
    [2011/08/19 01:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
    [2011/08/19 01:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
    [2011/08/12 11:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
    [2011/08/03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
    [2011/07/25 22:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2007/08/11 05:39:00 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
    [2007/08/11 05:26:01 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1277.dll
    [2007/08/11 05:21:41 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
    [2007/08/11 05:18:51 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
    [2007/08/11 05:18:51 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
    [2007/05/14 04:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/12/13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/12/13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 04:47:37 | 000,349,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 02:33:01 | 000,662,868 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 02:33:01 | 000,120,830 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/11/01 23:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2006/11/01 23:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

    ========== LOP Check ==========

    [2011/10/12 18:02:27 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Leadertech
    [2011/10/07 18:06:50 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\LolClient
    [2011/11/07 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Mumble
    [2011/10/19 00:59:11 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\NeopleLauncherDFO
    [2011/10/28 21:25:45 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Origin
    [2011/10/03 08:04:13 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Snapfish
    [2011/11/07 03:59:06 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Ubisoft
    [2011/11/07 15:18:00 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2855272657-587928351-1394285907-1000Core.job
    [2011/11/07 15:18:02 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2855272657-587928351-1394285907-1000UA.job
    [2011/11/06 18:45:38 | 000,010,942 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >

    Extras.Txt

    OTL Extras logfile created on: 11/7/2011 5:40:09 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jon\Desktop
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16982)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.36% Memory free
    4.23 Gb Paging File | 2.27 Gb Available in Paging File | 53.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 289.39 Gb Total Space | 203.25 Gb Free Space | 70.23% Space Free | Partition Type: NTFS
    Drive D: | 8.70 Gb Total Space | 1.18 Gb Free Space | 13.51% Space Free | Partition Type: NTFS

    Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
    "C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{10BF0F68-BF8A-4569-8943-4FB1AE2F73FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7A30F604-EC9F-42BB-8199-EAE8ED44D985}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8F2A1B09-73B3-4954-8A7B-CA4440C7850B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9F71D155-4ACD-4ABF-B674-905D6F423966}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{A8FB65E1-DB7B-4459-9CFA-9F96D33A5FCC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BD6CCA7E-7E77-45C1-94CA-A0CBF561CC57}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C45FF973-AA5B-4A23-8A9D-36581B32D789}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D78FE452-9114-49A8-8BEA-4AFF2BDA3CB0}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{EA46BE8B-4233-4A66-A81F-68C5E0A3E823}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{025FF3DD-C578-47CB-B6A9-EB6DB50633EC}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{038DCEA4-6B90-4094-B6BE-AC45BB9F37A0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{0DC5B943-E162-4926-9E75-96060DE1C36B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1203976E-E8F5-4A6B-9D82-550B6304D8E0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{1650FD4C-3B88-4584-B68A-4AD2E2ABAEE9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
    "{19771CDB-8702-48CD-9FC3-A3E73CECA346}" = dir=in | app=c:\users\jon\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{22FB2CB9-B811-444D-A747-75A8350A6FD6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{23C10FC7-3CAE-4238-856E-70528463B17A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{25B45326-7100-47C7-9B55-91A2E5378290}" = protocol=6 | dir=out | app=system |
    "{2CE2568A-8C73-4FAE-A225-BFC475D9E8FA}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{32B069BB-7440-4C5A-9BEF-9A9448FEB618}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{35448048-E818-44D8-8ED2-8466BC53BD19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{35BACCD1-1D27-47F3-A54C-C8FCF3CF58AE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{3FD818E6-7252-48EA-8CEE-341C7B9E8288}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4DEA83A3-048F-4479-9A88-B720365B6823}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{4FF4C67E-7712-44C1-A8F3-6F8631B2614E}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{582DF1FD-0C57-43C8-BDEE-AD19610B501D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5AA453A3-5A8C-4C00-9AE6-73A9B0E2D433}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5FC54D50-C7DE-4A3B-AB2B-B996F81B5309}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{6630B653-EA0F-4FF6-9B21-11A110E79DC5}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
    "{69DB2F94-5294-4F8D-86A2-F0FB28A1D6C8}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{783E69D5-066A-4666-8597-98D9EFB940C7}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
    "{7ACAAF84-B01D-4640-9BFF-805D00FFFC54}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
    "{7B716819-34C5-4F07-A18C-E47AE184D417}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{8010486F-0EA6-4552-AF31-F754EEA984AD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{80F7C08A-07CE-4F1F-9EC5-B2A70C1ED6C1}" = protocol=17 | dir=in | app=c:\users\jon\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{81A337F6-D7F8-4C67-8E96-AE9C639D16B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{98BA3614-C162-4CCA-8E21-245D306BAF89}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{992FAD21-52C0-4E77-98B9-47F156460232}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{A8061CBF-886E-4D36-A1FA-B38F6E9D0016}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{AE4DC9A1-9560-4245-84A7-2F3175F01E1C}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{B03A4068-DA5F-4E0D-818C-925F3EED02A4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
    "{B1EC2E28-64D1-46F1-B114-A31266FBEC79}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{B2D300BF-F4DA-4E27-9090-54E886C7C75C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{BA0F4735-861B-4786-BB54-4CBD3D4026E0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{C6FB1DAA-BD46-4B09-B5B9-FADFDFB97BE4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D53DF246-FA69-444D-A6F9-B0958DB08F41}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{D5E75043-3927-4857-9785-E6B2B45B0935}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{D60E2F8A-78DF-40F4-9D99-2A112CA012AB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{D87173E0-26E7-440A-8724-52C73BE80F45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D8B99F42-38B1-4BA5-8A4A-F48BB7B24834}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{DA9E3E80-5FAE-4414-9C8C-FDE8A7CBF602}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{DED0974C-A002-46BC-8D5D-EAC7A09B8907}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{E0F14F84-B272-4C02-93E3-0587632F676D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E7B42D02-441E-4DC8-A5DF-0C59DE966881}" = protocol=6 | dir=in | app=c:\users\jon\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{ED3AD530-A0A3-430E-B5C9-A7268FB54333}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{F8C43E9A-E38F-459F-846F-28D570263211}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
    "TCP Query User{5AAB0B7C-C0B7-418E-B860-612E6935ACFE}C:\users\jon\appdata\local\apps\2.0\01d1bn6v.8ml\r39acd0b.4ra\octg..tion_0000000000000000_0000.000a_79847e37e4b4a88a\octgn.exe" = protocol=6 | dir=in | app=c:\users\jon\appdata\local\apps\2.0\01d1bn6v.8ml\r39acd0b.4ra\octg..tion_0000000000000000_0000.000a_79847e37e4b4a88a\octgn.exe |
    "TCP Query User{706979AD-880E-42F5-8F6E-B208EF692D89}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
    "TCP Query User{77921628-088A-4A26-90B3-20D5B2D8D1A9}C:\program files\heroes of newerth private test\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth private test\hon.exe |
    "UDP Query User{422B7DAC-458D-4334-A7BC-4AFF3ABE42A0}C:\users\jon\appdata\local\apps\2.0\01d1bn6v.8ml\r39acd0b.4ra\octg..tion_0000000000000000_0000.000a_79847e37e4b4a88a\octgn.exe" = protocol=17 | dir=in | app=c:\users\jon\appdata\local\apps\2.0\01d1bn6v.8ml\r39acd0b.4ra\octg..tion_0000000000000000_0000.000a_79847e37e4b4a88a\octgn.exe |
    "UDP Query User{9D6CF812-F059-4714-BC54-520AA29D3AFA}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
    "UDP Query User{BC2EE3AA-A169-4C06-9BF2-A198884E6EB8}C:\program files\heroes of newerth private test\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth private test\hon.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
    "{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B}" = HP Total Care Advisor
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
    "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
    "{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
    "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A66DBCC6-8802-3D15-9FDF-9552742C08B0}" = Google Talk Plugin
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype&#8482; 5.5
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
    "{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{ED721ABC-423D-4F7D-AEBB-E1E39C388E84}" = Facebook Video Calling 1.0.0.8714
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "7-Zip 9.20" = 7-Zip 9.20
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
    "DFO" = DFOLauncher
    "ESET Online Scanner" = ESET Online Scanner v3
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "hon" = Heroes of Newerth
    "HP Photosmart Essential" = HP Photosmart Essential 2.01
    "Logitech Vid" = Logitech Vid HD
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Origin" = Origin
    "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
    "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
    "PunkBusterSvc" = PunkBuster Services
    "Steam App 1250" = Killing Floor
    "Steam App 48190" = Assassin's Creed Brotherhood
    "SystemRequirementsLab" = System Requirements Lab
    "WildTangent hp Master Uninstall" = My HP Games
    "WinRAR archiver" = WinRAR 4.01 (32-bit)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "09e5f34d09ff8c7d" = OCTGN
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/5/2011 12:29:18 AM | Computer Name = Jon-PC | Source = .NET Runtime | ID = 1026
    Description =

