Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected i think, BSOD issues


  • This topic is locked This topic is locked
25 replies to this topic

#1 axuy09

axuy09

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 09 July 2013 - 10:38 PM

Hi I was being helped in this thread

 

http://www.bleepingcomputer.com/forums/t/500421/bsod-crashing-constantly/page-2

 

Now advised to move here

 

 

Sorry but I am unable to use my internet for about 1 day (ISP problems) and this is from someone elses computer.

It would be better for you to post in the Experts area for further help -

 

Please follow the instructions in ==>This Guide<== starting at Step #6.  If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== 
Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

 

NOTE : Please Copy / Paste all logs requested, and do not use Attach unless specifically asked -

 

Good luck and be very patient, as the area can get very busy.

 

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

 

Thank You -

 

EDIT - Attempted to post (3 times), but needed to use another computer to get this to you -

Am at Step #6 DDS log to follow

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.25.2
Run by god at 11:22:56 on 2013-07-10
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.8190.4186 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\Elia\IAG Remote Access Agent\mymungosorg\mungos1\uagqecsvc.exe
C:\Program Files (x86)\ASUS\Printer Utilities\UsbService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\alg.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Elia\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Elia\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Cobian Backup 11\cbService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Runtime Software\DriveImage XML\dixml.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: ASUSDM Class: {2C69D1E6-557A-4712-A1D5-56C7993EB73F} - C:\Program Files (x86)\ASUS\Download Master Utility\ASUSDMBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Download Master] C:\Program Files (x86)\ASUS\Download Master Utility\DM2.exe /hide
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat
uRunOnce: [Report] \AdwCleaner[S3].txt
mRun: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download by ASUS Download Master - C:\Program Files (x86)\ASUS\Download Master Utility\ASDownload.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1084549D-4B20-4D55-93CA-CE2C0A07B4A9} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-12 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-17 238080]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2012-2-12 96896]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2013-7-10 67584]
R2 CobianBackup11;Cobian Backup 11 Gravity;C:\Program Files (x86)\Cobian Backup 11\cbService.exe [2013-7-10 1131008]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-8 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-8 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Users\Elia\IAG Remote Access Agent\mymungosorg\mungos1\uagqecsvc.exe [2011-9-21 149904]
R2 UsbService;ASUS Virtual MFP Service;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService.exe [2013-6-27 217088]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-22 24608]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-22 351520]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2011-4-1 4763680]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-16 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-10-10 1196032]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-10-13 46136]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-25 37344]
S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;C:\Windows\System32\drivers\libusb0.sys [2012-3-14 52320]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2012-1-9 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2012-1-9 171008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-6 19456]
S3 SRS_ViewSonic;SRS Labs WOW HD ViewSonic;C:\Windows\System32\drivers\SRS_ViewSonic_amd64.sys [2011-10-3 50304]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-6 57856]
S3 vuhub;Virtual Usb Hub;C:\Windows\System32\drivers\vuhub.sys [2013-1-26 47616]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-21 1255736]
S4 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S4 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-3-6 57856]
S4 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-1-6 14456]
S4 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2013-1-26 38912]
S4 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504]
S4 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
.
=============== Created Last 30 ================
.
2013-07-10 03:00:03    --------    d-----w-    C:\Program Files (x86)\Runtime Software
2013-07-10 02:50:13    --------    d-----w-    C:\Program Files (x86)\Cobian Backup 11
2013-07-10 02:42:32    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DDA063F-C5E6-41CD-95E3-7D999D30E1CC}\mpengine.dll
2013-07-09 03:54:08    100    ----a-w-    C:\Windows\DeleteOnReboot.bat
2013-07-09 03:43:46    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-09 03:20:12    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2013-07-09 03:20:09    --------    d-----w-    C:\Program Files\Common Files\ATI Technologies
2013-07-09 03:20:09    --------    d-----w-    C:\Program Files (x86)\Common Files\ATI Technologies
2013-07-09 02:33:38    --------    d-----w-    C:\Users\god\AppData\Roaming\SUPERAntiSpyware.com
2013-07-09 02:33:34    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-07-09 02:33:34    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-07-08 15:03:59    9552976    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-08 10:14:15    --------    d-----w-    C:\Users\god\AppData\Roaming\Malwarebytes
2013-07-07 14:57:53    --------    d-----w-    C:\Program Files (x86)\ESET
2013-07-07 14:17:25    --------    d-----w-    C:\Users\god\AppData\Roaming\EndNote
2013-07-06 15:28:59    --------    d-----w-    C:\ProgramData\WindowsPerformanceRecorder
2013-07-06 13:19:36    --------    d-----w-    C:\ProgramData\Windows App Certification Kit
2013-07-06 13:19:18    --------    d-----w-    C:\Program Files\Application Verifier
2013-07-06 13:19:18    --------    d-----w-    C:\Program Files (x86)\Application Verifier
2013-07-06 13:18:03    --------    d-----w-    C:\Program Files (x86)\Windows Kits
2013-07-06 13:18:03    --------    d-----w-    C:\Program Files (x86)\Common Files\Microsoft
2013-07-06 13:06:46    --------    d-----w-    C:\ProgramData\Package Cache
2013-06-27 16:01:22    263576    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-27 14:15:11    --------    d-----w-    C:\ProgramData\CanonIJPLM
2013-06-27 14:14:34    361472    ----a-w-    C:\Windows\System32\CNMXLMAD.DLL
2013-06-27 08:11:58    --------    d-----w-    C:\Users\god\AppData\Local\Diagnostics
2013-06-25 07:05:13    --------    d-----w-    C:\Program Files (x86)\Combined Community Codec Pack
2013-06-25 07:04:26    --------    d-----w-    C:\Users\god\AppData\Local\Programs
2013-06-25 07:04:24    29184    ----a-r-    C:\Users\god\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2013-06-25 07:04:20    --------    d-----w-    C:\Program Files (x86)\mkv2vob
2013-06-25 07:03:44    --------    d-----w-    C:\Program Files\Handbrake
2013-06-24 12:28:55    --------    d-----w-    C:\ProgramData\Search Protection
2013-06-21 05:48:51    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{368525FF-56F0-4A6A-9A4F-56018D8298D8}\gapaengine.dll
2013-06-15 13:02:30    3584    ----a-w-    C:\Windows\System32\drivers\nb-NO\vpchbus.sys.mui
2013-06-12 16:39:43    --------    d-----w-    C:\Program Files (x86)\SpeedFan
2013-06-12 15:02:47    701952    ----a-w-    C:\Program Files\Internet Explorer\ieproxy.dll
2013-06-12 14:12:06    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-06-12 14:11:59    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-06-12 14:11:59    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-06-10 17:28:31    --------    d-----w-    C:\Program Files\Microsoft Mouse and Keyboard Center
.
==================== Find3M  ====================
.
2013-07-09 03:43:40    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-07-09 03:43:40    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-24 12:27:06    14456    ----a-w-    C:\Windows\System32\drivers\gfibto.sys
2013-06-12 05:43:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 05:43:20    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-06-04 01:15:02    103448    ----a-w-    C:\Windows\System32\drivers\ssudbus.sys
2013-06-04 01:15:00    203672    ----a-w-    C:\Windows\System32\drivers\ssudmdm.sys
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 07:36:06    76464    ----a-w-    C:\Windows\System32\drivers\dc3d.sys
2013-05-13 07:36:06    50864    ----a-w-    C:\Windows\System32\drivers\point64.sys
2013-05-13 07:36:06    2274480    ----a-w-    C:\Windows\System32\coin94.dll
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-03 03:08:24    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-24 02:33:49    362029    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2013-04-18 11:08:14    4659712    ----a-w-    C:\Windows\SysWow64\Redemption.dll
2013-04-18 11:07:00    90112    ----a-w-    C:\Windows\MAMCityDownload.ocx
2013-04-18 11:07:00    330240    ----a-w-    C:\Windows\MASetupCaller.dll
2013-04-18 11:07:00    30568    ----a-w-    C:\Windows\MusiccityDownload.exe
2013-04-18 11:06:08    821824    ----a-w-    C:\Windows\SysWow64\dgderapi.dll
2013-04-17 07:02:06    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-04-16 15:51:05    414632    ------w-    C:\Windows\difxapi.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 11:23:20.16 ===============
 

Attached Files


Edited by axuy09, 10 July 2013 - 12:53 AM.


BC AdBot (Login to Remove)

 


#2 axuy09

axuy09
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 10 July 2013 - 01:02 AM

So more information i am  following these steps.

 

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

& have created this thread.

 

Will no look over these steps

 

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

I am currently backing up my computer using Drive image xml (even tho win 7 automatically does a backs up )

 

Although i do not think it is a dirty computer (I vacum it occasionally) I have bought compressed air (who knew air would be so expensive) I will endeavour to do clean more thoroughly after Drive image has finished



#3 axuy09

axuy09
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 10 July 2013 - 10:28 AM

Just finished cleaning my computer!



#4 axuy09

axuy09
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 10 July 2013 - 12:42 PM

Have updated firmware on my SSD



#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 14 July 2013 - 10:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/500605 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 axuy09

axuy09
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 17 July 2013 - 12:10 PM

Hi the problems I am having are listed above.

 

I think i may have a malware ?something on here

 

I am using Win7 64 bit edition. I have the original Windows 7 ultimate dvd it is an OEM? (not sure what that means)

 

I may have issues with conflicting or out of date drivers or virus?


Edited by axuy09, 17 July 2013 - 12:17 PM.


