Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Defender opens system 32 directory


  • This topic is locked This topic is locked
4 replies to this topic

#1 tubeki

tubeki

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 10 January 2014 - 05:28 PM

Hi

 

After i installed a new program for setting Windows 8.1 (Windows Manager 2.00), I 've noticed that the security program "windows defender" is - since then - always disable and points to "C:\Windows\system32\config

 

i've done exactly the procedure that Farbar adviced in previous topic : Windows Defender & Microsoft Security Essentials,

but nothing happened to me.

 

1) I download Farbar Recovery Scan Tool and save it to my desktop,

2)Double-click to run it. When the tool opens click Yes to disclaimer.

3) Press Scan button.

4) It will make a log (FRST.txt) in the same directory the tool is run.

5) I copied and pasted it. In my case the file FRST.txt is following:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-01-2014
Ran by ap (administrator) on LIVINGROOM on 10-01-2014 07:10:10
Running from C:\FRST
Windows 8.1 Pro (X64) OS Language: 0Greek
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(BitTorrent Inc.) C:\Program Files\uTorrent\uTorrent.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Lavasoft) C:\ProgramData\Search Protection\SearchProtection.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Dropbox, Inc.) C:\Users\ap\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-28] (Realtek Semiconductor)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe [3987288 2013-12-11] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [943016 2013-06-13] (Lavasoft)
HKLM-x32\...\Run: [CloneCDTray] - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-02-06] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [uTorrent] - C:\Program Files\uTorrent\uTorrent.exe [1141328 2013-11-09] (BitTorrent Inc.)
HKCU\...\Run: [Advanced SystemCare 7] - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2285344 2013-12-09] (IObit)
HKCU\...\Policies\Explorer: [ConfirmFileDelete] 1
MountPoints2: {b2fbe6bb-d6ca-11e1-be66-806e6f6e6963} - "D:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoPico.lnk
ShortcutTarget: AutoPico.lnk -> C:\Program Files\KMSpico\AutoPico.exe ()
Startup: C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ap\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.us.com/v/2/?guid={90885001-2183-4C34-A187-9CE9ED8E47A4}&serpv=17
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.us.com/v/2/?guid={90885001-2183-4C34-A187-9CE9ED8E47A4}&serpv=17
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {5242C94C-C204-4466-B19C-E39589B248D6} URL = http://search.us.com/serp?guid={7702FEFD-1A58-4F65-825A-89F3FE9B90BC}&action=default_search&serpv=5&k={searchTerms}
SearchScopes: HKCU - {2BCCCAF2-A6B9-4A80-BAEC-09BDEA647705} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10513
SearchScopes: HKCU - {3709F842-E6C0-44FD-9476-21D5BBE27EA0} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {5242C94C-C204-4466-B19C-E39589B248D6} URL = http://search.us.com/serp?guid={7702FEFD-1A58-4F65-825A-89F3FE9B90BC}&action=default_search&serpv=5&k={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -  No File
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -  No File
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: vnd.ms.radio - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: vnd.ms.radio - No CLSID Value -
Winsock: Catalog5 08 C:\WINDOWS\SysWOW64\wlidNSP.dll [49664] (Microsoft Corporation)
Winsock: Catalog5 09 C:\WINDOWS\SysWOW64\wlidNSP.dll [49664] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [73216] (Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\WINDOWS\system32\wlidnsp.dll [73216] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ap\AppData\Roaming\Mozilla\Firefox\Profiles\xa2qptoq.default-1383605976462
FF user.js: detected! => C:\Users\ap\AppData\Roaming\Mozilla\Firefox\Profiles\xa2qptoq.default-1383605976462\user.js
FF DefaultSearchEngine: Search.us
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @huawei.com/npHWPlugin - C:\Program Files (x86)\Web_TV\WebTVPlugin\npHWPlugin.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\ap\AppData\Roaming\Mozilla\Firefox\Profiles\xa2qptoq.default-1383605976462\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF Extension: Ads Removal - C:\Users\ap\AppData\Roaming\Mozilla\Firefox\Profiles\xa2qptoq.default-1383605976462\Extensions\adsremoval@adsremoval.net
FF Extension: Slick Savings - C:\Users\ap\AppData\Roaming\Mozilla\Firefox\Profiles\xa2qptoq.default-1383605976462\Extensions\savingsslider@mybrowserbar.com
FF Extension: uTorrentControl_v6  - C:\Users\ap\AppData\Roaming\Mozilla\Firefox\Profiles\xa2qptoq.default-1383605976462\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
FF Extension: DownloadHelper - C:\Users\ap\AppData\Roaming\Mozilla\Firefox\Profiles\xa2qptoq.default-1383605976462\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Start Page - C:\Users\ap\AppData\Roaming\Mozilla\Firefox\Profiles\xa2qptoq.default-1383605976462\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi
FF Extension: Download YouTube Videos as MP4 - C:\Users\ap\AppData\Roaming\Mozilla\Firefox\Profiles\xa2qptoq.default-1383605976462\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF Extension: Adblock Plus - C:\Users\ap\AppData\Roaming\Mozilla\Firefox\Profiles\xa2qptoq.default-1383605976462\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

