Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware,Trojans, and Rootkits oh my! Vista PC Infected, please help.


  • This topic is locked This topic is locked
67 replies to this topic

#1 Daggera_Helras

Daggera_Helras

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 15 September 2013 - 12:13 AM

Hello,

 

I am pretty infected with a variety of problems and I manage to stripped away a lot of the Malware-Trojan-Rootkit nuisances plaguing my PC including ZeroAccess Trojan, ZeroAccess Rootkit, EZ_Sirefix_x86 trojan, and Trojan.svchelper.exe. Some of the infections have been reported in System32 and System Volume Information files. 

 I still believe there is still something deep with the roots that anti-virus scans are not picking up but other programs like Roguekiller, Superantispyware and Combofix are.

 

I have been battling this constantly and just removing the same changes and add ons it produces. I understand how much help is on demand but if I can receive any assistance I would appreciate it throughly.

 

Issues:

 

1. Slow: The first symptom I notice was the extreme slowness.

 

2. Factory Restore Blocked: My E-machine Recovery Manager is not working. Every time I try to boot it to see if I can factory restore (Since I do not have the Vista CD) I receive a message "Empowering Technology is not ready." I am guessing this is caused by a rootkit.

 

3. Some programs are blocked: Combofix, Roguekiller, and a few other programs crash (Sometimes with or without a message) and vanish. Hitman Pro and Eset Online scanners are unable to run and give a message saying they cannot connect when I have a clean connection to the internet. (Only in the normal setting do I suffer these errors on Safe mode I can run everything without problems.)

 

4. For a short while the internet was completely withholding access from me and I had to create a second account to get around the problem and with a lot of hours of running programs like Hitman Pro, Combofix, ect I got it back online.

 

5. I tried using Rkill and it spot ZeroAccesses Rootkit once but it did not really helped prevent the deleting and stopping of some programs mentioned above on number 3.

 

I am sorry if I am overloading with information I just want to help solve the mystery and hopefully fix it. 

 

 

Thank you.     :)

 

 

P.S. I tried to make a GMER log but it blue screens whenever I attempt to scan. 

Attached Files


Edited by Daggera_Helras, 15 September 2013 - 12:18 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 16 September 2013 - 10:16 PM





Hello Daggera_Helras

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Daggera_Helras

Daggera_Helras
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 17 September 2013 - 02:04 PM

Thank you so much for your quick reply Gringo.

 

Just in case it is important before I received your reply I uninstalled Bull Guard and installed Avast. It detected on a pop up warning three rootkits on three different occasions which I deleted when prompted, however I am not sure if it really did delete them as there is no record on Avast of anything being detected or deleted after the computer restarted.

 

The names of the said rootkits: TrueSight, SVC: RegGuard, and SVC:MBAMSwissArr 

 

Now the status on my computer keeps changing: Sometimes I will have internet and sometimes I won't have any connection at all. Some programs cause my computer to Blue Screen when I run them like Roguekiller unless I run them on safe mode, also Avast firewall is disabled and I cannot reactivate it, probably because it was picking up on the rootkits.

 

I hope this information helps.

