Ran by SYSTEM at 21-09-2012 08:15:59
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [x]
HKLM\...\Run: [TgbVpn] "C:\Program Files (x86)\TheGreenBow\TheGreenBow VPN\vpnconf.exe" [1739320 2011-10-02] (TheGreenBow)
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2770432 2010-02-09] (VIA)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-12-12] (Apple Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-08-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI={$CHROM_GUID_UNINSTALLS} [187696 2012-02-19] (Blabbers Communications LTD)
HKU\Domsfriend\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
HKU\Domsfriend\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1353080 2012-08-04] (Valve Corporation)
HKU\Domsfriend\...\Run: [Akamai NetSession Interface] "C:\Users\Domsfriend\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-09] (Akamai Technologies, Inc.)
HKU\Domsfriend\...\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe [93696 2010-10-16] (Dxtory Software)
HKU\Domsfriend\...\Run: [Facebook Update] "C:\Users\Domsfriend\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-09-07] (Facebook Inc.)
HKU\Domsfriend\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-12] (Skype Technologies S.A.)
HKU\Domsfriend\...\Run: [Google Update] "C:\Users\Domsfriend\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-29] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E0A255E7-D6BA-4087-BABB-906270D77759}: [NameServer]208.67.222.222
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Services (Whitelisted) ===================
3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [68096 2011-08-25] ()
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll [4537664 2012-09-10] (Akamai Technologies, Inc.)
2 Browser Manager; C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [1701400 2012-09-18] ()
2 Folding@home-CPU-[1]; C:\Folding@HomeCPU\1\Fah.exe -svcstart -d "C:\Folding@HomeCPU\1" [422400 2011-11-04] ()
2 Folding@home-CPU-[2]; C:\Folding@HomeCPU\2\Fah.exe -svcstart -d "C:\Folding@HomeCPU\2" [422400 2011-11-04] ()
2 Folding@home-CPU-[3]; C:\Folding@HomeCPU\3\Fah.exe -svcstart -d "C:\Folding@HomeCPU\3" [422400 2011-11-04] ()
2 Folding@home-CPU-[4]; C:\Folding@HomeCPU\4\Fah.exe -svcstart -d "C:\Folding@HomeCPU\4" [422400 2011-11-04] ()
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-08-28] (LogMeIn Inc.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-15] ()
2 TgbIke Starter; C:\Windows\System32\tgbstarter.exe [162872 2009-11-20] (TheGreenBow)
3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [738152 2012-07-18] (Tunngle.net GmbH)
3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [1255736 2011-04-26] ()
==================== Drivers (Whitelisted) =====================
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-03] ()
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-09-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-04-09] (DT Soft Ltd)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-17] (LogMeIn, Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
1 ndistgb; C:\Windows\System32\Drivers\ndistgb.sys [28728 2011-07-22] (TheGreenBow)
1 TgbIpSec; C:\Windows\System32\Drivers\dfiltervpn.sys [132664 2009-11-20] (TheGreenBow)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-09-20 12:12 - 2012-09-20 12:12 - 00000000 ____D C:\Users\Public\Documents\Tunngle
2012-09-20 12:11 - 2012-09-20 12:12 - 00000000 ____D C:\Program Files (x86)\Tunngle
2012-09-20 10:22 - 2012-09-20 10:22 - 00002346 ____A C:\Users\Public\Desktop\Borderlands 2.lnk
2012-09-19 14:07 - 2012-09-19 14:16 - 00153210 ____A C:\Users\Domsfriend\Desktop\OTL.Txt