Chrome:
=======
CHR HomePage: hxxp://search.us.com/v/2/?guid={90885001-2183-4C34-A187-9CE9ED8E47A4}&serpv=17
CHR DefaultSearchURL: http://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ss_Btisdt4&mntrId=9473001A4D4E1286&affID=121564&tt=070813_wc1&tsp=4971
CHR Extension: (Google Docs) - C:\Users\ap\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\ap\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ap\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Search.us Home) - C:\Users\ap\AppData\Local\Google\Chrome\User Data\Default\Extensions\chcfkfgpnaokddfkjiipihajgpfioddo\1.0.0.0_0
CHR Extension: (Google Search) - C:\Users\ap\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\ap\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0
CHR Extension: (Ads Removal) - C:\Users\ap\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\ap\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\ap\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Lavasoft NewTab) - C:\Users\ap\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0
CHR Extension: (Gmail) - C:\Users\ap\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-11-29] (ABBYY)
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881440 2013-12-09] (IObit)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe [513736 2013-12-11] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [686592 2013-11-12] ()
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [75584 2013-09-29] (IObit)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWow64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [24664 2011-04-18] ()
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [138232 2013-07-17] (BitDefender LLC)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-10 07:05 - 2014-01-10 07:05 - 00001060 _____ C:\Users\ap\Desktop\Dropbox.lnk
2014-01-10 07:04 - 2014-01-10 07:04 - 00000095 _____ C:\Users\ap\.accessibility.properties
2014-01-10 06:50 - 2014-01-10 06:51 - 00045283 _____ C:\Addition.txt
2014-01-10 06:49 - 2014-01-10 07:10 - 00000000 ____D C:\FRST
2014-01-10 06:49 - 2014-01-10 06:51 - 00050106 _____ C:\FRST.txt
2014-01-10 06:17 - 2014-01-10 06:23 - 00000000 ____D C:\Program Files (x86)\Advanced Fix 2013
2014-01-10 06:15 - 2014-01-10 06:16 - 06657112 _____ (Advanced Fix, Inc.                                          ) C:\Users\ap\Downloads\WUtilities_AF_Repair_Setup.exe
2014-01-10 05:51 - 2014-01-10 05:51 - 00044170 _____ C:\Users\Public\Documents\SIGVERIF.TXT
2014-01-10 05:51 - 2014-01-10 05:51 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-10 05:51 - 2014-01-10 05:51 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-10 05:39 - 2014-01-10 05:39 - 00001086 _____ C:\WINDOWS\PFRO.log
2014-01-10 04:04 - 2014-01-10 04:04 - 00000000 ____D C:\Users\ap\Documents\Fax
2014-01-10 04:00 - 2014-01-10 05:05 - 277151744 _____ C:\WDO_Media64.iso
2014-01-10 03:59 - 2014-01-10 03:59 - 00860176 _____ (Microsoft Corporation) C:\Users\ap\Downloads\mssstool64(1).exe
2014-01-10 03:58 - 2014-01-10 03:58 - 00845328 _____ (Microsoft Corporation) C:\Users\ap\Downloads\mssstool64.exe
2014-01-10 03:43 - 2014-01-10 03:43 - 00000000 ____H C:\Users\ap\Documents\Default.rdp
2014-01-10 01:32 - 2014-01-10 01:32 - 00003154 _____ C:\WINDOWS\System32\Tasks\StartMenuAutoupdate
2014-01-10 01:32 - 2014-01-10 01:32 - 00002075 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2014-01-10 01:29 - 2014-01-10 01:29 - 00002187 _____ C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Windows 8 Manager.lnk
2014-01-10 01:29 - 2014-01-10 01:29 - 00002176 _____ C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Windows 8 Manager 1-Click Cleaner.lnk
2014-01-10 01:29 - 2014-01-10 01:29 - 00002163 _____ C:\Users\ap\Desktop\Windows 8 Manager.lnk
2014-01-10 01:29 - 2014-01-10 01:29 - 00002152 _____ C:\Users\ap\Desktop\1-Click Cleaner.lnk
2014-01-10 01:29 - 2014-01-10 01:29 - 00002148 _____ C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Windows 8 Manager Live Update.lnk
2014-01-10 01:29 - 2014-01-10 01:29 - 00001209 _____ C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Windows 8 Manager Store App Settings.lnk
2014-01-10 01:29 - 2014-01-10 01:29 - 00000000 ____D C:\Program Files\Yamicsoft
2014-01-07 02:10 - 2014-01-07 02:10 - 00142389 _____ C:\Users\ap\Downloads\About_Time_2013_BRRip_XviD_AC3-SANTi[SuperNova_Team].avi.torrent
2014-01-07 02:07 - 2014-01-07 02:07 - 00014617 _____ C:\Users\ap\Downloads\Despicable.Me.2.2013.720p.BluRay.DD5.1.x264-HiDt_(Greek_Audio).torrent
2014-01-07 02:02 - 2014-01-07 02:02 - 00015180 _____ C:\Users\ap\Downloads\Despicable_Me_2_DVDRip_x264_-_AC3_[cecilaris3].torrent
2014-01-04 14:54 - 2014-01-04 14:54 - 00000000 ____D C:\WINDOWS\pss
2014-01-04 14:51 - 2014-01-10 02:05 - 00001770 _____ C:\Users\ap\Desktop\KMSpico.lnk