    Error - 11/5/2011 5:37:08 AM | Computer Name = Jon-PC | Source = Application Error | ID = 1000
    Description = Faulting application DFO.exe, version 1.0.44.1, time stamp 0x4ea67d03,
    faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception
    code 0xc0000005, fault offset 0x00022a15, process id 0xd00, application start time
    0x01cc9b98acff5290.

    Error - 11/6/2011 10:42:22 PM | Computer Name = Jon-PC | Source = WerSvc | ID = 5007
    Description =

    Error - 11/6/2011 10:51:27 PM | Computer Name = Jon-PC | Source = WerSvc | ID = 5007
    Description =

    Error - 11/7/2011 4:23:09 AM | Computer Name = Jon-PC | Source = Application Error | ID = 1000
    Description = Faulting application DFO.exe, version 1.0.44.1, time stamp 0x4ea67d03,
    faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception
    code 0xc0000005, fault offset 0x00022a15, process id 0x4e4, application start time
    0x01cc9d25be4c892e.

    Error - 11/7/2011 7:49:46 AM | Computer Name = Jon-PC | Source = VSS | ID = 8194
    Description =

    Error - 11/7/2011 7:52:27 AM | Computer Name = Jon-PC | Source = System Restore | ID = 8193
    Description =

    Error - 11/7/2011 7:56:36 AM | Computer Name = Jon-PC | Source = Application Error | ID = 1000
    Description = Faulting application UbisoftGameLauncher.exe, version 0.0.0.0, time
    stamp 0x4df1e9f0, faulting module UbisoftGameLauncher.exe, version 0.0.0.0, time
    stamp 0x4df1e9f0, exception code 0xc0000005, fault offset 0x00282842, process id
    0x105c, application start time 0x01cc9d44171b149e.

    Error - 11/7/2011 5:47:33 PM | Computer Name = Jon-PC | Source = Application Hang | ID = 1002
    Description = The program chrome.exe version 15.0.874.106 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: e1c Start Time: 01cc9d9670d561fe Termination Time: 11

    Error - 11/7/2011 9:35:23 PM | Computer Name = Jon-PC | Source = WerSvc | ID = 5007
    Description =

    [ System Events ]
    Error - 11/3/2011 4:14:56 AM | Computer Name = Jon-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 1:12:31 AM on 11/3/2011 was unexpected.

    Error - 11/5/2011 7:55:25 PM | Computer Name = Jon-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.212 for the Network Card with network
    address 001D60127D29 has been denied by the DHCP server 192.168.1.254 (The DHCP
    Server sent a DHCPNACK message).

    Error - 11/5/2011 8:08:57 PM | Computer Name = Jon-PC | Source = bowser | ID = 8003
    Description =

    Error - 11/6/2011 10:43:04 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/6/2011 10:44:39 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 11/6/2011 10:48:08 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/7/2011 9:23:22 PM | Computer Name = Jon-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 5:22:19 PM on 11/7/2011 was unexpected.

    Error - 11/7/2011 9:25:03 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/7/2011 9:28:56 PM | Computer Name = Jon-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 5:27:16 PM on 11/7/2011 was unexpected.

    Error - 11/7/2011 9:30:36 PM | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
     
  10. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi PorkCh0p,

    While I am looking over this OTL log please do the following...

    Download CKScanner by askey127 from Here & save it to your Desktop.
    • Right-click and Run as Administrator CKScanner.exe then click Search For Files
    • When the cursor hourglass disappears, click Save List To File
    • A message box will verify the file saved
    • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
    ----------

    Please download MBRCheck.exe to your desktop.
    • Be sure to disable your security programs
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
    • A window will open on your desktop
    • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
    • Please post the contents of that file.