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03

Ran by Daggera (administrator) on DAGGERA-PC on 17-09-2013 12:06:42
Running from C:\Users\Daggera\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Farbar) C:\Users\Daggera\Downloads\FRST-1.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\avast.setup
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [eRecoveryService] - [x]
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5703920 2013-08-14] (SUPERAntiSpyware)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [Advanced SystemCare 6] - "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
HKU\UpdatusUser\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [ 2013-05-16] (Safer-Networking Ltd.)
HKU\UpdatusUser\...\Run: [Akamai NetSession Interface] - "C:\Users\Daggera\AppData\Local\Akamai\netsession_win.exe"
HKU\UpdatusUser\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [ 2013-06-27] (Google)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL (IObit)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\PROGRA~1\ONLINE~1\oaevent.dll [366440 2012-10-02] (Emsisoft GmbH)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF ProfilePath: C:\Users\Daggera\AppData\Roaming\Mozilla\Firefox\Profiles\9nt8lwt4.default
FF Homepage: hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ff
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_93.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.1.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @g2.com/iggweb3dupdater - C:\Users\Daggera\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG)
FF Plugin HKCU: @g2.com/joyconnectshell - C:\Users\Daggera\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG)
FF Plugin HKCU: @gentek.com/thinclient - C:\IGG\twclient_us\npthinclient.dll (Generic Network)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Daggera\AppData\Roaming\Mozilla\Firefox\Profiles\9nt8lwt4.default\Extensions\ascsurfingprotection@iobit.com
FF Extension: AccelerateTab - C:\Users\Daggera\AppData\Roaming\Mozilla\Firefox\Profiles\9nt8lwt4.default\Extensions\speeddial@instair.net
FF Extension: Bullguard Virus Scan - C:\Users\Daggera\AppData\Roaming\Mozilla\Firefox\Profiles\9nt8lwt4.default\Extensions\virusscan@bullguard.com
FF Extension: DivXWebPlayer - C:\Users\Daggera\AppData\Roaming\Mozilla\Firefox\Profiles\9nt8lwt4.default\Extensions\DivXWebPlayer@divx.com.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 Desura Install Service; C:\Program Files\Common Files\Desura\desura_service.exe [131912 2012-06-25] (Desura Pty Ltd)
S3 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-09-11] (SurfRight B.V.)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
S3 Live Updater Service; C:\Program Files\EMACHINES\eMachines Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 SecureUpdateSvc; C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe [2298704 2013-08-15] ()
S3 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 AdvancedSystemCareService6;  [x]
S2 avast! Firewall;  [x]
S3 nvsvc;  [x]
S2 OAcat;  [x]
S3 OGIBQKT; C:\Users\Daggera\AppData\Local\Temp\OGIBQKT.exe [x]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
S2 SDScannerService;  [x]
S2 SDUpdateService;  [x]
S2 SDWSCService;  [x]
S3 Secunia PSI Agent;  [x]
S3 Secunia Update Agent;  [x]
S2 SvcOnlineArmor;  [x]
S3 wbengine; 
S4 WSWNA3100;  [x]
S3 WUZFVQR; C:\Users\Daggera\AppData\Local\Temp\WUZFVQR.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 1394hub; C:\Windows\System32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R1 A2DDA; C:\EEK\RUN\a2ddax86.sys [22056 2013-07-29] (Emsisoft GmbH)
R0 apd34tah; C:\Windows\System32\Drivers\apd34tah.sys [35904 2013-09-14] (VirusBlokAda Ltd.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [104752 2013-08-30] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2013-07-17] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [204784 2013-08-30] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1074944 2011-12-12] (Broadcom Corporation)
S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2013-08-31] (Emsisoft GmbH)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-03-22] (GFI Software)
R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-06-11] (Acer, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [208320 2012-10-02] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44992 2012-10-02] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [27648 2012-10-02] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31768 2012-10-02] (Emsisoft)
R2 PfFilter; C:\Program Files\IObit\Protected Folder\pffilter.sys [32672 2011-03-16] (IObit Information Technology)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [31752 2013-03-26] (IObit.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-06-18] (Duplex Secure Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35088 2013-04-30] (The OpenVPN Project)
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2013-03-26] (IObit.com)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-20] (Microsoft Corporation)
S2 adfs; No ImagePath
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Daggera\AppData\Local\Temp\catchme.sys [x]
S0 hqmpym; No ImagePath
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S4 LSI_SCSI;  [x]
S3 lvpopflt; system32\DRIVERS\lvpopflt.sys [x]
S3 LVRS; system32\DRIVERS\lvrs.sys [x]
S3 LVUVC; system32\DRIVERS\lvuvc.sys [x]
S3 MFE_RR; \??\C:\Users\Daggera\AppData\Local\Temp\mfe_rr.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U3 Partizan; system32\drivers\Partizan.sys [x]
S0 ssuhop; No ImagePath
S0 tljkva; No ImagePath
U3 TrueSight; \??\C:\Windows\system32\TrueSight.sys [x]
S3 XFDriver; \??\C:\Program Files\Xfire2\XFDriver.sys [x]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\svchost.exe 3794B461C45882E06856F282EEF025AF
C:\EEK\RUN\a2ddax86.sys B0CC0B50441372157F31C4C023D43A3E
C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA
C:\Windows\System32\DRIVERS\AGRSM.sys 5D97943C128ED756D1B0A08302C1B1F8
C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\System32\Drivers\apd34tah.sys 04F76BC3AFF4DD42A0FF860C8E70ACC8
C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\System32\Drivers\aswFsBlk.sys B9FE438B3CAD82B2014710349A2022F7
C:\Windows\System32\Drivers\aswFW.sys 7A9574E9C68ADDCC41ABDF322F3EB0B9
C:\Windows\System32\Drivers\aswKbd.sys 77D1BB80580EE1AC9F517D098DEBE5F6
C:\Windows\system32\drivers\aswMonFlt.sys AE5549DD21F6DE06406031EF1D51ACC3
C:\Windows\System32\DRIVERS\aswNdis.sys 7B948E3657BEA62E437BC46CA6EF6012
C:\Windows\System32\drivers\aswNdis2.sys CEA23B5AD792EDB63F30794FE38BE45D
C:\Windows\System32\Drivers\AswRdr.sys D084D0A7A66619FC29776CBBB9D5FA55
C:\Windows\System32\Drivers\aswRvrt.sys FA72FA503F580C3C628DD8C7D7622E37
C:\Windows\System32\Drivers\aswSnx.sys 4D53349D848C6BADB3D4ACBE98C27676
C:\Windows\System32\Drivers\aswSP.sys 813024DFD54A41B3AFAE2B1E2796CB80
C:\Windows\System32\Drivers\aswTdi.sys 5E18413310134130D7772F0668698CB7
C:\Windows\System32\Drivers\aswVmm.sys A5F637D61719D37A5B4868C385E363C0
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DRIVERS\bcmwlhigh6.sys 5165CF423964FC17606442FAE7AB2BF8
C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\EEK\Run\cleanhlp32.sys 85F1DDEA3C10921190CDBA107B22590C
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\system32\drivers\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Program Files\SystemRequirementsLab\cpudrv.sys D01F685F8B4598D144B0CCE9FF95D8D5
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 5DE0FAEC9E5D1AAE74F8568897891A01
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61
C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\System32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys 7EBAB88FEE6E97397C183ED3B71F0797
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\System32\DRIVERS\fssfltr.sys B0082808A6856A252F7CDD939892CE50
C:\Windows\System32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\drivers\gfiark.sys 035EAF9A18B84F9560984BCF41F52E99
C:\Windows\System32\drivers\gfibto.sys 483924F92E55A5F9423201EC635E2CED
C:\Windows\System32\drivers\HdAudio.sys 3F90E001369A07243763BD5A523D8722
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\int15.sys C6E5276C00EBDEB096BB5EF4B797D1B6
C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys 18247836959BA67E3511B62846B9C2E0
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\L8042Kbd.sys D88846F9F4F27AE9BE584A6E5B6B8753
C:\Windows\System32\DRIVERS\L8042mou.Sys BEA61FDA2103F6F51B14EB0872E8A050
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\System32\DRIVERS\LMouKE.Sys CAB504E38FCED9A56D87D838E9BA13E9
C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\system32\drivers\msahci.sys 28023E86F17001F7CD9B15A5BC9AE07D
C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7
C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys 25401B0C9576C8456B3E0BBD74FF0771
C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\System32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\System32\DRIVERS\nvlddmkm.sys 9A77B1C13BCCEDDF78DFD7AFC25B4F5E
C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\System32\DRIVERS\nvstor32.sys 97778C3CB3AF6B2243648D0DCD4D8916
C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\system32\drivers\OADriver.sys C0BA927C3A1A62F2BF664F242D91C082
C:\Windows\system32\drivers\oahlp32.sys C968369E2BC5F6A8426C1E7D78E33F1B
C:\Windows\system32\drivers\OAmon.sys 04E7E92CD91E61E0CC1BDF849032AD81
C:\Windows\System32\DRIVERS\oanet.sys CE879EC1C02AE6434F767CD69B9ACB16
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Program Files\IObit\Protected Folder\pffilter.sys 56652AF63296E1B0304162C5E7DB5FAF
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\System32\DRIVERS\psi_mf.sys D24DFD16A1E2A76034DF5AA18125C35D
C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\System32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys 488F6A96E03A5A61B7F1FA6A6AB75457
C:\Windows\System32\DRIVERS\revoflt.sys B9BB8E2093C1615AD6EA55AD96214354
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\System32\DRIVERS\Rtlh86.sys 2FC33077F85D7DC0D03678C06D43898C
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 39763504067962108505BFF25F024345
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 77B9FC20084B48408AD3E87570EB4A85
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scmndisp.sys 3B68015683C27CB00C7A6B60A37CBCFD
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5
C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\Drivers\SmartDefragDriver.sys 46B40982AF166BF89C3F51FB13E60D6D
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\Drivers\sptd.sys 0022CFFF1A41E5CE3A764050A7DDF22A
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tap0901.sys 147B9CCE0B523D4DAFD91A60C2CE2B25
C:\Windows\System32\drivers\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D
C:\Windows\System32\DRIVERS\tcpip.sys D18D53974FD715D50FC76F9FFE1C830D
C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys 085C7D657B6594D73A473EE55079810B
C:\Windows\System32\drivers\usbaudio.sys 32DB9517628FF0D070682AAB61E688F0
C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 79E96C23A97CE7B8F14D310DA2DB0C9B
C:\Windows\System32\DRIVERS\usbhub.sys 4673BBCB006AF60E7ABDDBE7A130BA42
C:\Windows\System32\DRIVERS\usbohci.sys CE697FEE0D479290D89BEC80DFE793B7
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\Drivers\usbvideo.sys E67998E8F14CB0627A769F6530BCB352
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\xnacc.sys 9EEA6D029FEF5F3016D089B1A603837D
C:\Windows\System32\DRIVERS\xusb21.sys F5E5F944E63A9B5F6E76C2EBB2AC462F
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-17 11:59 - 2013-09-17 11:59 - 01083437 _____ (Farbar) C:\Users\Daggera\Downloads\FRST-1.exe
2013-09-17 02:06 - 2013-09-17 01:59 - 131918888 _____ C:\Users\Daggera\Downloads\avast_free_antivirus_setup.exe
2013-09-17 02:00 - 2013-09-17 02:00 - 00103680 _____ (GMER) C:\ufliifod.sys
2013-09-17 01:57 - 2013-09-17 01:57 - 00002013 _____ C:\Users\Daggera\Desktop\RKreport[0]_D_09172013_015725.txt
2013-09-17 01:56 - 2013-09-17 01:56 - 00001975 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09172013_015643.txt
2013-09-17 01:55 - 2013-09-17 12:01 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c115b3b9-d4be-4309-99c3-bc74322b1498.job
2013-09-17 01:55 - 2013-09-17 12:01 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9a245ba6-db5b-4f5b-b98b-12d59e5bff70.job
2013-09-17 01:52 - 2013-09-17 01:52 - 00001246 _____ C:\Windows\PFRO.log
2013-09-17 01:49 - 2013-09-17 01:49 - 00000000 _____ C:\Windows\setuperr.log
2013-09-17 01:49 - 2013-09-17 01:49 - 00000000 _____ C:\Windows\setupact.log
2013-09-17 01:37 - 2013-09-17 01:50 - 00000000 ____D C:\ComboFix
2013-09-17 01:32 - 2013-09-17 01:32 - 00105824 _____ C:\Users\Daggera\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-17 01:08 - 2013-09-17 01:15 - 00000000 ____D C:\Users\Daggera\Downloads\TrendMicro AntiThreat Toolkit
2013-09-17 00:42 - 2013-09-17 01:01 - 00001930 _____ C:\Windows\DCEBOOT.RST
2013-09-17 00:35 - 2013-09-17 00:59 - 00022064 _____ C:\Windows\DCEBoot.exe
2013-09-17 00:34 - 2013-09-17 00:59 - 00181808 _____ C:\Windows\RegBootClean.exe
2013-09-16 20:29 - 2013-09-16 20:29 - 00104578 _____ C:\Users\Daggera\Desktop\2013-09-17_02-27-17 OAshi.xml
2013-09-16 19:33 - 2013-09-16 19:33 - 05168112 _____ (Aveas Limited) C:\Users\Daggera\Downloads\Unhooker.exe
2013-09-16 19:24 - 2013-09-16 19:27 - 00000000 ____D C:\Users\Daggera\Documents\RegRun2
2013-09-16 19:21 - 2013-09-16 19:23 - 00008634 _____ C:\Users\Daggera\Desktop\MBRCheck_09.16.13_19.21.38.txt
2013-09-16 19:19 - 2013-09-16 19:19 - 00080384 _____ C:\Users\Daggera\Downloads\MBRCheck.exe
2013-09-16 18:52 - 2013-09-16 18:52 - 00000000 ____D C:\Users\Daggera\AppData\Local\CrashDumps
2013-09-16 18:44 - 2013-09-16 18:44 - 00000291 _____ C:\Users\Daggera\Downloads\RootkitRemover20130916184401.txt
2013-09-16 18:41 - 2013-09-16 18:42 - 01039554 _____ C:\Users\Daggera\Downloads\AdwCleaner.exe
2013-09-16 12:36 - 2013-09-16 18:45 - 00001892 _____ C:\Users\Daggera\Desktop\Rkill.txt
2013-09-16 03:25 - 2013-09-16 03:25 - 00002946 _____ C:\Users\Daggera\Desktop\RKreport[0]_D_09162013_032549.txt
2013-09-16 03:25 - 2013-09-16 03:25 - 00002908 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09162013_032521.txt
2013-09-16 03:25 - 2013-09-16 03:25 - 00001327 _____ C:\Users\Daggera\Desktop\RKreport[0]_H_09162013_032551.txt
2013-09-16 03:25 - 2013-09-16 03:25 - 00001235 _____ C:\Users\Daggera\Desktop\RKreport[0]_PR_09162013_032554.txt
2013-09-16 03:25 - 2013-09-16 03:25 - 00001199 _____ C:\Users\Daggera\Desktop\RKreport[0]_DN_09162013_032554.txt
2013-09-15 23:33 - 2013-09-15 23:33 - 00002988 _____ C:\Users\Daggera\Desktop\RKreport[0]_D_09152013_233334.txt
2013-09-15 23:33 - 2013-09-15 23:33 - 00001224 _____ C:\Users\Daggera\Desktop\RKreport[0]_H_09152013_233338.txt
2013-09-15 23:33 - 2013-09-15 23:33 - 00001132 _____ C:\Users\Daggera\Desktop\RKreport[0]_PR_09152013_233339.txt
2013-09-15 23:33 - 2013-09-15 23:33 - 00001096 _____ C:\Users\Daggera\Desktop\RKreport[0]_DN_09152013_233339.txt
2013-09-15 23:32 - 2013-09-15 23:32 - 00002950 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09152013_233226.txt
2013-09-15 22:13 - 2013-09-15 22:13 - 00000000 ____D C:\Users\Daggera\Pavark
2013-09-15 22:11 - 2006-11-01 13:07 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\Users\Daggera\Desktop\RootkitRevealer.exe
2013-09-15 22:11 - 2006-07-28 08:32 - 00007005 _____ C:\Users\Daggera\Desktop\Eula.txt
2013-09-15 22:11 - 2005-12-07 14:19 - 00102160 _____ C:\Users\Daggera\Desktop\RootkitRevealer.chm
2013-09-15 21:44 - 2013-09-15 22:08 - 00003482 _____ C:\Users\Daggera\Desktop\unhide.txt
2013-09-15 21:42 - 2013-09-15 21:42 - 00004470 _____ C:\Users\Daggera\Downloads\ESETSirefefCleaner.exe_20130915.214243.6904.log
2013-09-15 21:42 - 2009-08-13 11:14 - 00472064 _____ ( ) C:\Users\Daggera\Downloads\RootRepeal.exe
2013-09-15 21:41 - 2013-09-15 21:41 - 00001712 _____ C:\Users\Daggera\Desktop\RKreport[0]_D_09152013_214102.txt
2013-09-15 21:40 - 2013-09-15 21:40 - 00002736 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09152013_214030.txt
2013-09-15 21:29 - 2013-09-15 21:29 - 00000322 _____ C:\Windows\system32\Result.txt
2013-09-15 21:10 - 2013-09-15 21:10 - 03298896 _____ (Trend Micro Inc.) C:\Users\Daggera\Downloads\attk_collector_cli_x86.exe
2013-09-15 21:08 - 2013-09-15 21:29 - 00000000 ____D C:\Windows\system32\TrendMicro AntiThreat Toolkit
2013-09-15 21:07 - 2013-09-15 21:07 - 07371208 _____ (Trend Micro Inc.) C:\Users\Daggera\Downloads\attk_far_gui_x86.exe
2013-09-15 19:34 - 2013-09-15 19:34 - 00001568 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09152013_193453.txt
2013-09-15 19:28 - 2013-09-15 19:28 - 00001018 _____ C:\Users\Daggera\Desktop\RKreport[0]_H_09152013_192805.txt
2013-09-15 19:28 - 2013-09-15 19:28 - 00000926 _____ C:\Users\Daggera\Desktop\RKreport[0]_PR_09152013_192806.txt
2013-09-15 19:28 - 2013-09-15 19:28 - 00000890 _____ C:\Users\Daggera\Desktop\RKreport[0]_DN_09152013_192808.txt
2013-09-15 19:26 - 2013-09-15 19:26 - 00001505 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09152013_192640.txt
2013-09-15 19:24 - 2013-09-15 19:24 - 00002603 _____ C:\Users\Daggera\Desktop\RKreport[0]_D_09152013_192443.txt
2013-09-15 19:02 - 2013-09-15 19:02 - 00002566 _____ C:\Users\Daggera\Desktop\RogueKiller report.txt
2013-09-15 18:59 - 2013-09-15 18:59 - 00002566 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09152013_185941.txt
2013-09-15 15:47 - 2013-09-15 15:47 - 00918016 _____ C:\Users\Daggera\Downloads\RogueKiller.exe
2013-09-15 15:47 - 2013-09-15 15:47 - 00918016 _____ C:\Users\Daggera\Desktop\RogueKiller.exe
2013-09-15 15:05 - 2013-09-15 14:56 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\Daggera\Downloads\spybotsd-2.1.21-SR2.exe
2013-09-15 15:00 - 2013-09-15 15:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-15 15:00 - 2013-09-15 15:28 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-09-15 15:00 - 2013-09-15 15:28 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-09-15 15:00 - 2013-09-15 15:28 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-09-15 14:59 - 2013-09-17 00:37 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-09-15 14:58 - 2013-09-15 14:58 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Daggera\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-15 14:58 - 2013-09-15 14:58 - 00000868 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-15 14:58 - 2013-09-15 14:58 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-15 14:58 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-15 14:51 - 2013-09-15 14:51 - 00204496 _____ (Malwarebytes) C:\Users\Daggera\Downloads\startuplite-setup-1.07.exe
2013-09-15 14:51 - 2013-09-15 14:51 - 00065232 _____ (Malwarebytes) C:\Users\Daggera\Downloads\regassassin-setup-1.03.exe
2013-09-15 14:49 - 2013-09-15 14:49 - 01790576 _____ (Malwarebytes                                                ) C:\Users\Daggera\Downloads\mbae-setup-0.09.3.1000.exe
2013-09-15 14:35 - 2013-09-15 14:35 - 00074400 _____ C:\Users\Daggera\Documents\AutoRuns.txt
2013-09-15 14:25 - 2013-07-31 13:08 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\Daggera\Downloads\autoruns.exe
2013-09-15 14:25 - 2013-07-31 13:08 - 00579264 _____ (Sysinternals - www.sysinternals.com) C:\Users\Daggera\Downloads\autorunsc.exe
2013-09-15 14:25 - 2013-03-17 16:52 - 00049518 _____ C:\Users\Daggera\Downloads\autoruns.chm
2013-09-15 14:25 - 2006-07-28 09:32 - 00007005 _____ C:\Users\Daggera\Downloads\Eula.txt
2013-09-15 14:24 - 2013-09-15 14:24 - 00001791 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-09-15 14:24 - 2013-08-30 01:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-15 14:24 - 2013-08-30 01:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-15 14:24 - 2013-08-30 01:48 - 00204784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2013-09-15 14:24 - 2013-08-30 01:48 - 00104752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys
2013-09-15 14:24 - 2013-08-30 01:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-15 14:24 - 2013-08-30 01:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-15 14:24 - 2013-08-30 01:48 - 00049760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-09-15 14:24 - 2013-08-30 01:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-15 14:24 - 2013-08-30 01:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-15 14:23 - 2013-08-30 01:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-15 14:23 - 2013-07-17 03:17 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
2013-09-15 14:23 - 2013-04-30 02:51 - 00035088 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2013-09-15 14:21 - 2013-09-15 14:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-15 14:13 - 2013-09-15 14:13 - 00000512 _____ C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2013-09-15 14:13 - 2013-09-15 14:13 - 00000000 _____ C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD.tmp
2013-09-15 13:15 - 2013-09-15 13:15 - 00550371 _____ C:\Users\Daggera\Downloads\Autoruns.zip
2013-09-15 12:02 - 2013-09-15 12:02 - 00001027 _____ C:\Users\Public\Desktop\Uninstaller.lnk
2013-09-15 12:02 - 2013-09-15 12:02 - 00001015 _____ C:\Users\Daggera\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-09-15 12:02 - 2013-09-15 12:02 - 00000976 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
2013-09-15 02:21 - 2013-09-15 02:22 - 00005046 _____ C:\Users\Daggera\Downloads\ESETSirefefCleaner-1.exe_20130915.022156.1196.log
2013-09-15 00:53 - 2013-09-16 20:01 - 00000368 _____ C:\Windows\system32\PARTIZAN.TXT
2013-09-15 00:41 - 2013-09-15 00:43 - 30137728 _____ C:\Zero Access Rootkit_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00011483 _____ C:\WinSock2 Components_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00003407 _____ C:\Name Server_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00002513 _____ C:\IE Extensions - All Users_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00002330 _____ C:\Default Search Provider_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00001684 _____ C:\Browser Helper Objects_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000630 _____ C:\Default Search Provider for All Users_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000619 _____ C:\AboutURLs_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000406 _____ C:\Search Assistant_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000308 _____ C:\Internet Components_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000213 _____ C:\Hosts File Path_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000207 _____ C:\All Users Search_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000182 _____ C:\URL Default Prefixes_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000174 _____ C:\IE Local Blank Page_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000173 _____ C:\IE Local Blank Page_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000171 _____ C:\Current Home Page_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000163 _____ C:\IE Extensions - Current User_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000160 _____ C:\Search URL Template_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000152 _____ C:\Current Users Search_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000148 _____ C:\Execute unsigned ActiveX in My Computer Zone_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000148 _____ C:\Execute unsigned ActiveX in Local Intranet Zone_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000148 _____ C:\Execute unsigned ActiveX in Internet Zone_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000147 _____ C:\Execute unsigned ActiveX in Internet Zone_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000143 _____ C:\Default Home Page_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000130 _____ C:\URLSearchHook_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000128 _____ C:\Toolbars_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000123 _____ C:\Proxy_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000107 _____ C:\Default Prefix_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000104 _____ C:\Safe Sites_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000101 _____ C:\Execute unsigned ActiveX in My Computer Zone_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000101 _____ C:\Execute unsigned ActiveX in Local Intranet Zone_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000098 _____ C:\Domain Name_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000093 _____ C:\AutoConfigURL_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000089 _____ C:\Plugins for extensions_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000089 _____ C:\Active Desktop Components_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000085 _____ C:\Explorer Bars_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000080 _____ C:\Auto Search URL_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000078 _____ C:\Links Toolbar_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000078 _____ C:\Context menu items_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000077 _____ C:\User Style Sheet_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000077 _____ C:\Search Assistant_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000071 _____ C:\CustomizeSearch_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000070 _____ C:\User Style Sheet_HKUSERS.reg