2014-01-04 14:37 - 2014-01-04 14:37 - 91594752 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2014-01-04 14:37 - 2014-01-04 14:37 - 05218304 _____ C:\WINDOWS\system32\config\DRIVERS.iobit
2014-01-04 14:37 - 2014-01-04 14:37 - 00409600 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2014-01-04 14:37 - 2014-01-04 14:37 - 00073728 _____ C:\WINDOWS\system32\config\SAM.iobit
2014-01-04 14:37 - 2014-01-04 14:37 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2014-01-04 14:15 - 2014-01-04 14:36 - 00000000 ____D C:\Program Files\TAP-Windows
2014-01-04 14:15 - 2014-01-04 14:15 - 00003698 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2014-01-04 13:19 - 2014-01-04 14:51 - 00000000 ____D C:\Program Files\KMSpico
2013-12-28 14:03 - 2013-12-28 14:03 - 03707864 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2013-12-28 14:03 - 2013-12-28 14:03 - 02810072 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2013-12-28 14:03 - 2013-12-28 14:03 - 02587864 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
2013-12-28 14:03 - 2013-12-28 14:03 - 02103040 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2013-12-28 14:03 - 2013-12-28 14:03 - 01286360 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2013-12-28 14:03 - 2013-12-28 14:03 - 01021656 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2013-12-28 14:03 - 2013-12-28 14:03 - 00681905 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2013-12-28 14:03 - 2013-12-28 14:03 - 00617176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2013-12-28 14:03 - 2013-12-28 14:03 - 00153304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2013-12-28 14:03 - 2013-12-28 14:03 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2013-12-28 14:02 - 2013-12-28 14:02 - 02036992 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2013-12-28 14:02 - 2013-12-28 14:02 - 01012992 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2013-12-28 14:02 - 2013-12-28 14:02 - 00209096 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2013-12-28 14:02 - 2013-12-28 14:02 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2013-12-25 21:37 - 2013-12-25 21:37 - 00048875 _____ C:\Users\ap\Downloads\[kickass.to]the.conspirator.2010.1080p.mkv.ac3.dts.eng.nl.subs.dmt.torrent
2013-12-16 18:24 - 2013-12-16 18:24 - 00002238 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-14 23:24 - 2013-12-04 02:05 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-12-14 23:24 - 2013-12-04 02:05 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-14 21:01 - 2013-11-12 01:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 21:01 - 2013-11-12 01:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 21:01 - 2013-11-12 01:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-14 21:01 - 2013-11-12 01:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-14 21:01 - 2013-11-11 04:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-14 21:01 - 2013-11-09 13:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-14 21:01 - 2013-11-09 08:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-14 21:01 - 2013-11-09 07:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-14 21:01 - 2013-11-08 12:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-14 21:01 - 2013-11-08 07:23 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2013-12-14 21:01 - 2013-11-08 06:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-14 21:01 - 2013-11-08 06:42 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2013-12-14 21:01 - 2013-11-08 06:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-14 21:01 - 2013-11-08 06:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-14 21:01 - 2013-11-08 06:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-14 21:01 - 2013-11-08 06:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-14 21:01 - 2013-11-08 06:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-14 21:01 - 2013-11-08 05:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-14 21:01 - 2013-11-08 05:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-14 21:01 - 2013-11-05 16:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-14 21:01 - 2013-11-05 16:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-14 21:01 - 2013-11-05 15:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-14 21:01 - 2013-11-05 15:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-14 21:01 - 2013-11-05 15:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-14 21:01 - 2013-11-04 19:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-14 21:01 - 2013-11-04 19:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-14 21:01 - 2013-11-04 15:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-14 21:01 - 2013-11-04 13:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-14 21:01 - 2013-11-04 12:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-14 21:01 - 2013-11-04 04:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-14 21:01 - 2013-11-04 03:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-14 21:01 - 2013-11-01 13:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-14 21:01 - 2013-11-01 08:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-14 21:01 - 2013-11-01 07:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-14 21:01 - 2013-10-31 02:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-14 21:01 - 2013-10-31 02:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-14 21:01 - 2013-10-31 02:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-14 21:01 - 2013-10-31 02:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-14 21:01 - 2013-10-31 02:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-14 21:01 - 2013-10-31 02:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-14 21:01 - 2013-10-26 03:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-14 21:01 - 2013-10-24 11:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-14 21:01 - 2013-10-24 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-14 21:01 - 2013-10-17 13:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-14 21:01 - 2013-10-17 12:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-14 21:01 - 2013-10-05 16:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-14 21:01 - 2013-10-05 16:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-14 21:01 - 2013-10-05 14:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-14 21:01 - 2013-10-05 14:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-14 16:32 - 2013-12-14 16:32 - 00002259 _____ C:\WINDOWS\epplauncher.mif
2013-12-14 15:25 - 2013-11-26 13:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-14 15:25 - 2013-11-26 12:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-14 15:25 - 2013-11-26 11:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-14 15:25 - 2013-11-26 10:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-14 15:25 - 2013-11-26 10:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-14 15:25 - 2013-11-26 10:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-14 15:25 - 2013-11-26 10:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-14 15:25 - 2013-11-26 10:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-14 15:25 - 2013-11-26 09:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-14 15:25 - 2013-11-26 09:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-14 15:25 - 2013-11-26 09:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-14 15:25 - 2013-11-26 09:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-14 15:25 - 2013-11-26 08:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-14 15:25 - 2013-11-26 08:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-14 15:25 - 2013-11-26 08:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-14 15:25 - 2013-11-26 08:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-14 15:25 - 2013-11-26 08:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-14 15:25 - 2013-11-23 06:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-14 15:25 - 2013-11-23 06:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-14 15:25 - 2013-11-23 05:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-14 15:25 - 2013-11-23 05:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-14 15:25 - 2013-10-19 10:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-14 15:25 - 2013-10-19 09:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-14 15:25 - 2013-10-15 10:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-14 15:25 - 2013-10-15 10:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-14 15:24 - 2013-11-09 08:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-14 15:24 - 2013-11-09 08:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-14 15:24 - 2013-11-09 07:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-14 15:24 - 2013-11-08 09:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-13 18:31 - 2014-01-10 07:04 - 00002355 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-12-12 00:45 - 2013-12-12 00:45 - 00000000 ____D C:\Users\ap\Desktop\mytilini
2013-12-11 22:57 - 2013-12-11 22:57 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-12-11 01:06 - 2013-12-11 01:06 - 00000000 ____D C:\Users\ap\AppData\Local\Slick Savings
2013-12-11 01:04 - 2014-01-10 05:40 - 00000258 _____ C:\WINDOWS\Tasks\ASC7_SkipUac_ap.job
2013-12-11 01:04 - 2014-01-10 05:21 - 00002233 _____ C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2013-12-11 01:04 - 2013-12-11 01:04 - 00003088 _____ C:\WINDOWS\System32\Tasks\ASC7_PerformanceMonitor
2013-12-11 01:04 - 2013-12-11 01:04 - 00002352 _____ C:\WINDOWS\System32\Tasks\ASC7_SkipUac_ap
2013-12-11 01:04 - 2013-12-11 01:04 - 00000000 ____D C:\ProgramData\ProductData
2013-12-11 01:04 - 2013-12-11 01:04 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}