#7 axuy09

axuy09
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 17 July 2013 - 12:35 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by god at 1:28:25 on 2013-07-18
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.8190.3977 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\obfsproxy\nssm.exe
C:\Program Files (x86)\obfsproxy\obfsproxy.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\Elia\IAG Remote Access Agent\mymungosorg\mungos1\uagqecsvc.exe
C:\Program Files (x86)\ASUS\Printer Utilities\UsbService.exe
C:\Program Files\TorGuard.Viscosity\ViscosityVPPVPNetworksLLCService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\alg.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Elia\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Elia\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\DeviceManager.exe
C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\ConnectionManager.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: ASUSDM Class: {2C69D1E6-557A-4712-A1D5-56C7993EB73F} - C:\Program Files (x86)\ASUS\Download Master Utility\ASUSDMBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Download Master] C:\Program Files (x86)\ASUS\Download Master Utility\DM2.exe /hide
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download by ASUS Download Master - C:\Program Files (x86)\ASUS\Download Master Utility\ASDownload.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0EF83578-7F20-4E27-BDBE-06BFBA52656C} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{1084549D-4B20-4D55-93CA-CE2C0A07B4A9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D61D2D5C-4E0C-40F7-8C83-01C738B8BCD0} : DHCPNameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-12 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-17 238080]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2012-2-12 96896]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-8 418376]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 139616]
R2 obfsproxy service;obfsproxy service;C:\Program Files (x86)\obfsproxy\nssm.exe [2011-10-12 113152]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Users\Elia\IAG Remote Access Agent\mymungosorg\mungos1\uagqecsvc.exe [2011-9-21 149904]
R2 UsbService;ASUS Virtual MFP Service;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService.exe [2013-6-27 217088]
R2 ViscosityVPPVPNetworksLLCService;ViscosityVPP VPNetworks LLC Service;C:\Program Files\TorGuard.Viscosity\ViscosityVPPVPNetworksLLCService.exe [2013-7-13 48216]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-22 24608]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-22 351520]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2011-4-1 4763680]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-16 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-10-10 1196032]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-8 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-10-13 46136]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-25 37344]
S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;C:\Windows\System32\drivers\libusb0.sys [2012-3-14 52320]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2012-1-9 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2012-1-9 171008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-6 19456]
S3 SRS_ViewSonic;SRS Labs WOW HD ViewSonic;C:\Windows\System32\drivers\SRS_ViewSonic_amd64.sys [2011-10-3 50304]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-6 57856]
S3 visctap0901;Viscosity Virtual Adapter V9.1;C:\Windows\System32\drivers\visctap0901.sys [2013-7-13 38856]
S3 vuhub;Virtual Usb Hub;C:\Windows\System32\drivers\vuhub.sys [2013-1-26 47616]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-21 1255736]
S4 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S4 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-3-6 57856]
S4 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-1-6 14456]
S4 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2013-1-26 38912]
S4 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504]
S4 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]
.
=============== Created Last 30 ================
.
2013-07-17 01:54:48    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F8540690-F9A5-4BD3-9B7B-C758E8933C08}\offreg.dll
2013-07-17 01:54:15    941720    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7E910230-8AF0-448B-861A-2940594F4F4F}\gapaengine.dll
2013-07-17 01:54:04    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F8540690-F9A5-4BD3-9B7B-C758E8933C08}\mpengine.dll
2013-07-16 06:38:10    --------    d-----w-    C:\Program Files (x86)\SpeedFan
2013-07-15 10:22:17    9552976    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-14 16:27:08    --------    d-----w-    C:\Program Files\TAP-Windows
2013-07-14 16:27:06    --------    d-----w-    C:\Program Files\OpenVPN
2013-07-14 15:52:31    --------    d-----w-    C:\Users\god\AppData\Roaming\TeraCopy
2013-07-14 15:50:07    --------    d-----w-    C:\Program Files (x86)\obfsproxy
2013-07-13 15:13:29    --------    d-----w-    C:\Program Files\Common Files\Viscosity
2013-07-13 14:12:37    --------    d-----w-    C:\Users\god\AppData\Roaming\ViscosityVPP_torguard
2013-07-13 14:12:16    38856    ----a-w-    C:\Windows\System32\drivers\visctap0901.sys
2013-07-13 14:12:13    --------    d-----w-    C:\Program Files\TorGuard.Viscosity
2013-07-13 13:03:01    --------    d-----w-    C:\Users\god\.swt
2013-07-13 13:02:03    --------    d-----w-    C:\Program Files (x86)\TorGuard
2013-07-10 16:13:18    --------    d-----w-    C:\Users\god\AppData\Roaming\JAM Software
2013-07-10 07:41:53    --------    d-----w-    C:\Windows\System32\MRT
2013-07-10 06:42:53    9216    ----a-w-    C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 03:00:03    --------    d-----w-    C:\Program Files (x86)\Runtime Software
2013-07-09 03:54:08    100    ----a-w-    C:\Windows\DeleteOnReboot.bat
2013-07-09 03:43:46    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-09 03:20:12    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2013-07-09 03:20:09    --------    d-----w-    C:\Program Files\Common Files\ATI Technologies
2013-07-09 03:20:09    --------    d-----w-    C:\Program Files (x86)\Common Files\ATI Technologies
2013-07-09 02:33:38    --------    d-----w-    C:\Users\god\AppData\Roaming\SUPERAntiSpyware.com
2013-07-09 02:33:34    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-07-09 02:33:34    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-07-08 10:14:15    --------    d-----w-    C:\Users\god\AppData\Roaming\Malwarebytes
2013-07-07 14:57:53    --------    d-----w-    C:\Program Files (x86)\ESET
2013-07-07 14:17:25    --------    d-----w-    C:\Users\god\AppData\Roaming\EndNote
2013-07-06 15:28:59    --------    d-----w-    C:\ProgramData\WindowsPerformanceRecorder
2013-07-06 13:19:36    --------    d-----w-    C:\ProgramData\Windows App Certification Kit
2013-07-06 13:19:18    --------    d-----w-    C:\Program Files\Application Verifier
2013-07-06 13:19:18    --------    d-----w-    C:\Program Files (x86)\Application Verifier
2013-07-06 13:18:03    --------    d-----w-    C:\Program Files (x86)\Windows Kits
2013-07-06 13:18:03    --------    d-----w-    C:\Program Files (x86)\Common Files\Microsoft
2013-07-06 13:06:46    --------    d-----w-    C:\ProgramData\Package Cache
2013-06-27 16:01:22    263576    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-27 14:15:11    --------    d-----w-    C:\ProgramData\CanonIJPLM
2013-06-27 14:14:34    361472    ----a-w-    C:\Windows\System32\CNMXLMAD.DLL
2013-06-27 08:11:58    --------    d-----w-    C:\Users\god\AppData\Local\Diagnostics
2013-06-25 07:05:13    --------    d-----w-    C:\Program Files (x86)\Combined Community Codec Pack
2013-06-25 07:04:26    --------    d-----w-    C:\Users\god\AppData\Local\Programs
2013-06-25 07:04:24    29184    ----a-r-    C:\Users\god\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2013-06-25 07:04:20    --------    d-----w-    C:\Program Files (x86)\mkv2vob
2013-06-25 07:03:44    --------    d-----w-    C:\Program Files\Handbrake
2013-06-24 12:28:55    --------    d-----w-    C:\ProgramData\Search Protection
2013-06-21 05:48:51    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{368525FF-56F0-4A6A-9A4F-56018D8298D8}\gapaengine.dll
2013-06-18 13:50:08    247216    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
.
==================== Find3M  ====================
.
2013-07-09 17:03:30    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-07-09 03:43:40    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-07-09 03:43:40    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-24 12:27:06    14456    ----a-w-    C:\Windows\System32\drivers\gfibto.sys
2013-06-18 13:50:08    139616    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-12 05:43:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 05:43:20    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-06-04 01:15:02    103448    ----a-w-    C:\Windows\System32\drivers\ssudbus.sys
2013-06-04 01:15:00    203672    ----a-w-    C:\Windows\System32\drivers\ssudmdm.sys
2013-05-13 07:36:06    76464    ----a-w-    C:\Windows\System32\drivers\dc3d.sys
2013-05-13 07:36:06    50864    ----a-w-    C:\Windows\System32\drivers\point64.sys
2013-05-13 07:36:06    2274480    ----a-w-    C:\Windows\System32\coin94.dll
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49    1887744    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35    1620480    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-04-24 02:33:49    362029    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
.
============= FINISH:  1:28:43.56 ===============Attached File  Attach1807130131.zip   5.15KB   0 downloads


Edited by axuy09, 17 July 2013 - 12:41 PM.


#8 eddie5659

eddie5659

  • Malware Response Team
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 18 July 2013 - 01:54 PM

Hiya

I've just spent a good half hour reading your previous thread, and this one, so lets see what we have :)

I may use some tools you've already used, but as you probably know, the tools update daily for newer infections :wink:


So, lets begin :)

-----

You mentioned here that SAS found a new trojan:

http://www.bleepingcomputer.com/forums/t/500421/bsod-crashing-constantly/#entry3099287

Can you post the log?


Also, can you run the following for me and post the logs they create:


Download

 

http://oldtimer.geekstogo.com/OTL.exe

 

to your Desktop
 

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Select
    All Users
    LOP Check
    Purity Check
  • Under the Standard Registry box change it to All
  • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

    netsvcs
    activex
    msconfig
    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.exe
    %LOCALAPPDATA%\*.exe
    %windir%\Installer\*.*
    %windir%\system32\tasks\*.*
    %windir%\system32\tasks\*.* /64
    %systemroot%\Fonts\*.exe
    %systemroot%\*. /mp /s
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    regedit.exe
    Userinit.exe
    svchost.exe
    services.exe
    user32.dll
    ATAPI.SYS
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\* \s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    A black box will appear, this is part of the custom scan, so don't be alarmed ;)
    IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES
     
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic



Thanks

eddie


Edited by eddie5659, 18 July 2013 - 01:56 PM.


#9 axuy09

axuy09
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 18 July 2013 - 08:52 PM

Hi Eddie i can't find the SAS log? i don't know where that would be. here is the otl log

 


 OTL logfile created on: 19/07/2013 09:20:01 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Users\elia\Downloads\BLEEPING FIX COMPUTER DOWNLOADS 100713
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
8.00 Gb Total Physical Memory | 3.88 Gb Available Physical Memory | 48.50% Memory free
15.99 Gb Paging File | 11.95 Gb Available in Paging File | 74.73% Paging File free
Paging file location(s): e:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.79 Gb Total Space | 45.03 Gb Free Space | 40.29% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 30.43 Mb Free Space | 30.43% Space Free | Partition Type: NTFS
Drive E: | 931.41 Gb Total Space | 272.93 Gb Free Space | 29.30% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 174.23 Gb Free Space | 18.70% Space Free | Partition Type: NTFS
 