2012-09-19 01:56 - 2012-09-19 01:56 - 00600064 ____A (OldTimer Tools) C:\Users\Domsfriend\Desktop\OTL.exe
2012-09-18 14:45 - 2012-09-18 14:45 - 00000000 ____D C:\Users\All Users\Browser Manager
2012-09-18 14:44 - 2012-09-18 14:44 - 00000000 ____D C:\Program Files (x86)\BrowserCompanion
2012-09-18 14:30 - 2012-09-19 03:02 - 00021104 ____A C:\Users\Domsfriend\Desktop\SystemLook.txt
2012-09-18 14:30 - 2012-09-18 14:30 - 00165376 ____A C:\Users\Domsfriend\Desktop\SystemLook_x64.exe
2012-09-17 19:27 - 2012-09-17 19:27 - 00000000 ____D C:\Users\Domsfriend\Documents\FLiNGTrainer
2012-09-17 04:06 - 2012-09-17 04:06 - 00021712 ____A (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2012-09-17 04:06 - 2012-09-17 04:06 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\eSupport.com
2012-09-17 04:05 - 2012-09-17 04:05 - 00624784 ____A (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\Domsfriend\Downloads\driveragent_987.exe
2012-09-17 03:50 - 2012-09-17 03:49 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-17 03:49 - 2012-09-17 03:49 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-17 03:49 - 2012-09-17 03:49 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-17 03:49 - 2012-09-17 03:49 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-17 03:42 - 2012-09-17 03:42 - 00894952 ____A (Oracle Corporation) C:\Users\Domsfriend\Downloads\jxpiinstall(1).exe
2012-09-17 03:41 - 2012-09-17 03:41 - 00245760 ____A C:\Users\Domsfriend\Downloads\SystemRequirementsLab_cyri_4.5.1.0.msi
2012-09-16 22:47 - 2012-09-16 22:47 - 00000000 ____D C:\Users\Domsfriend\AppData\Roaming\Fatshark
2012-09-16 15:43 - 2012-09-16 15:43 - 00001179 ____A C:\Users\UpdatusUser\Desktop\Mount&Blade With Fire and Sword.lnk
2012-09-16 15:38 - 2012-09-16 15:44 - 00000000 ____D C:\Program Files (x86)\Mount&Blade With Fire and Sword
2012-09-16 04:57 - 2012-09-16 04:57 - 01331389 ____A C:\Users\Domsfriend\Downloads\firebug-1.9.0-fx.xpi
2012-09-16 04:34 - 2012-09-16 04:34 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\Macromedia
2012-09-15 14:40 - 2012-09-15 14:40 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-09-15 14:39 - 2012-09-20 12:12 - 00000000 ____D C:\Users\Domsfriend\AppData\Roaming\uTorrent
2012-09-10 19:31 - 2012-09-10 19:31 - 00000000 ____D C:\_OTL
2012-09-10 01:41 - 2012-09-10 01:41 - 00030014 ____A C:\ComboFix.txt
2012-09-10 00:56 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-10 00:56 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-10 00:56 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-10 00:56 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-10 00:56 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-10 00:56 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-10 00:56 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-10 00:56 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-10 00:55 - 2012-09-10 01:41 - 00000000 ____D C:\Qoobox
2012-09-10 00:45 - 2012-09-10 01:29 - 00000000 ____D C:\Windows\erdnt
2012-09-08 00:13 - 2012-09-08 00:13 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-09-07 20:25 - 2012-09-19 02:56 - 00000000 ____D C:\Users\Domsfriend\AppData\Roaming\Skype
2012-09-07 20:25 - 2012-09-07 20:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-09-07 20:25 - 2012-09-07 20:29 - 00000000 ____D C:\Users\All Users\Skype
2012-09-07 19:22 - 2012-09-07 19:23 - 00000000 ____D C:\FRST
2012-09-07 02:23 - 2012-09-20 11:36 - 00000948 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
2012-09-07 02:23 - 2012-09-20 02:36 - 00000926 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
2012-09-07 02:23 - 2012-09-07 02:27 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\Facebook