==================== One Month Modified Files and Folders =======

2014-01-10 07:10 - 2014-01-10 06:49 - 00000000 ____D C:\FRST
2014-01-10 07:09 - 2013-11-09 15:53 - 00000000 ____D C:\Users\ap\AppData\Roaming\uTorrent
2014-01-10 07:09 - 2013-09-30 06:16 - 01701376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-10 07:09 - 2013-09-30 06:00 - 00629890 _____ C:\WINDOWS\system32\perfh008.dat
2014-01-10 07:09 - 2013-09-30 06:00 - 00124666 _____ C:\WINDOWS\system32\perfc008.dat
2014-01-10 07:09 - 2013-02-18 01:50 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-270295129-2282726740-3210521811-1001
2014-01-10 07:06 - 2013-11-08 02:00 - 01982620 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-10 07:06 - 2013-05-27 23:11 - 00000000 ___RD C:\Users\ap\Dropbox
2014-01-10 07:06 - 2013-05-27 23:07 - 00000000 ____D C:\Users\ap\AppData\Roaming\Dropbox
2014-01-10 07:06 - 2013-02-18 02:42 - 00002209 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-10 07:06 - 2013-02-18 01:37 - 00000000 ___RD C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-10 07:05 - 2014-01-10 07:05 - 00001060 _____ C:\Users\ap\Desktop\Dropbox.lnk
2014-01-10 07:05 - 2013-11-09 14:26 - 00003956 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6B72A04F-3E8C-4A75-981D-120C9098A3D7}
2014-01-10 07:05 - 2013-05-27 23:08 - 00000000 ____D C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-10 07:04 - 2014-01-10 07:04 - 00000095 _____ C:\Users\ap\.accessibility.properties
2014-01-10 07:04 - 2013-12-13 18:31 - 00002355 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-01-10 07:04 - 2013-10-17 23:59 - 00000000 __RDO C:\Users\ap\SkyDrive
2014-01-10 07:04 - 2013-10-17 22:50 - 00000000 ____D C:\Users\ap
2014-01-10 07:04 - 2013-10-17 22:47 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-10 07:04 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-10 07:04 - 2013-02-18 02:41 - 00001194 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-10 07:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-10 06:51 - 2014-01-10 06:50 - 00045283 _____ C:\Addition.txt
2014-01-10 06:51 - 2014-01-10 06:49 - 00050106 _____ C:\FRST.txt
2014-01-10 06:37 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2014-01-10 06:23 - 2014-01-10 06:17 - 00000000 ____D C:\Program Files (x86)\Advanced Fix 2013
2014-01-10 06:22 - 2013-02-18 02:41 - 00001198 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-10 06:20 - 2013-02-18 02:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-10 06:16 - 2014-01-10 06:15 - 06657112 _____ (Advanced Fix, Inc.                                          ) C:\Users\ap\Downloads\WUtilities_AF_Repair_Setup.exe
2014-01-10 05:51 - 2014-01-10 05:51 - 00044170 _____ C:\Users\Public\Documents\SIGVERIF.TXT
2014-01-10 05:51 - 2014-01-10 05:51 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-10 05:51 - 2014-01-10 05:51 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-10 05:40 - 2013-12-11 01:04 - 00000258 _____ C:\WINDOWS\Tasks\ASC7_SkipUac_ap.job
2014-01-10 05:39 - 2014-01-10 05:39 - 00001086 _____ C:\WINDOWS\PFRO.log
2014-01-10 05:21 - 2013-12-11 01:04 - 00002233 _____ C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-01-10 05:21 - 2013-03-05 02:59 - 00647680 ___SH C:\Users\ap\Desktop\Thumbs.db
2014-01-10 05:05 - 2014-01-10 04:00 - 277151744 _____ C:\WDO_Media64.iso
2014-01-10 04:04 - 2014-01-10 04:04 - 00000000 ____D C:\Users\ap\Documents\Fax
2014-01-10 03:59 - 2014-01-10 03:59 - 00860176 _____ (Microsoft Corporation) C:\Users\ap\Downloads\mssstool64(1).exe
2014-01-10 03:58 - 2014-01-10 03:58 - 00845328 _____ (Microsoft Corporation) C:\Users\ap\Downloads\mssstool64.exe