    ==========================================

    In your next reply please post the logs created by CKScanner and MBRCheck. :)
     
  11. PorkCh0p

    PorkCh0p Thread Starter

    Joined:
    Nov 4, 2011
    Messages:
    11
    CKFiles.txt

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files\hp games\bejeweled 2 deluxe\sounds\firecrackle.ogg
    c:\program files\hp games\blasterball 3\data\art\bitmaps\enemies\boss2_crack.jpg.wkz
    c:\program files\hp games\mah jong quest\images\tile_firecracker-1.pnge
    c:\program files\hp games\mah jong quest\images\tile_firecracker-2.pnge
    c:\program files\hp games\mah jong quest\images\tile_firecracker-3.pnge
    c:\program files\hp games\mah jong quest\images\tile_firecracker1.pnge
    c:\program files\hp games\mah jong quest\images\kwazi3\level5-1cracktop.jpge
    c:\program files\hp games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack1.jpge
    c:\program files\hp games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack2.jpge
    scanner sequence 3.ED.11.WUNADV
    ----- EOF -----

    MBRCheck.txt

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: (build 6000), 32-bit
    Base Board Manufacturer: ASUSTeK Computer INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: Compaq-Presario
    System Product Name: GV344AA-ABA SR5262NX
    Logical Drives Mask: 0x000003dc