Computer Name: MY | User Name: god | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/09 23:44:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Users\elia\Downloads\BLEEPING FIX COMPUTER DOWNLOADS 100713\OTL.exe
PRC - [2013/06/18 22:21:12 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/06/14 01:03:00 | 000,943,016 | ---- | M] (Lavasoft) -- C:\ProgramData\Search Protection\SearchProtection.exe
PRC - [2013/06/12 13:43:20 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Elia\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/05/23 14:17:00 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/16 03:28:12 | 004,683,768 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2012/02/13 17:57:02 | 000,874,765 | ---- | M] () -- C:\Program Files (x86)\obfsproxy\obfsproxy.exe
PRC - [2011/09/21 22:24:02 | 000,149,904 | ---- | M] (Microsoft ® Corporation) -- C:\Users\Elia\IAG Remote Access Agent\mymungosorg\mungos1\uagqecsvc.exe
PRC - [2010/08/10 21:37:22 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\ASUS\Printer Utilities\UsbService.exe
PRC - [2009/12/28 21:33:00 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/17 09:54:24 | 000,192,512 | ---- | M] () -- C:\Users\god\AppData\Local\Temp\sfamcc00001.dll
MOD - [2013/07/17 09:54:24 | 000,158,720 | ---- | M] () -- C:\Users\god\AppData\Local\Temp\sfareca00001.dll
MOD - [2013/06/18 22:21:31 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/06/12 13:43:18 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/06/18 13:16:14 | 000,048,216 | ---- | M] (SparkLabs) [Auto | Running] -- C:\Program Files\TorGuard.Viscosity\ViscosityVPPVPNetworksLLCService.exe -- (ViscosityVPPVPNetworksLLCService)
SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/19 15:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/11/17 04:44:58 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/07/24 20:13:08 | 000,034,512 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV:64bit: - [2012/07/12 02:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/09/28 03:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/18 22:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/12 13:43:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 18:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/01 16:07:16 | 000,724,888 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/07/25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012/07/25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012/03/02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011/10/12 05:51:08 | 000,113,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\obfsproxy\nssm.exe -- (obfsproxy service)
SRV - [2011/09/21 22:24:02 | 000,149,904 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- C:\Users\Elia\IAG Remote Access Agent\mymungosorg\mungos1\uagqecsvc.exe -- (uagqecsvc)
SRV - [2010/11/20 20:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 20:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 20:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/08/10 21:37:22 | 000,217,088 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\Printer Utilities\UsbService.exe -- (UsbService)
SRV - [2010/04/06 03:55:01 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/12/28 21:33:00 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/24 20:27:06 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/18 13:16:22 | 000,038,856 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\visctap0901.sys -- (visctap0901)
DRV:64bit: - [2013/06/04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/06/04 09:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/05/13 15:36:06 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/05/13 15:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/17 05:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/11/17 05:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/11/17 03:39:12 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 19:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/09/26 20:41:00 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/09/22 03:04:24 | 000,024,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012/09/22 03:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/22 03:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 22:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 22:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/20 19:49:00 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/06/27 15:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/04/09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/03/14 09:45:32 | 000,052,320 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/09 17:28:20 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012/01/09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012/01/09 17:28:20 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2012/01/09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012/01/09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012/01/09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/09/02 14:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 14:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 14:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/07/23 00:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/13 05:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 21:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 19:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 18:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/20 18:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/09/07 14:27:24 | 000,038,912 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\PcaSp60.sys -- (PcaSp60)
DRV:64bit: - [2010/03/29 11:17:58 | 000,064,040 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 08:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 11:24:58 | 001,196,032 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/03/24 14:26:58 | 000,050,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SRS_ViewSonic_amd64.sys -- (SRS_ViewSonic)
DRV:64bit: - [2007/12/17 10:25:14 | 000,047,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vuhub.sys -- (vuhub)
DRV - [2013/02/05 16:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/09/07 14:27:24 | 000,038,912 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Disabled | Stopped] -- C:\Windows\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60)
DRV - [2009/10/21 13:04:22 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 69 CD 0D A0 88 CC 01  [binary data]
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = E:\Users\elia\Downloads
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1007\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1007\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-390624817-558439264-2986480034-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\god\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\god\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\god\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\god\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: E:\Users\elia\Desktop\Nokia PC Suite 7\bkmrksync\ [2012/01/24 16:28:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/06/28 00:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/28 00:01:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbbgcooaabknohabmoaikiakkoignai\1.0.12_0\
CHR - Extension: No name found = C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\god\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ASUSDM Class) - {2C69D1E6-557A-4712-A1D5-56C7993EB73F} - C:\Program Files (x86)\ASUS\Download Master Utility\ASUSDMBHO.dll (ASUSTeK COMPUTER INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe (Lavasoft)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\S-1-5-21-390624817-558439264-2986480034-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-390624817-558439264-2986480034-1001..\Run: [Akamai NetSession Interface] C:\Users\Elia\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-390624817-558439264-2986480034-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-390624817-558439264-2986480034-1007..\Run: [Download Master] C:\Program Files (x86)\ASUS\Download Master Utility\DM2.exe (ASUSTeK COMPUTER INC.)
O4 - HKU\S-1-5-21-390624817-558439264-2986480034-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Elia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-390624817-558439264-2986480034-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download by ASUS Download Master - C:\Program Files (x86)\ASUS\Download Master Utility\ASDownload.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Download by ASUS Download Master - C:\Program Files (x86)\ASUS\Download Master Utility\ASDownload.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EF83578-7F20-4E27-BDBE-06BFBA52656C}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1084549D-4B20-4D55-93CA-CE2C0A07B4A9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D61D2D5C-4E0C-40F7-8C83-01C738B8BCD0}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/10/18 00:08:34 | 000,000,134 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
ActiveX:64bit: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CrashPlan Tray.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Elia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Elia\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^Elia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk - C:\Program Files (x86)\Logitech\Ereg\eReg.exe - (Leader Technologies/Logitech)
MsConfig:64bit - StartUpReg: Ad-Aware Browsing Protection - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AllShareAgent - hkey= - key= - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: CanonSolutionMenuEx - hkey= - key= - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
MsConfig:64bit - StartUpReg: Cpu Level Up help - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Device Doctor - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Everything - hkey= - key= - C:\Program Files (x86)\Everything\Everything.exe ()
MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Elia\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: googletalk - hkey= - key= - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
MsConfig:64bit - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesPreload - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: Logitech Download Assistant - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: LWS - hkey= - key= - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: NokiaSuite.exe - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/18 10:13:54 | 000,000,000 | ---D | C] -- C:\Users\god\AppData\Roaming\vlc
[2013/07/18 10:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/07/16 14:38:12 | 000,000,000 | ---D | C] -- C:\Users\god\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/07/16 14:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/07/16 14:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013/07/16 14:24:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/07/15 00:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\TAP-Windows
[2013/07/15 00:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2013/07/15 00:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2013/07/14 23:52:31 | 000,000,000 | ---D | C] -- C:\Users\god\AppData\Roaming\TeraCopy
[2013/07/14 23:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\obfsproxy
[2013/07/13 23:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Viscosity
[2013/07/13 22:12:37 | 000,000,000 | ---D | C] -- C:\Users\god\AppData\Roaming\ViscosityVPP_torguard
[2013/07/13 22:12:16 | 000,038,856 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\visctap0901.sys
[2013/07/13 22:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Viscosity
[2013/07/13 22:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\TorGuard.Viscosity
[2013/07/13 21:03:01 | 000,000,000 | ---D | C] -- C:\Users\god\.swt
[2013/07/13 21:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TorGuard
[2013/07/13 21:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TorGuard
[2013/07/11 00:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
[2013/07/11 00:13:18 | 000,000,000 | ---D | C] -- C:\Users\god\AppData\Roaming\JAM Software
[2013/07/11 00:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013/07/10 15:41:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/10 15:39:54 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/10 15:39:53 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/10 15:39:52 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/10 15:39:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/10 15:39:52 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/10 15:39:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/10 15:39:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/10 15:39:52 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/10 15:39:52 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/10 15:39:52 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/10 15:39:52 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/10 15:39:51 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/10 15:39:51 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/10 15:39:50 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/10 15:39:50 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/10 14:42:53 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/10 14:42:53 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/10 14:42:52 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/10 14:42:52 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/10 14:42:42 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/10 11:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
[2013/07/10 11:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runtime Software
[2013/07/09 19:23:38 | 000,000,000 | ---D | C] -- C:\Users\god\Desktop\rkill
[2013/07/09 11:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/07/09 11:43:50 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/07/09 11:43:46 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/09 11:43:46 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/09 11:43:46 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/09 11:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/07/09 11:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013/07/09 11:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013/07/09 10:33:38 | 000,000,000 | ---D | C] -- C:\Users\god\AppData\Roaming\SUPERAntiSpyware.com
[2013/07/09 10:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/07/09 10:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/07/09 10:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/07/08 18:14:15 | 000,000,000 | ---D | C] -- C:\Users\god\AppData\Roaming\Malwarebytes
[2013/07/08 18:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/07 22:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/07/07 22:17:25 | 000,000,000 | ---D | C] -- C:\Users\god\AppData\Roaming\EndNote
[2013/07/07 22:14:18 | 000,000,000 | ---D | C] -- C:\Users\god\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/07/06 23:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsPerformanceRecorder
[2013/07/06 21:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows App Certification Kit
[2013/07/06 21:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2013/07/06 21:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier
[2013/07/06 21:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier
[2013/07/06 21:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[2013/07/06 21:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
[2013/07/06 21:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft
[2013/07/06 21:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/06/27 22:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2013/06/27 22:14:34 | 000,361,472 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMXLMAD.DLL
[2013/06/27 22:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5100 series User Registration
[2013/06/27 18:21:07 | 000,000,000 | ---D | C] -- C:\Users\god\AppData\Roaming\WinRAR
[2013/06/27 16:11:58 | 000,000,000 | ---D | C] -- C:\Users\god\AppData\Local\Diagnostics
[2013/06/25 15:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2013/06/25 15:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2013/06/25 15:04:26 | 000,000,000 | ---D | C] -- C:\Users\god\AppData\Local\Programs
[2013/06/25 15:04:24 | 000,000,000 | ---D | C] -- C:\Users\god\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mkv2vob
[2013/06/25 15:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mkv2vob
[2013/06/25 15:03:45 | 000,000,000 | ---D | C] -- C:\Users\god\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013/06/25 15:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2013/06/24 20:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2013/06/20 14:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/19 09:12:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/19 09:12:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/19 09:12:22 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b9227412-2deb-44b5-b86e-44cfb952f2e2.job
[2013/07/19 09:12:22 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9debef09-0446-4f11-a5ab-09bbc58d574d.job
[2013/07/18 10:04:55 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/07/17 19:25:20 | 001,102,786 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/17 19:25:20 | 000,730,074 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/17 19:25:20 | 000,192,538 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013/07/17 19:25:20 | 000,148,244 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/17 19:25:20 | 000,066,190 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013/07/16 14:38:12 | 000,001,008 | ---- | M] () -- C:\Users\god\Desktop\SpeedFan.lnk
[2013/07/16 14:38:10 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/07/16 14:30:53 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 14:30:53 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 14:23:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/16 14:23:14 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/15 20:01:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/15 01:04:35 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\TorGuard.lnk
[2013/07/15 00:27:31 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\OpenVPN GUI.lnk
[2013/07/10 15:58:50 | 000,418,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/10 11:00:06 | 000,001,132 | ---- | M] () -- C:\Users\god\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2013/07/10 11:00:06 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2013/07/10 01:03:30 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2013/07/09 11:54:34 | 000,000,100 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/09 11:43:43 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/09 11:43:41 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/07/09 11:43:41 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/09 11:43:41 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/09 11:43:40 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/07/09 11:43:40 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/07/08 18:14:11 | 000,001,134 | ---- | M] () -- C:\Users\god\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/07/07 22:25:21 | 001,067,666 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/07 22:19:21 | 000,012,326 | ---- | M] () -- C:\Users\god\Desktop\fix log.odt
[2013/07/07 22:14:18 | 000,001,265 | ---- | M] () -- C:\Users\god\Desktop\Revo Uninstaller.lnk
[2013/07/06 20:47:26 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-390624817-558439264-2986480034-1001Core.job
[2013/07/05 02:08:51 | 002,874,456 | ---- | M] () -- C:\Users\god\Desktop\AutoRuns.arn
[2013/06/27 19:00:03 | 000,029,664 | ---- | M] () -- C:\Users\god\Documents\cc_20130627_185958.reg
[2013/06/25 15:04:24 | 000,001,987 | ---- | M] () -- C:\Users\god\Desktop\mkv2vob.lnk
[2013/06/25 15:03:45 | 000,000,825 | ---- | M] () -- C:\Users\god\Desktop\Handbrake.lnk
[2013/06/25 14:46:36 | 000,002,161 | ---- | M] () -- C:\Users\god\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Story Album Viewer.lnk
[2013/06/24 20:27:06 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/06/20 14:43:08 | 000,002,203 | ---- | M] () -- C:\Users\god\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
 