2014-01-10 03:43 - 2014-01-10 03:43 - 00000000 ____H C:\Users\ap\Documents\Default.rdp
2014-01-10 03:41 - 2013-02-24 04:29 - 00007605 _____ C:\Users\ap\AppData\Local\resmon.resmoncfg
2014-01-10 02:31 - 2013-02-21 03:56 - 00000000 ____D C:\Users\ap\Desktop\tor
2014-01-10 02:26 - 2013-12-10 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-10 02:26 - 2013-09-21 20:47 - 00000000 ____D C:\Program Files\Bonjour
2014-01-10 02:05 - 2014-01-04 14:51 - 00001770 _____ C:\Users\ap\Desktop\KMSpico.lnk
2014-01-10 01:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-10 01:32 - 2014-01-10 01:32 - 00003154 _____ C:\WINDOWS\System32\Tasks\StartMenuAutoupdate
2014-01-10 01:32 - 2014-01-10 01:32 - 00002075 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2014-01-10 01:32 - 2013-03-09 04:58 - 00000000 ____D C:\Program Files (x86)\IObit
2014-01-10 01:29 - 2014-01-10 01:29 - 00002187 _____ C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Windows 8 Manager.lnk
2014-01-10 01:29 - 2014-01-10 01:29 - 00002176 _____ C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Windows 8 Manager 1-Click Cleaner.lnk
2014-01-10 01:29 - 2014-01-10 01:29 - 00002163 _____ C:\Users\ap\Desktop\Windows 8 Manager.lnk
2014-01-10 01:29 - 2014-01-10 01:29 - 00002152 _____ C:\Users\ap\Desktop\1-Click Cleaner.lnk
2014-01-10 01:29 - 2014-01-10 01:29 - 00002148 _____ C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Windows 8 Manager Live Update.lnk
2014-01-10 01:29 - 2014-01-10 01:29 - 00001209 _____ C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Windows 8 Manager Store App Settings.lnk
2014-01-10 01:29 - 2014-01-10 01:29 - 00000000 ____D C:\Program Files\Yamicsoft
2014-01-10 01:17 - 2013-02-18 01:51 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-10 01:03 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-08 23:36 - 2013-09-28 16:24 - 00000000 ____D C:\Users\ap\AppData\Roaming\vlc
2014-01-07 02:10 - 2014-01-07 02:10 - 00142389 _____ C:\Users\ap\Downloads\About_Time_2013_BRRip_XviD_AC3-SANTi[SuperNova_Team].avi.torrent
2014-01-07 02:07 - 2014-01-07 02:07 - 00014617 _____ C:\Users\ap\Downloads\Despicable.Me.2.2013.720p.BluRay.DD5.1.x264-HiDt_(Greek_Audio).torrent
2014-01-07 02:02 - 2014-01-07 02:02 - 00015180 _____ C:\Users\ap\Downloads\Despicable_Me_2_DVDRip_x264_-_AC3_[cecilaris3].torrent
2014-01-07 01:48 - 2013-12-06 11:18 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2014-01-07 01:46 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2014-01-06 18:11 - 2013-03-06 17:58 - 00000000 ____D C:\Program Files (x86)\ABBYY PDF Transformer 2.0
2014-01-04 14:54 - 2014-01-04 14:54 - 00000000 ____D C:\WINDOWS\pss
2014-01-04 14:51 - 2014-01-04 13:19 - 00000000 ____D C:\Program Files\KMSpico
2014-01-04 14:37 - 2014-01-04 14:37 - 91594752 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2014-01-04 14:37 - 2014-01-04 14:37 - 05218304 _____ C:\WINDOWS\system32\config\DRIVERS.iobit
2014-01-04 14:37 - 2014-01-04 14:37 - 00409600 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2014-01-04 14:37 - 2014-01-04 14:37 - 00073728 _____ C:\WINDOWS\system32\config\SAM.iobit
2014-01-04 14:37 - 2014-01-04 14:37 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2014-01-04 14:36 - 2014-01-04 14:15 - 00000000 ____D C:\Program Files\TAP-Windows
2014-01-04 14:15 - 2014-01-04 14:15 - 00003698 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2013-12-30 18:30 - 2013-11-10 18:25 - 00004954 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for LIVINGROOM-ap livingroom