2013-09-14 23:27 - 2013-09-16 19:27 - 00000000 ____D C:\ProgramData\RegRun
2013-09-14 23:27 - 2013-09-14 23:27 - 00000002 RSHOT C:\Windows\winstart.bat
2013-09-14 23:05 - 2013-09-15 01:30 - 00000000 ____D C:\Program Files\Softwin
2013-09-14 22:39 - 2013-09-14 22:39 - 00010090 _____ C:\Users\Daggera\Desktop\attach.txt
2013-09-14 22:39 - 2013-09-14 22:36 - 00024072 _____ C:\Users\Daggera\Desktop\dds.txt
2013-09-14 20:48 - 2013-09-14 20:48 - 00000000 ____D C:\Program Files\WinPcap
2013-09-14 02:20 - 2013-09-14 21:43 - 00000000 ____D C:\Users\Daggera\Desktop\New Folder
2013-09-14 02:19 - 2013-09-15 00:43 - 01029675 _____ (Thisisu) C:\Users\Daggera\Desktop\JRT_NEW.exe
2013-09-14 02:15 - 2013-09-14 02:15 - 00001052 _____ C:\Users\Daggera\Desktop\RKreport[0]_H_09142013_021542.txt
2013-09-14 02:15 - 2013-09-14 02:15 - 00000927 _____ C:\Users\Daggera\Desktop\RKreport[0]_PR_09142013_021541.txt
2013-09-14 02:15 - 2013-09-14 02:15 - 00000924 _____ C:\Users\Daggera\Desktop\RKreport[0]_DN_09142013_021544.txt
2013-09-14 02:05 - 2013-09-14 01:56 - 23398360 _____ (IObit                                                       ) C:\Users\Daggera\Downloads\asc-setup.exe
2013-09-14 02:00 - 2013-09-14 02:00 - 10031224 _____ (VS Revo Group                                               ) C:\Users\Daggera\Downloads\RevoUninProSetup.exe
2013-09-14 02:00 - 2013-09-14 02:00 - 00000000 ____D C:\Users\Daggera\AppData\Local\VS Revo Group
2013-09-14 02:00 - 2013-09-14 02:00 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-09-14 02:00 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2013-09-14 01:17 - 2013-09-14 01:17 - 00035904 _____ (VirusBlokAda Ltd.) C:\Windows\system32\Drivers\apd34tah.sys
2013-09-14 01:17 - 2009-11-05 17:32 - 00004473 _____ C:\Users\Daggera\Downloads\readme.ru
2013-09-14 01:17 - 2009-11-05 17:22 - 00501345 _____ C:\Users\Daggera\Downloads\Vba32ArkitEN.chm
2013-09-14 01:17 - 2009-11-05 17:22 - 00489413 _____ C:\Users\Daggera\Downloads\Vba32ArkitRU.chm
2013-09-14 01:17 - 2009-11-04 18:17 - 00671032 _____ (VirusBlokAda Ltd.) C:\Users\Daggera\Downloads\Vba32arkit.exe
2013-09-14 01:17 - 2009-11-04 18:17 - 00308032 _____ (VirusBlokAda Ltd.) C:\Users\Daggera\Downloads\Vba32ar.dll
2013-09-14 01:17 - 2009-11-04 18:17 - 00089416 _____ (VirusBlokAda Ltd.) C:\Users\Daggera\Downloads\Vba32arch.dll
2013-09-14 01:17 - 2002-10-13 21:06 - 00011536 _____ (Microsoft Corporation) C:\Users\Daggera\Downloads\sporder.dll
2013-09-14 01:15 - 2013-09-14 01:16 - 01472131 _____ C:\Users\Daggera\Downloads\vba32arkit-1.zip
2013-09-14 00:03 - 2013-09-14 00:03 - 00131344 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2013-09-14 00:01 - 2013-09-14 00:01 - 00000291 _____ C:\Users\Daggera\Downloads\RootkitRemover20130914000101.txt
2013-09-14 00:00 - 2013-09-14 00:00 - 00004470 _____ C:\Users\Daggera\Downloads\ESETSirefefCleaner.exe_20130914.000043.5928.log
2013-09-13 23:42 - 2013-09-11 23:38 - 05124599 _____ (Swearware) C:\Users\Daggera\Downloads\BullGuard.exe.exe
2013-09-13 23:42 - 2013-09-03 21:37 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Daggera\Desktop\rkill.exe
2013-09-13 21:30 - 2013-07-31 04:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 21:30 - 2013-07-31 04:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 21:30 - 2013-07-31 04:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 21:30 - 2013-07-31 03:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 21:30 - 2013-07-31 03:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-13 21:30 - 2013-07-31 03:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 21:30 - 2013-07-31 03:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-13 21:30 - 2013-07-31 03:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 21:30 - 2013-07-31 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 21:30 - 2013-07-31 03:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-13 21:30 - 2013-07-31 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-13 21:30 - 2013-07-31 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 21:30 - 2013-07-31 03:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 21:30 - 2013-07-31 03:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 21:30 - 2013-07-31 03:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-13 21:30 - 2013-07-31 03:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 01:10 - 2013-09-13 01:10 - 00000114 _____ C:\local.conf
2013-09-12 22:42 - 2013-09-12 22:42 - 00000000 ____D C:\System Volume
2013-09-12 15:03 - 2013-08-07 19:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 14:41 - 2013-07-15 22:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-12 13:56 - 2013-09-16 19:39 - 05126417 ____R (Swearware) C:\Users\Daggera\Desktop\ComboFix.exe
2013-09-12 13:52 - 2013-09-12 13:52 - 00000192 _____ C:\Users\Daggera\Desktop\Win32kDiag.txt
2013-09-12 01:52 - 2013-09-13 21:47 - 02333064 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 01:21 - 2013-09-17 01:17 - 57458688 _____ C:\Windows\system32\config\software.iobit
2013-09-12 01:21 - 2013-09-17 01:17 - 41107456 _____ C:\Windows\system32\config\components.iobit
2013-09-12 01:21 - 2013-09-17 01:17 - 05283840 _____ C:\Windows\system32\config\default.iobit
2013-09-12 01:21 - 2013-09-17 01:17 - 00094208 _____ C:\Windows\system32\config\sam.iobit
2013-09-12 01:21 - 2013-09-17 01:17 - 00024576 _____ C:\Windows\system32\config\security.iobit
2013-09-12 00:47 - 2013-09-12 00:47 - 00000029 _____ C:\Users\Daggera\Downloads\RootkitRemover20130912004715.txt
2013-09-12 00:29 - 2013-09-12 00:29 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2013-09-11 23:38 - 2013-09-14 02:33 - 05125631 ____R (Swearware) C:\Users\Daggera\Downloads\ComboFix.exe
2013-09-11 22:56 - 2013-09-11 22:56 - 00000548 _____ C:\Users\Daggera\Desktop\ComboFix - Shortcut.lnk
2013-09-11 22:05 - 2013-09-11 21:58 - 130023544 _____ C:\Users\Daggera\Downloads\m17el52j.exe
2013-09-11 21:58 - 2013-09-11 21:58 - 00000000 ____D C:\Users\Daggera\Doctor Web
2013-09-11 20:24 - 2013-09-15 21:51 - 00001694 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-11 20:24 - 2013-09-14 02:25 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-11 20:24 - 2013-09-11 20:24 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-11 20:20 - 2013-09-11 20:16 - 09186416 _____ (SurfRight B.V.) C:\Users\Daggera\Downloads\HitmanPro.exe
2013-09-11 20:18 - 2013-09-11 20:23 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-11 20:18 - 2013-09-11 20:22 - 00000000 ____D C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2013-09-11 20:18 - 2013-09-11 20:18 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-11 20:17 - 2013-09-11 20:17 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Daggera\Downloads\SpyHunter-Installer.exe
2013-09-11 19:17 - 2013-09-11 19:17 - 00551408 _____ (McAfee, Inc.) C:\Users\Daggera\Downloads\rootkitremover-1.exe
2013-09-11 19:11 - 2013-09-11 19:11 - 00004470 _____ C:\Users\Daggera\Downloads\ESETSirefefCleaner-1.exe_20130911.191117.5388.log
2013-09-11 19:07 - 2013-09-11 19:07 - 00343760 _____ (ESET) C:\Users\Daggera\Downloads\ESETSirefefCleaner-1.exe
2013-09-11 15:29 - 2013-09-11 15:29 - 02347384 _____ (ESET) C:\Users\Daggera\Downloads\esetsmartinstaller_enu.exe
2013-09-11 15:04 - 2013-09-11 15:05 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-09-11 15:03 - 2013-09-11 15:04 - 04009167 _____ C:\Users\Daggera\Downloads\ServicesRepair.exe
2013-09-11 13:14 - 2013-09-11 13:14 - 00001500 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09112013_131449.txt
2013-09-11 03:53 - 2013-09-11 03:53 - 00000291 _____ C:\Users\Daggera\Downloads\RootkitRemover20130911035343.txt
2013-09-11 03:13 - 2013-09-11 03:13 - 00000000 ____D C:\found.000
2013-09-11 02:58 - 2013-09-11 02:58 - 00000291 _____ C:\Users\Daggera\Downloads\RootkitRemover20130911025837.txt
2013-09-11 02:58 - 2013-09-11 02:58 - 00000291 _____ C:\Users\Daggera\Downloads\RootkitRemover20130911025820.txt
2013-09-11 02:41 - 2013-09-11 02:44 - 00000000 ____D C:\combofix-16682c
2013-09-11 02:08 - 2013-09-11 02:12 - 00000000 ____D C:\combofix-1
2013-09-11 01:34 - 2013-09-11 01:34 - 00000528 _____ C:\Users\Daggera\Downloads\defogger_disable.log
2013-09-10 23:35 - 2013-09-10 23:35 - 00000000 ____D C:\Users\Daggera\Downloads\vba32arkit
2013-09-10 23:35 - 2013-09-10 23:35 - 00000000 ____D C:\Users\Daggera\Downloads\RootRepeal
2013-09-10 23:16 - 2013-09-10 23:16 - 00000020 _____ C:\Users\Daggera\defogger_reenable
2013-09-10 23:10 - 2013-09-14 01:14 - 00000000 ____D C:\Users\Daggera\Downloads\TMRBLog
2013-09-10 23:10 - 2013-09-10 23:10 - 00000118 ____R C:\Users\Daggera\Downloads\Stinger.opt
2013-09-10 23:10 - 2013-09-10 23:10 - 00000000 ____D C:\Users\Daggera\Downloads\log
2013-09-10 21:21 - 2013-09-10 21:21 - 01029490 _____ (Thisisu) C:\Users\Daggera\Downloads\JRT.exe
2013-09-10 21:10 - 2013-09-10 21:11 - 00050477 _____ C:\Users\Daggera\Downloads\Defogger.exe
2013-09-10 21:09 - 2013-09-10 21:09 - 00688992 ____R (Swearware) C:\Users\Daggera\Downloads\dds.com
2013-09-10 21:08 - 2013-09-10 21:08 - 00377856 _____ C:\Users\Daggera\Downloads\h1k3231t.exe
2013-09-10 21:05 - 2013-09-10 21:06 - 01472131 _____ C:\Users\Daggera\Downloads\vba32arkit.zip
2013-09-10 21:04 - 2013-09-10 21:04 - 08656400 _____ (Trend Micro Inc.) C:\Users\Daggera\Downloads\RootkitBuster_v5_1061.exe
2013-09-10 21:01 - 2013-09-10 21:01 - 00464491 _____ C:\Users\Daggera\Downloads\RootRepeal.zip
2013-09-10 20:51 - 2013-09-10 20:51 - 00000536 _____ C:\Users\Daggera\Desktop\aswmbr - Shortcut.lnk
2013-09-10 20:50 - 2013-09-10 20:50 - 00000529 _____ C:\Users\Daggera\Desktop\rkill - Shortcut.lnk
2013-09-10 20:45 - 2013-09-10 23:10 - 00000645 _____ C:\Users\Daggera\Downloads\Stinger_10092013_204510.html
2013-09-10 20:44 - 2013-09-10 20:44 - 10011168 _____ (McAfee Inc) C:\Users\Daggera\Downloads\stinger32.exe
2013-09-10 20:31 - 2013-09-10 20:31 - 00001433 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09102013_203133.txt
2013-09-10 20:27 - 2013-09-10 20:27 - 00000194 _____ C:\Users\Daggera\Downloads\hosts-perm.bat
2013-09-10 20:26 - 2013-09-10 20:26 - 00000000 ____D C:\Users\Daggera\Downloads\GrantPerms
2013-09-10 20:25 - 2013-09-10 20:25 - 00453083 _____ C:\Users\Daggera\Downloads\GrantPerms.zip
2013-09-10 18:30 - 2013-09-10 18:30 - 00047616 _____ C:\Users\Daggera\Downloads\Win32kDiag.exe
2013-09-10 17:37 - 2013-09-10 17:37 - 00000512 _____ C:\Users\Daggera\Downloads\MBR.dat
2013-09-10 15:49 - 2013-09-10 15:49 - 00004470 _____ C:\Users\Daggera\Downloads\ESETSirefefCleaner.exe_20130910.154929.1728.log
2013-09-09 02:01 - 2013-09-10 17:54 - 00000000 ____D C:\Users\Daggera\Desktop\mbar
2013-09-09 02:00 - 2013-09-09 02:00 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Daggera\Downloads\mbar-1.07.0.1005 (1).exe
2013-09-09 01:02 - 2013-09-09 01:02 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-09-08 02:22 - 2013-09-09 00:31 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\QuickScan
2013-09-07 20:02 - 2013-09-14 02:00 - 00000000 ____D C:\Program Files\VS Revo Group
2013-09-07 20:01 - 2013-09-07 20:01 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Daggera\Downloads\revosetup.exe
2013-09-07 19:37 - 2013-09-07 19:37 - 00005046 _____ C:\Users\Daggera\Downloads\ESETSirefefCleaner.exe_20130907.193714.196.log
2013-09-07 19:33 - 2013-09-15 12:10 - 00000000 ____D C:\Program Files\Trend Micro
2013-09-07 19:33 - 2013-09-11 03:48 - 00002487 _____ C:\Users\Daggera\Desktop\HiJackThis.lnk
2013-09-07 19:33 - 2013-09-07 19:33 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-09-07 17:55 - 2013-09-07 17:55 - 00000000 ____D C:\ProgramData\Sophos
2013-09-07 17:54 - 2013-09-08 22:28 - 00002601 _____ C:\Users\Daggera\Desktop\Sophos Virus Removal Tool.lnk
2013-09-07 17:54 - 2013-09-07 17:54 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-09-07 17:54 - 2013-09-07 17:54 - 00000000 ____D C:\Program Files\Sophos
2013-09-07 16:10 - 2013-09-07 16:11 - 00000291 _____ C:\Users\Daggera\Downloads\RootkitRemover20130907161047.txt
2013-09-07 13:32 - 2013-09-07 13:32 - 27031323 _____ C:\Users\Daggera\AppData\Local\census.cache
2013-09-07 13:15 - 2013-09-07 13:15 - 00000000 _____ C:\Users\Daggera\AppData\Local\ars.cache
2013-09-07 01:24 - 2013-09-07 01:24 - 00343760 _____ (ESET) C:\Users\Daggera\Downloads\ESETSirefefCleaner.exe
2013-09-07 01:07 - 2013-09-07 01:07 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Daggera\Downloads\erunt-setup.exe
2013-09-06 20:59 - 2013-09-06 20:59 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\Daggera\Downloads\FixExec.exe
2013-09-06 20:53 - 2013-09-06 20:53 - 76723968 _____ (Sophos Limited) C:\Users\Daggera\Downloads\Sophos Virus Removal Tool.exe
2013-09-06 20:53 - 2013-09-06 20:53 - 01402880 _____ C:\Users\Daggera\Downloads\HiJackThis.msi
2013-09-06 20:33 - 2013-09-06 20:33 - 00000029 _____ C:\Users\Daggera\Downloads\RootkitRemover20130906203308.txt
2013-09-06 20:29 - 2013-09-09 00:20 - 00000000 ____D C:\ProgramData\OnlineArmor
2013-09-06 20:29 - 2013-09-06 20:30 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\OnlineArmor
2013-09-06 20:29 - 2012-10-02 15:03 - 00044992 _____ C:\Windows\system32\Drivers\oahlp32.sys
2013-09-06 20:29 - 2012-10-02 15:02 - 00208320 _____ C:\Windows\system32\Drivers\OADriver.sys
2013-09-06 20:29 - 2012-10-02 15:02 - 00031768 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2013-09-06 20:29 - 2012-10-02 15:02 - 00027648 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys
2013-09-06 20:24 - 2013-09-06 20:24 - 00000036 _____ C:\Users\Daggera\AppData\Local\housecall.guid.cache
2013-09-06 20:10 - 2013-09-06 20:10 - 00119212 _____ C:\Users\Daggera\Downloads\OTL.Txt
2013-09-06 20:10 - 2013-09-06 20:10 - 00070252 _____ C:\Users\Daggera\Downloads\Extras.Txt
2013-09-06 20:02 - 2013-09-06 20:02 - 00602112 _____ (OldTimer Tools) C:\Users\Daggera\Downloads\OTL.exe
2013-09-06 16:26 - 2013-09-06 16:29 - 00032328 _____ C:\Users\Daggera\Downloads\Addition.txt
2013-09-06 16:23 - 2013-09-06 16:23 - 01081729 _____ (Farbar) C:\Users\Daggera\Downloads\FRST.exe
2013-09-06 16:23 - 2013-09-06 16:23 - 00000000 ____D C:\FRST
2013-09-06 16:16 - 2013-09-06 16:16 - 00000029 _____ C:\Windows\system32\RootkitRemover20130906161604.txt
2013-09-06 16:16 - 2013-09-06 16:16 - 00000029 _____ C:\Users\Daggera\Downloads\RootkitRemover20130906161643.txt
2013-09-06 16:15 - 2013-09-06 16:15 - 00551408 _____ (McAfee, Inc.) C:\Users\Daggera\Downloads\rootkitremover.exe
2013-09-06 12:21 - 2013-09-06 12:25 - 00001913 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-09-06 12:21 - 2013-09-06 12:21 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-06 12:20 - 2013-09-06 12:25 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-09-06 12:19 - 2013-09-06 12:19 - 03795288 _____ (McAfee, Inc.) C:\Users\Daggera\Downloads\SecurityScan_Release.exe
2013-09-05 23:42 - 2013-09-17 01:57 - 00000000 ____D C:\Users\Daggera\Desktop\RK_Quarantine
2013-09-05 21:18 - 2013-09-05 21:18 - 00000000 ____D C:\Quarantine
2013-09-05 21:08 - 2013-09-10 23:10 - 00000000 ____D C:\Program Files\stinger
2013-09-05 21:07 - 2013-09-05 21:07 - 09990145 _____ C:\Users\Daggera\Downloads\stinger32-epo.zip
2013-09-05 20:58 - 2013-09-05 20:58 - 00000000 ____D C:\Users\Daggera\Desktop\lspfix
2013-09-05 19:48 - 2013-09-05 19:48 - 00201030 _____ C:\Users\Daggera\Downloads\lspfix.zip
2013-09-05 19:33 - 2013-09-05 19:24 - 27448144 _____ (SUPERAntiSpyware) C:\Users\Daggera\Downloads\SUPERAntiSpywarePro.exe
2013-09-05 19:26 - 2013-09-05 19:26 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\SUPERAntiSpyware.com
2013-09-05 19:25 - 2013-09-17 01:10 - 00001762 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-09-05 19:25 - 2013-09-17 01:10 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-09-05 19:25 - 2013-09-05 19:25 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-09-05 18:50 - 2013-09-05 18:50 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Daggera\Downloads\unhide.exe
2013-09-05 12:59 - 2013-09-05 12:59 - 00448512 _____ (OldTimer Tools) C:\Users\Daggera\Downloads\TFC.exe
2013-09-05 01:11 - 2013-09-17 12:07 - 01490388 _____ C:\Windows\WindowsUpdate.log
2013-09-05 00:22 - 2013-09-05 00:22 - 00000000 ____D C:\Program Files\Secure Speed Dial
2013-09-05 00:22 - 2013-08-15 17:31 - 00268968 _____ C:\Windows\system32\sqlite3.dll
2013-09-05 00:18 - 2013-09-05 00:18 - 21824552 _____ (IObit                                                       ) C:\Users\Daggera\Downloads\imf-setup.exe
2013-09-04 23:19 - 2013-09-04 23:19 - 00000558 _____ C:\Users\Daggera\Desktop\tdsskiller - Shortcut.lnk
2013-09-04 22:52 - 2013-09-04 22:53 - 00047322 _____ C:\Users\Daggera\Documents\Sep 04 2013 Just in case.reg
2013-09-04 20:29 - 2013-09-16 18:53 - 00000000 ____D C:\AdwCleaner
2013-09-04 20:18 - 2013-09-04 20:18 - 00004609 _____ C:\Users\Daggera\Documents\JRT Junk File Report.txt
2013-09-04 20:12 - 2013-09-04 20:12 - 00000000 ____D C:\Windows\ERUNT
2013-09-04 20:07 - 2013-09-04 20:08 - 04745728 _____ (AVAST Software) C:\Users\Daggera\Downloads\aswmbr.exe
2013-09-04 18:52 - 2013-09-04 18:53 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Daggera\Downloads\tdsskiller.exe
2013-09-04 18:13 - 2013-09-04 18:13 - 20597896 _____ (Microsoft Corporation) C:\Users\Daggera\Downloads\Windows-KB890830-V5.3.exe
2013-09-04 17:35 - 2012-03-08 18:32 - 00039272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2013-09-04 16:59 - 2013-09-04 16:59 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-09-04 16:01 - 2013-09-04 17:59 - 00000000 ____D C:\Users\Daggera\AppData\Local\Windows Live
2013-09-04 02:49 - 2013-09-04 07:41 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-09-04 02:08 - 2013-09-04 02:08 - 00000438 _____ C:\Windows\system32\WSCConfig.xml
2013-09-04 02:08 - 2013-09-04 02:08 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2013-09-04 02:08 - 2013-09-04 02:08 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2013-09-04 00:47 - 2013-08-29 01:43 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130904-004716.backup
2013-09-04 00:22 - 2013-09-04 00:22 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DAGGERA-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-09-04 00:15 - 2013-09-04 00:15 - 00000000 ____D C:\RegBackup
2013-09-03 22:39 - 2013-09-03 22:40 - 05369631 _____ C:\Users\Daggera\Downloads\tweaking-1.com_windows_repair_aio_setup.exe
2013-09-03 22:20 - 2013-09-12 00:29 - 00001914 _____ C:\Users\Daggera\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-09-03 22:19 - 2013-09-03 22:19 - 00000000 ____D C:\Program Files\Tweaking.com
2013-09-03 22:17 - 2013-09-03 22:17 - 05373340 _____ C:\Users\Daggera\Downloads\tweaking.com_windows_repair_aio_setup.exe
2013-09-03 22:04 - 2013-09-03 22:04 - 03432173 _____ C:\Users\Daggera\Downloads\testdisk-6.13.win.zip
2013-09-03 21:39 - 2013-09-13 20:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-03 21:37 - 2013-09-03 21:37 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Daggera\Downloads\rkill.exe
2013-09-03 21:24 - 2013-09-03 21:24 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Daggera\Downloads\mbar-1.07.0.1005.exe
2013-09-03 21:23 - 2013-09-17 01:15 - 00000336 _____ C:\Users\Daggera\Downloads\Result.txt
2013-09-03 21:22 - 2013-09-03 21:22 - 00760937 _____ (Farbar) C:\Users\Daggera\Downloads\MiniToolBox.exe
2013-09-03 21:19 - 2013-09-14 22:49 - 00003713 _____ C:\Users\Daggera\Downloads\FSS.txt
2013-09-03 21:18 - 2013-09-03 21:18 - 00358571 _____ (Farbar) C:\Users\Daggera\Downloads\FSS.exe
2013-09-03 21:11 - 2013-09-03 21:12 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\GetRightToGo
2013-09-03 21:05 - 2013-09-17 01:01 - 00000000 ____D C:\Program Files\Online Armor
2013-09-03 21:03 - 2013-09-03 21:03 - 30185256 _____ (Emsisoft GmbH                                               ) C:\Users\Daggera\Downloads\OnlineArmorSetup.exe
2013-09-03 20:59 - 2013-09-04 01:59 - 00002236 _____ C:\Windows\system32\ASOROSet.bin
2013-09-03 20:59 - 2013-09-03 21:01 - 227210456 _____ (Emsisoft GmbH                                               ) C:\Users\Daggera\Downloads\EmsisoftInternetSecuritySetup.exe
2013-09-03 20:59 - 2013-09-03 21:00 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2013-09-03 20:49 - 2013-09-03 21:01 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\Solvusoft
2013-09-03 20:02 - 2013-09-03 20:02 - 00000000 ____D C:\Program Files\WinASO
2013-09-02 21:26 - 2013-09-02 21:26 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Mozilla
2013-09-02 21:01 - 2013-09-02 21:01 - 00000266 _____ C:\Windows\Tasks\UALU notificatin.job
2013-09-02 21:01 - 2013-09-02 21:01 - 00000000 ____D C:\ProgramData\eMachines
2013-09-02 18:19 - 2013-09-02 18:19 - 00000000 ____D C:\Users\Daggera\AppData\Local\DriverTuner
2013-09-02 18:01 - 2013-09-02 18:05 - 00000000 ____D C:\68a162aaff406ac7b6
2013-09-02 17:40 - 2013-09-02 18:16 - 00000000 ____D C:\7d487bdbf4bab373d33dd4935c04
2013-09-02 17:31 - 2013-09-02 17:31 - 00000000 ____D C:\Intel
2013-09-02 03:08 - 2013-09-02 03:08 - 00000977 _____ C:\Users\Public\Desktop\LibreOffice 4.0.lnk
2013-09-01 23:02 - 2013-09-01 22:51 - 192434176 _____ C:\Users\Daggera\Downloads\LibreOffice_4.0.5_Win_x86.msi
2013-08-31 16:18 - 2013-08-31 16:18 - 00000500 _____ C:\Users\Daggera\Desktop\Emsisoft Emergency Kit.lnk
2013-08-31 16:09 - 2013-08-31 16:18 - 00000000 ____D C:\EEK
2013-08-31 16:03 - 2013-08-31 16:04 - 00000000 ____D C:\Program Files\Emsisoft HiJackFree
2013-08-31 16:03 - 2013-08-31 16:03 - 00000789 _____ C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2013-08-31 16:01 - 2013-08-31 16:01 - 02095808 _____ (Emsi Software GmbH                                          ) C:\Users\Daggera\Downloads\a2HiJackFreeSetup.exe
2013-08-31 15:57 - 2013-08-31 16:03 - 181062088 _____ C:\Users\Daggera\Downloads\EmsisoftEmergencyKit.exe
2013-08-29 04:46 - 2013-08-29 04:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-29 04:19 - 2013-08-29 04:23 - 181881520 _____ C:\Users\Daggera\Downloads\setup_11.0.1.1245.x01_2013_08_29_12_31.exe
2013-08-29 04:06 - 2013-09-02 21:01 - 00000000 ____D C:\OEM
2013-08-29 03:46 - 2013-08-29 03:46 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer
2013-08-29 03:45 - 2013-08-29 03:45 - 00000000 ____D C:\Program Files\Acer
2013-08-28 22:21 - 2013-09-17 12:04 - 00000000 ___RD C:\Users\Daggera\Google Drive
2013-08-28 22:21 - 2013-08-28 22:21 - 00001496 _____ C:\Users\Daggera\Desktop\Google Drive.lnk
2013-08-28 22:20 - 2013-08-28 22:20 - 00001871 _____ C:\Users\Public\Desktop\Google Slides.lnk
2013-08-28 22:20 - 2013-08-28 22:20 - 00001867 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2013-08-28 22:20 - 2013-08-28 22:20 - 00001855 _____ C:\Users\Public\Desktop\Google Docs.lnk
2013-08-28 20:35 - 2013-08-28 20:35 - 00030232 _____ C:\Users\Daggera\Documents\cc_20130828_203509.reg
2013-08-28 10:54 - 2013-08-01 22:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
 