========== Files Created - No Company Name ==========
 
[2013/07/18 10:04:55 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/07/16 14:38:12 | 000,001,008 | ---- | C] () -- C:\Users\god\Desktop\SpeedFan.lnk
[2013/07/15 00:27:31 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\OpenVPN GUI.lnk
[2013/07/13 21:02:08 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\TorGuard.lnk
[2013/07/10 11:00:06 | 000,001,132 | ---- | C] () -- C:\Users\god\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2013/07/10 11:00:06 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2013/07/09 11:54:08 | 000,000,100 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/09 10:33:43 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b9227412-2deb-44b5-b86e-44cfb952f2e2.job
[2013/07/09 10:33:43 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9debef09-0446-4f11-a5ab-09bbc58d574d.job
[2013/07/08 18:14:11 | 000,001,134 | ---- | C] () -- C:\Users\god\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/07/07 22:19:18 | 000,012,326 | ---- | C] () -- C:\Users\god\Desktop\fix log.odt
[2013/07/05 02:08:51 | 002,874,456 | ---- | C] () -- C:\Users\god\Desktop\AutoRuns.arn
[2013/06/27 19:00:01 | 000,029,664 | ---- | C] () -- C:\Users\god\Documents\cc_20130627_185958.reg
[2013/06/25 15:04:24 | 000,001,987 | ---- | C] () -- C:\Users\god\Desktop\mkv2vob.lnk
[2013/06/25 15:03:45 | 000,000,825 | ---- | C] () -- C:\Users\god\Desktop\Handbrake.lnk
[2013/06/25 14:46:36 | 000,002,161 | ---- | C] () -- C:\Users\god\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Story Album Viewer.lnk
[2013/06/20 14:43:08 | 000,002,203 | ---- | C] () -- C:\Users\god\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2013/06/20 14:43:08 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2013/04/30 23:40:25 | 000,022,152 | ---- | C] () -- C:\Windows\SysWow64\driver-flasher-3.5.exe
[2013/04/24 10:31:12 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/04/18 19:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/02/25 18:25:17 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013/02/25 18:25:17 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013/02/22 00:53:42 | 000,000,043 | ---- | C] () -- C:\ProgramData\.SimImages
[2012/11/19 20:15:22 | 000,007,609 | ---- | C] () -- C:\Users\god\AppData\Local\Resmon.ResmonCfg
[2012/11/17 04:01:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/11/17 04:01:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/09/22 03:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/09/22 03:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/09/22 03:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/04/18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/12/19 10:50:30 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/15 16:00:35 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011/10/03 14:28:45 | 000,000,083 | ---- | C] () -- C:\Windows\VSWizard.ini
[2011/09/21 10:08:57 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/09/21 10:08:57 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/09/21 10:07:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/09/20 23:04:09 | 001,067,666 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/20 22:55:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/09/20 16:50:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/13 06:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 13:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 12:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 21:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 21:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 21:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/01/27 10:37:44 | 000,000,000 | ---D | M] -- C:\Users\Amy Ball I got Balls\AppData\Roaming\Ad-Aware Antivirus
[2013/02/04 21:51:38 | 000,000,000 | ---D | M] -- C:\Users\Amy Ball I got Balls\AppData\Roaming\EndNote
[2013/02/04 18:02:51 | 000,000,000 | ---D | M] -- C:\Users\Amy Ball I got Balls\AppData\Roaming\Opera
[2013/02/21 09:44:00 | 000,000,000 | ---D | M] -- C:\Users\Amy Ball I got Balls\AppData\Roaming\PC Suite
[2013/01/27 10:37:28 | 000,000,000 | ---D | M] -- C:\Users\Amy Ball I got Balls\AppData\Roaming\Sierra Wireless
[2013/02/25 13:58:24 | 000,000,000 | ---D | M] -- C:\Users\Amy Ball I got Balls\AppData\Roaming\uTorrent
[2012/06/29 13:08:16 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\.purple
[2012/10/10 22:16:35 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Ad-Aware Antivirus
[2013/07/18 10:24:25 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Applian FLV and Media Player
[2013/03/27 23:01:00 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Audacity
[2013/03/29 09:07:37 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Canon
[2013/06/13 00:35:03 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\CloneSpy
[2011/12/19 11:06:59 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\CrashPlan
[2012/08/02 23:29:28 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Dropbox
[2012/10/05 12:47:16 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\EndNote
[2013/05/27 20:48:08 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\foobar2000
[2012/03/22 18:26:19 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Foxit Software
[2012/02/29 18:51:01 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\FreeFileViewer
[2012/02/12 10:18:00 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\GetRightToGo
[2013/06/25 15:09:40 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\HandBrake
[2013/01/01 10:47:21 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\ImgBurn
[2013/01/27 23:44:45 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\JAM Software
[2012/01/04 11:04:38 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\JawboneUpdater
[2011/09/21 09:05:24 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Launchy
[2011/09/20 18:57:21 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Leadertech
[2011/09/29 09:39:21 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Maxthon3
[2013/06/10 19:33:25 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\MediaMonkey
[2012/01/24 16:31:00 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Nokia
[2011/10/15 15:05:57 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Nokia Ovi Suite
[2012/01/17 16:44:44 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Nokia Suite
[2011/09/29 15:08:33 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Opera
[2011/09/29 15:07:08 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Opera2
[2012/01/24 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\PC Suite
[2011/09/22 18:35:46 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Red Alert 3
[2012/10/09 21:45:50 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Samsung
[2012/01/09 15:49:24 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Scribus
[2012/12/26 14:28:25 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Sierra Wireless
[2012/03/16 15:14:44 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\SumatraPDF
[2013/07/06 18:48:15 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\TeamViewer
[2013/01/26 16:11:13 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Telstra
[2012/06/22 11:07:29 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Temp
[2012/05/14 11:13:01 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\TenHandsInc
[2013/07/18 10:18:13 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\TeraCopy
[2013/06/03 17:40:02 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Texthelp Systems
[2012/08/03 10:50:49 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Trusteer
[2013/02/04 21:03:54 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\uTorrent
[2013/07/13 22:32:07 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\ViscosityVPP_torguard
[2012/04/23 08:55:11 | 000,000,000 | ---D | M] -- C:\Users\Elia\AppData\Roaming\Windows Live Writer
[2013/06/24 20:32:26 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\Ad-Aware Antivirus
[2012/03/24 19:11:51 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\CloneSpy
[2012/07/09 09:44:10 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\Dropbox
[2013/07/07 22:17:25 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\EndNote
[2013/07/11 00:13:18 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\JAM Software
[2012/07/14 13:46:14 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\JawboneUpdater
[2013/05/03 16:07:33 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\Leadertech
[2012/02/22 12:25:32 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\Maxthon3
[2012/09/29 19:06:40 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\MusicBee
[2012/05/25 18:55:10 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\MusicBrainz
[2012/02/28 18:48:14 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\Opera
[2013/04/06 14:28:54 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\Paltalk
[2012/03/15 08:37:19 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\PC Suite
[2013/04/29 13:08:43 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\Samsung
[2012/12/26 12:11:14 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\Sierra Wireless
[2012/03/16 15:14:48 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\SumatraPDF
[2012/12/26 12:40:52 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\Telstra
[2013/07/14 23:52:31 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\TeraCopy
[2012/08/03 10:58:34 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\Trusteer
[2013/07/13 22:13:15 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\ViscosityVPP_torguard
[2013/06/03 22:00:00 | 000,000,000 | ---D | M] -- C:\Users\god\AppData\Roaming\VSRevoGroup
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013/01/31 21:44:28 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2013/02/01 14:23:05 | 000,000,000 | ---D | M] -- C:\A.C.Ryan MovieJukebox
[2012/01/25 13:00:11 | 000,000,000 | ---D | M] -- C:\AllShare
[2013/02/11 10:57:13 | 000,000,000 | ---D | M] -- C:\AMD
[2011/10/13 20:53:57 | 000,000,000 | ---D | M] -- C:\ATI
[2013/02/20 01:40:29 | 000,000,000 | -HSD | M] -- C:\Boot
[2013/07/17 19:22:46 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 13:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/01/25 13:01:39 | 000,000,000 | ---D | M] -- C:\Download
[2012/07/12 13:05:34 | 000,000,000 | ---D | M] -- C:\inetpub
[2013/07/08 19:21:44 | 000,000,000 | ---D | M] -- C:\JRT
[2013/04/17 17:42:07 | 000,000,000 | ---D | M] -- C:\Microsoft
[2013/03/05 21:42:51 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/12/16 17:49:26 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/07/15 00:27:08 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/07/16 14:38:10 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013/07/09 11:39:16 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/09/20 16:21:39 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013/07/19 09:21:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013/03/06 12:03:55 | 000,000,000 | ---D | M] -- C:\Temp
[2013/01/27 10:37:09 | 000,000,000 | R--D | M] -- C:\Users
[2013/07/16 14:23:54 | 000,000,000 | ---D | M] -- C:\Windows
[2011/09/21 07:54:34 | 000,000,000 | ---D | M] -- C:\Windows.old
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %windir%\Installer\*.* >
[2009/07/12 12:16:26 | 000,223,232 | ---- | M] () -- C:\Windows\Installer\100bd39e.msi
[2013/04/29 16:00:43 | 069,073,836 | ---- | M] () -- C:\Windows\Installer\10861c8f.msi
[2013/07/10 15:37:29 | 053,242,368 | R--- | M] () -- C:\Windows\Installer\119ebac.msp
[2013/05/16 08:39:12 | 012,292,096 | R--- | M] () -- C:\Windows\Installer\119ebd1.msp
[2013/04/21 13:16:32 | 024,268,800 | R--- | M] () -- C:\Windows\Installer\11ca203.msp
[2013/05/29 06:52:30 | 001,885,184 | R--- | M] () -- C:\Windows\Installer\12238f6.msp
[2013/06/20 22:31:22 | 008,581,120 | ---- | M] () -- C:\Windows\Installer\14bda5fe.msi
[2013/05/13 15:35:56 | 002,043,904 | ---- | M] () -- C:\Windows\Installer\1533042.msi
[2012/03/21 05:57:52 | 001,591,808 | R--- | M] () -- C:\Windows\Installer\1638e87.msp
[2012/03/21 05:58:06 | 000,133,120 | R--- | M] () -- C:\Windows\Installer\1638e90.msp
[2012/06/20 02:06:38 | 001,839,104 | R--- | M] () -- C:\Windows\Installer\1638ea8.msp
[2012/03/15 13:11:26 | 001,989,632 | R--- | M] () -- C:\Windows\Installer\1638ec0.msp
[2012/03/15 13:12:04 | 004,968,960 | R--- | M] () -- C:\Windows\Installer\1638ed9.msp