2012-09-07 00:50 - 2012-09-07 00:52 - 00009719 ____A C:\Users\Domsfriend\Documents\Uninstall Dragon Age 2.log
2012-09-06 20:10 - 2012-09-06 20:10 - 00262144 ____N C:\Windows\Minidump\090712-26130-01.dmp
2012-08-31 22:34 - 2012-09-06 19:37 - 00000000 ____D C:\Windows\W7SBC
2012-08-31 22:34 - 2011-12-25 03:04 - 02388992 ____A (Microsoft Corporation) C:\Windows\explorer_edit_w7sbc.exe
2012-08-31 22:34 - 2011-12-25 03:04 - 02388992 ____A (Microsoft Corporation) C:\Windows\explorer_backup_w7sbc.exe
2012-08-31 22:28 - 2012-09-04 20:18 - 00151608 ____A C:\Windows\UTP.exe
2012-08-31 22:28 - 2010-11-20 19:24 - 00898560 ____A (Microsoft Corporation) C:\Windows\System32\OobeFldr_backup_wti.dll
2012-08-31 22:28 - 2009-12-30 21:22 - 01842688 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame_backup_wti.dll
2012-08-31 22:28 - 2009-12-30 21:18 - 03208192 ____A (Microsoft Corporation) C:\Windows\explorer_backup_wti.exe
2012-08-31 22:28 - 2009-12-30 20:39 - 15181312 ____A (Microsoft Corporation) C:\Windows\System32\shell32_backup_wti.dll
2012-08-31 22:28 - 2009-07-13 17:16 - 02755072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll.backup
2012-08-31 22:28 - 2009-07-13 17:11 - 00245760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll.backup
2012-08-31 22:16 - 2012-09-07 19:26 - 00000000 ____D C:\Program Files\Theme Resource Changer
2012-08-31 02:15 - 2011-10-10 23:10 - 00009106 ____A C:\Program Files (x86)\HUD RED Topshell.theme
2012-08-31 02:15 - 2011-10-10 23:10 - 00009088 ____A C:\Program Files (x86)\HUD RED.theme
2012-08-31 02:15 - 2011-10-10 23:09 - 00009112 ____A C:\Program Files (x86)\HUD RED Topshell Basic.theme
2012-08-31 02:15 - 2011-10-10 23:08 - 00009094 ____A C:\Program Files (x86)\HUD RED Basic.theme
2012-08-31 02:06 - 2012-09-04 21:17 - 00000000 ____D C:\Program Files (x86)\HUD RED
2012-08-31 01:47 - 2012-09-06 19:37 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\Korbin_Bickel
2012-08-31 01:47 - 2012-09-04 21:17 - 00000000 ____D C:\Program Files (x86)\Theme Manager
2012-08-31 01:40 - 2009-07-13 17:41 - 02851328 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll.backup
2012-08-31 01:40 - 2009-07-13 17:41 - 00332288 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll.backup
2012-08-31 01:40 - 2009-07-13 17:41 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll.backup
2012-08-30 16:32 - 2012-08-30 16:32 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-08-26 22:55 - 2012-08-26 22:55 - 00000000 ____D C:\Users\Domsfriend\Documents\NBGI
2012-08-26 22:55 - 2012-08-26 22:55 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\NBGI
2012-08-25 21:53 - 2012-08-25 21:53 - 00262664 ____A C:\Users\Domsfriend\AppData\Roaming\fk1xxx.e2ts
2012-08-25 14:56 - 2012-09-11 02:50 - 00000000 ____D C:\Program Files (x86)\PrivitizeVPN
2012-08-22 02:22 - 2012-08-22 02:22 - 00000000 ____D C:\Ubisoft
2012-08-22 02:20 - 2012-09-19 16:07 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\Deployment
2012-08-22 02:20 - 2012-09-10 01:46 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\Apps\2.0
==================== 3 Months Modified Files ==================
2012-09-20 12:13 - 2011-02-11 22:02 - 02065630 ____A C:\Windows\WindowsUpdate.log
2012-09-20 12:12 - 2012-09-20 12:12 - 00000991 ____A C:\Users\Public\Desktop\Tunngle beta.lnk
2012-09-20 12:01 - 2012-04-07 13:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-20 11:52 - 2012-05-29 00:32 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
2012-09-20 11:36 - 2012-09-07 02:23 - 00000948 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
2012-09-20 10:22 - 2012-09-20 10:22 - 00002346 ____A C:\Users\Public\Desktop\Borderlands 2.lnk
2012-09-20 02:36 - 2012-09-07 02:23 - 00000926 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