    Kernel Drivers (total 147):
    0xE2400000 \SystemRoot\system32\ntkrnlpa.exe
    0xE27A2000 \SystemRoot\system32\hal.dll
    0xC5EC6000 \SystemRoot\system32\kdcom.dll
    0xC5E66000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0xC5E5D000 \SystemRoot\system32\PSHED.dll
    0xC5E55000 \SystemRoot\system32\BOOTVID.dll
    0xC5E1A000 \SystemRoot\system32\CLFS.SYS
    0xC611F000 \SystemRoot\system32\CI.dll
    0xC60A4000 \SystemRoot\system32\drivers\Wdf01000.sys
    0xC5E0D000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0xC6061000 \SystemRoot\system32\drivers\acpi.sys
    0xC5E04000 \SystemRoot\system32\drivers\WMILIB.SYS
    0xC6059000 \SystemRoot\system32\drivers\msisadrv.sys
    0xC6034000 \SystemRoot\system32\drivers\pci.sys
    0xC6025000 \SystemRoot\system32\drivers\volmgr.sys
    0xC6015000 \SystemRoot\System32\drivers\mountmgr.sys
    0xC600E000 \SystemRoot\system32\drivers\intelide.sys
    0xC6000000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0xC63B6000 \SystemRoot\System32\drivers\volmgrx.sys
    0xC63AE000 \SystemRoot\system32\drivers\atapi.sys
    0xC6390000 \SystemRoot\system32\drivers\ataport.SYS
    0xC635F000 \SystemRoot\system32\drivers\fltmgr.sys
    0xC634F000 \SystemRoot\system32\drivers\fileinfo.sys
    0xC6346000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0xC6242000 \SystemRoot\system32\drivers\ndis.sys
    0xC6217000 \SystemRoot\system32\drivers\msrpc.sys
    0xC65C7000 \SystemRoot\system32\drivers\NETIO.SYS
    0xC64BF000 \SystemRoot\System32\Drivers\Ntfs.sys
    0xC6455000 \SystemRoot\System32\Drivers\ksecdd.sys
    0xC641F000 \SystemRoot\system32\drivers\volsnap.sys
    0xC620F000 \SystemRoot\System32\Drivers\spldr.sys
    0xC6200000 \SystemRoot\System32\drivers\partmgr.sys
    0xC6410000 \SystemRoot\System32\Drivers\mup.sys
    0xC67DB000 \SystemRoot\System32\drivers\ecache.sys
    0xC67CA000 \SystemRoot\system32\drivers\disk.sys
    0xC67A9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0xC6407000 \SystemRoot\system32\drivers\crcdisk.sys
    0xC7015000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0xC7007000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xCA01A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0xC9D64000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0xC9413000 \SystemRoot\System32\drivers\watchdog.sys
    0xC9401000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xC94E9000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
    0xC9D59000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xC9D1C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xC9D0E000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xC9CC2000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
    0xC9C98000 \SystemRoot\system32\DRIVERS\ks.sys
    0xCAAFE000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
    0xCAA49000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0xC9C8B000 \SystemRoot\system32\drivers\modem.sys
    0xC9C73000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xC9C48000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0xC9C08000 \SystemRoot\system32\DRIVERS\storport.sys
    0xCA00F000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xCAA32000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xCA004000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xCAA0F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xC6662000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xCADED000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xCADD1000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xCAA04000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xCADC6000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xC71CC000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xC95C4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xCADE0000 \SystemRoot\system32\DRIVERS\umbus.sys
    0xCACC2000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xC6D00000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xCAC9D000 \SystemRoot\system32\drivers\nvhda32v.sys
    0xCAC70000 \SystemRoot\system32\drivers\portcls.sys
    0xCAC4B000 \SystemRoot\system32\drivers\drmk.sys
    0xCAE4B000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0xCAE15000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0xC948C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xC7055000 \SystemRoot\System32\Drivers\Null.SYS
    0xC705C000 \SystemRoot\System32\Drivers\Beep.SYS
    0xC7063000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xCAE09000 \SystemRoot\System32\drivers\vga.sys
    0xCB1DF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0xC712D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xC7135000 \SystemRoot\system32\drivers\rdpencdd.sys
    0xCAC00000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xCB1B1000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xC949E000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xCB09C000 \SystemRoot\System32\drivers\tcpip.sys
    0xCB083000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0xCB06E000 \SystemRoot\system32\DRIVERS\tdx.sys
    0xCB05A000 \SystemRoot\system32\DRIVERS\smb.sys
    0xCB013000 \SystemRoot\system32\drivers\afd.sys
    0xCB5CE000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xCB5B8000 \SystemRoot\system32\DRIVERS\pacer.sys
    0xCB005000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xCB5A5000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xCB56A000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xC95CE000 \SystemRoot\system32\drivers\nsiproxy.sys
    0xC9512000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5A2FEB0-399E-4CD0-99BD-0A9308DB0316}\MpKslfa89fbb3.sys
    0xC9518000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5A2FEB0-399E-4CD0-99BD-0A9308DB0316}\MpKsld64b33eb.sys
    0xC951E000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5A2FEB0-399E-4CD0-99BD-0A9308DB0316}\MpKsl6c3d8b98.sys
    0xCB553000 \SystemRoot\System32\Drivers\dfsc.sys
    0xCACF6000 \SystemRoot\System32\Drivers\crashdmp.sys
    0xC7020000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0xC7125000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xCB49C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xC71CE000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xD13DF000 \SystemRoot\system32\DRIVERS\lvuvc.sys
    0xCB48A000 \SystemRoot\system32\drivers\usbaudio.sys
    0xCB43E000 \SystemRoot\system32\DRIVERS\lvrs.sys
    0xD1E00000 \SystemRoot\System32\win32k.sys
    0xC95D8000 \SystemRoot\System32\drivers\Dxapi.sys
    0xCC21A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xCAE3C000 \SystemRoot\system32\DRIVERS\monitor.sys
    0xC9456000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xC6D90000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xC945F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xD4600000 \SystemRoot\System32\TSDDD.dll
    0xD4610000 \SystemRoot\System32\cdd.dll
    0xD4278000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xD52E5000 \SystemRoot\system32\drivers\luafv.sys
    0xD74B2000 \SystemRoot\system32\drivers\spsys.sys
    0xC6DEC000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0xD7BED000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xD7B04000 \SystemRoot\system32\drivers\HTTP.sys
    0xD7AA9000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xD7A90000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xD7A7C000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xD7A5C000 \SystemRoot\system32\drivers\mrxdav.sys
    0xD7A3E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xD7A05000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xD7FEE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xD7FCA000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xC95BA000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
    0xD7EF9000 \SystemRoot\System32\DRIVERS\srv.sys
    0xD8D98000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xDA122000 \SystemRoot\system32\drivers\peauth.sys
    0xC956A000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xCC3A8000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xD4220000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0xD7E00000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0xD8C18000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0xD94BA000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xD4620000 \SystemRoot\System32\ATMFD.DLL
    0xD45DC000 \SystemRoot\system32\drivers\qwavedrv.sys
    0xE53A0000 \??\C:\Windows\system32\drivers\mbam.sys
    0xE1040000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{022D77F4-E330-4D2E-BB1D-906BAD2910ED}\MpKsld7730632.sys
    0xECA0F000 \??\C:\Windows\system32\drivers\EagleXNt.sys
    0x76FA0000 \WINDOWS\System32\ntdll.dll