[2011/10/26 22:49:42 | 010,427,392 | R--- | M] () -- C:\Windows\Installer\1638ee3.msp
[2011/10/26 22:49:36 | 016,245,760 | R--- | M] () -- C:\Windows\Installer\1638eed.msp
[2011/10/26 22:47:50 | 010,328,064 | R--- | M] () -- C:\Windows\Installer\1638ef9.msp
[2011/10/26 22:51:34 | 016,885,760 | R--- | M] () -- C:\Windows\Installer\1638f18.msp
[2011/10/26 22:51:46 | 000,592,896 | R--- | M] () -- C:\Windows\Installer\1638f2c.msp
[2011/10/26 22:46:12 | 000,794,112 | R--- | M] () -- C:\Windows\Installer\1638f44.msp
[2012/02/17 03:50:50 | 001,236,480 | R--- | M] () -- C:\Windows\Installer\1638f5b.msp
[2011/07/21 12:41:08 | 008,413,696 | R--- | M] () -- C:\Windows\Installer\1638f73.msp
[2012/04/05 01:56:02 | 002,820,096 | R--- | M] () -- C:\Windows\Installer\1638f8b.msp
[2011/10/26 23:23:36 | 000,925,696 | R--- | M] () -- C:\Windows\Installer\1638f96.msp
[2011/10/26 23:23:32 | 008,821,760 | R--- | M] () -- C:\Windows\Installer\1638fae.msp
[2011/07/21 12:45:00 | 003,809,792 | R--- | M] () -- C:\Windows\Installer\1638fc6.msp
[2011/06/19 23:28:52 | 018,457,088 | R--- | M] () -- C:\Windows\Installer\1638fd0.msp
[2012/03/15 13:09:50 | 017,165,312 | R--- | M] () -- C:\Windows\Installer\1638ff0.msp
[2012/06/20 02:00:10 | 003,461,120 | R--- | M] () -- C:\Windows\Installer\1639012.msp
[2012/06/20 01:29:46 | 005,262,848 | R--- | M] () -- C:\Windows\Installer\163902d.msp
[2012/08/29 22:39:12 | 003,463,680 | R--- | M] () -- C:\Windows\Installer\1746abaa.msp
[2012/05/10 17:20:21 | 053,217,792 | R--- | M] () -- C:\Windows\Installer\18e354.msp
[2013/07/06 21:06:59 | 000,835,584 | ---- | M] () -- C:\Windows\Installer\1c50e5.msi
[2013/07/06 21:06:57 | 008,941,568 | R--- | M] () -- C:\Windows\Installer\1c50e6.msp
[2013/07/06 21:09:20 | 000,536,576 | ---- | M] () -- C:\Windows\Installer\1c50ef.msi
[2013/07/06 21:09:18 | 011,874,304 | R--- | M] () -- C:\Windows\Installer\1c50f0.msp
[2013/07/06 21:10:34 | 000,299,008 | ---- | M] () -- C:\Windows\Installer\1c50f9.msi
[2013/07/06 21:10:32 | 004,583,424 | R--- | M] () -- C:\Windows\Installer\1c50fa.msp
[2013/07/06 21:10:54 | 000,299,008 | ---- | M] () -- C:\Windows\Installer\1c5103.msi
[2013/07/06 21:10:53 | 000,401,408 | R--- | M] () -- C:\Windows\Installer\1c5104.msp
[2013/07/06 21:10:57 | 000,299,008 | ---- | M] () -- C:\Windows\Installer\1c510d.msi
[2013/07/06 21:10:56 | 000,462,848 | R--- | M] () -- C:\Windows\Installer\1c510e.msp
[2013/07/06 21:11:00 | 000,299,008 | ---- | M] () -- C:\Windows\Installer\1c5117.msi
[2013/07/06 21:10:59 | 000,335,872 | R--- | M] () -- C:\Windows\Installer\1c5118.msp
[2013/07/06 21:11:03 | 000,299,008 | ---- | M] () -- C:\Windows\Installer\1c5121.msi
[2013/07/06 21:11:02 | 000,077,824 | R--- | M] () -- C:\Windows\Installer\1c5122.msp
[2013/07/06 21:11:21 | 010,903,552 | ---- | M] () -- C:\Windows\Installer\1c512b.msi
[2013/07/06 21:11:09 | 003,506,176 | R--- | M] () -- C:\Windows\Installer\1c512c.msp
[2013/07/06 21:12:10 | 000,299,008 | ---- | M] () -- C:\Windows\Installer\1c5135.msi
[2013/07/06 21:12:09 | 028,471,296 | R--- | M] () -- C:\Windows\Installer\1c5136.msp
[2013/07/06 21:13:57 | 000,409,600 | ---- | M] () -- C:\Windows\Installer\1c5140.msi
[2013/07/06 21:13:56 | 044,769,280 | R--- | M] () -- C:\Windows\Installer\1c5141.msp
[2013/07/06 21:16:14 | 003,481,600 | ---- | M] () -- C:\Windows\Installer\1c514a.msi
[2013/07/06 21:16:05 | 000,200,704 | R--- | M] () -- C:\Windows\Installer\1c514b.msp
[2013/07/06 21:16:16 | 000,421,888 | ---- | M] () -- C:\Windows\Installer\1c5153.msi
[2013/07/06 21:16:24 | 000,274,432 | ---- | M] () -- C:\Windows\Installer\1c515b.msi
[2013/07/06 21:16:41 | 000,294,912 | ---- | M] () -- C:\Windows\Installer\1c5163.msi
[2013/07/06 21:17:01 | 000,430,080 | ---- | M] () -- C:\Windows\Installer\1c5174.msi
[2013/07/06 21:16:59 | 008,908,800 | R--- | M] () -- C:\Windows\Installer\1c5175.msp
[2013/07/06 21:17:32 | 000,385,024 | ---- | M] () -- C:\Windows\Installer\1c5184.msi
[2013/07/06 21:17:30 | 000,434,176 | R--- | M] () -- C:\Windows\Installer\1c5185.msp
[2013/07/06 21:17:54 | 000,299,008 | ---- | M] () -- C:\Windows\Installer\1c518e.msi
[2013/07/06 21:17:53 | 000,053,248 | R--- | M] () -- C:\Windows\Installer\1c518f.msp
[2009/01/19 22:58:28 | 003,045,888 | ---- | M] () -- C:\Windows\Installer\1d82dc5.msi
[2013/01/16 05:55:18 | 001,474,048 | ---- | M] () -- C:\Windows\Installer\1e99c6.msi
[2013/01/16 05:47:54 | 001,784,832 | ---- | M] () -- C:\Windows\Installer\1e99ce.msi
[2013/01/16 05:48:20 | 002,352,640 | ---- | M] () -- C:\Windows\Installer\1e99d6.msi
[2012/04/17 08:56:57 | 025,895,424 | ---- | M] () -- C:\Windows\Installer\1ec80fd0.msi
[2009/05/05 04:56:00 | 000,456,704 | ---- | M] () -- C:\Windows\Installer\1eee936.msi
[2009/05/13 03:49:50 | 002,798,592 | ---- | M] () -- C:\Windows\Installer\1eee93e.msi
[2012/12/03 09:33:26 | 001,073,664 | ---- | M] () -- C:\Windows\Installer\21a33dd0.msi
[2013/03/26 20:40:22 | 005,664,768 | ---- | M] () -- C:\Windows\Installer\22527dae.msi
[2012/10/20 18:02:18 | 000,261,120 | R--- | M] () -- C:\Windows\Installer\2298814a.msp
[2009/03/02 15:33:14 | 002,742,840 | ---- | M] () -- C:\Windows\Installer\24eebd3.msi
[2012/09/27 07:34:20 | 001,691,648 | ---- | M] () -- C:\Windows\Installer\251faa05.msi
[2012/09/13 15:41:18 | 012,635,648 | ---- | M] () -- C:\Windows\Installer\251faa15.msi
[2012/09/13 15:41:16 | 000,734,720 | ---- | M] () -- C:\Windows\Installer\251faa26.msi
[2012/09/27 07:46:08 | 000,889,344 | ---- | M] () -- C:\Windows\Installer\251faa2d.msi
[2012/07/24 06:15:18 | 000,487,936 | ---- | M] () -- C:\Windows\Installer\251faa38.msi
[2012/09/27 06:19:08 | 001,406,976 | ---- | M] () -- C:\Windows\Installer\251faa4d.msi
[2012/09/27 07:36:58 | 001,686,528 | ---- | M] () -- C:\Windows\Installer\251faa5e.msi
[2012/09/13 15:41:12 | 004,755,456 | ---- | M] () -- C:\Windows\Installer\251faa78.msi
[2012/09/13 15:41:22 | 004,807,680 | ---- | M] () -- C:\Windows\Installer\251faa92.msi
[2011/07/27 10:51:16 | 000,468,992 | ---- | M] () -- C:\Windows\Installer\251faa9a.msi
[2011/06/13 11:26:48 | 000,119,296 | ---- | M] () -- C:\Windows\Installer\251faaa2.msi
[2011/11/12 06:14:28 | 000,379,904 | ---- | M] () -- C:\Windows\Installer\251faaaa.msi
[2012/09/24 19:19:10 | 017,270,784 | R--- | M] () -- C:\Windows\Installer\267ee09d.msp
[2012/09/24 19:17:26 | 001,868,288 | R--- | M] () -- C:\Windows\Installer\267ee0a9.msp
[2012/09/20 10:18:36 | 043,984,896 | R--- | M] () -- C:\Windows\Installer\267ee0c3.msp
[2012/10/24 23:42:00 | 003,460,096 | R--- | M] () -- C:\Windows\Installer\267ee0f7.msp
[2012/09/20 10:18:10 | 005,973,504 | R--- | M] () -- C:\Windows\Installer\267ee10f.msp
[2012/10/03 15:45:26 | 012,114,432 | R--- | M] () -- C:\Windows\Installer\267ee14c.msp
[2012/09/20 10:18:14 | 018,148,864 | R--- | M] () -- C:\Windows\Installer\267ee15f.msp
[2012/07/04 08:01:26 | 009,082,368 | R--- | M] () -- C:\Windows\Installer\27f9fe.msp
[2010/04/21 04:48:32 | 000,168,960 | ---- | M] () -- C:\Windows\Installer\2994c9e.msi
[2013/07/06 20:15:41 | 301,812,736 | ---- | M] () -- C:\Windows\Installer\2a49df.msi
[2013/07/06 20:21:02 | 275,488,256 | ---- | M] () -- C:\Windows\Installer\2a4b60.msi
[2012/09/07 22:07:04 | 002,201,088 | R--- | M] () -- C:\Windows\Installer\2b13c58.msp
[2012/07/19 02:45:14 | 043,188,224 | R--- | M] () -- C:\Windows\Installer\2b13c73.msp
[2012/09/20 10:18:22 | 003,467,264 | R--- | M] () -- C:\Windows\Installer\2b13c8b.msp
[2013/02/06 19:02:32 | 002,203,136 | R--- | M] () -- C:\Windows\Installer\2b24628.msp
[2013/03/20 15:19:00 | 003,457,536 | R--- | M] () -- C:\Windows\Installer\2b24640.msp
[2013/04/16 11:17:08 | 003,461,120 | R--- | M] () -- C:\Windows\Installer\2d946f6a.msp
[2013/03/06 20:01:58 | 008,236,032 | R--- | M] () -- C:\Windows\Installer\2d946f86.msp
[2013/06/08 02:37:00 | 031,137,792 | ---- | M] () -- C:\Windows\Installer\2dff32ff.msi
[2008/08/08 14:46:10 | 000,242,176 | ---- | M] () -- C:\Windows\Installer\2ea2947.msi
[2011/12/15 12:55:51 | 000,889,344 | ---- | M] () -- C:\Windows\Installer\2ea2951.msi
[2011/10/16 14:38:36 | 100,966,912 | R--- | M] () -- C:\Windows\Installer\2f0345e.msp
[2011/10/26 22:46:00 | 011,580,928 | R--- | M] () -- C:\Windows\Installer\2f03476.msp
[2012/03/15 13:11:30 | 066,812,928 | R--- | M] () -- C:\Windows\Installer\2f0348f.msp
[2011/10/16 14:28:16 | 001,138,688 | R--- | M] () -- C:\Windows\Installer\2f034a7.msp
[2011/06/19 23:33:20 | 000,407,552 | R--- | M] () -- C:\Windows\Installer\2f034bf.msp
[2012/03/07 15:03:14 | 023,710,208 | R--- | M] () -- C:\Windows\Installer\2f034e2.msp
[2012/03/07 15:01:28 | 001,907,712 | R--- | M] () -- C:\Windows\Installer\2f034ed.msp
[2012/02/09 07:27:42 | 000,206,848 | R--- | M] () -- C:\Windows\Installer\2f03505.msp
[2011/11/18 18:52:34 | 009,183,232 | R--- | M] () -- C:\Windows\Installer\2f0351f.msp
[2013/04/23 07:37:22 | 018,159,104 | R--- | M] () -- C:\Windows\Installer\301706c6.msp
[2012/09/29 19:57:57 | 007,980,032 | ---- | M] () -- C:\Windows\Installer\3176cf.msi
[2012/06/20 12:20:48 | 003,109,376 | ---- | M] () -- C:\Windows\Installer\31f7bd4.msi
[2013/02/27 09:53:07 | 001,317,888 | ---- | M] () -- C:\Windows\Installer\32031bca.msi
[2011/11/11 09:46:06 | 000,998,400 | ---- | M] () -- C:\Windows\Installer\32cab7.msi
[2013/07/09 11:43:21 | 028,045,824 | ---- | M] () -- C:\Windows\Installer\342224.msi
[2013/07/09 11:43:50 | 000,184,320 | ---- | M] () -- C:\Windows\Installer\34222c.msi
[2012/05/14 11:12:43 | 002,416,640 | ---- | M] () -- C:\Windows\Installer\3435332.msi
[2011/11/18 13:04:52 | 000,039,936 | ---- | M] () -- C:\Windows\Installer\34ef54.msi
[2011/12/19 10:25:22 | 052,920,320 | R--- | M] () -- C:\Windows\Installer\34ef5e.msp
[2012/04/22 21:56:40 | 004,680,704 | ---- | M] () -- C:\Windows\Installer\3b47b291.msi
[2012/04/22 21:57:02 | 002,343,936 | ---- | M] () -- C:\Windows\Installer\3b47b295.msi
[2012/04/22 22:04:07 | 003,734,016 | ---- | M] () -- C:\Windows\Installer\3b47b2ff.msi
[2012/04/22 22:06:47 | 001,819,136 | ---- | M] () -- C:\Windows\Installer\3b47b33c.msi
[2012/12/05 09:47:16 | 002,912,256 | R--- | M] () -- C:\Windows\Installer\3d0c0.msp
[2012/03/01 18:40:44 | 024,271,980 | ---- | M] () -- C:\Windows\Installer\3d9916d1.msi
[2009/11/20 10:20:00 | 004,831,744 | ---- | M] () -- C:\Windows\Installer\3e546e08.msi
[2009/07/22 00:08:34 | 000,262,144 | ---- | M] () -- C:\Windows\Installer\3e57884.msi
[2012/05/17 20:58:16 | 003,910,656 | ---- | M] () -- C:\Windows\Installer\3f08ce.msi
[2011/04/19 04:21:02 | 000,235,520 | ---- | M] () -- C:\Windows\Installer\400aadb.msi
[2009/12/09 12:40:14 | 002,878,976 | ---- | M] () -- C:\Windows\Installer\422687.msi
[2013/03/06 12:14:15 | 000,659,456 | ---- | M] () -- C:\Windows\Installer\422724.msi
[2013/03/06 12:14:16 | 000,684,032 | ---- | M] () -- C:\Windows\Installer\422728.msi
[2013/03/06 12:14:24 | 007,705,600 | ---- | M] () -- C:\Windows\Installer\422748.msi
[2013/03/06 12:14:28 | 008,568,832 | ---- | M] () -- C:\Windows\Installer\422775.msi
[2013/03/06 12:14:56 | 000,084,992 | ---- | M] () -- C:\Windows\Installer\4227a2.msi
[2013/03/06 12:15:02 | 009,668,096 | ---- | M] () -- C:\Windows\Installer\4227b3.msi
[2013/03/06 12:15:05 | 000,150,528 | ---- | M] () -- C:\Windows\Installer\4227d2.msi
[2013/03/06 12:15:09 | 000,465,408 | ---- | M] () -- C:\Windows\Installer\4227df.msi
[2013/03/06 12:15:38 | 004,133,376 | ---- | M] () -- C:\Windows\Installer\4227f9.msi
[2013/03/06 12:15:44 | 002,407,424 | ---- | M] () -- C:\Windows\Installer\42280b.msi
[2013/03/06 12:15:49 | 009,595,392 | ---- | M] () -- C:\Windows\Installer\42282b.msi
[2013/03/06 12:15:51 | 005,481,984 | ---- | M] () -- C:\Windows\Installer\422866.msi
[2013/03/06 12:16:28 | 022,794,752 | ---- | M] () -- C:\Windows\Installer\422890.msi
[2013/03/06 12:16:30 | 003,676,160 | ---- | M] () -- C:\Windows\Installer\42289a.msi
[2013/03/06 12:16:36 | 014,121,472 | ---- | M] () -- C:\Windows\Installer\4228ca.msi
[2013/03/06 12:16:38 | 008,552,960 | ---- | M] () -- C:\Windows\Installer\42290d.msi
[2013/03/06 12:17:28 | 035,364,352 | ---- | M] () -- C:\Windows\Installer\422968.msi
[2013/03/06 12:17:18 | 015,838,720 | ---- | M] () -- C:\Windows\Installer\422a4f.msi
[2013/03/06 12:17:19 | 000,835,584 | ---- | M] () -- C:\Windows\Installer\422a66.msi
[2013/03/06 12:17:32 | 012,348,416 | ---- | M] () -- C:\Windows\Installer\422a6a.msi
[2013/03/06 12:17:59 | 000,088,064 | ---- | M] () -- C:\Windows\Installer\422a78.msi
[2013/03/06 12:18:00 | 000,268,288 | ---- | M] () -- C:\Windows\Installer\422a8b.msi
[2013/03/06 12:18:10 | 001,166,848 | ---- | M] () -- C:\Windows\Installer\422aa1.msi