2012-09-20 02:23 - 2011-04-27 18:20 - 00139808 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-09-20 00:52 - 2012-05-29 00:32 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
2012-09-19 20:14 - 2011-04-26 02:50 - 00139808 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-09-19 18:58 - 2009-07-13 20:51 - 00879372 ____A C:\Windows\setupact.log
2012-09-19 14:16 - 2012-09-19 14:07 - 00153210 ____A C:\Users\Domsfriend\Desktop\OTL.Txt
2012-09-19 03:02 - 2012-09-18 14:30 - 00021104 ____A C:\Users\Domsfriend\Desktop\SystemLook.txt
2012-09-19 02:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-19 02:03 - 2011-02-11 23:03 - 00602596 ____A C:\Windows\PFRO.log
2012-09-19 02:02 - 2011-10-06 01:27 - 00000000 ____A C:\Windows\SysWOW64\Access.dat
2012-09-19 01:56 - 2012-09-19 01:56 - 00600064 ____A (OldTimer Tools) C:\Users\Domsfriend\Desktop\OTL.exe
2012-09-18 14:44 - 2012-05-05 17:24 - 00000805 ____A C:\user.js
2012-09-18 14:30 - 2012-09-18 14:30 - 00165376 ____A C:\Users\Domsfriend\Desktop\SystemLook_x64.exe
2012-09-17 04:12 - 2009-07-13 20:45 - 00014416 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-17 04:12 - 2009-07-13 20:45 - 00014416 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-17 04:06 - 2012-09-17 04:06 - 00021712 ____A (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2012-09-17 04:05 - 2012-09-17 04:05 - 00624784 ____A (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\Domsfriend\Downloads\driveragent_987.exe
2012-09-17 03:49 - 2012-09-17 03:50 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-17 03:49 - 2012-09-17 03:49 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-17 03:49 - 2012-09-17 03:49 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-17 03:49 - 2012-09-17 03:49 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-17 03:49 - 2011-04-11 23:09 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-09-17 03:42 - 2012-09-17 03:42 - 00894952 ____A (Oracle Corporation) C:\Users\Domsfriend\Downloads\jxpiinstall(1).exe
2012-09-17 03:41 - 2012-09-17 03:41 - 00245760 ____A C:\Users\Domsfriend\Downloads\SystemRequirementsLab_cyri_4.5.1.0.msi
2012-09-16 22:46 - 2011-02-28 01:29 - 01528532 ____A C:\Windows\DirectX.log
2012-09-16 15:43 - 2012-09-16 15:43 - 00001179 ____A C:\Users\UpdatusUser\Desktop\Mount&Blade With Fire and Sword.lnk
2012-09-16 04:57 - 2012-09-16 04:57 - 01331389 ____A C:\Users\Domsfriend\Downloads\firebug-1.9.0-fx.xpi
2012-09-10 01:41 - 2012-09-10 01:41 - 00030014 ____A C:\ComboFix.txt
2012-09-10 01:19 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-07 15:55 - 2011-04-22 00:49 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-09-07 15:55 - 2011-02-28 19:36 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-09-07 00:52 - 2012-09-07 00:50 - 00009719 ____A C:\Users\Domsfriend\Documents\Uninstall Dragon Age 2.log
2012-09-07 00:23 - 2011-02-14 16:30 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-09-06 20:10 - 2012-09-06 20:10 - 00262144 ____N C:\Windows\Minidump\090712-26130-01.dmp
2012-09-05 11:20 - 2011-10-30 22:17 - 00000254 ____A C:\Users\Domsfriend\Downloads\RemoveWAT21.rar
2012-09-04 20:18 - 2012-08-31 22:28 - 00151608 ____A C:\Windows\UTP.exe
2012-08-31 22:37 - 2009-07-13 20:45 - 05062304 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-31 22:28 - 2009-07-13 15:39 - 02755072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2012-08-31 22:28 - 2009-07-13 15:39 - 00245760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2012-08-31 01:40 - 2009-07-13 15:55 - 00332288 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2012-08-31 01:40 - 2009-07-13 15:54 - 02851328 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll
2012-08-31 01:40 - 2009-07-13 15:54 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll
2012-08-28 20:53 - 2011-03-10 21:51 - 00188416 __ASH C:\Users\Domsfriend\Desktop\Thumbs.db
2012-08-28 01:37 - 2011-02-28 19:36 - 00281120 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-08-25 21:53 - 2012-08-25 21:53 - 00262664 ____A C:\Users\Domsfriend\AppData\Roaming\fk1xxx.e2ts
2012-08-21 01:13 - 2012-08-12 20:55 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-21 01:13 - 2011-05-25 19:55 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-21 01:13 - 2011-02-14 16:30 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-21 01:13 - 2011-02-14 16:30 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-21 01:13 - 2011-02-14 16:30 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-08-21 01:13 - 2011-02-14 16:30 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-21 01:12 - 2011-02-14 16:30 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-21 01:12 - 2011-02-14 16:29 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-08-21 01:12 - 2011-02-14 16:29 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-16 22:38 - 2012-08-16 22:37 - 00014013 ____A C:\Users\Domsfriend\Documents\Install STAR WARS The Old Republic.log
2012-08-15 03:02 - 2012-04-07 13:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-15 03:02 - 2011-06-23 19:49 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-11 20:37 - 2011-05-30 03:39 - 00002443 ____A C:\Windows\DXError.log
2012-08-10 22:27 - 2012-08-10 22:27 - 00001335 ____A C:\Users\UpdatusUser\Desktop\Play Star Wars Battlefront II.lnk
2012-07-29 20:55 - 2009-07-13 21:08 - 00032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-17 20:50 - 2012-07-17 20:48 - 00004357 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b05.log
2012-07-17 20:38 - 2012-07-17 20:37 - 00833024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2012-07-17 20:38 - 2012-07-17 20:37 - 00002048 ____A C:\Windows\SysWOW64\winver.exe
2012-07-17 20:37 - 2012-07-17 20:37 - 00410624 ____A C:\Windows\SysWOW64\systemcpl.dll
2012-07-17 20:37 - 2012-07-17 20:37 - 00113543 ____A C:\Windows\SysWOW64\slmgr.vbs
2012-07-17 20:37 - 2012-07-17 20:37 - 00113543 ____A C:\Windows\System32\slmgr.vbs
2012-07-17 20:37 - 2012-07-17 20:37 - 00001536 ____A C:\Windows\SysWOW64\sppcomapi.dll
2012-07-15 22:07 - 2012-07-15 22:07 - 00000012 ____A C:\Windows\srun.log
2012-06-28 00:23 - 2012-06-01 15:47 - 00476976 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2011-04-25 14:13] - [2009-12-30 21:18] - 3208192 ____A (Microsoft Corporation) FB1A146CAF496742EDB4BC14808440CF
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2009-07-13 15:38] - [2011-10-21 20:41] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E
C:\Windows\SysWOW64\User32.dll
[2012-07-17 20:37] - [2012-07-17 20:38] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-09-19 01:58:12
Restore point made on: 2012-09-19 02:00:18
Restore point made on: 2012-09-19 02:46:18
Restore point made on: 2012-09-20 10:29:42
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 4094.18 MB
Available physical RAM: 3465.68 MB
Total Pagefile: 4092.32 MB
Available Pagefile: 3457.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:931.41 GB) (Free:334.9 GB) NTFS
2 Drive e: (Fired Up) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
3 Drive f: (LINCOLN 1) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 7633 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F LINCOLN 1 FAT32 Removable 7633 MB Healthy
=========================================================
Last Boot: 2012-09-15 15:29
==================== End Of Log =============================