2013-12-28 14:03 - 2013-12-28 14:03 - 03707864 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2013-12-28 14:03 - 2013-12-28 14:03 - 02810072 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2013-12-28 14:03 - 2013-12-28 14:03 - 02587864 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
2013-12-28 14:03 - 2013-12-28 14:03 - 02103040 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2013-12-28 14:03 - 2013-12-28 14:03 - 01286360 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2013-12-28 14:03 - 2013-12-28 14:03 - 01021656 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2013-12-28 14:03 - 2013-12-28 14:03 - 00681905 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2013-12-28 14:03 - 2013-12-28 14:03 - 00617176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2013-12-28 14:03 - 2013-12-28 14:03 - 00153304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2013-12-28 14:03 - 2013-12-28 14:03 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2013-12-28 14:03 - 2013-11-09 13:31 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2013-12-28 14:02 - 2013-12-28 14:02 - 02036992 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2013-12-28 14:02 - 2013-12-28 14:02 - 01012992 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2013-12-28 14:02 - 2013-12-28 14:02 - 00209096 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2013-12-28 14:02 - 2013-12-28 14:02 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2013-12-28 13:48 - 2013-03-09 04:59 - 00000000 ____D C:\ProgramData\IObit
2013-12-25 21:37 - 2013-12-25 21:37 - 00048875 _____ C:\Users\ap\Downloads\[kickass.to]the.conspirator.2010.1080p.mkv.ac3.dts.eng.nl.subs.dmt.torrent
2013-12-16 23:26 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-16 20:34 - 2013-11-09 17:04 - 00000876 _____ C:\Users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-12-16 18:24 - 2013-12-16 18:24 - 00002238 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-16 18:24 - 2013-02-18 02:41 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-16 17:52 - 2013-08-22 16:44 - 05111392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-16 17:49 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-16 17:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-16 17:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-16 17:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-16 17:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-14 23:24 - 2013-08-15 01:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-14 23:21 - 2013-02-18 02:06 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-14 17:03 - 2013-02-18 03:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-14 16:32 - 2013-12-14 16:32 - 00002259 _____ C:\WINDOWS\epplauncher.mif
2013-12-12 00:45 - 2013-12-12 00:45 - 00000000 ____D C:\Users\ap\Desktop\mytilini
2013-12-12 00:44 - 2013-11-10 11:55 - 00011264 ___SH C:\Users\ap\Downloads\Thumbs.db
2013-12-11 22:57 - 2013-12-11 22:57 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-12-11 01:07 - 2013-10-17 23:41 - 00000000 ___DC C:\WINDOWS\Panther
2013-12-11 01:06 - 2013-12-11 01:06 - 00000000 ____D C:\Users\ap\AppData\Local\Slick Savings
2013-12-11 01:04 - 2013-12-11 01:04 - 00003088 _____ C:\WINDOWS\System32\Tasks\ASC7_PerformanceMonitor
2013-12-11 01:04 - 2013-12-11 01:04 - 00002352 _____ C:\WINDOWS\System32\Tasks\ASC7_SkipUac_ap
2013-12-11 01:04 - 2013-12-11 01:04 - 00000000 ____D C:\ProgramData\ProductData
2013-12-11 01:04 - 2013-12-11 01:04 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-11 01:03 - 2013-03-09 04:59 - 00000000 ____D C:\Users\ap\AppData\Roaming\IObit