[2013/03/06 12:18:18 | 006,724,608 | ---- | M] () -- C:\Windows\Installer\422ab7.msi
[2013/03/06 12:18:41 | 003,407,360 | ---- | M] () -- C:\Windows\Installer\422aca.msi
[2013/03/06 12:18:42 | 004,129,280 | ---- | M] () -- C:\Windows\Installer\422ad9.msi
[2013/03/06 12:18:54 | 004,139,520 | ---- | M] () -- C:\Windows\Installer\422af1.msi
[2013/03/06 12:18:59 | 000,261,120 | ---- | M] () -- C:\Windows\Installer\422afd.msi
[2013/03/06 12:19:22 | 000,037,376 | ---- | M] () -- C:\Windows\Installer\422b0a.msi
[2013/03/06 12:19:23 | 000,078,336 | ---- | M] () -- C:\Windows\Installer\422b0f.msi
[2012/09/11 11:37:58 | 009,596,928 | R--- | M] () -- C:\Windows\Installer\43b3f.msp
[2013/01/31 16:00:14 | 004,603,904 | R--- | M] () -- C:\Windows\Installer\4af61.msp
[2010/03/19 09:19:04 | 000,155,136 | ---- | M] () -- C:\Windows\Installer\4b77138.msi
[2013/01/31 18:25:35 | 017,084,416 | ---- | M] () -- C:\Windows\Installer\4b7b391.msi
[2012/05/28 12:31:30 | 008,047,104 | ---- | M] () -- C:\Windows\Installer\4ba47455.msi
[2013/01/19 00:16:20 | 000,623,104 | ---- | M] () -- C:\Windows\Installer\4c37bd.msi
[2013/01/19 00:22:58 | 008,340,992 | ---- | M] () -- C:\Windows\Installer\4c37c5.msi
[2012/05/05 04:52:38 | 000,507,392 | ---- | M] () -- C:\Windows\Installer\4c37cc.msi
[2013/01/19 00:17:28 | 002,828,288 | ---- | M] () -- C:\Windows\Installer\4c37d4.msi
[2013/01/19 00:17:50 | 001,884,672 | ---- | M] () -- C:\Windows\Installer\4c37db.msi
[2013/01/19 00:13:36 | 000,792,576 | ---- | M] () -- C:\Windows\Installer\4c37e2.msi
[2013/01/19 00:13:42 | 000,763,904 | ---- | M] () -- C:\Windows\Installer\4c37e9.msi
[2013/01/19 00:13:48 | 000,788,992 | ---- | M] () -- C:\Windows\Installer\4c37f0.msi
[2013/01/19 00:13:56 | 000,910,336 | ---- | M] () -- C:\Windows\Installer\4c37f7.msi
[2013/01/19 00:14:02 | 000,731,136 | ---- | M] () -- C:\Windows\Installer\4c37fe.msi
[2013/01/19 00:14:08 | 000,772,096 | ---- | M] () -- C:\Windows\Installer\4c3805.msi
[2013/01/19 00:14:14 | 000,760,320 | ---- | M] () -- C:\Windows\Installer\4c380c.msi
[2013/01/19 00:14:22 | 000,779,776 | ---- | M] () -- C:\Windows\Installer\4c3813.msi
[2013/01/19 00:14:28 | 000,797,184 | ---- | M] () -- C:\Windows\Installer\4c381a.msi
[2013/01/19 00:14:34 | 000,768,512 | ---- | M] () -- C:\Windows\Installer\4c3821.msi
[2013/01/19 00:14:42 | 000,824,832 | ---- | M] () -- C:\Windows\Installer\4c3828.msi
[2013/01/19 00:14:48 | 000,805,888 | ---- | M] () -- C:\Windows\Installer\4c382f.msi
[2013/01/19 00:14:54 | 000,758,784 | ---- | M] () -- C:\Windows\Installer\4c3836.msi
[2013/01/19 00:15:00 | 000,751,616 | ---- | M] () -- C:\Windows\Installer\4c383d.msi
[2013/01/19 00:15:08 | 000,788,480 | ---- | M] () -- C:\Windows\Installer\4c3844.msi
[2013/01/19 00:15:14 | 000,769,024 | ---- | M] () -- C:\Windows\Installer\4c384b.msi
[2013/01/19 00:15:24 | 000,887,808 | ---- | M] () -- C:\Windows\Installer\4c3852.msi
[2013/01/19 00:15:30 | 000,756,224 | ---- | M] () -- C:\Windows\Installer\4c3859.msi
[2013/01/19 00:15:40 | 000,860,672 | ---- | M] () -- C:\Windows\Installer\4c3860.msi
[2013/01/19 00:15:48 | 000,776,192 | ---- | M] () -- C:\Windows\Installer\4c3867.msi
[2013/01/19 00:15:54 | 000,766,464 | ---- | M] () -- C:\Windows\Installer\4c386e.msi
[2013/01/19 00:16:00 | 000,781,824 | ---- | M] () -- C:\Windows\Installer\4c3875.msi
[2013/01/19 00:16:10 | 000,863,232 | ---- | M] () -- C:\Windows\Installer\4c387c.msi
[2013/01/19 00:16:32 | 000,389,632 | ---- | M] () -- C:\Windows\Installer\4c3883.msi
[2013/01/19 00:13:22 | 013,794,816 | ---- | M] () -- C:\Windows\Installer\4c388b.msi
[2013/01/19 00:24:00 | 032,564,736 | ---- | M] () -- C:\Windows\Installer\4c389f.msi
[2009/09/16 17:59:18 | 000,423,936 | ---- | M] () -- C:\Windows\Installer\4dfe2414.msi
[2013/06/14 13:35:00 | 008,437,760 | ---- | M] () -- C:\Windows\Installer\552b8cb.msi
[2012/01/24 16:28:31 | 012,722,688 | ---- | M] () -- C:\Windows\Installer\55400cd.msi
[2012/01/24 16:28:31 | 012,238,848 | ---- | M] () -- C:\Windows\Installer\55400d5.msi
[2012/01/24 16:28:33 | 060,187,648 | ---- | M] () -- C:\Windows\Installer\55400dd.msi
[2011/12/19 11:03:53 | 021,165,568 | ---- | M] () -- C:\Windows\Installer\55fc4b.msi
[2011/09/12 12:43:52 | 014,187,520 | ---- | M] () -- C:\Windows\Installer\5796f18.msi
[2012/07/25 20:14:40 | 002,863,104 | ---- | M] () -- C:\Windows\Installer\58d257d.msi
[2012/07/25 20:14:39 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\58d2585.msi
[2012/07/25 20:14:47 | 001,800,704 | ---- | M] () -- C:\Windows\Installer\58d258f.msi
[2012/07/25 20:14:57 | 001,802,240 | ---- | M] () -- C:\Windows\Installer\58d2598.msi
[2012/07/25 20:15:01 | 002,115,584 | ---- | M] () -- C:\Windows\Installer\58d25a1.msi
[2012/07/25 20:15:05 | 000,653,824 | ---- | M] () -- C:\Windows\Installer\58d25a9.msi
[2012/07/25 20:15:05 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\58d25b1.msi
[2012/07/25 20:15:13 | 000,663,040 | ---- | M] () -- C:\Windows\Installer\58d25b9.msi
[2012/07/25 20:15:09 | 000,667,648 | ---- | M] () -- C:\Windows\Installer\58d25c2.msi
[2012/07/25 20:15:06 | 000,656,896 | ---- | M] () -- C:\Windows\Installer\58d25ca.msi
[2012/07/25 20:15:06 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\58d25d2.msi
[2012/07/25 20:15:17 | 001,800,704 | ---- | M] () -- C:\Windows\Installer\58d25da.msi
[2012/07/25 20:15:20 | 001,813,504 | ---- | M] () -- C:\Windows\Installer\58d25e3.msi
[2012/07/25 20:15:19 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\58d25eb.msi
[2012/07/25 20:15:24 | 001,810,944 | ---- | M] () -- C:\Windows\Installer\58d25f3.msi
[2012/07/25 20:15:27 | 001,819,648 | ---- | M] () -- C:\Windows\Installer\58d261b.msi
[2012/07/25 20:16:22 | 003,025,408 | ---- | M] () -- C:\Windows\Installer\58d2626.msi
[2012/07/25 20:15:36 | 026,604,032 | ---- | M] () -- C:\Windows\Installer\58d324a.msi
[2011/07/08 06:53:20 | 014,467,072 | R--- | M] () -- C:\Windows\Installer\58d36c9.msp
[2011/07/08 06:53:20 | 011,155,456 | R--- | M] () -- C:\Windows\Installer\58d3713.msp
[2011/07/08 06:53:20 | 016,972,800 | R--- | M] () -- C:\Windows\Installer\58d372a.msp
[2011/07/08 06:53:20 | 011,056,128 | R--- | M] () -- C:\Windows\Installer\58d373f.msp
[2011/07/08 06:53:20 | 013,031,936 | R--- | M] () -- C:\Windows\Installer\58d3768.msp
[2011/07/08 06:53:20 | 002,426,880 | R--- | M] () -- C:\Windows\Installer\58d3771.msp
[2011/07/08 06:53:20 | 000,608,768 | R--- | M] () -- C:\Windows\Installer\58d377a.msp
[2011/07/08 06:53:20 | 425,345,024 | R--- | M] () -- C:\Windows\Installer\58d38c7.msp
[2011/07/08 06:53:20 | 003,459,584 | R--- | M] () -- C:\Windows\Installer\58d38df.msp
[2011/07/08 06:53:20 | 003,994,624 | R--- | M] () -- C:\Windows\Installer\58d38f0.msp
[2013/07/17 19:22:31 | 021,803,008 | ---- | M] () -- C:\Windows\Installer\638537d.msi
[2008/09/30 21:07:10 | 006,042,112 | ---- | M] () -- C:\Windows\Installer\63e855.msi
[2009/07/21 00:29:14 | 006,057,984 | ---- | M] () -- C:\Windows\Installer\63e85e.msi
[2012/07/04 07:59:50 | 000,261,120 | R--- | M] () -- C:\Windows\Installer\6bf107ea.msp
[2012/07/04 07:58:24 | 006,163,456 | R--- | M] () -- C:\Windows\Installer\6bf10803.msp
[2012/07/04 08:09:58 | 001,284,096 | R--- | M] () -- C:\Windows\Installer\6bf10825.msp
[2012/07/04 08:12:56 | 004,772,352 | R--- | M] () -- C:\Windows\Installer\6bf1083e.msp
[2012/07/04 08:04:30 | 001,292,288 | R--- | M] () -- C:\Windows\Installer\6bf1084a.msp
[2012/07/19 02:45:30 | 003,464,704 | R--- | M] () -- C:\Windows\Installer\6bf10862.msp
[2013/06/25 14:46:08 | 023,411,712 | ---- | M] () -- C:\Windows\Installer\72b244.msi
[2011/09/14 08:30:52 | 000,996,864 | ---- | M] () -- C:\Windows\Installer\76af4.msi
[2011/04/16 00:14:54 | 003,186,176 | ---- | M] () -- C:\Windows\Installer\76afc.msi
[2011/01/07 20:05:12 | 004,583,936 | R--- | M] () -- C:\Windows\Installer\76b20.msp
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\77ad7a.msi
[2011/08/23 11:20:28 | 006,921,728 | ---- | M] () -- C:\Windows\Installer\77ad7e.msi
[2013/06/25 15:03:58 | 008,836,608 | ---- | M] () -- C:\Windows\Installer\8307f1.msi
[2011/10/14 16:33:45 | 012,815,360 | ---- | M] () -- C:\Windows\Installer\863c1f.msi
[2011/10/14 16:34:05 | 012,307,968 | ---- | M] () -- C:\Windows\Installer\863c27.msi
[2011/10/14 16:34:14 | 028,236,288 | ---- | M] () -- C:\Windows\Installer\863c2f.msi
[2011/10/14 16:34:21 | 024,828,928 | ---- | M] () -- C:\Windows\Installer\863c37.msi
[2011/04/19 04:54:14 | 000,227,328 | ---- | M] () -- C:\Windows\Installer\88d295.msi
[2011/01/07 20:10:36 | 003,991,040 | R--- | M] () -- C:\Windows\Installer\892339f.msp
[2012/07/09 16:52:04 | 001,531,904 | ---- | M] () -- C:\Windows\Installer\957862a.msi
[2012/01/30 13:59:39 | 068,441,088 | ---- | M] () -- C:\Windows\Installer\98e7969.msi
[2013/06/03 17:42:32 | 000,897,024 | R--- | M] () -- C:\Windows\Installer\9cc827.msp
[2013/06/03 17:43:04 | 000,385,024 | R--- | M] () -- C:\Windows\Installer\9cc83e.msp
[2013/07/13 18:56:34 | 000,026,112 | ---- | M] () -- C:\Windows\Installer\a399df2.msi
[2012/12/08 12:42:28 | 018,014,720 | R--- | M] () -- C:\Windows\Installer\a51efeb.msp
[2012/12/14 03:24:14 | 002,523,648 | R--- | M] () -- C:\Windows\Installer\a51f002.msp
[2012/12/14 03:12:32 | 006,737,408 | R--- | M] () -- C:\Windows\Installer\a51f00b.msp
[2012/12/08 12:42:44 | 054,690,304 | R--- | M] () -- C:\Windows\Installer\a51f030.msp
[2013/01/16 21:58:22 | 003,463,168 | R--- | M] () -- C:\Windows\Installer\a51f047.msp
[2011/01/15 09:46:32 | 002,049,536 | ---- | M] () -- C:\Windows\Installer\a7768.msi
[2013/02/22 17:03:54 | 020,713,472 | R--- | M] () -- C:\Windows\Installer\add31.msp
[2011/11/08 16:00:17 | 000,503,808 | ---- | M] () -- C:\Windows\Installer\c120c4.msi
[2011/11/08 16:00:27 | 000,536,064 | ---- | M] () -- C:\Windows\Installer\c120cf.msi
[2013/03/29 19:46:20 | 050,110,464 | R--- | M] () -- C:\Windows\Installer\c1e8f.msp
[2011/08/01 15:59:06 | 002,081,792 | ---- | M] () -- C:\Windows\Installer\c5a752.msi
[2012/10/20 18:02:46 | 009,073,664 | R--- | M] () -- C:\Windows\Installer\c8e597.msp
[2012/12/08 12:45:18 | 004,770,816 | R--- | M] () -- C:\Windows\Installer\cac848.msp
[2013/01/11 02:46:12 | 012,504,064 | R--- | M] () -- C:\Windows\Installer\cac863.msp
[2013/02/14 09:58:46 | 005,850,624 | R--- | M] () -- C:\Windows\Installer\d02f58f.msp
[2013/03/13 21:19:47 | 053,209,600 | R--- | M] () -- C:\Windows\Installer\d02f5ae.msp
[2013/01/17 09:24:38 | 000,415,232 | R--- | M] () -- C:\Windows\Installer\d02f5c5.msp
[2013/02/14 09:58:22 | 003,461,632 | R--- | M] () -- C:\Windows\Installer\d02f5dd.msp
[2013/01/11 02:45:32 | 003,481,600 | R--- | M] () -- C:\Windows\Installer\d02f5f4.msp
[2012/09/20 17:07:24 | 001,292,288 | R--- | M] () -- C:\Windows\Installer\d109cd.msp
[2012/09/20 17:07:20 | 016,380,928 | R--- | M] () -- C:\Windows\Installer\d109d9.msp
[2012/09/20 17:07:52 | 010,426,368 | R--- | M] () -- C:\Windows\Installer\d109e8.msp
[2012/10/20 18:22:00 | 043,185,664 | R--- | M] () -- C:\Windows\Installer\d10a02.msp
[2012/10/13 17:21:09 | 009,369,600 | ---- | M] () -- C:\Windows\Installer\d3479aa.msi
[2012/09/25 12:56:26 | 026,210,304 | ---- | M] () -- C:\Windows\Installer\dac6b10.msi
[2012/09/25 12:56:51 | 256,094,208 | ---- | M] () -- C:\Windows\Installer\dac6cd5.msi
[2011/09/20 18:33:28 | 000,061,952 | ---- | M] () -- C:\Windows\Installer\db1c8.mst
[2012/11/28 10:41:04 | 062,623,744 | R--- | M] () -- C:\Windows\Installer\e912e.msp
[2007/03/15 16:45:06 | 000,698,880 | ---- | M] () -- C:\Windows\Installer\ef2a9b.msi
[2011/07/21 12:34:34 | 003,456,000 | R--- | M] () -- C:\Windows\Installer\f028b.msp
[2012/10/02 11:45:42 | 012,558,336 | R--- | M] () -- C:\Windows\Installer\f1c97.msp
[2013/01/02 18:24:40 | 003,460,096 | R--- | M] () -- C:\Windows\Installer\f396492.msp
[2012/09/24 11:47:27 | 002,385,920 | ---- | M] () -- C:\Windows\Installer\f7d43e8.msi
[2013/05/11 20:24:03 | 018,702,336 | R--- | M] () -- C:\Windows\Installer\f7d43e9.msp
[2012/11/15 14:40:00 | 003,461,120 | R--- | M] () -- C:\Windows\Installer\f880dd.msp
[2011/09/20 23:04:09 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{05BFB060-4F22-4710-B0A2-2801A1B606C5}.SchedServiceConfig.rmi
[2012/04/22 21:50:39 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}.SchedServiceConfig.rmi
[2013/03/06 12:15:04 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}.SchedServiceConfig.rmi
[2012/04/22 21:47:52 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}.SchedServiceConfig.rmi
[13 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
 
< %windir%\system32\tasks\*.* >
 
< %windir%\system32\tasks\*.* /64 >
[2013/06/12 13:43:22 | 000,003,768 | ---- | M] () -- C:\Windows\SysNative\tasks\Adobe Flash Player Updater
[2012/10/06 13:17:41 | 000,002,768 | ---- | M] () -- C:\Windows\SysNative\tasks\CCleanerSkipUAC
[2013/07/13 18:56:41 | 000,003,640 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore
[2013/07/13 18:56:41 | 000,003,892 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA
[2013/07/05 02:15:30 | 000,003,488 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-390624817-558439264-2986480034-1001Core
[2013/05/03 11:07:15 | 000,003,092 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft_Hardware_Launch_ipoint_exe
[2013/05/03 11:07:15 | 000,003,090 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft_Hardware_Launch_itype_exe
[2013/05/03 11:07:15 | 000,003,118 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
[2011/10/07 18:55:04 | 000,002,978 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft_Hardware_Launch_rundll32_exe
[2013/06/11 01:29:14 | 000,003,062 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft_MKC_Logon_Task_ipoint.exe
[2013/06/11 01:29:14 | 000,003,060 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft_MKC_Logon_Task_itype.exe
[2013/07/09 10:33:43 | 000,003,494 | ---- | M] () -- C:\Windows\SysNative\tasks\SUPERAntiSpyware Scheduled Task 9debef09-0446-4f11-a5ab-09bbc58d574d
[2013/07/09 10:33:43 | 000,003,568 | ---- | M] () -- C:\Windows\SysNative\tasks\SUPERAntiSpyware Scheduled Task b9227412-2deb-44b5-b86e-44cfb952f2e2
[2011/12/18 12:02:23 | 000,003,432 | ---- | M] () -- C:\Windows\SysNative\tasks\{1DEF05B0-E7BD-425B-9686-769F27218CE3}
[2013/01/28 01:45:23 | 000,003,202 | ---- | M] () -- C:\Windows\SysNative\tasks\{42D103BD-FBFD-44C8-8C5C-30D5ABA8261F}
[2013/01/28 01:45:32 | 000,003,138 | ---- | M] () -- C:\Windows\SysNative\tasks\{5659BE97-6EA3-4322-A597-71A84552D04E}
[2012/10/31 23:56:36 | 000,002,970 | ---- | M] () -- C:\Windows\SysNative\tasks\{606F90E8-420D-4DBB-9F1B-CD400C85B154}
[2013/01/28 01:33:40 | 000,003,228 | ---- | M] () -- C:\Windows\SysNative\tasks\{61B73309-832E-4085-AFFE-C5060687404D}
[2013/06/27 18:41:13 | 000,003,090 | ---- | M] () -- C:\Windows\SysNative\tasks\{B3FAA1AA-DA50-4077-8D43-703FB13B7A46}
[2011/10/16 22:59:21 | 000,002,890 | ---- | M] () -- C:\Windows\SysNative\tasks\{B42A9369-8A52-4710-B28F-76E53EE10691}
[2013/01/28 01:32:57 | 000,003,138 | ---- | M] () -- C:\Windows\SysNative\tasks\{B48001F1-0C81-4322-84B5-6B24F7D6EE1F}
[2011/12/18 11:17:36 | 000,003,224 | ---- | M] () -- C:\Windows\SysNative\tasks\{BD4C9E61-689F-4308-8772-886629D65B95}
[2012/10/31 23:56:35 | 000,002,970 | ---- | M] () -- C:\Windows\SysNative\tasks\{D12864E2-D785-4E60-8561-89FD9B3ABBF6}
[2011/10/16 22:59:15 | 000,002,890 | ---- | M] () -- C:\Windows\SysNative\tasks\{D62D5D91-83A9-487D-9CB3-A8AB0F74466F}
[2013/01/28 01:45:19 | 000,003,224 | ---- | M] () -- C:\Windows\SysNative\tasks\{DAE2571E-E25E-4A08-9306-2C3019B1ACDE}
[2013/01/28 01:33:27 | 000,002,880 | ---- | M] () -- C:\Windows\SysNative\tasks\{E0CDFA62-F72B-4E9A-BCB3-AE44E0472265}
[2012/10/31 23:56:41 | 000,002,970 | ---- | M] () -- C:\Windows\SysNative\tasks\{F5D1524D-0E71-48C7-BB3F-9DF9E6EED699}
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 14:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 13:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 13:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 14:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 14:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 14:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 13:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 21:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 14:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 13:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 09:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 14:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 14:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 14:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009/07/14 09:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/14 09:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 09:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/14 09:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USER32.DLL  >
[2010/11/20 20:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 20:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 09:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 09:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 21:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 21:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 09:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 21:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 21:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 21:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 21:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 09:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 15:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 14:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< C:\Windows\assembly\tmp\U\*.* /s >
[2009/07/14 13:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 13:08:49 | 000,032,620 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/21 09:18:24 | 000,000,890 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/09/21 09:18:24 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/02/14 00:45:22 | 000,000,852 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-390624817-558439264-2986480034-1001Core.job
[2013/03/05 21:49:48 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/07/09 10:33:43 | 000,000,506 | ---- | C] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9debef09-0446-4f11-a5ab-09bbc58d574d.job
[2013/07/09 10:33:43 | 000,000,506 | ---- | C] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b9227412-2deb-44b5-b86e-44cfb952f2e2.job
 
< %Temp%\smtmp\* \s >
 
< %Temp%\smtmp\1\*.* >
 
< %Temp%\smtmp\2\*.* >
 
< %Temp%\smtmp\3\*.* >
 
< %Temp%\smtmp\4\*.* >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is C
 Volume Serial Number is 641B-0818
 Directory of C:\
14/07/2009  13:08    <JUNCTION>     Documents and Settings [..]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
14/07/2009  13:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  13:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  13:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  13:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  13:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  13:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
14/07/2009  13:08    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  13:08    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
14/07/2009  13:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  13:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  13:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  13:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  13:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  13:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Amy Ball I got Balls
27/01/2013  10:37    <JUNCTION>     Application Data [C:\Users\Amy Ball I got Balls\AppData\Roaming]
27/01/2013  10:37    <JUNCTION>     Cookies [C:\Users\Amy Ball I got Balls\AppData\Roaming\Microsoft\Windows\Cookies]
27/01/2013  10:37    <JUNCTION>     Local Settings [C:\Users\Amy Ball I got Balls\AppData\Local]
27/01/2013  10:37    <JUNCTION>     My Documents [C:\Users\Amy Ball I got Balls\Documents]
27/01/2013  10:37    <JUNCTION>     NetHood [C:\Users\Amy Ball I got Balls\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
27/01/2013  10:37    <JUNCTION>     PrintHood [C:\Users\Amy Ball I got Balls\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
27/01/2013  10:37    <JUNCTION>     Recent [C:\Users\Amy Ball I got Balls\AppData\Roaming\Microsoft\Windows\Recent]
27/01/2013  10:37    <JUNCTION>     SendTo [C:\Users\Amy Ball I got Balls\AppData\Roaming\Microsoft\Windows\SendTo]
27/01/2013  10:37    <JUNCTION>     Start Menu [C:\Users\Amy Ball I got Balls\AppData\Roaming\Microsoft\Windows\Start Menu]
27/01/2013  10:37    <JUNCTION>     Templates [C:\Users\Amy Ball I got Balls\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Amy Ball I got Balls\AppData\Local
27/01/2013  10:37    <JUNCTION>     Application Data [C:\Users\Amy Ball I got Balls\AppData\Local]
27/01/2013  10:37    <JUNCTION>     History [C:\Users\Amy Ball I got Balls\AppData\Local\Microsoft\Windows\History]
27/01/2013  10:37    <JUNCTION>     Temporary Internet Files [C:\Users\Amy Ball I got Balls\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Amy Ball I got Balls\Documents
27/01/2013  10:37    <JUNCTION>     My Music [C:\Users\Amy Ball I got Balls\Music]
27/01/2013  10:37    <JUNCTION>     My Pictures [C:\Users\Amy Ball I got Balls\Pictures]
27/01/2013  10:37    <JUNCTION>     My Videos [C:\Users\Amy Ball I got Balls\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
14/07/2009  13:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009  13:08    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009  13:08    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009  13:08    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  13:08    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  13:08    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  13:08    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  13:08    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  13:08    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  13:08    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
14/07/2009  13:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009  13:08    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  13:08    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
14/07/2009  13:08    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  13:08    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  13:08    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\DefaultAppPool
18/08/2012  19:41    <JUNCTION>     Application Data [C:\Users\DefaultAppPool\AppData\Roaming]
18/08/2012  19:41    <JUNCTION>     Cookies [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Cookies]
18/08/2012  19:41    <JUNCTION>     Local Settings [C:\Users\DefaultAppPool\AppData\Local]
18/08/2012  19:41    <JUNCTION>     My Documents [C:\Users\DefaultAppPool\Documents]
18/08/2012  19:41    <JUNCTION>     NetHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
18/08/2012  19:41    <JUNCTION>     PrintHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
18/08/2012  19:41    <JUNCTION>     SendTo [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo]
18/08/2012  19:41    <JUNCTION>     Start Menu [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu]
18/08/2012  19:41    <JUNCTION>     Templates [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\DefaultAppPool\AppData\Local
18/08/2012  19:41    <JUNCTION>     Application Data [C:\Users\DefaultAppPool\AppData\Local]
18/08/2012  19:41    <JUNCTION>     Temporary Internet Files [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\DefaultAppPool\Documents
18/08/2012  19:41    <JUNCTION>     My Music [C:\Users\DefaultAppPool\Music]
18/08/2012  19:41    <JUNCTION>     My Pictures [C:\Users\DefaultAppPool\Pictures]
18/08/2012  19:41    <JUNCTION>     My Videos [C:\Users\DefaultAppPool\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Elia
20/09/2011  16:21    <JUNCTION>     Application Data [C:\Users\Elia\AppData\Roaming]
20/09/2011  16:21    <JUNCTION>     Cookies [C:\Users\Elia\AppData\Roaming\Microsoft\Windows\Cookies]
20/09/2011  16:21    <JUNCTION>     Local Settings [C:\Users\Elia\AppData\Local]
20/09/2011  16:21    <JUNCTION>     My Documents [C:\Users\Elia\Documents]
20/09/2011  16:21    <JUNCTION>     NetHood [C:\Users\Elia\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
20/09/2011  16:21    <JUNCTION>     PrintHood [C:\Users\Elia\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
20/09/2011  16:21    <JUNCTION>     Recent [C:\Users\Elia\AppData\Roaming\Microsoft\Windows\Recent]
20/09/2011  16:21    <JUNCTION>     SendTo [C:\Users\Elia\AppData\Roaming\Microsoft\Windows\SendTo]
20/09/2011  16:21    <JUNCTION>     Start Menu [C:\Users\Elia\AppData\Roaming\Microsoft\Windows\Start Menu]
20/09/2011  16:21    <JUNCTION>     Templates [C:\Users\Elia\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Elia\AppData\Local
20/09/2011  16:21    <JUNCTION>     Application Data [C:\Users\Elia\AppData\Local]
20/09/2011  16:21    <JUNCTION>     History [C:\Users\Elia\AppData\Local\Microsoft\Windows\History]
20/09/2011  16:21    <JUNCTION>     Temporary Internet Files [C:\Users\Elia\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Elia\Documents
20/09/2011  16:21    <JUNCTION>     My Music [C:\Users\Elia\Music]
20/09/2011  16:21    <JUNCTION>     My Pictures [C:\Users\Elia\Pictures]
20/09/2011  16:21    <JUNCTION>     My Videos [C:\Users\Elia\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\god
20/02/2012  15:00    <JUNCTION>     Application Data [C:\Users\god\AppData\Roaming]
20/02/2012  15:00    <JUNCTION>     Cookies [C:\Users\god\AppData\Roaming\Microsoft\Windows\Cookies]
20/02/2012  15:00    <JUNCTION>     Local Settings [C:\Users\god\AppData\Local]
20/02/2012  15:00    <JUNCTION>     My Documents [C:\Users\god\Documents]
20/02/2012  15:00    <JUNCTION>     NetHood [C:\Users\god\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
20/02/2012  15:00    <JUNCTION>     PrintHood [C:\Users\god\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
20/02/2012  15:00    <JUNCTION>     Recent [C:\Users\god\AppData\Roaming\Microsoft\Windows\Recent]
20/02/2012  15:00    <JUNCTION>     SendTo [C:\Users\god\AppData\Roaming\Microsoft\Windows\SendTo]
20/02/2012  15:00    <JUNCTION>     Start Menu [C:\Users\god\AppData\Roaming\Microsoft\Windows\Start Menu]
20/02/2012  15:00    <JUNCTION>     Templates [C:\Users\god\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\god\AppData\Local
20/02/2012  15:00    <JUNCTION>     Application Data [C:\Users\god\AppData\Local]
20/02/2012  15:00    <JUNCTION>     History [C:\Users\god\AppData\Local\Microsoft\Windows\History]
20/02/2012  15:00    <JUNCTION>     Temporary Internet Files [C:\Users\god\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\god\Documents
20/02/2012  15:00    <JUNCTION>     My Music [C:\Users\god\Music]
20/02/2012  15:00    <JUNCTION>     My Pictures [C:\Users\god\Pictures]
20/02/2012  15:00    <JUNCTION>     My Videos [C:\Users\god\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Guest
31/03/2012  18:21    <JUNCTION>     Application Data [C:\Users\Guest\AppData\Roaming]
31/03/2012  18:21    <JUNCTION>     Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
31/03/2012  18:21    <JUNCTION>     Local Settings [C:\Users\Guest\AppData\Local]
31/03/2012  18:21    <JUNCTION>     My Documents [C:\Users\Guest\Documents]
31/03/2012  18:21    <JUNCTION>     NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
31/03/2012  18:21    <JUNCTION>     PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
31/03/2012  18:21    <JUNCTION>     Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
31/03/2012  18:21    <JUNCTION>     SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
31/03/2012  18:21    <JUNCTION>     Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
31/03/2012  18:21    <JUNCTION>     Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Guest\AppData\Local
31/03/2012  18:21    <JUNCTION>     Application Data [C:\Users\Guest\AppData\Local]
31/03/2012  18:21    <JUNCTION>     History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
31/03/2012  18:21    <JUNCTION>     Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Guest\Documents
31/03/2012  18:21    <JUNCTION>     My Music [C:\Users\Guest\Music]
31/03/2012  18:21    <JUNCTION>     My Pictures [C:\Users\Guest\Pictures]
31/03/2012  18:21    <JUNCTION>     My Videos [C:\Users\Guest\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
14/07/2009  13:08    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  13:08    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  13:08    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
22/09/2011  16:41    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
22/09/2011  16:41    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
22/09/2011  16:41    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
22/09/2011  16:41    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
22/09/2011  16:41    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
22/09/2011  16:41    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
22/09/2011  16:41    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
22/09/2011  16:41    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
22/09/2011  16:41    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
22/09/2011  16:41    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
22/09/2011  16:41    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
22/09/2011  16:41    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
22/09/2011  16:41    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
22/09/2011  16:41    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
22/09/2011  16:41    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
22/09/2011  16:41    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
22/09/2011  16:41    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
22/09/2011  16:41    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
22/09/2011  16:41    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
22/09/2011  16:41    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
22/09/2011  16:41    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
22/09/2011  16:41    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
22/09/2011  16:41    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
22/09/2011  16:41    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
22/09/2011  16:41    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
22/09/2011  16:41    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
22/09/2011  16:41    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
22/09/2011  16:41    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
22/09/2011  16:41    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
22/09/2011  16:41    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
22/09/2011  16:41    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
22/09/2011  16:41    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
             144 Dir(s)  48,307,023,872 bytes free

< End of report >
 

 

It only opened one text OTL.Txt not an Extras.Txt



#10 axuy09

axuy09
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 23 July 2013 - 11:59 PM

the win 7 back up dose not work now. & i just noticed that MSE real time protection couldn't turn on. error code 0x800705b4



#11 axuy09

axuy09
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 30 July 2013 - 02:06 AM

hello?



#12 eddie5659

eddie5659

  • Malware Response Team
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 31 July 2013 - 01:34 PM

I'm so sorry, I never got an email saying you replied the first time :oopsign:

 

I'll go through it now



#13 eddie5659

eddie5659

  • Malware Response Team
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 31 July 2013 - 02:05 PM

The reason why there was no Extras is becuase it was Run 2. It only appears by default on Run 1. Its here in the header:

 

OTL logfile created on: 19/07/2013 09:20:01 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Users\elia\Downloads\BLEEPING FIX COMPUTER DOWNLOADS 100713
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

I think I'll run RSIT for the log, as it goes a bit deeper. In the meantime, can you run ComboFix for me:

 

 

Delete any copies of Combofix that you have.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RcAuto1.gif




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

eddie
 



#14 axuy09

axuy09
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 31 July 2013 - 11:13 PM

So not sure if i did that wrong but combo fix crashed my computer. maybe because the account i use isn't an admin account? on starting up the account the blue dos box? kept flashing reappearing (not sure if that makes sense!) I managed to switch users and logged in to the admin account where the same blue box told me to wait so that it could prepare the log. i come back to a BSOD. i took a photo of the technical information. as i do not knoww how to recover this on the computer

 

Technical information: *** STOP:0x000000F4 (0x000000000000003, 0xFFFFFA8008997870,0xFFFFFA8008997B50, 0xFFFFF80003795350)



managed to get the log but it was here

 

C:\username123

 

ComboFix 13-07-31.02 - god 01/08/2013  11:28:26.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.8190.3244 [GMT 8:00]
Running from: C:\Users\Elia\Desktop\username123.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Autorun.inf
C:\Windows\Installer\$PatchCache$\Managed\9B3B0BEDD3F91504D83301430388B14E\10.0.4\mp3gen.ini
C:\Windows\SysWow64\Packet.dll
C:\Windows\SysWow64\System32\MASetupCleaner.exe
C:\Windows\SysWow64\System32\muzapp.exe
C:\Windows\SysWow64\wpcap.dll


(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


(((((((((((((((((((((((((   Files Created from 2013-07-01 to 2013-08-01  )))))))))))))))))))))))))))))))


2013-08-01 03:36:48 . 2013-08-01 03:44:04    --------    d-----w-    C:\Users\god\AppData\Local\temp
2013-08-01 03:36:48 . 2013-08-01 03:36:48    --------    d-----w-    C:\Users\Guest\AppData\Local\temp
2013-08-01 03:36:48 . 2013-08-01 03:36:48    --------    d-----w-    C:\Users\DefaultAppPool\AppData\Local\temp
2013-08-01 03:36:48 . 2013-08-01 03:36:48    --------    d-----w-    C:\Users\Default\AppData\Local\temp
2013-08-01 03:36:48 . 2013-08-01 03:36:48    --------    d-----w-    C:\Users\Amy Ball I got Balls\AppData\Local\temp
2013-07-31 02:13:49 . 2013-07-02 08:34:27    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B3EA3AE2-E1B0-4814-9D57-80CF53B12FBF}\mpengine.dll
2013-07-30 17:35:20 . 2013-07-30 17:35:20    --------    d-----w-    C:\ProgramData\DatacardService
2013-07-30 10:39:29 . 2013-07-02 08:34:27    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-28 17:24:46 . 2013-07-28 17:24:46    --------    d-----w-    C:\Users\god\AppData\Roaming\TeamViewer
2013-07-28 15:00:30 . 2013-07-28 15:00:30    --------    d-----w-    C:\Program Files (x86)\TeamViewer
2013-07-24 05:45:45 . 2013-07-24 05:45:45    --------    d-----w-    C:\Users\god\AppData\Local\Avg2013
2013-07-22 11:54:16 . 2013-07-22 11:54:16    --------    d-----w-    C:\Users\Elia\AppData\Local\etax2013
2013-07-22 11:52:33 . 2013-07-22 13:10:03    --------    d-----w-    C:\Program Files (x86)\etax2013
2013-07-18 02:15:16 . 2013-07-27 13:29:23    --------    d-----w-    C:\Users\Elia\AppData\Roaming\vlc
2013-07-18 02:13:54 . 2013-07-18 02:14:01    --------    d-----w-    C:\Users\god\AppData\Roaming\vlc
2013-07-17 01:54:15 . 2013-07-17 01:53:46    941720    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7E910230-8AF0-448B-861A-2940594F4F4F}\gapaengine.dll
2013-07-16 06:38:10 . 2013-07-17 01:54:28    --------    d-----w-    C:\Program Files (x86)\SpeedFan
2013-07-14 16:27:08 . 2013-07-14 16:27:31    --------    d-----w-    C:\Program Files\TAP-Windows
2013-07-14 16:27:06 . 2013-07-14 16:27:41    --------    d-----w-    C:\Program Files\OpenVPN
2013-07-14 15:52:31 . 2013-07-14 15:52:31    --------    d-----w-    C:\Users\god\AppData\Roaming\TeraCopy
2013-07-14 15:50:07 . 2013-07-14 16:16:12    --------    d-----w-    C:\Program Files (x86)\obfsproxy
2013-07-13 15:13:29 . 2013-07-15 07:29:29    --------    d-----w-    C:\Program Files\Common Files\Viscosity
2013-07-13 14:29:09 . 2013-07-13 14:32:07    --------    d-----w-    C:\Users\Elia\AppData\Roaming\ViscosityVPP_torguard
2013-07-13 14:12:37 . 2013-07-13 14:13:15    --------    d-----w-    C:\Users\god\AppData\Roaming\ViscosityVPP_torguard
2013-07-13 14:12:16 . 2013-06-18 05:16:22    38856    ----a-w-    C:\Windows\system32\drivers\visctap0901.sys
2013-07-13 14:12:13 . 2013-07-14 17:14:33    --------    d-----w-    C:\Program Files\TorGuard.Viscosity
2013-07-13 13:03:01 . 2013-07-13 13:03:01    --------    d-----w-    C:\Users\god\.swt
2013-07-13 13:02:03 . 2013-07-22 11:43:13    --------    d-----w-    C:\Program Files (x86)\TorGuard
2013-07-10 16:13:18 . 2013-07-10 16:13:18    --------    d-----w-    C:\Users\god\AppData\Roaming\JAM Software
2013-07-10 07:41:53 . 2013-07-10 07:46:24    --------    d-----w-    C:\Windows\system32\MRT
2013-07-10 06:42:53 . 2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\system32\qedit.dll
2013-07-10 03:00:03 . 2013-07-10 03:00:03    --------    d-----w-    C:\Program Files (x86)\Runtime Software
2013-07-09 03:54:08 . 2013-07-09 03:54:34    100    ----a-w-    C:\Windows\DeleteOnReboot.bat
2013-07-09 03:43:52 . 2013-07-09 03:43:52    --------    d-----w-    C:\Program Files (x86)\Common Files\Java
2013-07-09 03:43:46 . 2013-07-09 03:43:43    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-09 03:20:12 . 2013-07-09 03:20:12    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2013-07-09 03:20:09 . 2013-07-09 03:20:09    --------    d-----w-    C:\Program Files\Common Files\ATI Technologies
2013-07-09 03:20:09 . 2013-07-09 03:20:09    --------    d-----w-    C:\Program Files (x86)\Common Files\ATI Technologies
2013-07-09 02:47:18 . 2013-07-09 02:47:18    --------    d-----w-    C:\Users\Elia\AppData\Roaming\SUPERAntiSpyware.com
2013-07-09 02:33:38 . 2013-07-09 02:33:38    --------    d-----w-    C:\Users\god\AppData\Roaming\SUPERAntiSpyware.com
2013-07-09 02:33:34 . 2013-07-09 02:34:30    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-07-09 02:33:34 . 2013-07-09 02:33:34    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-07-08 10:14:15 . 2013-07-08 10:14:15    --------    d-----w-    C:\Users\god\AppData\Roaming\Malwarebytes
2013-07-07 14:57:53 . 2013-07-07 14:57:53    --------    d-----w-    C:\Program Files (x86)\ESET
2013-07-07 14:17:25 . 2013-07-07 14:17:25    --------    d-----w-    C:\Users\god\AppData\Roaming\EndNote
2013-07-06 15:28:59 . 2013-07-06 15:28:59    --------    d-----w-    C:\ProgramData\WindowsPerformanceRecorder
2013-07-06 13:19:36 . 2013-07-06 13:19:38    --------    d-----w-    C:\ProgramData\Windows App Certification Kit
2013-07-06 13:19:22 . 2013-07-06 13:19:22    --------    d-----w-    C:\Program Files (x86)\Microsoft SDKs
2013-07-06 13:19:18 . 2013-07-06 13:19:18    --------    d-----w-    C:\Program Files\Application Verifier
2013-07-06 13:19:18 . 2013-07-06 13:19:18    --------    d-----w-    C:\Program Files (x86)\Application Verifier
2013-07-06 13:18:03 . 2013-07-06 13:18:03    --------    d-----w-    C:\Program Files (x86)\Windows Kits
2013-07-06 13:18:03 . 2013-07-06 13:18:03    --------    d-----w-    C:\Program Files (x86)\Common Files\Microsoft
2013-07-06 13:06:46 . 2013-07-06 13:17:56    --------    d-----w-    C:\ProgramData\Package Cache
2013-07-06 08:15:44 . 2013-07-28 16:52:43    --------    d-----w-    C:\Users\Elia\AppData\Roaming\TeamViewer
.


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 



#15 eddie5659

eddie5659

  • Malware Response Team
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 01 August 2013 - 01:37 PM

Is there any more to the log, normally there is a lot more after Find3M Report.

 

Looking at the BSOD thing now.

 

Also, can you run this:

 

 

  • Download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Edited by eddie5659, 01 August 2013 - 01:38 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users