==================== One Month Modified Files and Folders =======
 
2013-09-17 12:08 - 2006-11-02 04:33 - 00755906 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-17 12:07 - 2013-09-05 01:11 - 01490388 _____ C:\Windows\WindowsUpdate.log
2013-09-17 12:04 - 2013-08-28 22:21 - 00000000 ___RD C:\Users\Daggera\Google Drive
2013-09-17 12:03 - 2012-06-06 18:07 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-17 12:01 - 2013-09-17 01:55 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c115b3b9-d4be-4309-99c3-bc74322b1498.job
2013-09-17 12:01 - 2013-09-17 01:55 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9a245ba6-db5b-4f5b-b98b-12d59e5bff70.job
2013-09-17 12:01 - 2006-11-02 07:01 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-17 12:01 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-17 12:01 - 2006-11-02 06:47 - 00003216 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-17 12:01 - 2006-11-02 06:47 - 00003216 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-17 11:59 - 2013-09-17 11:59 - 01083437 _____ (Farbar) C:\Users\Daggera\Downloads\FRST-1.exe
2013-09-17 11:57 - 2012-08-20 13:00 - 00001356 _____ C:\Users\Daggera\AppData\Local\d3d9caps.dat
2013-09-17 02:00 - 2013-09-17 02:00 - 00103680 _____ (GMER) C:\ufliifod.sys
2013-09-17 01:59 - 2013-09-17 02:06 - 131918888 _____ C:\Users\Daggera\Downloads\avast_free_antivirus_setup.exe
2013-09-17 01:57 - 2013-09-17 01:57 - 00002013 _____ C:\Users\Daggera\Desktop\RKreport[0]_D_09172013_015725.txt
2013-09-17 01:57 - 2013-09-05 23:42 - 00000000 ____D C:\Users\Daggera\Desktop\RK_Quarantine
2013-09-17 01:56 - 2013-09-17 01:56 - 00001975 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09172013_015643.txt
2013-09-17 01:52 - 2013-09-17 01:52 - 00001246 _____ C:\Windows\PFRO.log
2013-09-17 01:50 - 2013-09-17 01:37 - 00000000 ____D C:\ComboFix
2013-09-17 01:49 - 2013-09-17 01:49 - 00000000 _____ C:\Windows\setuperr.log
2013-09-17 01:49 - 2013-09-17 01:49 - 00000000 _____ C:\Windows\setupact.log
2013-09-17 01:49 - 2013-03-03 14:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-17 01:49 - 2006-11-02 04:23 - 00000215 _____ C:\Windows\system.ini
2013-09-17 01:38 - 2012-06-10 17:10 - 00000000 ____D C:\Qoobox
2013-09-17 01:32 - 2013-09-17 01:32 - 00105824 _____ C:\Users\Daggera\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-17 01:24 - 2012-06-06 18:07 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-17 01:22 - 2012-05-08 20:57 - 00000000 ____D C:\Windows\Minidump
2013-09-17 01:17 - 2013-09-12 01:21 - 57458688 _____ C:\Windows\system32\config\software.iobit
2013-09-17 01:17 - 2013-09-12 01:21 - 41107456 _____ C:\Windows\system32\config\components.iobit
2013-09-17 01:17 - 2013-09-12 01:21 - 05283840 _____ C:\Windows\system32\config\default.iobit
2013-09-17 01:17 - 2013-09-12 01:21 - 00094208 _____ C:\Windows\system32\config\sam.iobit
2013-09-17 01:17 - 2013-09-12 01:21 - 00024576 _____ C:\Windows\system32\config\security.iobit
2013-09-17 01:17 - 2011-12-31 01:11 - 00000000 ____D C:\Users\Daggera
2013-09-17 01:15 - 2013-09-17 01:08 - 00000000 ____D C:\Users\Daggera\Downloads\TrendMicro AntiThreat Toolkit
2013-09-17 01:15 - 2013-09-03 21:23 - 00000336 _____ C:\Users\Daggera\Downloads\Result.txt
2013-09-17 01:10 - 2013-09-05 19:25 - 00001762 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-09-17 01:10 - 2013-09-05 19:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-09-17 01:01 - 2013-09-17 00:42 - 00001930 _____ C:\Windows\DCEBOOT.RST
2013-09-17 01:01 - 2013-09-03 21:05 - 00000000 ____D C:\Program Files\Online Armor
2013-09-17 00:59 - 2013-09-17 00:35 - 00022064 _____ C:\Windows\DCEBoot.exe
2013-09-17 00:59 - 2013-09-17 00:34 - 00181808 _____ C:\Windows\RegBootClean.exe
2013-09-17 00:59 - 2012-01-06 00:11 - 00000000 ____D C:\Users\Daggera\AppData\Local\Akamai
2013-09-17 00:37 - 2013-09-15 14:59 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-09-16 23:04 - 2013-03-22 21:35 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-09-16 20:29 - 2013-09-16 20:29 - 00104578 _____ C:\Users\Daggera\Desktop\2013-09-17_02-27-17 OAshi.xml
2013-09-16 20:01 - 2013-09-15 00:53 - 00000368 _____ C:\Windows\system32\PARTIZAN.TXT
2013-09-16 19:39 - 2013-09-12 13:56 - 05126417 ____R (Swearware) C:\Users\Daggera\Desktop\ComboFix.exe
2013-09-16 19:33 - 2013-09-16 19:33 - 05168112 _____ (Aveas Limited) C:\Users\Daggera\Downloads\Unhooker.exe
2013-09-16 19:27 - 2013-09-16 19:24 - 00000000 ____D C:\Users\Daggera\Documents\RegRun2
2013-09-16 19:27 - 2013-09-14 23:27 - 00000000 ____D C:\ProgramData\RegRun
2013-09-16 19:23 - 2013-09-16 19:21 - 00008634 _____ C:\Users\Daggera\Desktop\MBRCheck_09.16.13_19.21.38.txt
2013-09-16 19:19 - 2013-09-16 19:19 - 00080384 _____ C:\Users\Daggera\Downloads\MBRCheck.exe
2013-09-16 18:53 - 2013-09-04 20:29 - 00000000 ____D C:\AdwCleaner
2013-09-16 18:52 - 2013-09-16 18:52 - 00000000 ____D C:\Users\Daggera\AppData\Local\CrashDumps
2013-09-16 18:45 - 2013-09-16 12:36 - 00001892 _____ C:\Users\Daggera\Desktop\Rkill.txt
2013-09-16 18:44 - 2013-09-16 18:44 - 00000291 _____ C:\Users\Daggera\Downloads\RootkitRemover20130916184401.txt
2013-09-16 18:42 - 2013-09-16 18:41 - 01039554 _____ C:\Users\Daggera\Downloads\AdwCleaner.exe
2013-09-16 03:25 - 2013-09-16 03:25 - 00002946 _____ C:\Users\Daggera\Desktop\RKreport[0]_D_09162013_032549.txt
2013-09-16 03:25 - 2013-09-16 03:25 - 00002908 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09162013_032521.txt
2013-09-16 03:25 - 2013-09-16 03:25 - 00001327 _____ C:\Users\Daggera\Desktop\RKreport[0]_H_09162013_032551.txt
2013-09-16 03:25 - 2013-09-16 03:25 - 00001235 _____ C:\Users\Daggera\Desktop\RKreport[0]_PR_09162013_032554.txt
2013-09-16 03:25 - 2013-09-16 03:25 - 00001199 _____ C:\Users\Daggera\Desktop\RKreport[0]_DN_09162013_032554.txt
2013-09-15 23:33 - 2013-09-15 23:33 - 00002988 _____ C:\Users\Daggera\Desktop\RKreport[0]_D_09152013_233334.txt
2013-09-15 23:33 - 2013-09-15 23:33 - 00001224 _____ C:\Users\Daggera\Desktop\RKreport[0]_H_09152013_233338.txt
2013-09-15 23:33 - 2013-09-15 23:33 - 00001132 _____ C:\Users\Daggera\Desktop\RKreport[0]_PR_09152013_233339.txt
2013-09-15 23:33 - 2013-09-15 23:33 - 00001096 _____ C:\Users\Daggera\Desktop\RKreport[0]_DN_09152013_233339.txt
2013-09-15 23:32 - 2013-09-15 23:32 - 00002950 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09152013_233226.txt
2013-09-15 22:13 - 2013-09-15 22:13 - 00000000 ____D C:\Users\Daggera\Pavark
2013-09-15 22:08 - 2013-09-15 21:44 - 00003482 _____ C:\Users\Daggera\Desktop\unhide.txt
2013-09-15 21:51 - 2013-09-11 20:24 - 00001694 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-15 21:42 - 2013-09-15 21:42 - 00004470 _____ C:\Users\Daggera\Downloads\ESETSirefefCleaner.exe_20130915.214243.6904.log
2013-09-15 21:41 - 2013-09-15 21:41 - 00001712 _____ C:\Users\Daggera\Desktop\RKreport[0]_D_09152013_214102.txt
2013-09-15 21:40 - 2013-09-15 21:40 - 00002736 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09152013_214030.txt
2013-09-15 21:29 - 2013-09-15 21:29 - 00000322 _____ C:\Windows\system32\Result.txt
2013-09-15 21:29 - 2013-09-15 21:08 - 00000000 ____D C:\Windows\system32\TrendMicro AntiThreat Toolkit
2013-09-15 21:17 - 2006-11-02 04:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-15 21:10 - 2013-09-15 21:10 - 03298896 _____ (Trend Micro Inc.) C:\Users\Daggera\Downloads\attk_collector_cli_x86.exe
2013-09-15 21:07 - 2013-09-15 21:07 - 07371208 _____ (Trend Micro Inc.) C:\Users\Daggera\Downloads\attk_far_gui_x86.exe
2013-09-15 19:47 - 2013-07-13 01:09 - 00000000 ____D C:\Windows\system32\MRT
2013-09-15 19:42 - 2006-11-02 04:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-15 19:34 - 2013-09-15 19:34 - 00001568 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09152013_193453.txt
2013-09-15 19:28 - 2013-09-15 19:28 - 00001018 _____ C:\Users\Daggera\Desktop\RKreport[0]_H_09152013_192805.txt
2013-09-15 19:28 - 2013-09-15 19:28 - 00000926 _____ C:\Users\Daggera\Desktop\RKreport[0]_PR_09152013_192806.txt
2013-09-15 19:28 - 2013-09-15 19:28 - 00000890 _____ C:\Users\Daggera\Desktop\RKreport[0]_DN_09152013_192808.txt
2013-09-15 19:26 - 2013-09-15 19:26 - 00001505 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09152013_192640.txt
2013-09-15 19:24 - 2013-09-15 19:24 - 00002603 _____ C:\Users\Daggera\Desktop\RKreport[0]_D_09152013_192443.txt
2013-09-15 19:02 - 2013-09-15 19:02 - 00002566 _____ C:\Users\Daggera\Desktop\RogueKiller report.txt
2013-09-15 18:59 - 2013-09-15 18:59 - 00002566 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09152013_185941.txt
2013-09-15 15:49 - 2009-04-02 01:36 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-09-15 15:47 - 2013-09-15 15:47 - 00918016 _____ C:\Users\Daggera\Downloads\RogueKiller.exe
2013-09-15 15:47 - 2013-09-15 15:47 - 00918016 _____ C:\Users\Daggera\Desktop\RogueKiller.exe
2013-09-15 15:34 - 2013-09-15 15:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-15 15:28 - 2013-09-15 15:00 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-09-15 15:28 - 2013-09-15 15:00 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-09-15 15:28 - 2013-09-15 15:00 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-09-15 15:00 - 2013-02-22 17:52 - 00001920 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-09-15 14:58 - 2013-09-15 14:58 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Daggera\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-15 14:58 - 2013-09-15 14:58 - 00000868 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-15 14:58 - 2013-09-15 14:58 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-15 14:56 - 2013-09-15 15:05 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\Daggera\Downloads\spybotsd-2.1.21-SR2.exe
2013-09-15 14:51 - 2013-09-15 14:51 - 00204496 _____ (Malwarebytes) C:\Users\Daggera\Downloads\startuplite-setup-1.07.exe
2013-09-15 14:51 - 2013-09-15 14:51 - 00065232 _____ (Malwarebytes) C:\Users\Daggera\Downloads\regassassin-setup-1.03.exe
2013-09-15 14:49 - 2013-09-15 14:49 - 01790576 _____ (Malwarebytes                                                ) C:\Users\Daggera\Downloads\mbae-setup-0.09.3.1000.exe
2013-09-15 14:35 - 2013-09-15 14:35 - 00074400 _____ C:\Users\Daggera\Documents\AutoRuns.txt
2013-09-15 14:24 - 2013-09-15 14:24 - 00001791 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-09-15 14:23 - 2013-09-15 14:21 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-15 14:23 - 2012-03-12 22:33 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-15 14:13 - 2013-09-15 14:13 - 00000512 _____ C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2013-09-15 14:13 - 2013-09-15 14:13 - 00000000 _____ C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD.tmp
2013-09-15 13:15 - 2013-09-15 13:15 - 00550371 _____ C:\Users\Daggera\Downloads\Autoruns.zip
2013-09-15 12:10 - 2013-09-07 19:33 - 00000000 ____D C:\Program Files\Trend Micro
2013-09-15 12:06 - 2013-02-22 16:00 - 00000000 ____D C:\ProgramData\Razer
2013-09-15 12:06 - 2013-02-22 16:00 - 00000000 ____D C:\Program Files\Razer
2013-09-15 12:02 - 2013-09-15 12:02 - 00001027 _____ C:\Users\Public\Desktop\Uninstaller.lnk
2013-09-15 12:02 - 2013-09-15 12:02 - 00001015 _____ C:\Users\Daggera\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-09-15 12:02 - 2013-09-15 12:02 - 00000976 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
2013-09-15 12:02 - 2011-12-31 03:12 - 00000000 ____D C:\Program Files\IObit
2013-09-15 02:22 - 2013-09-15 02:21 - 00005046 _____ C:\Users\Daggera\Downloads\ESETSirefefCleaner-1.exe_20130915.022156.1196.log
2013-09-15 02:13 - 2012-06-10 17:14 - 00000000 ____D C:\Windows\ERDNT
2013-09-15 01:40 - 2013-07-22 18:09 - 00168776 _____ C:\Windows\system32\config\afw_db.conf
2013-09-15 01:40 - 2013-07-22 18:09 - 00000488 _____ C:\Windows\system32\config\afw_hm.conf
2013-09-15 01:30 - 2013-09-14 23:05 - 00000000 ____D C:\Program Files\Softwin
2013-09-15 00:43 - 2013-09-15 00:41 - 30137728 _____ C:\Zero Access Rootkit_HKLM.reg
2013-09-15 00:43 - 2013-09-14 02:19 - 01029675 _____ (Thisisu) C:\Users\Daggera\Desktop\JRT_NEW.exe
2013-09-15 00:41 - 2013-09-15 00:41 - 00011483 _____ C:\WinSock2 Components_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00003407 _____ C:\Name Server_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00002513 _____ C:\IE Extensions - All Users_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00002330 _____ C:\Default Search Provider_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00001684 _____ C:\Browser Helper Objects_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000630 _____ C:\Default Search Provider for All Users_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000619 _____ C:\AboutURLs_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000406 _____ C:\Search Assistant_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000308 _____ C:\Internet Components_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000213 _____ C:\Hosts File Path_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000207 _____ C:\All Users Search_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000182 _____ C:\URL Default Prefixes_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000174 _____ C:\IE Local Blank Page_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000173 _____ C:\IE Local Blank Page_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000171 _____ C:\Current Home Page_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000163 _____ C:\IE Extensions - Current User_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000160 _____ C:\Search URL Template_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000152 _____ C:\Current Users Search_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000148 _____ C:\Execute unsigned ActiveX in My Computer Zone_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000148 _____ C:\Execute unsigned ActiveX in Local Intranet Zone_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000148 _____ C:\Execute unsigned ActiveX in Internet Zone_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000147 _____ C:\Execute unsigned ActiveX in Internet Zone_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000143 _____ C:\Default Home Page_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000130 _____ C:\URLSearchHook_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000128 _____ C:\Toolbars_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000123 _____ C:\Proxy_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000107 _____ C:\Default Prefix_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000104 _____ C:\Safe Sites_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000101 _____ C:\Execute unsigned ActiveX in My Computer Zone_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000101 _____ C:\Execute unsigned ActiveX in Local Intranet Zone_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000098 _____ C:\Domain Name_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000093 _____ C:\AutoConfigURL_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000089 _____ C:\Plugins for extensions_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000089 _____ C:\Active Desktop Components_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000085 _____ C:\Explorer Bars_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000080 _____ C:\Auto Search URL_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000078 _____ C:\Links Toolbar_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000078 _____ C:\Context menu items_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000077 _____ C:\User Style Sheet_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000077 _____ C:\Search Assistant_HKCU.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000071 _____ C:\CustomizeSearch_HKLM.reg
2013-09-15 00:41 - 2013-09-15 00:41 - 00000070 _____ C:\User Style Sheet_HKUSERS.reg
2013-09-14 23:27 - 2013-09-14 23:27 - 00000002 RSHOT C:\Windows\winstart.bat
2013-09-14 23:27 - 2006-11-02 04:23 - 00001688 _____ C:\Windows\system32\autoexec.nt
2013-09-14 22:49 - 2013-09-03 21:19 - 00003713 _____ C:\Users\Daggera\Downloads\FSS.txt
2013-09-14 22:39 - 2013-09-14 22:39 - 00010090 _____ C:\Users\Daggera\Desktop\attach.txt
2013-09-14 22:36 - 2013-09-14 22:39 - 00024072 _____ C:\Users\Daggera\Desktop\dds.txt
2013-09-14 21:43 - 2013-09-14 02:20 - 00000000 ____D C:\Users\Daggera\Desktop\New Folder
2013-09-14 20:48 - 2013-09-14 20:48 - 00000000 ____D C:\Program Files\WinPcap
2013-09-14 03:11 - 2006-11-02 06:47 - 00064512 _____ C:\Windows\system32\umstartup.etl
2013-09-14 02:33 - 2013-09-11 23:38 - 05125631 ____R (Swearware) C:\Users\Daggera\Downloads\ComboFix.exe
2013-09-14 02:25 - 2013-09-11 20:24 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-14 02:15 - 2013-09-14 02:15 - 00001052 _____ C:\Users\Daggera\Desktop\RKreport[0]_H_09142013_021542.txt
2013-09-14 02:15 - 2013-09-14 02:15 - 00000927 _____ C:\Users\Daggera\Desktop\RKreport[0]_PR_09142013_021541.txt
2013-09-14 02:15 - 2013-09-14 02:15 - 00000924 _____ C:\Users\Daggera\Desktop\RKreport[0]_DN_09142013_021544.txt
2013-09-14 02:00 - 2013-09-14 02:00 - 10031224 _____ (VS Revo Group                                               ) C:\Users\Daggera\Downloads\RevoUninProSetup.exe
2013-09-14 02:00 - 2013-09-14 02:00 - 00000000 ____D C:\Users\Daggera\AppData\Local\VS Revo Group
2013-09-14 02:00 - 2013-09-14 02:00 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-09-14 02:00 - 2013-09-07 20:02 - 00000000 ____D C:\Program Files\VS Revo Group
2013-09-14 01:56 - 2013-09-14 02:05 - 23398360 _____ (IObit                                                       ) C:\Users\Daggera\Downloads\asc-setup.exe
2013-09-14 01:32 - 2013-04-21 18:40 - 00013482 _____ C:\Users\Daggera\AppData\Roaming\Safer-Networking.log
2013-09-14 01:17 - 2013-09-14 01:17 - 00035904 _____ (VirusBlokAda Ltd.) C:\Windows\system32\Drivers\apd34tah.sys
2013-09-14 01:16 - 2013-09-14 01:15 - 01472131 _____ C:\Users\Daggera\Downloads\vba32arkit-1.zip
2013-09-14 01:14 - 2013-09-10 23:10 - 00000000 ____D C:\Users\Daggera\Downloads\TMRBLog
2013-09-14 00:03 - 2013-09-14 00:03 - 00131344 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2013-09-14 00:01 - 2013-09-14 00:01 - 00000291 _____ C:\Users\Daggera\Downloads\RootkitRemover20130914000101.txt
2013-09-14 00:00 - 2013-09-14 00:00 - 00004470 _____ C:\Users\Daggera\Downloads\ESETSirefefCleaner.exe_20130914.000043.5928.log
2013-09-13 21:47 - 2013-09-12 01:52 - 02333064 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 21:39 - 2009-04-02 01:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 21:38 - 2009-04-02 01:18 - 00000000 ____D C:\Program Files\Microsoft Office
2013-09-13 20:51 - 2013-09-03 21:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-13 01:10 - 2013-09-13 01:10 - 00000114 _____ C:\local.conf
2013-09-12 22:42 - 2013-09-12 22:42 - 00000000 ____D C:\System Volume
2013-09-12 15:54 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-12 14:52 - 2012-07-28 15:29 - 00002241 _____ C:\Users\Public\Desktop\Safari.lnk
2013-09-12 14:27 - 2006-11-02 06:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-12 13:52 - 2013-09-12 13:52 - 00000192 _____ C:\Users\Daggera\Desktop\Win32kDiag.txt
2013-09-12 00:58 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\system32\NDF
2013-09-12 00:47 - 2013-09-12 00:47 - 00000029 _____ C:\Users\Daggera\Downloads\RootkitRemover20130912004715.txt
2013-09-12 00:29 - 2013-09-12 00:29 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2013-09-12 00:29 - 2013-09-03 22:20 - 00001914 _____ C:\Users\Daggera\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-09-11 23:38 - 2013-09-13 23:42 - 05124599 _____ (Swearware) C:\Users\Daggera\Downloads\BullGuard.exe.exe
2013-09-11 22:56 - 2013-09-11 22:56 - 00000548 _____ C:\Users\Daggera\Desktop\ComboFix - Shortcut.lnk
2013-09-11 21:58 - 2013-09-11 22:05 - 130023544 _____ C:\Users\Daggera\Downloads\m17el52j.exe
2013-09-11 21:58 - 2013-09-11 21:58 - 00000000 ____D C:\Users\Daggera\Doctor Web
2013-09-11 20:24 - 2013-09-11 20:24 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-11 20:23 - 2013-09-11 20:18 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-11 20:22 - 2013-09-11 20:18 - 00000000 ____D C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2013-09-11 20:18 - 2013-09-11 20:18 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-11 20:17 - 2013-09-11 20:17 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Daggera\Downloads\SpyHunter-Installer.exe
2013-09-11 20:16 - 2013-09-11 20:20 - 09186416 _____ (SurfRight B.V.) C:\Users\Daggera\Downloads\HitmanPro.exe
2013-09-11 19:17 - 2013-09-11 19:17 - 00551408 _____ (McAfee, Inc.) C:\Users\Daggera\Downloads\rootkitremover-1.exe
2013-09-11 19:11 - 2013-09-11 19:11 - 00004470 _____ C:\Users\Daggera\Downloads\ESETSirefefCleaner-1.exe_20130911.191117.5388.log
2013-09-11 19:07 - 2013-09-11 19:07 - 00343760 _____ (ESET) C:\Users\Daggera\Downloads\ESETSirefefCleaner-1.exe
2013-09-11 15:29 - 2013-09-11 15:29 - 02347384 _____ (ESET) C:\Users\Daggera\Downloads\esetsmartinstaller_enu.exe
2013-09-11 15:05 - 2013-09-11 15:04 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-09-11 15:04 - 2013-09-11 15:03 - 04009167 _____ C:\Users\Daggera\Downloads\ServicesRepair.exe
2013-09-11 13:14 - 2013-09-11 13:14 - 00001500 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09112013_131449.txt
2013-09-11 03:53 - 2013-09-11 03:53 - 00000291 _____ C:\Users\Daggera\Downloads\RootkitRemover20130911035343.txt
2013-09-11 03:48 - 2013-09-07 19:33 - 00002487 _____ C:\Users\Daggera\Desktop\HiJackThis.lnk
2013-09-11 03:13 - 2013-09-11 03:13 - 00000000 ____D C:\found.000
2013-09-11 02:58 - 2013-09-11 02:58 - 00000291 _____ C:\Users\Daggera\Downloads\RootkitRemover20130911025837.txt
2013-09-11 02:58 - 2013-09-11 02:58 - 00000291 _____ C:\Users\Daggera\Downloads\RootkitRemover20130911025820.txt
2013-09-11 02:44 - 2013-09-11 02:41 - 00000000 ____D C:\combofix-16682c
2013-09-11 02:12 - 2013-09-11 02:08 - 00000000 ____D C:\combofix-1
2013-09-11 01:49 - 2013-03-03 14:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 01:49 - 2013-03-03 14:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 01:37 - 2013-05-28 14:37 - 00000000 ____D C:\Users\hedev
2013-09-11 01:37 - 2006-11-02 05:18 - 00000000 ___RD C:\Users\Public
2013-09-11 01:34 - 2013-09-11 01:34 - 00000528 _____ C:\Users\Daggera\Downloads\defogger_disable.log
2013-09-11 01:10 - 2013-05-24 01:03 - 00000000 ____D C:\Users\Daggera\AppData\Local\Unity
2013-09-11 01:09 - 2012-06-25 18:23 - 00000000 ____D C:\Users\Daggera\AppData\Local\Desura
2013-09-11 01:09 - 2012-06-25 18:20 - 00000000 ____D C:\ProgramData\Desura
2013-09-11 01:07 - 2011-12-31 02:22 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2013-09-11 01:05 - 2012-01-01 20:48 - 00000000 ____D C:\Program Files\Common Files\LWS
2013-09-11 01:05 - 2011-12-31 02:24 - 00000000 ____D C:\Users\Daggera\AppData\Local\LogiShrd
2013-09-11 01:05 - 2011-12-31 02:22 - 00000000 ____D C:\Program Files\Logitech
2013-09-11 01:01 - 2012-01-01 17:00 - 00000000 ____D C:\Program Files\Belkin
2013-09-11 00:57 - 2009-04-02 01:44 - 00000000 ____D C:\ProgramData\WildTangent
2013-09-11 00:54 - 2011-12-31 02:19 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\Adobe
2013-09-11 00:53 - 2009-04-02 01:36 - 00000000 ____D C:\ProgramData\Adobe
2013-09-11 00:46 - 2012-01-02 00:46 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-11 00:42 - 2013-04-30 04:19 - 00000000 ____D C:\Program Files\Tablet
2013-09-11 00:41 - 2012-01-22 00:06 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-09-10 23:35 - 2013-09-10 23:35 - 00000000 ____D C:\Users\Daggera\Downloads\vba32arkit
2013-09-10 23:35 - 2013-09-10 23:35 - 00000000 ____D C:\Users\Daggera\Downloads\RootRepeal
2013-09-10 23:16 - 2013-09-10 23:16 - 00000020 _____ C:\Users\Daggera\defogger_reenable
2013-09-10 23:10 - 2013-09-10 23:10 - 00000118 ____R C:\Users\Daggera\Downloads\Stinger.opt
2013-09-10 23:10 - 2013-09-10 23:10 - 00000000 ____D C:\Users\Daggera\Downloads\log
2013-09-10 23:10 - 2013-09-10 20:45 - 00000645 _____ C:\Users\Daggera\Downloads\Stinger_10092013_204510.html
2013-09-10 23:10 - 2013-09-05 21:08 - 00000000 ____D C:\Program Files\stinger
2013-09-10 21:21 - 2013-09-10 21:21 - 01029490 _____ (Thisisu) C:\Users\Daggera\Downloads\JRT.exe
2013-09-10 21:11 - 2013-09-10 21:10 - 00050477 _____ C:\Users\Daggera\Downloads\Defogger.exe
2013-09-10 21:09 - 2013-09-10 21:09 - 00688992 ____R (Swearware) C:\Users\Daggera\Downloads\dds.com
2013-09-10 21:08 - 2013-09-10 21:08 - 00377856 _____ C:\Users\Daggera\Downloads\h1k3231t.exe
2013-09-10 21:06 - 2013-09-10 21:05 - 01472131 _____ C:\Users\Daggera\Downloads\vba32arkit.zip
2013-09-10 21:04 - 2013-09-10 21:04 - 08656400 _____ (Trend Micro Inc.) C:\Users\Daggera\Downloads\RootkitBuster_v5_1061.exe
2013-09-10 21:01 - 2013-09-10 21:01 - 00464491 _____ C:\Users\Daggera\Downloads\RootRepeal.zip
2013-09-10 20:51 - 2013-09-10 20:51 - 00000536 _____ C:\Users\Daggera\Desktop\aswmbr - Shortcut.lnk
2013-09-10 20:50 - 2013-09-10 20:50 - 00000529 _____ C:\Users\Daggera\Desktop\rkill - Shortcut.lnk
2013-09-10 20:44 - 2013-09-10 20:44 - 10011168 _____ (McAfee Inc) C:\Users\Daggera\Downloads\stinger32.exe
2013-09-10 20:31 - 2013-09-10 20:31 - 00001433 _____ C:\Users\Daggera\Desktop\RKreport[0]_S_09102013_203133.txt
2013-09-10 20:27 - 2013-09-10 20:27 - 00000194 _____ C:\Users\Daggera\Downloads\hosts-perm.bat
2013-09-10 20:26 - 2013-09-10 20:26 - 00000000 ____D C:\Users\Daggera\Downloads\GrantPerms
2013-09-10 20:25 - 2013-09-10 20:25 - 00453083 _____ C:\Users\Daggera\Downloads\GrantPerms.zip
2013-09-10 18:30 - 2013-09-10 18:30 - 00047616 _____ C:\Users\Daggera\Downloads\Win32kDiag.exe
2013-09-10 17:54 - 2013-09-09 02:01 - 00000000 ____D C:\Users\Daggera\Desktop\mbar
2013-09-10 17:37 - 2013-09-10 17:37 - 00000512 _____ C:\Users\Daggera\Downloads\MBR.dat
2013-09-10 15:49 - 2013-09-10 15:49 - 00004470 _____ C:\Users\Daggera\Downloads\ESETSirefefCleaner.exe_20130910.154929.1728.log
2013-09-09 02:00 - 2013-09-09 02:00 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Daggera\Downloads\mbar-1.07.0.1005 (1).exe
2013-09-09 01:02 - 2013-09-09 01:02 - 00000000 ____D C:\ProgramData\WindowsSearch
2013-09-09 00:31 - 2013-09-08 02:22 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\QuickScan
2013-09-09 00:20 - 2013-09-06 20:29 - 00000000 ____D C:\ProgramData\OnlineArmor
2013-09-08 22:28 - 2013-09-07 17:54 - 00002601 _____ C:\Users\Daggera\Desktop\Sophos Virus Removal Tool.lnk
2013-09-07 20:24 - 2013-03-22 23:12 - 00000000 ____D C:\ProgramData\Lavasoft
2013-09-07 20:23 - 2013-03-22 23:22 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-09-07 20:09 - 2012-05-04 16:27 - 00000000 ____D C:\ProgramData\NCH Software
2013-09-07 20:01 - 2013-09-07 20:01 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Daggera\Downloads\revosetup.exe
2013-09-07 19:37 - 2013-09-07 19:37 - 00005046 _____ C:\Users\Daggera\Downloads\ESETSirefefCleaner.exe_20130907.193714.196.log
2013-09-07 19:33 - 2013-09-07 19:33 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-09-07 17:55 - 2013-09-07 17:55 - 00000000 ____D C:\ProgramData\Sophos
2013-09-07 17:54 - 2013-09-07 17:54 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-09-07 17:54 - 2013-09-07 17:54 - 00000000 ____D C:\Program Files\Sophos
2013-09-07 16:11 - 2013-09-07 16:10 - 00000291 _____ C:\Users\Daggera\Downloads\RootkitRemover20130907161047.txt
2013-09-07 13:32 - 2013-09-07 13:32 - 27031323 _____ C:\Users\Daggera\AppData\Local\census.cache
2013-09-07 13:15 - 2013-09-07 13:15 - 00000000 _____ C:\Users\Daggera\AppData\Local\ars.cache
2013-09-07 01:24 - 2013-09-07 01:24 - 00343760 _____ (ESET) C:\Users\Daggera\Downloads\ESETSirefefCleaner.exe
2013-09-07 01:07 - 2013-09-07 01:07 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Daggera\Downloads\erunt-setup.exe
2013-09-06 20:59 - 2013-09-06 20:59 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\Daggera\Downloads\FixExec.exe
2013-09-06 20:53 - 2013-09-06 20:53 - 76723968 _____ (Sophos Limited) C:\Users\Daggera\Downloads\Sophos Virus Removal Tool.exe
2013-09-06 20:53 - 2013-09-06 20:53 - 01402880 _____ C:\Users\Daggera\Downloads\HiJackThis.msi
2013-09-06 20:33 - 2013-09-06 20:33 - 00000029 _____ C:\Users\Daggera\Downloads\RootkitRemover20130906203308.txt
2013-09-06 20:30 - 2013-09-06 20:29 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\OnlineArmor
2013-09-06 20:24 - 2013-09-06 20:24 - 00000036 _____ C:\Users\Daggera\AppData\Local\housecall.guid.cache
2013-09-06 20:10 - 2013-09-06 20:10 - 00119212 _____ C:\Users\Daggera\Downloads\OTL.Txt
2013-09-06 20:10 - 2013-09-06 20:10 - 00070252 _____ C:\Users\Daggera\Downloads\Extras.Txt
2013-09-06 20:02 - 2013-09-06 20:02 - 00602112 _____ (OldTimer Tools) C:\Users\Daggera\Downloads\OTL.exe
2013-09-06 16:29 - 2013-09-06 16:26 - 00032328 _____ C:\Users\Daggera\Downloads\Addition.txt
2013-09-06 16:23 - 2013-09-06 16:23 - 01081729 _____ (Farbar) C:\Users\Daggera\Downloads\FRST.exe
2013-09-06 16:23 - 2013-09-06 16:23 - 00000000 ____D C:\FRST
2013-09-06 16:16 - 2013-09-06 16:16 - 00000029 _____ C:\Windows\system32\RootkitRemover20130906161604.txt
2013-09-06 16:16 - 2013-09-06 16:16 - 00000029 _____ C:\Users\Daggera\Downloads\RootkitRemover20130906161643.txt
2013-09-06 16:15 - 2013-09-06 16:15 - 00551408 _____ (McAfee, Inc.) C:\Users\Daggera\Downloads\rootkitremover.exe
2013-09-06 12:25 - 2013-09-06 12:21 - 00001913 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-09-06 12:25 - 2013-09-06 12:20 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-09-06 12:21 - 2013-09-06 12:21 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-06 12:19 - 2013-09-06 12:19 - 03795288 _____ (McAfee, Inc.) C:\Users\Daggera\Downloads\SecurityScan_Release.exe
2013-09-05 23:55 - 2012-07-28 15:29 - 00000000 ____D C:\Program Files\Safari
2013-09-05 21:18 - 2013-09-05 21:18 - 00000000 ____D C:\Quarantine
2013-09-05 21:07 - 2013-09-05 21:07 - 09990145 _____ C:\Users\Daggera\Downloads\stinger32-epo.zip
2013-09-05 20:58 - 2013-09-05 20:58 - 00000000 ____D C:\Users\Daggera\Desktop\lspfix
2013-09-05 19:48 - 2013-09-05 19:48 - 00201030 _____ C:\Users\Daggera\Downloads\lspfix.zip
2013-09-05 19:41 - 2013-03-22 23:12 - 00000000 ____D C:\ProgramData\Agnitum
2013-09-05 19:26 - 2013-09-05 19:26 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\SUPERAntiSpyware.com
2013-09-05 19:25 - 2013-09-05 19:25 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-09-05 19:24 - 2013-09-05 19:33 - 27448144 _____ (SUPERAntiSpyware) C:\Users\Daggera\Downloads\SUPERAntiSpywarePro.exe
2013-09-05 18:54 - 2009-04-02 01:15 - 00000000 ____D C:\Program Files\InstallShield Installation Information
2013-09-05 18:52 - 2012-01-02 22:43 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\BitTorrent
2013-09-05 18:50 - 2013-09-05 18:50 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Daggera\Downloads\unhide.exe
2013-09-05 17:58 - 2013-04-23 02:05 - 00187040 _____ C:\Windows\system32\mlfcache.dat
2013-09-05 12:59 - 2013-09-05 12:59 - 00448512 _____ (OldTimer Tools) C:\Users\Daggera\Downloads\TFC.exe
2013-09-05 00:22 - 2013-09-05 00:22 - 00000000 ____D C:\Program Files\Secure Speed Dial
2013-09-05 00:18 - 2013-09-05 00:18 - 21824552 _____ (IObit                                                       ) C:\Users\Daggera\Downloads\imf-setup.exe
2013-09-04 23:19 - 2013-09-04 23:19 - 00000558 _____ C:\Users\Daggera\Desktop\tdsskiller - Shortcut.lnk
2013-09-04 22:53 - 2013-09-04 22:52 - 00047322 _____ C:\Users\Daggera\Documents\Sep 04 2013 Just in case.reg
2013-09-04 22:47 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-09-04 20:18 - 2013-09-04 20:18 - 00004609 _____ C:\Users\Daggera\Documents\JRT Junk File Report.txt
2013-09-04 20:12 - 2013-09-04 20:12 - 00000000 ____D C:\Windows\ERUNT
2013-09-04 20:08 - 2013-09-04 20:07 - 04745728 _____ (AVAST Software) C:\Users\Daggera\Downloads\aswmbr.exe
2013-09-04 18:53 - 2013-09-04 18:52 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Daggera\Downloads\tdsskiller.exe
2013-09-04 18:13 - 2013-09-04 18:13 - 20597896 _____ (Microsoft Corporation) C:\Users\Daggera\Downloads\Windows-KB890830-V5.3.exe
2013-09-04 17:59 - 2013-09-04 16:01 - 00000000 ____D C:\Users\Daggera\AppData\Local\Windows Live
2013-09-04 17:33 - 2009-04-02 01:31 - 00000000 ____D C:\Program Files\Windows Live
2013-09-04 16:59 - 2013-09-04 16:59 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-09-04 16:14 - 2006-11-02 05:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-09-04 07:41 - 2013-09-04 02:49 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-09-04 02:08 - 2013-09-04 02:08 - 00000438 _____ C:\Windows\system32\WSCConfig.xml
2013-09-04 02:08 - 2013-09-04 02:08 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2013-09-04 02:08 - 2013-09-04 02:08 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2013-09-04 01:59 - 2013-09-03 20:59 - 00002236 _____ C:\Windows\system32\ASOROSet.bin
2013-09-04 01:59 - 2006-11-02 04:22 - 57344000 _____ C:\Windows\system32\config\software.bak
2013-09-04 01:59 - 2006-11-02 04:22 - 26738688 _____ C:\Windows\system32\config\system.bak
2013-09-04 01:59 - 2006-11-02 04:22 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-09-04 01:56 - 2006-11-02 04:22 - 00057344 _____ C:\Windows\system32\config\sam.bak
2013-09-04 00:47 - 2006-11-02 04:23 - 00448635 _____ C:\Windows\system32\Drivers\etc\hosts_bak_693
2013-09-04 00:22 - 2013-09-04 00:22 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DAGGERA-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-09-04 00:15 - 2013-09-04 00:15 - 00000000 ____D C:\RegBackup
2013-09-03 22:40 - 2013-09-03 22:39 - 05369631 _____ C:\Users\Daggera\Downloads\tweaking-1.com_windows_repair_aio_setup.exe
2013-09-03 22:19 - 2013-09-03 22:19 - 00000000 ____D C:\Program Files\Tweaking.com
2013-09-03 22:17 - 2013-09-03 22:17 - 05373340 _____ C:\Users\Daggera\Downloads\tweaking.com_windows_repair_aio_setup.exe
2013-09-03 22:04 - 2013-09-03 22:04 - 03432173 _____ C:\Users\Daggera\Downloads\testdisk-6.13.win.zip
2013-09-03 21:37 - 2013-09-13 23:42 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Daggera\Desktop\rkill.exe
2013-09-03 21:37 - 2013-09-03 21:37 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Daggera\Downloads\rkill.exe
2013-09-03 21:24 - 2013-09-03 21:24 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Daggera\Downloads\mbar-1.07.0.1005.exe
2013-09-03 21:22 - 2013-09-03 21:22 - 00760937 _____ (Farbar) C:\Users\Daggera\Downloads\MiniToolBox.exe
2013-09-03 21:18 - 2013-09-03 21:18 - 00358571 _____ (Farbar) C:\Users\Daggera\Downloads\FSS.exe
2013-09-03 21:12 - 2013-09-03 21:11 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\GetRightToGo
2013-09-03 21:03 - 2013-09-03 21:03 - 30185256 _____ (Emsisoft GmbH                                               ) C:\Users\Daggera\Downloads\OnlineArmorSetup.exe
2013-09-03 21:01 - 2013-09-03 20:59 - 227210456 _____ (Emsisoft GmbH                                               ) C:\Users\Daggera\Downloads\EmsisoftInternetSecuritySetup.exe
2013-09-03 21:01 - 2013-09-03 20:49 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\Solvusoft
2013-09-03 21:00 - 2013-09-03 20:59 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2013-09-03 20:37 - 2013-04-24 05:54 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-03 20:02 - 2013-09-03 20:02 - 00000000 ____D C:\Program Files\WinASO
2013-09-02 21:26 - 2013-09-02 21:26 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Mozilla
2013-09-02 21:01 - 2013-09-02 21:01 - 00000266 _____ C:\Windows\Tasks\UALU notificatin.job
2013-09-02 21:01 - 2013-09-02 21:01 - 00000000 ____D C:\ProgramData\eMachines
2013-09-02 21:01 - 2013-08-29 04:06 - 00000000 ____D C:\OEM
2013-09-02 21:01 - 2011-12-31 01:15 - 00000000 ____D C:\Program Files\EMACHINES
2013-09-02 20:47 - 2009-04-02 00:34 - 00000000 ____D C:\ACER
2013-09-02 18:19 - 2013-09-02 18:19 - 00000000 ____D C:\Users\Daggera\AppData\Local\DriverTuner
2013-09-02 18:16 - 2013-09-02 17:40 - 00000000 ____D C:\7d487bdbf4bab373d33dd4935c04
2013-09-02 18:05 - 2013-09-02 18:01 - 00000000 ____D C:\68a162aaff406ac7b6
2013-09-02 17:31 - 2013-09-02 17:31 - 00000000 ____D C:\Intel
2013-09-02 03:08 - 2013-09-02 03:08 - 00000977 _____ C:\Users\Public\Desktop\LibreOffice 4.0.lnk
2013-09-02 03:06 - 2013-07-24 23:10 - 00000000 ____D C:\Program Files\LibreOffice 4.0
2013-09-01 22:53 - 2012-01-03 17:01 - 00000000 ____D C:\Users\Daggera\Documents\Writing
2013-09-01 22:51 - 2013-09-01 23:02 - 192434176 _____ C:\Users\Daggera\Downloads\LibreOffice_4.0.5_Win_x86.msi
2013-08-31 16:18 - 2013-08-31 16:18 - 00000500 _____ C:\Users\Daggera\Desktop\Emsisoft Emergency Kit.lnk
2013-08-31 16:18 - 2013-08-31 16:09 - 00000000 ____D C:\EEK
2013-08-31 16:04 - 2013-08-31 16:03 - 00000000 ____D C:\Program Files\Emsisoft HiJackFree
2013-08-31 16:03 - 2013-08-31 16:03 - 00000789 _____ C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2013-08-31 16:03 - 2013-08-31 15:57 - 181062088 _____ C:\Users\Daggera\Downloads\EmsisoftEmergencyKit.exe
2013-08-31 16:01 - 2013-08-31 16:01 - 02095808 _____ (Emsi Software GmbH                                          ) C:\Users\Daggera\Downloads\a2HiJackFreeSetup.exe
2013-08-30 01:48 - 2013-09-15 14:24 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 01:48 - 2013-09-15 14:24 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 01:48 - 2013-09-15 14:24 - 00204784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2013-08-30 01:48 - 2013-09-15 14:24 - 00104752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys
2013-08-30 01:48 - 2013-09-15 14:24 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 01:48 - 2013-09-15 14:24 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 01:48 - 2013-09-15 14:24 - 00049760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-08-30 01:48 - 2013-09-15 14:24 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 01:48 - 2013-03-03 20:54 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 01:48 - 2013-03-03 20:54 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 01:48 - 2013-02-22 00:10 - 00021576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2013-08-30 01:47 - 2013-09-15 14:24 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 01:47 - 2013-09-15 14:23 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-29 04:46 - 2013-08-29 04:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-29 04:23 - 2013-08-29 04:19 - 181881520 _____ C:\Users\Daggera\Downloads\setup_11.0.1.1245.x01_2013_08_29_12_31.exe
2013-08-29 03:46 - 2013-08-29 03:46 - 00000000 ____D C:\Users\Daggera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer
2013-08-29 03:45 - 2013-08-29 03:45 - 00000000 ____D C:\Program Files\Acer
2013-08-29 01:43 - 2013-09-04 00:47 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20130904-004716.backup
2013-08-28 23:53 - 2012-01-02 19:41 - 00088064 _____ C:\Users\Daggera\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-28 22:21 - 2013-08-28 22:21 - 00001496 _____ C:\Users\Daggera\Desktop\Google Drive.lnk
2013-08-28 22:20 - 2013-08-28 22:20 - 00001871 _____ C:\Users\Public\Desktop\Google Slides.lnk
2013-08-28 22:20 - 2013-08-28 22:20 - 00001867 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2013-08-28 22:20 - 2013-08-28 22:20 - 00001855 _____ C:\Users\Public\Desktop\Google Docs.lnk
2013-08-28 22:20 - 2011-12-31 01:14 - 00000000 ____D C:\Users\Daggera\AppData\Local\Google
2013-08-28 22:20 - 2009-04-02 01:25 - 00000000 ____D C:\Program Files\Google
2013-08-28 20:55 - 2012-06-19 18:49 - 00000000 ____D C:\Users\Daggera\Documents\Games
2013-08-28 20:35 - 2013-08-28 20:35 - 00030232 _____ C:\Users\Daggera\Documents\cc_20130828_203509.reg
2013-08-28 18:11 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\system32\spool
2013-08-28 18:11 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\registration
2013-08-28 18:11 - 2006-11-02 04:22 - 57671680 _____ C:\Windows\system32\config\software_previous
2013-08-28 18:11 - 2006-11-02 04:22 - 36175872 _____ C:\Windows\system32\config\system_previous
2013-08-28 18:02 - 2006-11-02 04:22 - 41107456 _____ C:\Windows\system32\config\components_previous
2013-08-28 18:02 - 2006-11-02 04:22 - 00057344 _____ C:\Windows\system32\config\sam_previous
2013-08-28 16:00 - 2006-11-02 04:22 - 05505024 _____ C:\Windows\system32\config\default_previous
2013-08-28 16:00 - 2006-11-02 04:22 - 00262144 _____ C:\Windows\system32\config\security_previous
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {a353ea71-1f50-11de-b05a-002197a35231}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No
 
Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae0-0007e994107d}
device                  partition=\Device\HarddiskVolume1
path                    \windows\system32\boot\winload.exe
description             Windows Recovery Environment
osdevice                partition=\Device\HarddiskVolume1
systemroot              \windows
resumeobject            {d4aa2850-ebfd-11e1-8746-806e6f6e6963}
nx                      OptIn
detecthal               Yes
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {572bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {a353ea71-1f50-11de-b05a-002197a35231}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {a353ea71-1f50-11de-b05a-002197a35231}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {d4aa2850-ebfd-11e1-8746-806e6f6e6963}
device                  partition=\Device\HarddiskVolume1
path                    \windows\system32\boot\winresume.exe
description             Windows Recovery Environment
inherit                 {resumeloadersettings}
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  unknown
path                    \ntldr
description             Earlier Version of Windows
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
 
 
LastRegBack: 2013-09-17 12:10
 
==================== End Of Log ============================

 

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 17 September 2013 - 08:34 PM



Hello Daggera_Helras

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Daggera_Helras

Daggera_Helras
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 17 September 2013 - 11:08 PM

I ran the programs but there was not much. I have removed Firefox's default\prefs a few times already but it always comes back, not sure if that means anything though.  My computer is running a bit faster now and not so choppy, but I am not sure that means my computer is safe yet, and lately my speed tends to change from slow to fast and slow again when items are moved.

 

Also I spotted some odd files on OS (C:) like one file named "Zero Access Rootkit_HKLM.reg" 

Not sure if it was moved by one of my tools or what registry files are doing there but I thought that it was worth being mentioned. 

 

 

Also it looks like I have things trying to get through the Avast firewall. There is activity in the network connections. I have a screen shot of it in the attachments. 

 

 

 

AdwCleaner

 

# AdwCleaner v3.004 - Report created 17/09/2013 at 20:15:41

# Updated 15/09/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Daggera - DAGGERA-PC
# Running from : C:\Users\Daggera\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16506
 
 
-\\ Mozilla Firefox v23.0 (en-US)
 
[ File : C:\Users\Daggera\AppData\Roaming\Mozilla\Firefox\Profiles\9nt8lwt4.default\prefs.js ]
 
 
*************************
 
AdwCleaner[R0].txt - [3114 octets] - [04/09/2013 20:29:12]
AdwCleaner[R1].txt - [1035 octets] - [06/09/2013 01:36:40]
AdwCleaner[R2].txt - [1096 octets] - [08/09/2013 17:27:01]
AdwCleaner[R3].txt - [1029 octets] - [11/09/2013 03:34:52]
AdwCleaner[R4].txt - [1090 octets] - [14/09/2013 02:31:58]
AdwCleaner[R5].txt - [1277 octets] - [15/09/2013 19:54:01]
AdwCleaner[R6].txt - [1211 octets] - [16/09/2013 18:42:31]
AdwCleaner[R7].txt - [1271 octets] - [16/09/2013 18:45:32]
AdwCleaner[R8].txt - [1331 octets] - [16/09/2013 18:52:56]
AdwCleaner[R9].txt - [1449 octets] - [17/09/2013 20:14:18]
AdwCleaner[S0].txt - [3229 octets] - [04/09/2013 20:46:27]
AdwCleaner[S1].txt - [1392 octets] - [16/09/2013 18:53:53]
AdwCleaner[S2].txt - [1370 octets] - [17/09/2013 20:15:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1430 octets] ##########

 

 

 

 

JRT

 

 

 

 

# AdwCleaner v3.004 - Report created 17/09/2013 at 20:15:41
# Updated 15/09/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Daggera - DAGGERA-PC
# Running from : C:\Users\Daggera\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16506
 
 
-\\ Mozilla Firefox v23.0 (en-US)
 
[ File : C:\Users\Daggera\AppData\Roaming\Mozilla\Firefox\Profiles\9nt8lwt4.default\prefs.js ]
 
 
*************************
 
AdwCleaner[R0].txt - [3114 octets] - [04/09/2013 20:29:12]
AdwCleaner[R1].txt - [1035 octets] - [06/09/2013 01:36:40]
AdwCleaner[R2].txt - [1096 octets] - [08/09/2013 17:27:01]
AdwCleaner[R3].txt - [1029 octets] - [11/09/2013 03:34:52]
AdwCleaner[R4].txt - [1090 octets] - [14/09/2013 02:31:58]
AdwCleaner[R5].txt - [1277 octets] - [15/09/2013 19:54:01]
AdwCleaner[R6].txt - [1211 octets] - [16/09/2013 18:42:31]
AdwCleaner[R7].txt - [1271 octets] - [16/09/2013 18:45:32]
AdwCleaner[R8].txt - [1331 octets] - [16/09/2013 18:52:56]
AdwCleaner[R9].txt - [1449 octets] - [17/09/2013 20:14:18]
AdwCleaner[S0].txt - [3229 octets] - [04/09/2013 20:46:27]
AdwCleaner[S1].txt - [1392 octets] - [16/09/2013 18:53:53]
AdwCleaner[S2].txt - [1370 octets] - [17/09/2013 20:15:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1430 octets] ##########

 

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 17 September 2013 - 11:11 PM


Hello Daggera_Helras

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Daggera_Helras

Daggera_Helras
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 18 September 2013 - 02:36 AM

My computer is just a party for rootkits.  :blink:
Combofix said it found a rootkit within my old secondary account I made and recently deleted, Shadow Ninja.
My computer status is still slow, and windows firewall is disable and will not realize Avast's firewall is on even when I attempted to turn it back on, nothing happens. 
E-machine recovery management is still not working, as well.  
 
 
 
 
ComboFix 13-09-17.01 - Daggera 09/18/2013   0:40.7.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2815.2140 [GMT -6:00]
Running from: c:\users\Daggera\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Daggera\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Shadow Ninja\AppData\Roaming\64dlls.exe
c:\users\Shadow Ninja\AppData\Roaming\intel64.exe
c:\users\Shadow Ninja\AppData\Roaming\Kernel32.exe
c:\users\Shadow Ninja\AppData\Roaming\localsys64.exe
c:\users\Shadow Ninja\AppData\Roaming\ntos.exe
c:\users\Shadow Ninja\AppData\Roaming\oembios.exe
c:\users\Shadow Ninja\AppData\Roaming\sdra64.exe
c:\users\Shadow Ninja\AppData\Roaming\sdra73.exe
c:\users\Shadow Ninja\AppData\Roaming\swin32.exe
c:\users\Shadow Ninja\AppData\Roaming\twex.exe
c:\users\Shadow Ninja\AppData\Roaming\twext.exe
c:\users\Shadow Ninja\AppData\Roaming\win32avs.exe
c:\users\Shadow Ninja\AppData\Roaming\wsnpoema.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-18 to 2013-09-18  )))))))))))))))))))))))))))))))
.
.
2013-09-18 06:55 . 2013-09-18 06:59 -------- d-----w- c:\users\Daggera\AppData\Local\temp
2013-09-18 06:55 . 2013-09-18 06:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-18 06:55 . 2013-09-18 06:55 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-09-18 06:55 . 2013-09-18 06:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-18 04:15 . 2013-09-18 04:15 -------- d--h--w- c:\windows\PIF
2013-09-18 02:27 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E8D083-50AF-4209-BD45-872E81FD5E47}\mpengine.dll
2013-09-17 08:00 . 2013-09-17 08:00 103680 ----a-w- C:\ufliifod.sys
2013-09-17 06:35 . 2013-09-17 06:59 22064 ----a-w- c:\windows\DCEBoot.exe
2013-09-17 06:34 . 2013-09-17 06:59 181808 ----a-w- c:\windows\RegBootClean.exe
2013-09-17 00:52 . 2013-09-18 04:20 -------- d-----w- c:\users\Daggera\AppData\Local\CrashDumps
2013-09-16 04:13 . 2013-09-16 04:13 -------- d-----w- c:\users\Daggera\Pavark
2013-09-16 03:08 . 2013-09-16 03:29 -------- d-----w- c:\windows\system32\TrendMicro AntiThreat Toolkit
2013-09-15 21:00 . 2013-09-15 21:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-09-15 20:59 . 2013-09-17 06:37 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-09-15 20:58 . 2013-09-15 20:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-15 20:58 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-15 20:24 . 2013-08-30 07:48 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-15 20:24 . 2013-08-30 07:48 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-15 20:24 . 2013-08-30 07:48 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-09-15 20:24 . 2013-08-30 07:48 204784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-09-15 20:24 . 2013-08-30 07:48 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-09-15 20:24 . 2013-08-30 07:48 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-15 20:24 . 2013-08-30 07:48 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-15 20:24 . 2013-08-30 07:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-15 20:24 . 2013-08-30 07:47 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-09-15 20:23 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-09-15 20:23 . 2013-07-17 09:17 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-09-15 20:23 . 2013-04-30 08:51 35088 ----a-w- c:\windows\system32\drivers\tap0901.sys
2013-09-15 20:21 . 2013-09-15 20:23 -------- d-----w- c:\program files\AVAST Software
2013-09-15 20:13 . 2013-09-15 20:13 0 ----a-w- c:\windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD.tmp
2013-09-15 05:27 . 2013-09-17 01:27 -------- d-----w- c:\programdata\RegRun
2013-09-15 05:27 . 2013-09-15 05:27 2 --shatr- c:\windows\winstart.bat
2013-09-15 05:05 . 2013-09-15 07:30 -------- d-----w- c:\program files\Softwin
2013-09-15 02:48 . 2013-09-15 02:48 -------- d-----w- c:\program files\WinPcap
2013-09-14 08:00 . 2013-09-14 08:00 -------- d-----w- c:\users\Daggera\AppData\Local\VS Revo Group
2013-09-14 08:00 . 2013-09-14 08:00 -------- d-----w- c:\programdata\VS Revo Group
2013-09-14 08:00 . 2009-12-30 17:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-09-14 07:17 . 2013-09-14 07:17 35904 ----a-w- c:\windows\system32\drivers\apd34tah.sys
2013-09-14 06:03 . 2013-09-14 06:03 131344 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2013-09-13 04:42 . 2013-09-13 04:42 -------- d-----w- C:\System Volume
2013-09-12 21:03 . 2013-08-08 01:45 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-09-12 20:41 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll
2013-09-12 03:58 . 2013-09-12 03:58 -------- d-----w- c:\users\Daggera\Doctor Web
2013-09-12 02:24 . 2013-09-12 02:24 -------- d-----w- c:\program files\HitmanPro
2013-09-12 02:24 . 2013-09-14 08:25 -------- d-----w- c:\programdata\HitmanPro
2013-09-12 02:18 . 2013-09-12 02:23 -------- d-----w- c:\program files\Enigma Software Group
2013-09-12 02:18 . 2013-09-12 02:22 -------- d-----w- c:\windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2013-09-12 02:18 . 2013-09-12 02:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-09-11 09:13 . 2013-09-11 09:13 -------- d-----w- C:\found.000
2013-09-11 08:08 . 2013-09-11 08:12 -------- d-----w- C:\combofix-1
2013-09-11 06:48 . 2013-09-11 06:54 -------- d-----w- C:\AdobeTemp
2013-09-09 07:02 . 2013-09-09 07:02 -------- d-----w- c:\programdata\WindowsSearch
2013-09-08 08:22 . 2013-09-09 06:31 -------- d-----w- c:\users\Daggera\AppData\Roaming\QuickScan
2013-09-08 02:02 . 2013-09-14 08:00 -------- d-----w- c:\program files\VS Revo Group
2013-09-08 01:33 . 2013-09-08 01:33 388096 ----a-r- c:\users\Daggera\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-09-08 01:33 . 2013-09-15 18:10 -------- d-----w- c:\program files\Trend Micro
2013-09-07 23:55 . 2013-09-07 23:55 -------- d-----w- c:\programdata\Sophos
2013-09-07 23:54 . 2013-09-07 23:54 73728 ----a-r- c:\users\Daggera\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-09-07 23:54 . 2013-09-07 23:54 73728 ----a-r- c:\users\Daggera\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-09-07 23:54 . 2013-09-07 23:54 73728 ----a-r- c:\users\Daggera\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-09-07 23:54 . 2013-09-07 23:54 -------- d-----w- c:\program files\Sophos
2013-09-07 02:29 . 2013-09-09 06:20 -------- d-----w- c:\programdata\OnlineArmor
2013-09-07 02:29 . 2013-09-07 02:30 -------- d-----w- c:\users\Daggera\AppData\Roaming\OnlineArmor
2013-09-07 02:29 . 2012-10-02 21:03 44992 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2013-09-07 02:29 . 2012-10-02 21:02 31768 ----a-w- c:\windows\system32\drivers\OAnet.sys
2013-09-07 02:29 . 2012-10-02 21:02 27648 ----a-w- c:\windows\system32\drivers\OAmon.sys
2013-09-07 02:29 . 2012-10-02 21:02 208320 ----a-w- c:\windows\system32\drivers\OADriver.sys
2013-09-06 22:23 . 2013-09-06 22:23 -------- d-----w- C:\FRST
2013-09-06 18:21 . 2013-09-06 18:21 -------- d-----w- c:\programdata\McAfee Security Scan
2013-09-06 18:20 . 2013-09-06 18:25 -------- d-----w- c:\program files\McAfee Security Scan
2013-09-06 03:18 . 2013-09-06 03:18 -------- d-----w- C:\Quarantine
2013-09-06 03:08 . 2013-09-11 05:10 -------- d-----w- c:\program files\stinger
2013-09-06 01:26 . 2013-09-06 01:26 -------- d-----w- c:\users\Daggera\AppData\Roaming\SUPERAntiSpyware.com
2013-09-06 01:25 . 2013-09-17 07:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-09-06 01:25 . 2013-09-06 01:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-09-05 06:22 . 2013-08-15 23:31 268968 ----a-w- c:\windows\system32\sqlite3.dll
2013-09-05 06:22 . 2013-09-05 06:22 -------- d-----w- c:\program files\Secure Speed Dial
2013-09-05 02:29 . 2013-09-18 02:15 -------- d-----w- C:\AdwCleaner
2013-09-05 02:12 . 2013-09-05 02:12 -------- d-----w- c:\windows\ERUNT
2013-09-04 23:41 . 2013-09-04 23:41 -------- d-----w- c:\windows\en
2013-09-04 23:35 . 2012-03-09 00:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-09-04 22:59 . 2013-09-04 22:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-09-04 22:08 . 2013-09-04 22:08 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\41cfd4001cea9bb11\DXSETUP.exe
2013-09-04 22:08 . 2013-09-04 22:08 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\41cfd4001cea9bb11\dsetup32.dll
2013-09-04 22:08 . 2013-09-04 22:08 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\41cfd4001cea9bb11\DSETUP.dll
2013-09-04 22:07 . 2013-09-04 22:07 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\22e130201cea9bb10\DXSETUP.exe
2013-09-04 22:07 . 2013-09-04 22:07 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\22e130201cea9bb10\dsetup32.dll
2013-09-04 22:07 . 2013-09-04 22:07 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\22e130201cea9bb10\DSETUP.dll
2013-09-04 22:01 . 2013-09-04 23:59 -------- d-----w- c:\users\Daggera\AppData\Local\Windows Live
2013-09-04 13:42 . 2013-09-18 05:02 -------- d-----w- c:\windows\system32\catroot2
2013-09-04 08:49 . 2013-09-04 13:41 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-09-04 08:08 . 2013-09-04 08:08 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2013-09-04 06:15 . 2013-09-04 06:15 -------- d-----w- C:\RegBackup
2013-09-04 04:19 . 2013-09-04 04:19 -------- d-----w- c:\program files\Tweaking.com
2013-09-04 03:39 . 2013-09-14 02:51 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-04 03:11 . 2013-09-04 03:12 -------- d-----w- c:\users\Daggera\AppData\Roaming\GetRightToGo
2013-09-04 03:05 . 2013-09-17 07:01 -------- d-----w- c:\program files\Online Armor
2013-09-04 02:59 . 2013-09-04 07:59 2236 ----a-w- c:\windows\system32\ASOROSet.bin
2013-09-04 02:49 . 2013-09-04 03:01 -------- d-----w- c:\users\Daggera\AppData\Roaming\Solvusoft
2013-09-04 02:02 . 2013-09-04 02:02 -------- d-----w- c:\program files\WinASO
2013-09-03 03:01 . 2013-09-03 03:01 -------- d-----w- c:\programdata\eMachines
2013-09-03 00:19 . 2013-09-03 00:19 -------- d-----w- c:\users\Daggera\AppData\Local\DriverTuner
2013-09-03 00:01 . 2013-09-03 00:05 -------- d-----w- C:\68a162aaff406ac7b6
2013-09-02 23:40 . 2013-09-03 00:16 -------- d-----w- C:\7d487bdbf4bab373d33dd4935c04
2013-09-02 23:31 . 2013-09-02 23:31 -------- d-----w- C:\Intel
2013-09-02 23:30 . 2013-09-02 23:30 -------- d-----w- C:\DRIVERS
2013-08-31 22:09 . 2013-08-31 22:18 -------- d-----w- C:\EEK
2013-08-31 22:03 . 2013-08-31 22:04 -------- d-----w- c:\program files\Emsisoft HiJackFree
2013-08-29 22:44 . 2013-08-29 22:44 -------- d-----w- C:\perflogs
2013-08-29 10:46 . 2013-08-29 10:46 -------- d-----w- c:\programdata\Kaspersky Lab
2013-08-29 10:06 . 2013-09-03 03:01 -------- d-----w- C:\OEM
2013-08-29 09:45 . 2013-08-29 09:45 -------- d-----w- c:\program files\Acer
2013-08-29 04:21 . 2013-09-18 05:27 -------- d-----r- c:\users\Daggera\Google Drive
2013-08-28 16:54 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-18 05:49 . 2013-03-03 20:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-18 05:49 . 2013-03-03 20:07 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-04 22:16 . 2011-03-29 00:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-08-30 07:48 . 2013-03-04 02:54 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-03-04 02:54 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-02-22 06:10 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-08-07 10:22 . 2012-01-01 23:29 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-17 19:41 . 2013-08-14 08:49 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-10 09:47 . 2013-08-14 08:56 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:10 . 2013-08-14 08:54 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-07-08 04:55 . 2013-08-14 08:54 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:55 . 2013-08-14 08:54 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-08 04:20 . 2013-08-14 08:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:16 . 2013-08-14 08:37 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:16 . 2013-08-14 08:37 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:16 . 2013-08-14 08:38 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-07-05 04:53 . 2013-08-14 08:58 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-01 01:48 . 2013-07-01 01:48 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-01 01:48 . 2012-06-20 18:52 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-01 01:48 . 2012-01-02 05:51 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 22:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 22:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 22:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 22:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 22:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 5703920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"="" [BU]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2012-10-02 366440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2013-05-08 09:17 642664 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
2013-01-31 15:11 542632 ----a-w- c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2013-05-08 20:14 44128 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\adobe\reader 9.0\reader\reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 13:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
c:\program files\bluestacks\hd-agent.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-04-15 15:53 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gbrspcontrol]
c:\program files\common files\comodo\geekbuddyrsp.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-04-11 21:32 56080 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 21:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru]
2013-05-16 14:43 1012000 ----a-w- c:\program files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\java\jre1.6.0_05\bin\jusched.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Akamai NetSession Interface"="c:\users\Daggera\AppData\Local\Akamai\netsession_win.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AdvancedSystemCareService6;Advanced SystemCare Service 6; [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\RUN\a2ddax86.sys [2013-07-29 22056]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
Akamai REG_MULTI_SZ   Akamai
BullGuard_Backup REG_MULTI_SZ   BsBackup
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 02:24 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-03 05:49]
.
2013-09-15 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-15 16:58]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 00:07]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 00:07]
.
2013-09-15 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-15 16:57]
.
2013-09-15 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-09-15 16:58]
.
2013-09-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9a245ba6-db5b-4f5b-b98b-12d59e5bff70.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-09-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c115b3b9-d4be-4309-99c3-bc74322b1498.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-09-03 c:\windows\Tasks\UALU notificatin.job
- c:\program files\eMachines\eMachines Updater\UALU.exe [2013-09-03 21:48]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Daggera\AppData\Roaming\Mozilla\Firefox\Profiles\9nt8lwt4.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ff
FF - ExtSQL: 2013-07-22 20:08; virusscan@bullguard.com; c:\users\Daggera\AppData\Roaming\Mozilla\Firefox\Profiles\9nt8lwt4.default\extensions\virusscan@bullguard.com
FF - ExtSQL: 2013-07-22 20:16; antiphishing@bullguard; c:\program files\bullguard ltd\bullguard\Antiphishing\FF\antiphishing@bullguard
FF - ExtSQL: 2013-09-04 19:04; speeddial@instair.net; c:\users\Daggera\AppData\Roaming\Mozilla\Firefox\Profiles\9nt8lwt4.default\extensions\speeddial@instair.net
FF - ExtSQL: 2013-09-15 06:02; ascsurfingprotection@iobit.com; c:\users\Daggera\AppData\Roaming\Mozilla\Firefox\Profiles\9nt8lwt4.default\extensions\ascsurfingprotection@iobit.com
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\AdvancedSystemCareService6]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\LSI_SCSI]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\nvsvc]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\OAcat]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\SDScannerService]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\SDUpdateService]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\SDWSCService]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\Secunia PSI Agent]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\Secunia Update Agent]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\SvcOnlineArmor]
"ImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Services\WSWNA3100]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
   36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:27,18,a9,9d,9b,12,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,cd,4b,ef,78,06,df,4c,a5,05,62,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,cd,4b,ef,78,06,df,4c,a5,05,62,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_96_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_96_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@SACL=
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@SACL=
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2772)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVAST Software\Avast\afwServ.exe
c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2013-09-18  01:07:26 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-18 07:07
ComboFix2.txt  2013-09-17 05:54
ComboFix3.txt  2013-09-17 02:00
ComboFix4.txt  2013-09-16 08:39
ComboFix5.txt  2013-09-17 07:38
.
Pre-Run: 162,227,048,448 bytes free
Post-Run: 161,096,904,704 bytes free
.
- - End Of File - - F5C0A14A311254D70E4AEFD9D191A659
239841E1AE8E4843C0676F3681A7D6BE


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 18 September 2013 - 02:55 AM


Hello Daggera_Helras

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Daggera_Helras

Daggera_Helras
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 18 September 2013 - 03:29 AM

TDSS rootkit removing tool 

 

 
02:05:16.0655 1292  ============================================================
02:05:16.0655 1292  Scan finished
02:05:16.0655 1292  ============================================================
02:05:16.0671 2992  Detected object count: 0
02:05:16.0671 2992  Actual detected object count: 0
02:06:07.0465 1956  Deinitialize success


#10 Daggera_Helras

Daggera_Helras
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 18 September 2013 - 03:33 AM

About the same but the firewall works fine. I was happy that Roguekiller did not cause my computer to bluescreen, making some improvement. 
 
RogueKiller V8.6.11 [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Daggera [Admin rights]
Mode : Remove -- Date : 09/18/2013 02:14:22
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82FC8140)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82FC8140)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82FB6A5A)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82FB6A2C)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82FB6A88)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82FC3B70)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x82FC3B3C)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST332081 3AS SCSI Disk Device +++++
--- User ---
[MBR] 9d11e5766441d7e138708ddebee2bc80
[BSP] d5e62c4de7cc89e580cccc6a264fea4c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 291931 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
Finished : << RKreport[0]_D_09182013_021422.txt >>
RKreport[0]_S_09182013_021311.txt


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 18 September 2013 - 03:41 AM


Hello Daggera_Helras



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Daggera_Helras

Daggera_Helras
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 18 September 2013 - 01:15 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-09-2013 03
Ran by Daggera at 2013-09-18 12:01:20
Running from C:\Users\Daggera\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
7-Zip 9.22beta
AC3Filter 2.4a (Version: 2.4a)
AccelerateTab (Version: 1.0)
Acer System Information (Version: 1.0.0)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe Acrobat 9 Pro - English, Fran軋is, Deutsch (Version: 9.5.5)
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR (Version: 3.8.0.1430)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Asset Services CS4 (Version: 4)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe Drive CS4 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Fireworks CS4 (Version: 10.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.96)
Adobe Flash Player 11 Plugin (Version: 11.9.900.96)
Adobe Fonts All (Version: 2.0)
Adobe Illustrator CS4 (Version: 14.0)
Adobe InDesign CS4 (Version: 6.0)
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0)
Adobe InDesign CS4 Common Base Files (Version: 6.0)
Adobe InDesign CS4 Icon Handler (Version: 6.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe SGM CS4 (Version: 3.0)
Adobe SING CS4 (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS4 Server (Version: 4.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Advanced SystemCare 6 (Version: 6.4)
Akamai NetSession Interface Service
Allods Online 2.0.06.65.1 (Version: 2.0.06.65.1)
avast! Internet Security (Version: 8.0.1497.0)
BioWare Premium Module: Neverwinter Nights™ Kingmaker
CameraHelperMsi (Version: 13.31.1038.0)
CCleaner (Version: 3.22)
CDDRV_Installer (Version: 1.00.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Connect (Version: 1.0.0.1)
CyberLink LabelPrint (Version: 2.0.3111)
CyberLink Power2Go (Version: 5.5.4316)
D3DX10 (Version: 15.4.2368.0902)
DivX Setup (Version: 2.6.1.41)
eMachines Recovery Management (Version: 3.1.3003)
eMachines Updater (Version: 1.02.3502)
Emsisoft HiJackFree 4.5 (Version: 4.5)
erLT (Version: 1.20.138.34)
Google Chrome (Version: 29.0.1547.66)
Google Drive (Version: 1.11.4865.2530)
HiJackThis (Version: 1.0.0)
HitmanPro 3.7 (Version: 3.7.7.205)
IGG Web3D Player version 1.0.0.38 (HKCU Version: 1.0.0.38)
IObit Malware Fighter (Version: 2.1)
Java 7 Update 25 (Version: 7.0.250)
Junk Mail filter update (Version: 15.4.3502.0922)
KhalInstallWrapper (Version: 4.00.121)
kuler (Version: 2.0)
LibreOffice 4.0.5.2 (Version: 4.0.5.2)
Logitech SetPoint (Version: 4.00)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.31.1038.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 23.0 (x86 en-US) (Version: 23.0)
Mozilla Maintenance Service (Version: 23.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NETGEAR WNA3100 wireless USB 2.0 adapter (Version: 1.01.206)
Neverwinter Nights Diamond Edition
NVIDIA Control Panel 307.83 (Version: 307.83)
NVIDIA Display Control Panel (Version: 6.14.11.9713)
NVIDIA Drivers (Version: 1.10.57.35)
NVIDIA GeForce Experience 1.1 (Version: 1.1)
NVIDIA Graphics Driver 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA Update 4.11.9 (Version: 4.11.9)
NVIDIA Update Components (Version: 4.11.9)
Online Armor 6.0 (Version: 6.0)
Pando Media Booster (Version: 2.6.0.9)
PDF Settings CS4 (Version: 9.0)
Photoshop Camera Raw (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
Protected Folder
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Revo Uninstaller Pro 3.0.7 (Version: 3.0.7)
Safari (Version: 5.34.57.2)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Segoe UI (Version: 15.4.2271.0615)
Shockwave
Smart Defrag 2 (Version: 2.8)
SmartSound Common Data (Version: 1.1.0)
Sophos Virus Removal Tool (Version: 2.4)
Spybot - Search & Destroy (Version: 2.1.21)
Star Wars: The Old Republic (Version: 1.00)
Suite Shared Configuration CS4 (Version: 1.0)
SUPERAntiSpyware (Version: 5.6.1032)
System Requirements Lab
System Requirements Lab for Intel (Version: 4.5.13.0)
Tweaking.com - Windows Repair (All in One) (Version: 1.9.15)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.0.7 (Version: 2.0.7)
WebTablet IE Plugin (Version: 1.1.0.4)
WebTablet Netscape Plugin (Version: 1.1.0.3)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinPcap 4.1.3 (Version: 4.1.0.2980)
 
==================== Restore Points  =========================
 
16-09-2013 02:28:02 Making a Better Tomorrow Sep 15th 2013
16-09-2013 22:06:13 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
17-09-2013 02:12:51 Revo Uninstaller Pro's restore point - UnHackMe 5.99 release
17-09-2013 05:35:54 three
18-09-2013 02:37:16 Revo Uninstaller Pro's restore point - avast! Internet Security
18-09-2013 04:41:50 dusty restore
18-09-2013 04:47:52 Removed eMachines Recovery Management
18-09-2013 04:52:06 Restore Operation
 
==================== Hosts content: ==========================
 
2013-09-04 22:40 - 2013-09-18 00:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0C641662-5B60-466C-B3FB-B36E5284A30C} - System32\Tasks\ASC6_AutoClean => C:\Program Files\IObit\Advanced SystemCare 6\AutoSweep.exe [2013-08-12] (IObit)
Task: {1980BFD5-595F-4000-90CF-766298980CA9} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {26946935-71DA-42D5-A613-F91BE9BAB5DE} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe [2013-08-10] (IObit)
Task: {278E977A-A451-4BEA-80F7-20C812F0B0D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-06] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3ECFE58C-77FC-4B2E-B77B-90DBD57C5E58} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {62A39E3C-4925-421E-ABF1-A3558F35D74F} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {72E11D45-204B-4746-B21B-73AA6695E582} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: {7B39C755-6A87-43E5-9118-DE8FBC35498B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {84504BC4-F808-4A07-97F6-27C64337CD92} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {8C98EBC8-9805-4E2F-8FF6-506C68913407} - \NCH Software\ExpressZipReminder No Task File
Task: {A3E0B906-06F2-45B3-9C59-9A9ABD9AFA7E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 9a245ba6-db5b-4f5b-b98b-12d59e5bff70 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)
Task: {A714FB5D-6534-4EEF-85C8-5F92EE2C8DDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-17] (Adobe Systems Incorporated)
Task: {B389AC53-268D-4ABD-B25A-9D4F4B3B23D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {C9880D17-AA3F-4B5F-BA8B-59FF3835A3F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-06] (Google Inc.)
Task: {D1C0AB7F-A53D-4199-9984-5BA13AD2B6EF} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
Task: {DFC8B9FE-FCE1-4BB0-9220-748C4907AD90} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F5AD0ED4-E13D-4ADE-9A53-E17E7EF4DE4E} - System32\Tasks\SUPERAntiSpyware Scheduled Task c115b3b9-d4be-4309-99c3-bc74322b1498 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9a245ba6-db5b-4f5b-b98b-12d59e5bff70.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c115b3b9-d4be-4309-99c3-bc74322b1498.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\UALU notificatin.job => C:\Program Files\eMachines\eMachines Updater\UALU.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-03 21:05 - 2012-10-02 15:02 - 00366440 _____ (Emsisoft GmbH) C:\Program Files\Online Armor\oaevent.dll
2012-01-01 17:40 - 2010-01-21 09:05 - 00062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2012-04-24 21:18 - 2012-04-24 21:18 - 00053608 _____ (Open Source Software community project) C:\Program Files\Safari\Apple Application Support\pthreadVC2.dll
2012-04-24 21:18 - 2012-04-24 21:18 - 00087912 _____ () C:\Program Files\Safari\Apple Application Support\zlib1.dll
2012-04-24 21:18 - 2012-04-24 21:18 - 01242472 _____ () C:\Program Files\Safari\Apple Application Support\libxml2.dll
2013-02-19 21:32 - 2013-02-19 21:32 - 15413704 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.
 
Name: PCI Memory Controller
Description: PCI Memory Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is not configured correctly. (Code1)
Resolution: You may be prompted to provide the path of the driver. Windows may have the driver built-in, or may still have the driver files installed from the last time that you set up the device. If you are asked for the driver and you do not have it, you can try to download the latest driver from the hardware vendor’s Web site.
In the device properties dialog box, click the "Driver" tab, and then click "Update Driver" to start the "Hardware Update Wizard". Follow the instructions to update the driver. If updating the driver does not work, see your hardware documentation for more information.
 
Name: avast! SecureLine TAP Adapter
Description: avast! SecureLine TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/18/2013 02:18:47 AM) (Source: Application Error) (User: )
Description: Faulting application Safari.exe, version 5.34.57.2, time stamp 0x4f982b5e, faulting module SpellChecker.dll, version 7534.57.2.2, time stamp 0x4f981b34, exception code 0xc0000409, fault offset 0x0005fa7a,
process id 0xa98, application start time 0xSafari.exe0.
 
Error: (09/18/2013 02:18:13 AM) (Source: Application Error) (User: )
Description: Faulting application Safari.exe, version 5.34.57.2, time stamp 0x4f982b5e, faulting module SpellChecker.dll, version 7534.57.2.2, time stamp 0x4f981b34, exception code 0xc0000409, fault offset 0x0005fa7a,
process id 0xb40, application start time 0xSafari.exe0.
 
Error: (09/18/2013 02:09:29 AM) (Source: Application Error) (User: )
Description: Faulting application Safari.exe, version 5.34.57.2, time stamp 0x4f982b5e, faulting module SpellChecker.dll, version 7534.57.2.2, time stamp 0x4f981b34, exception code 0xc0000409, fault offset 0x0005fa7a,
process id 0x920, application start time 0xSafari.exe0.
 
Error: (09/18/2013 01:28:38 AM) (Source: IMFservice) (User: )
Description: The handle is invalid
 
Error: (09/18/2013 01:28:37 AM) (Source: IMFservice) (User: )
Description: The handle is invalid
 
Error: (09/18/2013 00:36:09 AM) (Source: IMFservice) (User: )
Description: The handle is invalid
 
Error: (09/17/2013 11:07:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2013 11:07:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2013 11:07:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2013 11:07:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (09/18/2013 11:53:00 AM) (Source: Service Control Manager) (User: )
Description: Spybot-S&D 2 Security Center Service%%2
 
Error: (09/18/2013 11:52:20 AM) (Source: Service Control Manager) (User: )
Description: Spybot-S&D 2 Scanner Service%%2
 
Error: (09/18/2013 11:50:12 AM) (Source: Service Control Manager) (User: )
Description: hqmpym
ssuhop
tljkva
 
Error: (09/18/2013 11:50:12 AM) (Source: Service Control Manager) (User: )
Description: SecureUpdate1
 
Error: (09/18/2013 11:49:49 AM) (Source: Service Control Manager) (User: )
Description: Superfetch%%2
 
Error: (09/18/2013 11:49:49 AM) (Source: Service Control Manager) (User: )
Description: Spybot-S&D 2 Updating Service%%2
 
Error: (09/18/2013 11:49:49 AM) (Source: Service Control Manager) (User: )
Description: Net.Tcp Listener Adapterwas
 
Error: (09/18/2013 11:49:49 AM) (Source: Service Control Manager) (User: )
Description: Net.Pipe Listener Adapterwas
 
Error: (09/18/2013 11:49:49 AM) (Source: Service Control Manager) (User: )
Description: Net.Msmq Listener Adaptermsmq
 
Error: (09/18/2013 11:49:49 AM) (Source: Service Control Manager) (User: )
Description: adfs%%2
 
 
Microsoft Office Sessions:
=========================
Error: (09/18/2013 02:18:47 AM) (Source: Application Error)(User: )
Description: Safari.exe5.34.57.24f982b5eSpellChecker.dll7534.57.2.24f981b34c00004090005fa7aa9801ceb447a2dfda6f
 
Error: (09/18/2013 02:18:13 AM) (Source: Application Error)(User: )
Description: Safari.exe5.34.57.24f982b5eSpellChecker.dll7534.57.2.24f981b34c00004090005fa7ab4001ceb446f2098f1f
 
Error: (09/18/2013 02:09:29 AM) (Source: Application Error)(User: )
Description: Safari.exe5.34.57.24f982b5eSpellChecker.dll7534.57.2.24f981b34c00004090005fa7a92001ceb44605969d3f
 
Error: (09/18/2013 01:28:38 AM) (Source: IMFservice)(User: )
Description: The handle is invalid
 
Error: (09/18/2013 01:28:37 AM) (Source: IMFservice)(User: )
Description: The handle is invalid
 
Error: (09/18/2013 00:36:09 AM) (Source: IMFservice)(User: )
Description: The handle is invalid
 
Error: (09/17/2013 11:07:17 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe
 
Error: (09/17/2013 11:07:17 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe
 
Error: (09/17/2013 11:07:17 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe
 
Error: (09/17/2013 11:07:17 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-18 00:42:56.071
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\apl003.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-18 00:42:55.400
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\apl003.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-17 01:40:03.784
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\apl003.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-17 01:40:03.316
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\apl003.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-17 01:11:41.574
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\apl003.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-17 01:11:41.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\apl003.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-17 00:08:17.725
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\apl003.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-17 00:08:17.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\apl003.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-16 23:40:30.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\apl003.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-16 23:40:30.388
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\apl003.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 42%
Total physical RAM: 2814.51 MB
Available physical RAM: 1631.55 MB
Total Pagefile: 5849.51 MB
Available Pagefile: 4728.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1923.26 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:285.09 GB) (Free:151.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 4E90D86F)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=285 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 18 September 2013 - 02:58 PM

Hello Daggera_Helras

That is only one of the two reports that was made - can you please send the other report


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Daggera_Helras

Daggera_Helras
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 18 September 2013 - 04:20 PM

Sorry about that. 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03
Ran by Daggera (administrator) on DAGGERA-PC on 18-09-2013 11:59:19
Running from C:\Users\Daggera\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Apple Inc.) C:\Program Files\Safari\Safari.exe
(Apple Inc.) C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [eRecoveryService] - [x]
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5703920 2013-08-14] (SUPERAntiSpyware)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [Advanced SystemCare 6] - "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
HKU\UpdatusUser\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [ 2013-05-16] (Safer-Networking Ltd.)
HKU\UpdatusUser\...\Run: [Akamai NetSession Interface] - "C:\Users\Daggera\AppData\Local\Akamai\netsession_win.exe"
HKU\UpdatusUser\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [ 2013-06-27] (Google)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL (IObit)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\PROGRA~1\ONLINE~1\oaevent.dll [366440 2012-10-02] (Emsisoft GmbH)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF ProfilePath: C:\Users\Daggera\AppData\Roaming\Mozilla\Firefox\Profiles\9nt8lwt4.default
FF Homepage: hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ff
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_96.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.1.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @g2.com/iggweb3dupdater - C:\Users\Daggera\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG)
FF Plugin HKCU: @g2.com/joyconnectshell - C:\Users\Daggera\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG)
FF Plugin HKCU: @gentek.com/thinclient - C:\IGG\twclient_us\npthinclient.dll (Generic Network)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Daggera\AppData\Roaming\Mozilla\Firefox\Profiles\9nt8lwt4.default\Extensions\ascsurfingprotection@iobit.com
FF Extension: AccelerateTab - C:\Users\Daggera\AppData\Roaming\Mozilla\Firefox\Profiles\9nt8lwt4.default\Extensions\speeddial@instair.net
FF Extension: Bullguard Virus Scan - C:\Users\Daggera\AppData\Roaming\Mozilla\Firefox\Profiles\9nt8lwt4.default\Extensions\virusscan@bullguard.com
FF Extension: DivXWebPlayer - C:\Users\Daggera\AppData\Roaming\Mozilla\Firefox\Profiles\9nt8lwt4.default\Extensions\DivXWebPlayer@divx.com.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Docs) - C:\Users\Daggera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Daggera\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Daggera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Daggera\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Daggera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Daggera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Daggera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_1
CHR Extension: (Gmail) - C:\Users\Daggera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx
CHR HKLM\...\Chrome\Extension: [ngmmcbedgcbfghamlghhpbpifnbhhpik] - C:\Users\Daggera\AppData\Local\Temp\ccex.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
 
========================== Services (Whitelisted) =================
 

 

Attached Files



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 18 September 2013 - 06:17 PM

Hello Daggera_Helras

I am sorry to be such a pain but that is half the report and it is very important that I see the whole report.

Can you resend it to me please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users