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-10 05:42

==================== End Of Log ============================

 

 

 

 

 

After that i downloaded : fixlist.txt and then i tried to fix my system with : FRST.exe

 

In my case the file Fixlog.txt is following:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-01-2014
Ran by ap at 2014-01-10 06:57:34 Run:1
Running from C:\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [AdobeBridge]  [x]
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
S3 X6va005; \??\C:\Users\Eric\AppData\Local\Temp\00567A3.tmp [x]
C:\$Recycle.Bin\S-1-5-21-2891775198-2259670834-2021801430-1000\$24259f051bfa2873771adafb081962a2
C:\$Recycle.Bin\S-1-5-18\$24259f051bfa2873771adafb081962a2
cmd: dir /s /a:l "c:\Program files"
cmd: dir /a/b "c:\Program files"
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU\...\Run: [AdobeBridge]  [x] => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
X6va005 => Service not found.
"C:\$Recycle.Bin\S-1-5-21-2891775198-2259670834-2021801430-1000\$24259f051bfa2873771adafb081962a2" => File/Directory not found.
"C:\$Recycle.Bin\S-1-5-18\$24259f051bfa2873771adafb081962a2" => File/Directory not found.

=========  dir /s /a:l "c:\Program files" =========

 Volume in drive C has no label.
 Volume Serial Number is 9473-34E3
File Not Found

========= End of CMD: =========


=========  dir /a/b "c:\Program files" =========

Autodesk
Bonjour
Canon
CanonBJ
CCleaner
Common Files
desktop.ini
HitmanPro
Hyper-V
Internet Explorer
iPod
iTunes
KMSpico
Lavasoft
MediaInfo
Microsoft Analysis Services
Microsoft Mouse and Keyboard Center
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server
Microsoft SQL Server Compact Edition
Microsoft Synchronization Services
Microsoft.NET
MSBuild
NVIDIA Corporation
OO Software
Realtek
Reference Assemblies
TAP-Windows
Unlocker
uTorrent
VS Revo Group
Windows Defender
Windows Journal
Windows Mail
Windows Media Player
Windows Multimedia Platform
Windows NT
Windows Photo Viewer
Windows Portable Devices
WindowsApps
WinRAR
Yamicsoft

========= End of CMD: =========


==== End of Fixlog ====

 

 

After that i try to enable again Windows defender, but nothing happed (still disable and points to "C:\Windows\system32\config)".

 

Have you any idea what is wrong?

Can anyone help me?

thank you

 



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:02 AM

Posted 14 January 2014 - 10:46 PM

Hello,

 

You have the same problem as the one described here..

 

Try the following solution and let me know about the results.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 tubeki

tubeki
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 17 January 2014 - 08:15 PM

i' ve tried to fix the problem following the solution the topic "Windows Defender will not turn on",

In cmd admin i tried:

sc start WinDefend enable

 

but it didn't help me.

 

Cmd : [SC] StartService FAILED 577

 

What is this error?



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:02 AM

Posted 18 January 2014 - 05:09 AM

Hi,

 

Go ahead and uninstall Ad-Aware Antivirus, restart the computer and try again.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:02 AM

Posted 30 January 2014 - 09:28 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users