    Processes (total 62):
    0 System Idle Process
    4 System
    424 C:\WINDOWS\System32\smss.exe
    560 csrss.exe
    616 C:\WINDOWS\System32\wininit.exe
    628 csrss.exe
    660 C:\WINDOWS\System32\services.exe
    704 C:\WINDOWS\System32\lsass.exe
    712 C:\WINDOWS\System32\lsm.exe
    740 C:\WINDOWS\System32\winlogon.exe
    884 C:\WINDOWS\System32\svchost.exe
    940 C:\WINDOWS\System32\svchost.exe
    976 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    1076 C:\WINDOWS\System32\svchost.exe
    1100 C:\WINDOWS\System32\svchost.exe
    1112 C:\WINDOWS\System32\svchost.exe
    1144 C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
    1340 C:\WINDOWS\System32\audiodg.exe
    1376 C:\WINDOWS\System32\SLsvc.exe
    1408 C:\WINDOWS\System32\svchost.exe
    1540 C:\WINDOWS\System32\svchost.exe
    1708 C:\WINDOWS\System32\spoolsv.exe
    1732 C:\WINDOWS\System32\svchost.exe
    568 C:\WINDOWS\System32\taskeng.exe
    652 C:\WINDOWS\System32\dwm.exe
    1368 C:\WINDOWS\explorer.exe
    2040 C:\Program Files\Microsoft Security Client\msseces.exe
    2036 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    2068 C:\Program Files\Pando Networks\Media Booster\PMB.exe
    2076 C:\WINDOWS\ehome\ehtray.exe
    2100 C:\Program Files\Logitech\Vid HD\Vid.exe
    2132 C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe
    2144 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2164 C:\Users\Jon\AppData\Local\Facebook\Update\FacebookUpdate.exe
    2200 C:\WINDOWS\ehome\ehmsas.exe
    2340 C:\WINDOWS\System32\PnkBstrA.exe
    2416 C:\WINDOWS\System32\svchost.exe
    2504 C:\WINDOWS\System32\svchost.exe
    2564 C:\WINDOWS\System32\svchost.exe
    2612 C:\WINDOWS\System32\SearchIndexer.exe
    2692 C:\WINDOWS\System32\drivers\XAudio.exe
    2808 WUDFHost.exe
    3048 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3100 C:\WINDOWS\System32\taskeng.exe
    3144 C:\WINDOWS\System32\mobsync.exe
    3772 C:\Program Files\Steam\Steam.exe
    4032 C:\Program Files\Skype\Phone\Skype.exe
    3260 C:\Program Files\Mumble\mumble.exe
    4744 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    4580 C:\WINDOWS\System32\wuauclt.exe
    2928 C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    160 C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    4996 C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    6068 C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    5128 DFO.exe
    4916 C:\Program Files\Ventrilo\Ventrilo.exe
    5412 C:\WINDOWS\System32\rundll32.exe
    2932 C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    4676 C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
    1196 C:\WINDOWS\System32\SearchProtocolHost.exe
    5040 C:\WINDOWS\System32\SearchFilterHost.exe
    3912 C:\Users\Jon\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`58bca200 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHD320KJ, Rev: CP100-10

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected
    SHA1: 161E5DF10EB9B6EAC4AA8DF99305EF77B11BEBD8


    Done!
     
  12. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi PorkCh0p,

    Is this a corporate or business computer?
     
  13. PorkCh0p

    PorkCh0p Thread Starter

    Joined:
    Nov 4, 2011
    Messages:
    11
    This is my own personal computer at home.
     
  14. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Ok I just had to check. :)

    I am still working on reviewing your OTL log. Its been a crazy day at work. :eek:
     
  15. PorkCh0p

    PorkCh0p Thread Starter

    Joined:
    Nov 4, 2011
    Messages:
    11
    No problem, take all the time you need.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1025506

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice