Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected by ipjack.dll, i can't surf if delete it


  • This topic is locked This topic is locked
8 replies to this topic

#1 spidamonkee

spidamonkee

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 26 May 2014 - 03:51 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16843  BrowserJavaVersion: 10.51.2
Run by Moon at 3:41:04 on 2014-05-27
Microsoft Windows 7 Ultimate   6.1.7601.1.874.66.1033.18.3957.1725 [GMT 7:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\Program Files (x86)\Garena Plus\ggdllhost.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Moon\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Moon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Moon\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\NetLimiter 3\NLClientApp.exe
C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\NetLimiter 3\NLClientApp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.th/
mStart Page = about:blank
uProxyServer = localhost:8080
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Moon\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
uRun: [Akamai NetSession Interface] "C:\Users\Moon\AppData\Local\Akamai\netsession_win.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\Users\Moon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Moon\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: TaskbarNoNotification = dword:0
uPolicies-Explorer: NoCDBurning = dword:1
uPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoCustomizeThisFolder = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoVirtMemPage = dword:0
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
IE: Download all videos by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
IE: Download current video by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: LastPass - C:\Users\Moon\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Moon\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: C:\Downloads\Game\IP Jack\ipjack.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: dell.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {27AD4028-716B-4383-B8FA-A94C6CFCEC37} - hxxp://btr.gg.in.th/Spec1/ActiveX/WZOBCmnCtrl.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{015EE375-1F7A-4189-8290-1BCF55617260} : NameServer = 8.8.4.4,8.8.8.8,
TCP: Interfaces\{015EE375-1F7A-4189-8290-1BCF55617260} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{015EE375-1F7A-4189-8290-1BCF55617260}\430236F6666656560275966496 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{015EE375-1F7A-4189-8290-1BCF55617260}\430236F6666656560275966496 : DHCPNameServer = 192.168.5.1 203.144.207.49
TCP: Interfaces\{015EE375-1F7A-4189-8290-1BCF55617260}\45F445 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{015EE375-1F7A-4189-8290-1BCF55617260}\45F445 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{015EE375-1F7A-4189-8290-1BCF55617260}\47275756F586F6D65677966696F53707964616 : NameServer = 8.8.4.4,208.67.222.123
TCP: Interfaces\{015EE375-1F7A-4189-8290-1BCF55617260}\47275756F586F6D65677966696F53707964616 : DHCPNameServer = 203.144.206.29 203.144.206.49
TCP: Interfaces\{015EE375-1F7A-4189-8290-1BCF55617260}\9447071677E63786F607 : NameServer = 8.8.4.4,208.67.220.220,10.0.0.1
TCP: Interfaces\{015EE375-1F7A-4189-8290-1BCF55617260}\9447071677E63786F607 : DHCPNameServer = 68.168.98.196 8.8.8.8
TCP: Interfaces\{015EE375-1F7A-4189-8290-1BCF55617260}\A5978554C40313 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{015EE375-1F7A-4189-8290-1BCF55617260}\A5978554C40313 : DHCPNameServer = 110.164.252.222 110.164.252.223
TCP: Interfaces\{35C93F25-18FF-4E7E-AA1E-681AB4D2950F} : NameServer = 8.8.4.4,8.8.8.8,
TCP: Interfaces\{58426CBD-E737-4AA9-8012-B62158B4D6B2} : NameServer = 202.224.32.2,198.153.192.40
TCP: Interfaces\{782E2D61-D0C3-438A-8794-5ABB710FDC70} : NameServer = 8.8.4.4,8.8.8.8,10.0.0.1
TCP: Interfaces\{782E2D61-D0C3-438A-8794-5ABB710FDC70} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{E5F71AD3-B5A1-4261-98D2-35EFA0AC4530} : NameServer = 8.8.4.4,8.8.8.8,
TCP: Interfaces\{FF3EBAFB-CE96-42FD-90CF-3B0B0108CF90} : NameServer = 8.8.4.4,8.8.8.8,
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 111.95.184.153
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 111.95.184.153
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 111.95.184.153
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 111.95.184.153
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 111.95.184.153
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll
FF - plugin: C:\Users\Moon\AppData\Local\Fancy\npfancygame.dll
FF - plugin: C:\Users\Moon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.hpOld0 -
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=939fee65260446589c71f20e23d91469&tu=10G9y00Dt2D13P0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 98b6465000000000000000ffe5f71ad3
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16201
FF - user.js: extensions.zonealarm.vrsn - 1.8.29.17
FF - user.js: extensions.zonealarm.vrsni - 1.8.29.17
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.29.1711:50:09
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - NewUSR
FF - user.js: extensions.zonealarm.tlbrId - HFA5
FF - user.js: extensions.zonealarm.instlRef - ZLN123050166110832-1001
FF - user.js: extensions.zonealarm.dfltLng - EN
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=EN&gu=939fee65260446589c71f20e23d91469&tu=10G9y00Dt2D13P0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&gu=939fee65260446589c71f20e23d91469&tu=10G9y00Dt2D13P0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=EN&gu=939fee65260446589c71f20e23d91469&tu=10G9y00Dt2D13P0&sku=&tstsId=&ver=&
.
============= SERVICES / DRIVERS ===============
.
R0 GUBootStartup;GUBootStartup;C:\Windows\System32\drivers\GUBootStartup.sys [2014-5-17 20672]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-9-14 56208]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-1-29 21184]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [2013-10-21 93160]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [2013-10-21 102992]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-3-25 283064]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2014-3-29 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-7 239616]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\Windows\System32\BtwRSupportService.exe [2013-10-2 2253016]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744]
R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2014-3-2 105448]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-5-5 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-5-5 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-5-5 171928]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-3-25 5024576]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-9-11 2320920]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2013-9-11 20984]
R3 gzflt;gzflt;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [2013-7-17 138232]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2013-9-11 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2013-9-11 151936]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-9-11 74280]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2014-1-27 121416]
R3 NLNdisMP;NLNdisMP;C:\Windows\System32\drivers\nlndis.sys [2011-3-21 33416]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2014-3-2 35112]
S2 AHDDC2;Ashampoo HDD Control 2 Service; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-25 2175264]
S3 bcbtums;Bluetooth USB LD Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-8-9 170712]
S3 BRDriver64;BRDriver64;C:\ProgramData\BitRaider\BRDriver64.sys [2014-2-28 75048]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2014-2-27 477960]
S3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2013-8-9 166104]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-9-11 35104]
S3 DfSdkS;Defragmentation-Service; [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2014-2-25 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2014-2-25 9800]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2010-3-8 121800]
S3 hxsyol;hxsyol;C:\Winner\FFT\avital\hxsy64.sys [2014-5-6 86352]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\System32\drivers\nlndis.sys [2011-3-21 33416]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 SRS_HDAL_Service;HD Audio Lab;C:\Windows\System32\drivers\SRS_HDAL_amd64.sys [2010-11-15 533280]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\cmd.exe - HKCR\Unknown\Shell=C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,OpenAs_RunDLL %1 [UserChoice] [default=openas]
FileExt: .chm: PDFlite.Document="C:\Program Files (x86)\PDFlite\pdflite.exe" "%1"
.
=============== Created Last 30 ================
.
2014-05-26 20:12:31    761152    ----a-w-    C:\Windows\system\msvcr100.dll
2014-05-26 20:12:31    1467200    ----a-w-    C:\Windows\System32\msvcr100d.dll
2014-05-26 20:12:31    1467200    ----a-w-    C:\Windows\system\msvcr100d.dll
2014-05-26 19:38:39    --------    d-----w-    C:\Program Files (x86)\FileASSASSIN
2014-05-26 16:15:45    --------    d-----w-    C:\Users\Moon\AppData\Local\Funcom
2014-05-25 17:16:17    --------    d-----w-    C:\Users\Moon\AppData\Local\Postimage.org
2014-05-25 07:27:46    --------    d-----w-    C:\ProgramData\Orbit
2014-05-25 05:33:24    --------    d-----w-    C:\Program Files (x86)\Child of Light
2014-05-24 19:39:17    --------    d-----w-    C:\Program Files (x86)\Strife
2014-05-23 14:15:47    --------    d-----w-    C:\Program Files (x86)\True Digital Plus
2014-05-21 13:27:13    --------    d-----w-    C:\Program Files (x86)\Common Files\BioWare
2014-05-20 16:54:39    --------    d-----w-    C:\Users\Moon\AppData\Local\Wings of Prey
2014-05-20 16:54:02    --------    d-----w-    C:\Users\Moon\AppData\Local\WOP
2014-05-20 16:54:02    --------    d-----w-    C:\ProgramData\WOP
2014-05-20 14:36:34    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0798A997-0D62-4352-88F2-0538044076E9}\offreg.dll
2014-05-20 14:15:09    --------    d-----w-    C:\EDEN
2014-05-18 10:41:59    --------    d-----w-    C:\Program Files (x86)\GoodGames
2014-05-17 14:55:20    20672    ----a-w-    C:\Windows\System32\drivers\GUBootStartup.sys
2014-05-17 14:55:01    --------    d-----w-    C:\Program Files (x86)\Glary Utilities 5
2014-05-13 11:27:14    34304    ----a-w-    C:\Windows\System32\DfSdkBt.exe
2014-05-13 11:27:07    --------    d-----w-    C:\Program Files (x86)\Ashampoo
2014-05-13 10:58:10    --------    d-----w-    C:\Windows\SysWow64\BestPractices
2014-05-13 10:58:07    --------    d-----w-    C:\Windows\System32\BestPractices
2014-05-13 10:57:49    --------    d-----w-    C:\inetpub
2014-05-11 04:49:07    --------    d-----w-    C:\ProgramData\CheckPoint
2014-05-11 04:39:29    --------    d-----w-    C:\Users\Moon\AppData\Roaming\CrystalIdea Software
2014-05-08 22:09:11    --------    d-----w-    C:\ProgramData\BlueStacks
2014-05-08 22:08:30    --------    d-----w-    C:\ProgramData\BlueStacksSetup
2014-05-08 22:08:28    --------    d-----w-    C:\Users\Moon\AppData\Local\Bluestacks
2014-05-08 21:39:52    --------    d-----w-    C:\Users\Moon\AppData\Local\Locktime
2014-05-08 21:38:13    --------    d-----w-    C:\ProgramData\Locktime
2014-05-08 21:38:12    --------    d-----w-    C:\Program Files\NetLimiter 3
2014-05-07 23:49:48    10651704    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0798A997-0D62-4352-88F2-0538044076E9}\mpengine.dll
2014-05-07 21:18:15    --------    d-----w-    C:\Users\Moon\AppData\Local\DDMSettings
2014-05-07 21:02:34    --------    d-----w-    C:\Program Files\DivX
2014-05-07 21:00:50    --------    d-----w-    C:\Program Files (x86)\Common Files\DivX Shared
2014-05-07 20:53:31    --------    d-----w-    C:\Program Files (x86)\DivX
2014-05-07 20:49:48    --------    d-----w-    C:\ProgramData\DivX
2014-05-07 16:14:37    --------    d-----w-    C:\Users\Moon\AppData\Local\assembly
2014-05-07 16:14:07    --------    d-----w-    C:\ProgramData\regid.1995-08.com.techsmith
2014-05-07 16:13:57    --------    d-----w-    C:\Users\Moon\AppData\Local\TechSmith
2014-05-06 12:42:50    --------    d-----w-    C:\Users\Moon\AppData\Roaming\EverPlanet
2014-05-06 12:36:52    --------    d-----w-    C:\Program Files (x86)\AsiaSoft
2014-05-05 21:41:40    --------    d-----w-    C:\Winner
2014-05-05 11:57:18    21040    ----a-w-    C:\Windows\System32\sdnclean64.exe
2014-05-05 11:42:17    --------    d-----w-    C:\Program Files\VideoLAN
2014-05-05 11:41:34    20472    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\TeamViewer_PrintProcessor.dll
2014-05-04 19:58:30    --------    d-----w-    C:\Users\Moon\AppData\Roaming\FlashGetBHO
2014-05-04 19:58:26    --------    d-----w-    C:\Users\Moon\AppData\Roaming\FlashGet
2014-05-04 19:44:00    --------    d-----w-    C:\Users\Moon\AppData\Local\gtk-2.0
2014-05-04 02:38:48    --------    d-----w-    C:\Users\Moon\AppData\Roaming\Blizzard Entertainment
2014-05-03 20:27:21    --------    d-----w-    C:\Users\Moon\AppData\Roaming\EAC
2014-05-03 14:40:49    --------    d-----w-    C:\Program Files (x86)\osu!
2014-05-02 20:09:21    --------    d-----w-    C:\Program Files\MAXON
2014-05-02 20:05:03    --------    d-----w-    C:\Users\Moon\AppData\Roaming\MAXON
2014-05-02 20:04:52    --------    d-----w-    C:\Program Files (x86)\ReClock
2014-05-02 19:55:49    --------    d-----w-    C:\ProgramData\SVP 3.1
2014-05-02 19:55:49    --------    d-----w-    C:\Program Files (x86)\SVP
2014-05-02 13:30:49    --------    d-----w-    C:\Users\Moon\AppData\Local\Logitech
2014-05-01 21:18:09    --------    d-----w-    C:\Users\Moon\AppData\Roaming\Subtitle Edit
2014-05-01 21:18:09    --------    d-----w-    C:\Program Files (x86)\Subtitle Edit
2014-05-01 21:07:18    --------    d-----w-    C:\Users\Moon\MKVCleaver
2014-05-01 18:51:30    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2014-05-01 07:10:31    --------    d-----w-    C:\Users\Moon\AppData\Roaming\Need for Speed World
2014-04-30 21:30:10    --------    d-----w-    C:\Users\Moon\AppData\Local\Electronic_Arts_Inc
2014-04-29 04:16:08    --------    d-----w-    C:\Users\Moon\AppData\Local\The Witcher
2014-04-29 04:03:29    312480    ----a-w-    C:\Windows\System32\drivers\atksgt.sys
2014-04-29 04:03:28    43168    ----a-w-    C:\Windows\System32\drivers\lirsgt.sys
2014-04-28 15:17:43    --------    d-----w-    C:\Users\Moon\AppData\Roaming\The Creative Assembly
.
==================== Find3M  ====================
.
2014-05-14 14:54:43    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 14:54:43    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-22 11:11:10    466456    ----a-w-    C:\Windows\System32\wrap_oal.dll
2014-04-22 11:11:10    444952    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2014-04-22 11:11:10    122904    ----a-w-    C:\Windows\System32\OpenAL32.dll
2014-04-22 11:11:10    109080    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2014-04-16 03:02:58    354656    ----a-w-    C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2014-04-12 06:54:59    291488    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2014-04-12 06:54:59    291488    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2014-04-12 06:40:19    291488    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2014-04-12 06:36:57    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2014-04-07 18:53:17    14883840    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-03-31 02:35:08    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-03-29 10:34:20    0    ----a-w-    C:\Windows\ativpsrm.bin
2014-03-25 06:59:04    283064    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2014-03-17 14:40:09    4022504    ----a-w-    C:\Windows\SysWow64\SpoonUninstall.exe
2014-03-10 11:17:22    128288    ----a-w-    C:\Windows\System32\IObitSmartDefragExtension.dll
2014-02-27 11:19:12    119296    ----a-w-    C:\Windows\SysWow64\zlib.dll
.
============= FINISH:  3:41:14.89 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 PM

Posted 31 May 2014 - 07:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The ipjack.dll is in your Winsock you will loose internet if you just remove it.

LSP: C:\Downloads\Game\IP Jack\ipjack.dll

I should be able to give you a fix if you want to remove it completely.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

#3 spidamonkee

spidamonkee
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 02 June 2014 - 12:42 PM

Thanks for help.

FileAssassin can delete it and dosen't effect my system so i use it but i'm not sure for "dosen't effect".

 

And this FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by Moon (administrator) on MOON-PC on 03-06-2014 00:28:50
Running from C:\Downloads\Software
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc_IObitDel.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\cFosSpeed\cfosspeed.exe
(Akamai Technologies, Inc.) C:\Users\Moon\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Moon\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\Moon\AppData\Local\Akamai\netsession_win.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Tixati Software Inc.) C:\Program Files\tixati\tixati.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc_IObitDel.exe
(Trend Media Corporation Limited) C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe
(Amnis Technology Ltd.) C:\Program Files (x86)\PDFlite\pdflite.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [cFosSpeed] => C:\Program Files\cFosSpeed\cFosSpeed.exe [1587040 2013-04-19] (cFos Software GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-07] (Aeria Games & Entertainment)
HKLM\...\Policies\Explorer: [NoCustomizeThisFolder] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Moon\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-05-14] (Glarysoft Ltd)
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Run: [SandboxieControl] => "C:\Program Files\Sandboxie\SbieCtrl.exe"
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0x00000000
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoAddPrinter] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Moon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = th
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.th/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {4867270D-D1D6-4AF0-9EAE-565A18ABACEF} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {4867270D-D1D6-4AF0-9EAE-565A18ABACEF} URL = https://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Moon\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {27AD4028-716B-4383-B8FA-A94C6CFCEC37} http://btr.gg.in.th/Spec1/ActiveX/WZOBCmnCtrl.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{015EE375-1F7A-4189-8290-1BCF55617260}: [NameServer]8.8.4.4,8.8.8.8,
Tcpip\..\Interfaces\{35C93F25-18FF-4E7E-AA1E-681AB4D2950F}: [NameServer]8.8.4.4,8.8.8.8,
Tcpip\..\Interfaces\{58426CBD-E737-4AA9-8012-B62158B4D6B2}: [NameServer]202.224.32.2,198.153.192.40
Tcpip\..\Interfaces\{782E2D61-D0C3-438A-8794-5ABB710FDC70}: [NameServer]8.8.4.4,8.8.8.8,10.0.0.1
Tcpip\..\Interfaces\{E5F71AD3-B5A1-4261-98D2-35EFA0AC4530}: [NameServer]8.8.4.4,8.8.8.8,
Tcpip\..\Interfaces\{FF3EBAFB-CE96-42FD-90CF-3B0B0108CF90}: [NameServer]8.8.4.4,8.8.8.8,

FireFox:
========
FF ProfilePath: C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612
FF Homepage: about:home
FF NetworkProxy: "ftp", "111.95.184.153"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "111.95.184.153"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "111.95.184.153"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "socks", "111.95.184.153"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "111.95.184.153"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @fancyguo.com/FancyGame,version=1.0.0.1 - C:\Users\Moon\AppData\Local\Fancy\npfancygame.dll (Beijing FancyGuo Tech Ltd)
FF Plugin HKCU: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Moon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Xmarks - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\Extensions\foxmarks@kei.com [2014-05-17]
FF Extension: LastPass - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\Extensions\support@lastpass.com [2014-03-15]
FF Extension: Flashblock - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-03-25]
FF Extension: Flashget Downloader Extension - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\Extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2014-05-06]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\Extensions\adblockpopups@jessehakanen.net.xpi [2014-03-12]
FF Extension: Integrated Google Calendar - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\Extensions\intgcal@egarracingteam.com.ar.xpi [2014-04-19]
FF Extension: Search in YouTube - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\Extensions\searchyoutube@searchyoutube.fr.xpi [2014-04-24]
FF Extension: FlashGot - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-03-25]

Chrome:
=======
CHR HomePage:
CHR StartupUrls: ""
CHR DefaultSearchKeyword: google.co.th
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2014-05-05]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-04-06]
CHR Extension: (Adblock Plus) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-10]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2014-04-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-03-10]
CHR Extension: (Referer Control) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcfpcejkafcihlgbojoidoihckciin [2014-03-10]
CHR Extension: (Aqua Planet) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfobnmhjmjkgojmfldhnkmfcdjjakhb [2014-03-10]
CHR Extension: (Download Master) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2014-03-10]
CHR Extension: (RSS Subscription Extension (โดย Google)) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-03-10]
CHR Extension: (Google Wallet) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14]
CHR Extension: (Band Stars) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pheefoolfafhhpdkpdkjpganobgachop [2014-03-10]

==================== Services (Whitelisted) =================

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2253016 2013-10-02] (Broadcom Corporation.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-02-27] (BitRaider, LLC)
R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [480096 2013-04-19] (cFos Software GmbH)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-05-27] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S3 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-12] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.)
S2 AHDDC2; No ImagePath
S3 DfSdkS; No ImagePath
R2 SbieSvc; "C:\Program Files\Sandboxie\SbieSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2014-04-29] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2013-10-21] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2013-10-21] (BitDefender LLC)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-02-28] (BitRaider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-25] (Disc Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] ()
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-05-17] (Glarysoft Ltd)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [138232 2013-07-17] (BitDefender LLC)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 hxsyol; C:\Winner\FFT\avital\hxsy64.sys [86352 2014-05-06] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-04-29] ()
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
S3 sclbl; No ImagePath
S3 SDGame; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
S3 SRS_HDAL_Service; C:\Windows\System32\drivers\SRS_HDAL_amd64.sys [533280 2010-11-15] ()
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
S3 ANAMp50a64; System32\Drivers\ANAMp50a64.sys [X]
S3 ANASp50a64; System32\Drivers\ANASp50a64.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]
R3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
R3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-03 00:28 - 2014-06-03 00:28 - 00000000 ____D () C:\FRST
2014-06-03 00:27 - 2014-06-03 00:27 - 00003103 _____ () C:\Users\Moon\Desktop\AdwCleaner[R0].txt
2014-06-03 00:26 - 2014-06-03 00:27 - 00000000 ____D () C:\AdwCleaner
2014-06-02 04:38 - 2014-06-02 04:39 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\FiestaOnline
2014-05-31 05:06 - 2014-05-31 05:06 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud
2014-05-31 05:06 - 2014-05-31 05:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud
2014-05-29 18:20 - 2014-05-29 18:20 - 00001784 _____ () C:\Users\Moon\Desktop\ACDSeePro3 - Shortcut.lnk
2014-05-29 08:19 - 2014-06-02 17:39 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Moon
2014-05-29 08:17 - 2014-06-02 21:23 - 00000560 _____ () C:\Windows\setupact.log
2014-05-29 08:17 - 2014-06-02 17:38 - 00001484 _____ () C:\Windows\PFRO.log
2014-05-29 08:17 - 2014-05-29 08:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-29 01:09 - 2014-05-29 01:09 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\WizardWars
2014-05-28 23:02 - 2014-05-28 23:02 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Malwarebytes
2014-05-28 23:02 - 2014-05-28 23:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-28 23:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 22:54 - 2014-05-28 23:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 21:30 - 2014-05-28 21:30 - 00003126 _____ () C:\Windows\System32\Tasks\{E5D3A9C5-8E99-4A06-BBD7-E45118B0E8D8}
2014-05-28 21:12 - 2014-05-28 21:12 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-27 18:55 - 2014-06-03 00:09 - 00002834 _____ () C:\Windows\Sandboxie.ini
2014-05-27 18:54 - 2014-06-03 00:24 - 00000000 ____D () C:\Program Files\Sandboxie
2014-05-27 18:54 - 2014-05-29 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-05-27 17:54 - 2014-05-27 17:54 - 00000276 ____H () C:\Windows\SbiePst.dat
2014-05-27 17:44 - 2014-05-27 17:44 - 00000000 ___RD () C:\Sandbox
2014-05-27 13:15 - 2014-06-03 00:26 - 00049963 _____ () C:\Windows\WindowsUpdate.log
2014-05-27 05:30 - 2014-05-27 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cFosSpeed Traffic Shaping
2014-05-27 05:30 - 2014-05-27 05:30 - 00000000 ____D () C:\Program Files\cFosSpeed
2014-05-27 05:30 - 2013-04-19 16:46 - 01736544 _____ (cFos Software GmbH) C:\Windows\system32\Drivers\cfosspeed6.sys
2014-05-27 05:20 - 2014-05-27 05:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-05-27 03:18 - 2014-05-27 03:41 - 00029414 _____ () C:\Users\Moon\Desktop\dds.txt
2014-05-27 03:18 - 2014-05-27 03:41 - 00010039 _____ () C:\Users\Moon\Desktop\attach.txt
2014-05-27 03:12 - 2010-05-12 09:42 - 01467200 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100d.dll
2014-05-27 03:12 - 2010-05-12 09:42 - 01467200 _____ (Microsoft Corporation) C:\Windows\system\msvcr100d.dll
2014-05-27 03:12 - 2009-08-24 11:15 - 00761152 _____ (Microsoft Corporation) C:\Windows\system\msvcr100.dll
2014-05-27 02:38 - 2014-05-27 05:20 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2014-05-26 23:15 - 2014-05-26 23:15 - 00000000 ____D () C:\Users\Moon\AppData\Local\Funcom
2014-05-26 00:16 - 2014-05-26 00:16 - 00000000 ____D () C:\Users\Moon\AppData\Local\Postimage.org
2014-05-25 23:43 - 2014-03-26 23:43 - 00000032 ____R () C:\ProgramData\hash.dat
2014-05-25 23:30 - 2014-05-25 23:31 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-25 14:27 - 2014-05-25 14:27 - 00000000 ____D () C:\ProgramData\Orbit
2014-05-25 02:48 - 2014-05-25 02:48 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-05-25 02:39 - 2014-05-25 02:39 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-05-23 21:15 - 2014-05-29 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOODGAMES ONLINE
2014-05-23 21:15 - 2014-05-23 21:15 - 00000000 ____D () C:\Program Files (x86)\True Digital Plus
2014-05-22 20:31 - 2014-05-25 22:28 - 00001456 _____ () C:\Users\Moon\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-05-20 23:54 - 2014-05-20 23:54 - 00000000 ____D () C:\Users\Moon\AppData\Local\WOP
2014-05-20 23:54 - 2014-05-20 23:54 - 00000000 ____D () C:\Users\Moon\AppData\Local\Wings of Prey
2014-05-20 23:54 - 2014-05-20 23:54 - 00000000 ____D () C:\ProgramData\WOP
2014-05-20 21:15 - 2014-05-20 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EDEN
2014-05-20 21:15 - 2014-05-20 21:15 - 00000000 ____D () C:\EDEN
2014-05-18 17:41 - 2014-05-18 17:41 - 00000000 ____D () C:\Program Files (x86)\GoodGames
2014-05-17 21:55 - 2014-06-02 17:38 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-05-17 21:55 - 2014-05-29 04:56 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-05-17 21:55 - 2014-05-17 21:55 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-05-17 21:55 - 2014-05-17 21:55 - 00002622 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-05-17 21:55 - 2014-05-17 21:55 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-05-17 21:55 - 2014-05-17 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-05-13 18:27 - 2009-08-24 21:13 - 00034304 _____ (mst software GmbH, Germany) C:\Windows\system32\DfSdkBt.exe
2014-05-13 17:58 - 2014-05-13 17:58 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-05-13 17:58 - 2014-05-13 17:58 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-05-13 17:57 - 2014-05-13 17:57 - 00000000 ____D () C:\inetpub
2014-05-11 11:50 - 2014-05-18 21:40 - 00000514 _____ () C:\Users\Moon\AppData\Roaming\burnaware.ini
2014-05-11 11:49 - 2014-05-11 11:49 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-05-11 11:48 - 2014-05-29 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2014-05-11 11:39 - 2014-05-11 11:39 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\CrystalIdea Software
2014-05-10 09:04 - 2014-05-13 18:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 05:09 - 2014-05-09 05:09 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-09 05:08 - 2014-05-09 05:15 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-05-09 05:08 - 2014-05-09 05:08 - 00000000 ____D () C:\Users\Moon\AppData\Local\Bluestacks
2014-05-09 04:39 - 2014-05-13 14:47 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetLimiter 3
2014-05-09 04:39 - 2014-05-09 04:39 - 00000000 ____D () C:\Users\Moon\AppData\Local\Locktime
2014-05-09 04:38 - 2014-05-13 14:45 - 00000000 ____D () C:\Program Files\NetLimiter 3
2014-05-09 04:38 - 2014-05-09 04:38 - 00000000 ____D () C:\ProgramData\Locktime
2014-05-08 04:18 - 2014-05-08 04:18 - 00000000 ____D () C:\Users\Moon\AppData\Local\DDMSettings
2014-05-08 04:02 - 2014-05-08 04:02 - 00000000 ____D () C:\Program Files\DivX
2014-05-08 04:01 - 2014-05-08 04:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-08 03:53 - 2014-05-08 04:02 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-08 03:49 - 2014-05-08 04:02 - 00000000 ____D () C:\ProgramData\DivX
2014-05-07 23:14 - 2014-05-29 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-05-07 23:14 - 2014-05-07 23:14 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-05-07 23:13 - 2014-05-07 23:13 - 00000000 ____D () C:\Users\Moon\AppData\Local\TechSmith
2014-05-07 23:13 - 2014-05-07 23:13 - 00000000 ____D () C:\ProgramData\TechSmith
2014-05-07 23:13 - 2014-05-07 23:13 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-05-06 19:42 - 2014-05-06 19:42 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\EverPlanet
2014-05-06 19:41 - 2014-05-06 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AsiaSoft
2014-05-06 19:36 - 2014-05-06 19:36 - 00000000 ____D () C:\Program Files (x86)\AsiaSoft
2014-05-06 04:41 - 2014-05-06 04:41 - 00000000 ____D () C:\Winner
2014-05-05 18:43 - 2014-05-29 00:20 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-05 18:42 - 2014-05-05 18:42 - 00000000 ____D () C:\Program Files\VideoLAN
2014-05-05 18:41 - 2014-05-05 18:41 - 00003094 _____ () C:\Windows\System32\Tasks\Process Lasso Core Engine Only
2014-05-05 18:41 - 2014-05-05 18:41 - 00003088 _____ () C:\Windows\System32\Tasks\Process Lasso Management Console (GUI)
2014-05-05 18:41 - 2014-05-05 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
2014-05-05 04:01 - 2014-05-09 04:06 - 00004114 _____ () C:\Windows\SysWOW64\secushr.dat
2014-05-05 02:58 - 2014-05-05 02:58 - 00001480 _____ () C:\Users\Moon\Desktop\FlashGet downloads.lnk
2014-05-05 02:58 - 2014-05-05 02:58 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
2014-05-05 02:58 - 2014-05-05 02:58 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\FlashGetBHO
2014-05-05 02:58 - 2014-05-05 02:58 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\FlashGet
2014-05-05 02:58 - 2014-05-05 02:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
2014-05-05 02:44 - 2014-05-05 02:44 - 00000218 _____ () C:\Users\Moon\AppData\Local\recently-used.xbel
2014-05-05 02:44 - 2014-05-05 02:44 - 00000000 ____D () C:\Users\Moon\AppData\Local\gtk-2.0
2014-05-04 19:58 - 2014-05-13 13:46 - 00000132 _____ () C:\Users\Moon\AppData\Roaming\Adobe Targa Format CS6 Prefs
2014-05-04 09:38 - 2014-05-04 09:38 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Blizzard Entertainment
2014-05-04 03:27 - 2014-05-04 03:27 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\EAC

==================== One Month Modified Files and Folders =======

2014-06-03 00:29 - 2013-09-10 23:49 - 00000000 ____D () C:\Users\Moon\AppData\Local\Temp
2014-06-03 00:28 - 2014-06-03 00:28 - 00000000 ____D () C:\FRST
2014-06-03 00:27 - 2014-06-03 00:27 - 00003103 _____ () C:\Users\Moon\Desktop\AdwCleaner[R0].txt
2014-06-03 00:27 - 2014-06-03 00:26 - 00000000 ____D () C:\AdwCleaner
2014-06-03 00:26 - 2014-05-27 13:15 - 00049963 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 00:26 - 2013-09-11 00:30 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\tixati
2014-06-03 00:24 - 2014-05-27 18:54 - 00000000 ____D () C:\Program Files\Sandboxie
2014-06-03 00:12 - 2014-03-19 22:34 - 00000336 _____ () C:\Windows\SysWOW64\secustat.dat
2014-06-03 00:12 - 2014-03-19 04:57 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\BITS
2014-06-03 00:09 - 2014-05-27 18:55 - 00002834 _____ () C:\Windows\Sandboxie.ini
2014-06-02 23:54 - 2013-09-11 00:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-02 23:42 - 2009-07-14 11:45 - 00020864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 23:42 - 2009-07-14 11:45 - 00020864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 21:23 - 2014-05-29 08:17 - 00000560 _____ () C:\Windows\setupact.log
2014-06-02 21:23 - 2013-12-26 05:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-02 19:16 - 2014-01-29 09:00 - 00000000 ____D () C:\Users\Moon\AppData\Local\CrashDumps
2014-06-02 17:41 - 2013-09-03 16:05 - 00000000 ____D () C:\Users\Moon\Desktop\Game
2014-06-02 17:40 - 2014-01-14 19:59 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\DropboxMaster
2014-06-02 17:40 - 2013-09-10 23:56 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Dropbox
2014-06-02 17:39 - 2014-05-29 08:19 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Moon
2014-06-02 17:38 - 2014-05-29 08:17 - 00001484 _____ () C:\Windows\PFRO.log
2014-06-02 17:38 - 2014-05-17 21:55 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-06-02 17:38 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 04:39 - 2014-06-02 04:38 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\FiestaOnline
2014-06-02 00:09 - 2013-09-11 13:00 - 00000000 ____D () C:\Games
2014-06-02 00:08 - 2009-07-14 12:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-31 05:06 - 2014-05-31 05:06 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud
2014-05-31 05:06 - 2014-05-31 05:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud
2014-05-29 19:19 - 2014-04-13 19:01 - 00003814 _____ () C:\Users\Moon\AppData\Localtransition_569b2c4b9bcb90cf036714add3a312f6.ini
2014-05-29 18:20 - 2014-05-29 18:20 - 00001784 _____ () C:\Users\Moon\Desktop\ACDSeePro3 - Shortcut.lnk
2014-05-29 15:06 - 2013-09-11 13:00 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-05-29 15:06 - 2013-09-11 13:00 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-05-29 14:05 - 2014-04-26 18:04 - 00000000 ____D () C:\AeriaGames
2014-05-29 14:05 - 2013-10-24 17:20 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-05-29 08:17 - 2014-05-29 08:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-29 05:03 - 2014-05-27 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-05-29 05:03 - 2014-05-23 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOODGAMES ONLINE
2014-05-29 05:03 - 2014-05-11 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2014-05-29 05:03 - 2014-05-07 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-05-29 05:03 - 2014-05-02 04:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit
2014-05-29 05:03 - 2014-04-25 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-05-29 05:03 - 2014-01-21 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-05-29 05:03 - 2013-12-26 05:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-05-29 05:03 - 2013-11-13 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
2014-05-29 04:56 - 2014-05-17 21:55 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-05-29 01:09 - 2014-05-29 01:09 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\WizardWars
2014-05-29 01:09 - 2014-02-22 21:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-05-29 01:09 - 2013-09-15 15:41 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-29 00:20 - 2014-05-05 18:43 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-29 00:20 - 2014-03-11 20:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-28 23:02 - 2014-05-28 23:02 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Malwarebytes
2014-05-28 23:02 - 2014-05-28 23:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-28 23:02 - 2014-05-28 22:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 21:30 - 2014-05-28 21:30 - 00003126 _____ () C:\Windows\System32\Tasks\{E5D3A9C5-8E99-4A06-BBD7-E45118B0E8D8}
2014-05-28 21:19 - 2014-03-12 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-05-28 21:12 - 2014-05-28 21:12 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-28 17:36 - 2013-09-10 23:56 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-28 17:36 - 2013-09-10 23:50 - 00000000 ___RD () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-27 17:54 - 2014-05-27 17:54 - 00000276 ____H () C:\Windows\SbiePst.dat
2014-05-27 17:52 - 2014-05-03 21:40 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-05-27 17:44 - 2014-05-27 17:44 - 00000000 ___RD () C:\Sandbox
2014-05-27 14:19 - 2013-09-10 23:56 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\DAEMON Tools Lite
2014-05-27 05:30 - 2014-05-27 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cFosSpeed Traffic Shaping
2014-05-27 05:30 - 2014-05-27 05:30 - 00000000 ____D () C:\Program Files\cFosSpeed
2014-05-27 05:20 - 2014-05-27 05:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-05-27 05:20 - 2014-05-27 02:38 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2014-05-27 05:13 - 2013-11-02 20:50 - 00000400 __RSH () C:\ProgramData\ntuser.pol
2014-05-27 04:55 - 2013-09-25 12:32 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\foobar2000
2014-05-27 04:51 - 2009-07-14 12:13 - 00884460 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 04:43 - 2014-02-22 20:47 - 00000000 ____D () C:\Users\Moon\AppData\Local\Akamai
2014-05-27 04:37 - 2014-05-03 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReClock
2014-05-27 04:37 - 2014-05-02 01:51 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-27 03:41 - 2014-05-27 03:18 - 00029414 _____ () C:\Users\Moon\Desktop\dds.txt
2014-05-27 03:41 - 2014-05-27 03:18 - 00010039 _____ () C:\Users\Moon\Desktop\attach.txt
2014-05-27 03:12 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system
2014-05-27 03:00 - 2013-09-10 23:49 - 00000000 ____D () C:\Users\Moon
2014-05-27 02:59 - 2013-09-10 23:59 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-05-27 02:58 - 2013-09-11 00:23 - 00000000 ____D () C:\Users\Moon\AppData\Local\Mozilla
2014-05-27 02:58 - 2013-09-10 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-05-27 02:58 - 2013-09-10 23:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-27 02:58 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-27 02:58 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\registration
2014-05-27 02:28 - 2014-01-08 20:02 - 00000000 ____D () C:\Program Files\Key Metric Software
2014-05-27 02:22 - 2014-01-14 19:55 - 00002884 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-05-27 02:22 - 2013-11-25 19:12 - 00001256 _____ () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-05-27 02:13 - 2014-01-14 19:55 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\ProductData
2014-05-27 02:13 - 2013-11-25 19:12 - 00000000 ____D () C:\ProgramData\IObit
2014-05-27 02:13 - 2013-10-19 21:54 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GunboundWC
2014-05-27 02:13 - 2013-09-11 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-27 02:13 - 2013-09-11 00:27 - 00000000 ____D () C:\Program Files\Process Lasso
2014-05-27 02:13 - 2013-09-11 00:04 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\TeraCopy
2014-05-27 02:13 - 2013-09-10 23:56 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-05-27 02:11 - 2014-01-08 20:01 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Key Metric Software
2014-05-27 02:11 - 2013-09-11 00:27 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\ProcessLasso
2014-05-27 02:09 - 2013-09-11 10:26 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-27 01:55 - 2014-02-14 18:34 - 00007619 _____ () C:\Users\Moon\AppData\Local\Resmon.ResmonCfg
2014-05-26 23:39 - 2014-01-08 20:02 - 00000000 ____D () C:\ProgramData\2003-05.com.keymetricsoft
2014-05-26 23:15 - 2014-05-26 23:15 - 00000000 ____D () C:\Users\Moon\AppData\Local\Funcom
2014-05-26 03:19 - 2013-09-11 00:47 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Free Download Manager
2014-05-26 00:16 - 2014-05-26 00:16 - 00000000 ____D () C:\Users\Moon\AppData\Local\Postimage.org
2014-05-25 23:31 - 2014-05-25 23:30 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-25 23:31 - 2013-09-11 10:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-25 22:28 - 2014-05-22 20:31 - 00001456 _____ () C:\Users\Moon\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-05-25 14:27 - 2014-05-25 14:27 - 00000000 ____D () C:\ProgramData\Orbit
2014-05-25 02:48 - 2014-05-25 02:48 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-05-25 02:39 - 2014-05-25 02:39 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-05-23 21:15 - 2014-05-23 21:15 - 00000000 ____D () C:\Program Files (x86)\True Digital Plus
2014-05-23 18:43 - 2013-12-08 20:43 - 00000000 ____D () C:\ProgramData\AsiaSoft
2014-05-22 20:22 - 2013-11-13 23:45 - 00000000 ____D () C:\Users\Moon\AppData\Local\ACD Systems
2014-05-20 23:54 - 2014-05-20 23:54 - 00000000 ____D () C:\Users\Moon\AppData\Local\WOP
2014-05-20 23:54 - 2014-05-20 23:54 - 00000000 ____D () C:\Users\Moon\AppData\Local\Wings of Prey
2014-05-20 23:54 - 2014-05-20 23:54 - 00000000 ____D () C:\ProgramData\WOP
2014-05-20 21:15 - 2014-05-20 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EDEN
2014-05-20 21:15 - 2014-05-20 21:15 - 00000000 ____D () C:\EDEN
2014-05-20 21:15 - 2013-09-11 00:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-20 10:40 - 2009-07-14 12:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-19 12:42 - 2013-11-25 19:12 - 00000000 ____D () C:\ProgramData\ProductData
2014-05-18 22:37 - 2014-02-02 01:27 - 00000600 _____ () C:\Users\Moon\AppData\Roaming\winscp.rnd
2014-05-18 21:40 - 2014-05-11 11:50 - 00000514 _____ () C:\Users\Moon\AppData\Roaming\burnaware.ini
2014-05-18 17:41 - 2014-05-18 17:41 - 00000000 ____D () C:\Program Files (x86)\GoodGames
2014-05-17 21:55 - 2014-05-17 21:55 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-05-17 21:55 - 2014-05-17 21:55 - 00002622 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-05-17 21:55 - 2014-05-17 21:55 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-05-17 21:55 - 2014-05-17 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-05-17 21:55 - 2013-11-30 20:30 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-05-17 21:55 - 2013-11-30 20:22 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\GlarySoft
2014-05-16 20:14 - 2014-01-12 20:58 - 00000000 ____D () C:\Users\Moon\AppData\Local\Battle.net
2014-05-16 20:06 - 2014-01-13 21:16 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-05-14 21:54 - 2013-09-11 00:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 21:54 - 2013-09-11 00:33 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 21:54 - 2013-09-11 00:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 18:36 - 2013-09-14 23:40 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B945DB95-F7BE-48ED-9855-5667B6519722}
2014-05-13 18:31 - 2014-05-10 09:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-13 18:31 - 2013-11-03 23:04 - 00000000 ____D () C:\ProgramData\Xfire
2014-05-13 18:31 - 2013-10-29 19:32 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\GoodSync
2014-05-13 18:31 - 2013-10-03 15:33 - 00000000 ____D () C:\Windows\Minidump
2014-05-13 17:59 - 2013-09-11 10:50 - 00828384 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-13 17:58 - 2014-05-13 17:58 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-05-13 17:58 - 2014-05-13 17:58 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-05-13 17:58 - 2009-07-14 12:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-05-13 17:58 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-05-13 17:58 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-05-13 17:57 - 2014-05-13 17:57 - 00000000 ____D () C:\inetpub
2014-05-13 14:47 - 2014-05-09 04:39 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetLimiter 3
2014-05-13 14:45 - 2014-05-09 04:38 - 00000000 ____D () C:\Program Files\NetLimiter 3
2014-05-13 13:46 - 2014-05-04 19:58 - 00000132 _____ () C:\Users\Moon\AppData\Roaming\Adobe Targa Format CS6 Prefs
2014-05-13 13:27 - 2013-09-11 00:34 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Adobe
2014-05-11 18:14 - 2013-09-10 23:59 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Notepad++
2014-05-11 18:10 - 2014-03-10 19:28 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-11 18:10 - 2014-02-27 19:37 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-05-11 16:50 - 2014-01-12 20:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-11 13:02 - 2014-04-06 20:49 - 00000000 ____D () C:\Users\Moon\AppData\Local\Xmarks
2014-05-11 12:12 - 2009-07-14 11:45 - 05019184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-11 11:51 - 2009-07-14 09:34 - 00000426 _____ () C:\Windows\win.ini
2014-05-11 11:49 - 2014-05-11 11:49 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-05-11 11:48 - 2013-10-17 19:12 - 00000000 ____D () C:\Users\Moon\AppData\Local\Downloaded Installations
2014-05-11 11:41 - 2013-09-10 23:57 - 00104384 _____ () C:\Users\Moon\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-11 11:39 - 2014-05-11 11:39 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\CrystalIdea Software
2014-05-11 11:34 - 2014-03-17 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter
2014-05-10 16:40 - 2013-09-11 00:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 14:30 - 2013-09-11 14:42 - 00000000 ____D () C:\Windows\Panther
2014-05-09 05:15 - 2014-05-09 05:08 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-05-09 05:10 - 2009-07-14 10:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-09 05:09 - 2014-05-09 05:09 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-09 05:08 - 2014-05-09 05:08 - 00000000 ____D () C:\Users\Moon\AppData\Local\Bluestacks
2014-05-09 04:39 - 2014-05-09 04:39 - 00000000 ____D () C:\Users\Moon\AppData\Local\Locktime
2014-05-09 04:38 - 2014-05-09 04:38 - 00000000 ____D () C:\ProgramData\Locktime
2014-05-09 04:06 - 2014-05-05 04:01 - 00004114 _____ () C:\Windows\SysWOW64\secushr.dat
2014-05-08 04:18 - 2014-05-08 04:18 - 00000000 ____D () C:\Users\Moon\AppData\Local\DDMSettings
2014-05-08 04:02 - 2014-05-08 04:02 - 00000000 ____D () C:\Program Files\DivX
2014-05-08 04:02 - 2014-05-08 03:53 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-08 04:02 - 2014-05-08 03:49 - 00000000 ____D () C:\ProgramData\DivX
2014-05-08 04:02 - 2014-04-19 11:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-08 04:01 - 2014-05-08 04:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-08 03:50 - 2014-05-02 01:52 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\vlc
2014-05-07 23:14 - 2014-05-07 23:14 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-05-07 23:13 - 2014-05-07 23:13 - 00000000 ____D () C:\Users\Moon\AppData\Local\TechSmith
2014-05-07 23:13 - 2014-05-07 23:13 - 00000000 ____D () C:\ProgramData\TechSmith
2014-05-07 23:13 - 2014-05-07 23:13 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-05-07 18:15 - 2013-09-14 23:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 18:15 - 2013-09-14 23:45 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-06 22:15 - 2013-09-14 23:45 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 22:15 - 2013-09-14 23:45 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 19:42 - 2014-05-06 19:42 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\EverPlanet
2014-05-06 19:41 - 2014-05-06 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AsiaSoft
2014-05-06 19:36 - 2014-05-06 19:36 - 00000000 ____D () C:\Program Files (x86)\AsiaSoft
2014-05-06 04:57 - 2013-12-08 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winner
2014-05-06 04:41 - 2014-05-06 04:41 - 00000000 ____D () C:\Winner
2014-05-05 19:53 - 2013-12-19 19:39 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-05-05 18:42 - 2014-05-05 18:42 - 00000000 ____D () C:\Program Files\VideoLAN
2014-05-05 18:42 - 2014-04-19 11:08 - 00002102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-05-05 18:41 - 2014-05-05 18:41 - 00003094 _____ () C:\Windows\System32\Tasks\Process Lasso Core Engine Only
2014-05-05 18:41 - 2014-05-05 18:41 - 00003088 _____ () C:\Windows\System32\Tasks\Process Lasso Management Console (GUI)
2014-05-05 18:41 - 2014-05-05 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
2014-05-05 18:40 - 2014-04-07 17:17 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-05 18:40 - 2014-03-25 13:57 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-05 18:39 - 2014-03-19 02:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2014-05-05 18:39 - 2013-09-11 00:47 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-05-05 02:58 - 2014-05-05 02:58 - 00001480 _____ () C:\Users\Moon\Desktop\FlashGet downloads.lnk
2014-05-05 02:58 - 2014-05-05 02:58 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
2014-05-05 02:58 - 2014-05-05 02:58 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\FlashGetBHO
2014-05-05 02:58 - 2014-05-05 02:58 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\FlashGet
2014-05-05 02:58 - 2014-05-05 02:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
2014-05-05 02:58 - 2014-03-19 04:57 - 00000000 ____D () C:\Program Files (x86)\FlashGet Network
2014-05-05 02:44 - 2014-05-05 02:44 - 00000218 _____ () C:\Users\Moon\AppData\Local\recently-used.xbel
2014-05-05 02:44 - 2014-05-05 02:44 - 00000000 ____D () C:\Users\Moon\AppData\Local\gtk-2.0
2014-05-04 12:07 - 2014-04-29 11:16 - 00000000 ____D () C:\Users\Moon\AppData\Local\The Witcher
2014-05-04 09:38 - 2014-05-04 09:38 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Blizzard Entertainment
2014-05-04 03:27 - 2014-05-04 03:27 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\EAC
2014-05-04 01:05 - 2013-09-15 23:08 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\ImgBurn

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Moon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4tjrgc.dll
C:\Users\Moon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_f523b.dll
C:\Users\Moon\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Moon\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 11:35

==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 PM

Posted 02 June 2014 - 01:32 PM

For an unknown reason I do not see the Winsock in your FRST log.

===

Fix Winsock Manually on Windows 7

1. Open up the command line utility and enter:
(open the run box, type cmd in the search box click ok.

The DOS PROMPT WILL BE SEEN.

type the following at the prompt and hit the Enter key after each entry..

netsh winsock reset

netsh winsock reset catalog

netsh int ip reset reset.log


p.s. I think your can copy and paste each line at the DOS prompt. Hit the enter key.

When all done type EXIT hit the enter key.

Restart the computer normally.

How is it now?

#5 spidamonkee

spidamonkee
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 03 June 2014 - 07:32 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by Moon (administrator) on MOON-PC on 03-06-2014 19:08:01
Running from C:\Downloads\Software
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(tzuk) C:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\cFosSpeed\cfosspeed.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\Moon\AppData\Local\Akamai\netsession_win.exe
(tzuk) C:\Program Files\Sandboxie\SbieCtrl.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Moon\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
(Akamai Technologies, Inc.) C:\Users\Moon\AppData\Local\Akamai\netsession_win.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(LIGHTNING UK!) C:\Program Files (x86)\ImgBurn\ImgBurn.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [cFosSpeed] => C:\Program Files\cFosSpeed\cFosSpeed.exe [1587040 2013-04-19] (cFos Software GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-07] (Aeria Games & Entertainment)
HKLM\...\Policies\Explorer: [NoCustomizeThisFolder] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Moon\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai

Technologies, Inc.)
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-05-14] (Glarysoft Ltd)
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [576232 2010-07-04] (tzuk)
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0x00000000
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3158446351-2867527954-1733863695-1000\...\Policies\Explorer: [NoAddPrinter] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Moon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = th
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.th/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {4867270D-D1D6-4AF0-9EAE-565A18ABACEF} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {4867270D-D1D6-4AF0-9EAE-565A18ABACEF} URL = https://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA

94063)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Moon\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {27AD4028-716B-4383-B8FA-A94C6CFCEC37} http://btr.gg.in.th/Spec1/ActiveX/WZOBCmnCtrl.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{015EE375-1F7A-4189-8290-1BCF55617260}: [NameServer]8.8.4.4,8.8.8.8,
Tcpip\..\Interfaces\{35C93F25-18FF-4E7E-AA1E-681AB4D2950F}: [NameServer]8.8.4.4,8.8.8.8,
Tcpip\..\Interfaces\{58426CBD-E737-4AA9-8012-B62158B4D6B2}: [NameServer]202.224.32.2,198.153.192.40
Tcpip\..\Interfaces\{782E2D61-D0C3-438A-8794-5ABB710FDC70}: [NameServer]8.8.4.4,8.8.8.8,10.0.0.1
Tcpip\..\Interfaces\{E5F71AD3-B5A1-4261-98D2-35EFA0AC4530}: [NameServer]8.8.4.4,8.8.8.8,
Tcpip\..\Interfaces\{FF3EBAFB-CE96-42FD-90CF-3B0B0108CF90}: [NameServer]8.8.4.4,8.8.8.8,

FireFox:
========
FF ProfilePath: C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612
FF Homepage: about:home
FF NetworkProxy: "ftp", "111.95.184.153"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "111.95.184.153"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "111.95.184.153"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "socks", "111.95.184.153"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "111.95.184.153"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @fancyguo.com/FancyGame,version=1.0.0.1 - C:\Users\Moon\AppData\Local\Fancy\npfancygame.dll (Beijing FancyGuo Tech Ltd)
FF Plugin HKCU: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Moon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Xmarks - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\Extensions\foxmarks@kei.com [2014-05-17]
FF Extension: LastPass - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\Extensions\support@lastpass.com [2014-03-15]
FF Extension: Flashblock - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-03-25]
FF Extension: Flashget Downloader Extension - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\Extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}

[2014-05-06]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\Extensions\adblockpopups@jessehakanen.net.xpi [2014-03

-12]
FF Extension: Integrated Google Calendar - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\Extensions\intgcal@egarracingteam.com.ar.xpi [2014-04-

19]
FF Extension: Search in YouTube - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\Extensions\searchyoutube@searchyoutube.fr.xpi [2014-04-24]
FF Extension: FlashGot - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\qxpfzodl.default-1394543007612\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-03-25]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: google.co.th
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2014-05-05]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-04-06]
CHR Extension: (Adblock Plus) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-10]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2014-04-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-03-10]
CHR Extension: (Referer Control) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcfpcejkafcihlgbojoidoihckciin [2014-03-10]
CHR Extension: (Aqua Planet) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfobnmhjmjkgojmfldhnkmfcdjjakhb [2014-03-10]
CHR Extension: (Download Master) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2014-03-10]
CHR Extension: (RSS Subscription Extension (โดย Google)) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-03-10]
CHR Extension: (Google Wallet) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14]
CHR Extension: (Band Stars) - C:\Users\Moon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pheefoolfafhhpdkpdkjpganobgachop [2014-03-10]

==================== Services (Whitelisted) =================

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2253016 2013-10-02] (Broadcom Corporation.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-02-27] (BitRaider, LLC)
R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [480096 2013-04-19] (cFos Software GmbH)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-05-27] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S3 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-12] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [99048 2010-07-04] (tzuk)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.)
S2 AHDDC2; No ImagePath
S3 DfSdkS; No ImagePath

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2014-04-29] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2013-10-21] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2013-10-21] (BitDefender LLC)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-02-28] (BitRaider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-25] (Disc Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] ()
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-05-17] (Glarysoft Ltd)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [138232 2013-07-17] (BitDefender LLC)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 hxsyol; C:\Winner\FFT\avital\hxsy64.sys [86352 2014-05-06] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-04-29] ()
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [139880 2010-07-04] (tzuk)
S3 sclbl; No ImagePath
S3 SDGame; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
S3 SRS_HDAL_Service; C:\Windows\System32\drivers\SRS_HDAL_amd64.sys [533280 2010-11-15] ()
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
S3 ANAMp50a64; System32\Drivers\ANAMp50a64.sys [X]
S3 ANASp50a64; System32\Drivers\ANASp50a64.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-03 01:05 - 2014-06-03 03:36 - 00002316 _____ () C:\Windows\Sandboxie.ini
2014-06-03 01:05 - 2014-06-03 01:05 - 00000896 _____ () C:\Users\Moon\Desktop\Sandboxed Web Browser.lnk
2014-06-03 01:05 - 2014-06-03 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-06-03 00:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-03 00:30 - 2014-06-03 00:30 - 00054488 _____ () C:\Users\Moon\Desktop\FRST.txt
2014-06-03 00:30 - 2014-06-03 00:30 - 00050294 _____ () C:\Users\Moon\Desktop\Addition.txt
2014-06-03 00:28 - 2014-06-03 19:08 - 00000000 ____D () C:\FRST
2014-06-03 00:27 - 2014-06-03 00:27 - 00003103 _____ () C:\Users\Moon\Desktop\AdwCleaner[R0].txt
2014-06-03 00:26 - 2014-06-03 00:44 - 00000000 ____D () C:\AdwCleaner
2014-06-02 04:38 - 2014-06-02 04:39 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\FiestaOnline
2014-05-31 05:06 - 2014-05-31 05:06 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud
2014-05-31 05:06 - 2014-05-31 05:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud
2014-05-29 18:20 - 2014-05-29 18:20 - 00001784 _____ () C:\Users\Moon\Desktop\ACDSeePro3 - Shortcut.lnk
2014-05-29 08:19 - 2014-06-03 19:03 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Moon
2014-05-29 08:17 - 2014-06-03 19:02 - 00000728 _____ () C:\Windows\setupact.log
2014-05-29 08:17 - 2014-06-03 03:45 - 00006848 _____ () C:\Windows\PFRO.log
2014-05-29 08:17 - 2014-05-29 08:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-29 01:09 - 2014-05-29 01:09 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\WizardWars
2014-05-28 23:02 - 2014-05-28 23:02 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Malwarebytes
2014-05-28 23:02 - 2014-05-28 23:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-28 23:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 22:54 - 2014-05-28 23:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 21:30 - 2014-05-28 21:30 - 00003126 _____ () C:\Windows\System32\Tasks\{E5D3A9C5-8E99-4A06-BBD7-E45118B0E8D8}
2014-05-28 21:12 - 2014-05-28 21:12 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-27 18:54 - 2014-06-03 01:05 - 00000000 ____D () C:\Program Files\Sandboxie
2014-05-27 17:54 - 2014-05-27 17:54 - 00000276 ____H () C:\Windows\SbiePst.dat
2014-05-27 17:44 - 2014-05-27 17:44 - 00000000 ___RD () C:\Sandbox
2014-05-27 13:15 - 2014-06-03 04:02 - 00060890 _____ () C:\Windows\WindowsUpdate.log
2014-05-27 05:30 - 2014-05-27 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cFosSpeed Traffic Shaping
2014-05-27 05:30 - 2014-05-27 05:30 - 00000000 ____D () C:\Program Files\cFosSpeed
2014-05-27 05:30 - 2013-04-19 16:46 - 01736544 _____ (cFos Software GmbH) C:\Windows\system32\Drivers\cfosspeed6.sys
2014-05-27 05:20 - 2014-05-27 05:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-05-27 03:12 - 2010-05-12 09:42 - 01467200 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100d.dll
2014-05-27 03:12 - 2010-05-12 09:42 - 01467200 _____ (Microsoft Corporation) C:\Windows\system\msvcr100d.dll
2014-05-27 03:12 - 2009-08-24 11:15 - 00761152 _____ (Microsoft Corporation) C:\Windows\system\msvcr100.dll
2014-05-27 02:38 - 2014-05-27 05:20 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2014-05-26 23:15 - 2014-05-26 23:15 - 00000000 ____D () C:\Users\Moon\AppData\Local\Funcom
2014-05-26 00:16 - 2014-05-26 00:16 - 00000000 ____D () C:\Users\Moon\AppData\Local\Postimage.org
2014-05-25 23:43 - 2014-03-26 23:43 - 00000032 ____R () C:\ProgramData\hash.dat
2014-05-25 23:30 - 2014-05-25 23:31 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-25 14:27 - 2014-05-25 14:27 - 00000000 ____D () C:\ProgramData\Orbit
2014-05-25 02:48 - 2014-05-25 02:48 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-05-25 02:39 - 2014-05-25 02:39 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-05-23 21:15 - 2014-05-29 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOODGAMES ONLINE
2014-05-23 21:15 - 2014-05-23 21:15 - 00000000 ____D () C:\Program Files (x86)\True Digital Plus
2014-05-22 20:31 - 2014-05-25 22:28 - 00001456 _____ () C:\Users\Moon\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-05-20 23:54 - 2014-05-20 23:54 - 00000000 ____D () C:\Users\Moon\AppData\Local\WOP
2014-05-20 23:54 - 2014-05-20 23:54 - 00000000 ____D () C:\Users\Moon\AppData\Local\Wings of Prey
2014-05-20 23:54 - 2014-05-20 23:54 - 00000000 ____D () C:\ProgramData\WOP
2014-05-20 21:15 - 2014-05-20 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EDEN
2014-05-20 21:15 - 2014-05-20 21:15 - 00000000 ____D () C:\EDEN
2014-05-18 17:41 - 2014-05-18 17:41 - 00000000 ____D () C:\Program Files (x86)\GoodGames
2014-05-17 21:55 - 2014-06-03 19:03 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-05-17 21:55 - 2014-05-29 04:56 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-05-17 21:55 - 2014-05-17 21:55 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-05-17 21:55 - 2014-05-17 21:55 - 00002622 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-05-17 21:55 - 2014-05-17 21:55 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-05-17 21:55 - 2014-05-17 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-05-13 18:27 - 2009-08-24 21:13 - 00034304 _____ (mst software GmbH, Germany) C:\Windows\system32\DfSdkBt.exe
2014-05-13 17:58 - 2014-05-13 17:58 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-05-13 17:58 - 2014-05-13 17:58 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-05-13 17:57 - 2014-05-13 17:57 - 00000000 ____D () C:\inetpub
2014-05-11 11:50 - 2014-05-18 21:40 - 00000514 _____ () C:\Users\Moon\AppData\Roaming\burnaware.ini
2014-05-11 11:49 - 2014-05-11 11:49 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-05-11 11:48 - 2014-05-29 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2014-05-11 11:39 - 2014-05-11 11:39 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\CrystalIdea Software
2014-05-10 09:04 - 2014-05-13 18:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 05:09 - 2014-05-09 05:09 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-09 05:08 - 2014-05-09 05:15 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-05-09 05:08 - 2014-05-09 05:08 - 00000000 ____D () C:\Users\Moon\AppData\Local\Bluestacks
2014-05-09 04:39 - 2014-05-13 14:47 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetLimiter 3
2014-05-09 04:39 - 2014-05-09 04:39 - 00000000 ____D () C:\Users\Moon\AppData\Local\Locktime
2014-05-09 04:38 - 2014-05-13 14:45 - 00000000 ____D () C:\Program Files\NetLimiter 3
2014-05-09 04:38 - 2014-05-09 04:38 - 00000000 ____D () C:\ProgramData\Locktime
2014-05-08 04:18 - 2014-05-08 04:18 - 00000000 ____D () C:\Users\Moon\AppData\Local\DDMSettings
2014-05-08 04:02 - 2014-05-08 04:02 - 00000000 ____D () C:\Program Files\DivX
2014-05-08 04:01 - 2014-05-08 04:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-08 03:53 - 2014-05-08 04:02 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-08 03:49 - 2014-05-08 04:02 - 00000000 ____D () C:\ProgramData\DivX
2014-05-07 23:14 - 2014-05-29 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-05-07 23:14 - 2014-05-07 23:14 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-05-07 23:13 - 2014-05-07 23:13 - 00000000 ____D () C:\Users\Moon\AppData\Local\TechSmith
2014-05-07 23:13 - 2014-05-07 23:13 - 00000000 ____D () C:\ProgramData\TechSmith
2014-05-07 23:13 - 2014-05-07 23:13 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-05-06 19:42 - 2014-05-06 19:42 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\EverPlanet
2014-05-06 19:41 - 2014-05-06 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AsiaSoft
2014-05-06 19:36 - 2014-05-06 19:36 - 00000000 ____D () C:\Program Files (x86)\AsiaSoft
2014-05-06 04:41 - 2014-05-06 04:41 - 00000000 ____D () C:\Winner
2014-05-05 18:43 - 2014-05-29 00:20 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-05 18:42 - 2014-05-05 18:42 - 00000000 ____D () C:\Program Files\VideoLAN
2014-05-05 18:41 - 2014-05-05 18:41 - 00003094 _____ () C:\Windows\System32\Tasks\Process Lasso Core Engine Only
2014-05-05 18:41 - 2014-05-05 18:41 - 00003088 _____ () C:\Windows\System32\Tasks\Process Lasso Management Console (GUI)
2014-05-05 18:41 - 2014-05-05 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
2014-05-05 04:01 - 2014-05-09 04:06 - 00004114 _____ () C:\Windows\SysWOW64\secushr.dat
2014-05-05 02:58 - 2014-05-05 02:58 - 00001480 _____ () C:\Users\Moon\Desktop\FlashGet downloads.lnk
2014-05-05 02:58 - 2014-05-05 02:58 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
2014-05-05 02:58 - 2014-05-05 02:58 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\FlashGetBHO
2014-05-05 02:58 - 2014-05-05 02:58 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\FlashGet
2014-05-05 02:58 - 2014-05-05 02:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
2014-05-05 02:44 - 2014-05-05 02:44 - 00000218 _____ () C:\Users\Moon\AppData\Local\recently-used.xbel
2014-05-05 02:44 - 2014-05-05 02:44 - 00000000 ____D () C:\Users\Moon\AppData\Local\gtk-2.0
2014-05-04 19:58 - 2014-05-13 13:46 - 00000132 _____ () C:\Users\Moon\AppData\Roaming\Adobe Targa Format CS6 Prefs
2014-05-04 09:38 - 2014-05-04 09:38 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Blizzard Entertainment
2014-05-04 03:27 - 2014-05-04 03:27 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\EAC

==================== One Month Modified Files and Folders =======

2014-06-03 19:08 - 2014-06-03 00:28 - 00000000 ____D () C:\FRST
2014-06-03 19:08 - 2013-09-10 23:49 - 00000000 ____D () C:\Users\Moon\AppData\Local\Temp
2014-06-03 19:07 - 2014-01-29 09:00 - 00000000 ____D () C:\Users\Moon\AppData\Local\CrashDumps
2014-06-03 19:06 - 2014-05-27 13:15 - 00060890 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 19:04 - 2013-12-26 05:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-03 19:04 - 2013-09-10 23:56 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Dropbox
2014-06-03 19:03 - 2014-05-29 08:19 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Moon
2014-06-03 19:03 - 2014-05-17 21:55 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-06-03 19:03 - 2014-01-14 19:59 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\DropboxMaster
2014-06-03 19:03 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 19:02 - 2014-05-29 08:17 - 00000728 _____ () C:\Windows\setupact.log
2014-06-03 04:02 - 2009-07-14 11:45 - 00020864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-03 04:02 - 2009-07-14 11:45 - 00020864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-03 03:54 - 2013-09-11 00:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 03:45 - 2014-05-29 08:17 - 00006848 _____ () C:\Windows\PFRO.log
2014-06-03 03:36 - 2014-06-03 01:05 - 00002316 _____ () C:\Windows\Sandboxie.ini
2014-06-03 01:05 - 2014-06-03 01:05 - 00000896 _____ () C:\Users\Moon\Desktop\Sandboxed Web Browser.lnk
2014-06-03 01:05 - 2014-06-03 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-06-03 01:05 - 2014-05-27 18:54 - 00000000 ____D () C:\Program Files\Sandboxie
2014-06-03 00:47 - 2013-11-25 19:12 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-03 00:44 - 2014-06-03 00:26 - 00000000 ____D () C:\AdwCleaner
2014-06-03 00:44 - 2013-09-10 23:49 - 00000000 ____D () C:\Users\Moon
2014-06-03 00:43 - 2013-09-11 00:30 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\tixati
2014-06-03 00:30 - 2014-06-03 00:30 - 00054488 _____ () C:\Users\Moon\Desktop\FRST.txt
2014-06-03 00:30 - 2014-06-03 00:30 - 00050294 _____ () C:\Users\Moon\Desktop\Addition.txt
2014-06-03 00:27 - 2014-06-03 00:27 - 00003103 _____ () C:\Users\Moon\Desktop\AdwCleaner[R0].txt
2014-06-03 00:12 - 2014-03-19 22:34 - 00000336 _____ () C:\Windows\SysWOW64\secustat.dat
2014-06-03 00:12 - 2014-03-19 04:57 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\BITS
2014-06-02 17:41 - 2013-09-03 16:05 - 00000000 ____D () C:\Users\Moon\Desktop\Game
2014-06-02 04:39 - 2014-06-02 04:38 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\FiestaOnline
2014-06-02 00:09 - 2013-09-11 13:00 - 00000000 ____D () C:\Games
2014-06-02 00:08 - 2009-07-14 12:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-31 05:06 - 2014-05-31 05:06 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud
2014-05-31 05:06 - 2014-05-31 05:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud
2014-05-29 19:19 - 2014-04-13 19:01 - 00003814 _____ () C:\Users\Moon\AppData\Localtransition_569b2c4b9bcb90cf036714add3a312f6.ini
2014-05-29 18:20 - 2014-05-29 18:20 - 00001784 _____ () C:\Users\Moon\Desktop\ACDSeePro3 - Shortcut.lnk
2014-05-29 15:06 - 2013-09-11 13:00 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-05-29 15:06 - 2013-09-11 13:00 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-05-29 14:05 - 2014-04-26 18:04 - 00000000 ____D () C:\AeriaGames
2014-05-29 14:05 - 2013-10-24 17:20 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-05-29 08:17 - 2014-05-29 08:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-29 05:03 - 2014-05-23 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOODGAMES ONLINE
2014-05-29 05:03 - 2014-05-11 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2014-05-29 05:03 - 2014-05-07 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-05-29 05:03 - 2014-05-02 04:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit
2014-05-29 05:03 - 2014-04-25 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-05-29 05:03 - 2014-01-21 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-05-29 05:03 - 2013-12-26 05:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-05-29 05:03 - 2013-11-13 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
2014-05-29 04:56 - 2014-05-17 21:55 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-05-29 01:09 - 2014-05-29 01:09 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\WizardWars
2014-05-29 01:09 - 2014-02-22 21:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-05-29 01:09 - 2013-09-15 15:41 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-29 00:20 - 2014-05-05 18:43 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-29 00:20 - 2014-03-11 20:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-28 23:02 - 2014-05-28 23:02 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Malwarebytes
2014-05-28 23:02 - 2014-05-28 23:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-28 23:02 - 2014-05-28 22:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 21:30 - 2014-05-28 21:30 - 00003126 _____ () C:\Windows\System32\Tasks\{E5D3A9C5-8E99-4A06-BBD7-E45118B0E8D8}
2014-05-28 21:19 - 2014-03-12 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-05-28 21:12 - 2014-05-28 21:12 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-28 17:36 - 2013-09-10 23:56 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-28 17:36 - 2013-09-10 23:50 - 00000000 ___RD () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-27 17:54 - 2014-05-27 17:54 - 00000276 ____H () C:\Windows\SbiePst.dat
2014-05-27 17:52 - 2014-05-03 21:40 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-05-27 17:44 - 2014-05-27 17:44 - 00000000 ___RD () C:\Sandbox
2014-05-27 14:19 - 2013-09-10 23:56 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\DAEMON Tools Lite
2014-05-27 05:30 - 2014-05-27 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cFosSpeed Traffic Shaping
2014-05-27 05:30 - 2014-05-27 05:30 - 00000000 ____D () C:\Program Files\cFosSpeed
2014-05-27 05:20 - 2014-05-27 05:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-05-27 05:20 - 2014-05-27 02:38 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2014-05-27 05:13 - 2013-11-02 20:50 - 00000400 __RSH () C:\ProgramData\ntuser.pol
2014-05-27 04:55 - 2013-09-25 12:32 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\foobar2000
2014-05-27 04:51 - 2009-07-14 12:13 - 00884460 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 04:43 - 2014-02-22 20:47 - 00000000 ____D () C:\Users\Moon\AppData\Local\Akamai
2014-05-27 04:37 - 2014-05-03 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReClock
2014-05-27 04:37 - 2014-05-02 01:51 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-27 03:12 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system
2014-05-27 02:59 - 2013-09-10 23:59 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-05-27 02:58 - 2013-09-11 00:23 - 00000000 ____D () C:\Users\Moon\AppData\Local\Mozilla
2014-05-27 02:58 - 2013-09-10 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-05-27 02:58 - 2013-09-10 23:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-27 02:58 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-27 02:58 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\registration
2014-05-27 02:28 - 2014-01-08 20:02 - 00000000 ____D () C:\Program Files\Key Metric Software
2014-05-27 02:22 - 2014-01-14 19:55 - 00002884 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-05-27 02:22 - 2013-11-25 19:12 - 00001256 _____ () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-05-27 02:13 - 2014-01-14 19:55 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\ProductData
2014-05-27 02:13 - 2013-11-25 19:12 - 00000000 ____D () C:\ProgramData\IObit
2014-05-27 02:13 - 2013-10-19 21:54 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GunboundWC
2014-05-27 02:13 - 2013-09-11 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-27 02:13 - 2013-09-11 00:27 - 00000000 ____D () C:\Program Files\Process Lasso
2014-05-27 02:13 - 2013-09-11 00:04 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\TeraCopy
2014-05-27 02:13 - 2013-09-10 23:56 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-05-27 02:11 - 2014-01-08 20:01 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Key Metric Software
2014-05-27 02:11 - 2013-09-11 00:27 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\ProcessLasso
2014-05-27 02:09 - 2013-09-11 10:26 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-27 01:55 - 2014-02-14 18:34 - 00007619 _____ () C:\Users\Moon\AppData\Local\Resmon.ResmonCfg
2014-05-26 23:39 - 2014-01-08 20:02 - 00000000 ____D () C:\ProgramData\2003-05.com.keymetricsoft
2014-05-26 23:15 - 2014-05-26 23:15 - 00000000 ____D () C:\Users\Moon\AppData\Local\Funcom
2014-05-26 03:19 - 2013-09-11 00:47 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Free Download Manager
2014-05-26 00:16 - 2014-05-26 00:16 - 00000000 ____D () C:\Users\Moon\AppData\Local\Postimage.org
2014-05-25 23:31 - 2014-05-25 23:30 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-25 23:31 - 2013-09-11 10:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-25 22:28 - 2014-05-22 20:31 - 00001456 _____ () C:\Users\Moon\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-05-25 14:27 - 2014-05-25 14:27 - 00000000 ____D () C:\ProgramData\Orbit
2014-05-25 02:48 - 2014-05-25 02:48 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-05-25 02:39 - 2014-05-25 02:39 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-05-23 21:15 - 2014-05-23 21:15 - 00000000 ____D () C:\Program Files (x86)\True Digital Plus
2014-05-23 18:43 - 2013-12-08 20:43 - 00000000 ____D () C:\ProgramData\AsiaSoft
2014-05-22 20:22 - 2013-11-13 23:45 - 00000000 ____D () C:\Users\Moon\AppData\Local\ACD Systems
2014-05-20 23:54 - 2014-05-20 23:54 - 00000000 ____D () C:\Users\Moon\AppData\Local\WOP
2014-05-20 23:54 - 2014-05-20 23:54 - 00000000 ____D () C:\Users\Moon\AppData\Local\Wings of Prey
2014-05-20 23:54 - 2014-05-20 23:54 - 00000000 ____D () C:\ProgramData\WOP
2014-05-20 21:15 - 2014-05-20 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EDEN
2014-05-20 21:15 - 2014-05-20 21:15 - 00000000 ____D () C:\EDEN
2014-05-20 21:15 - 2013-09-11 00:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-20 10:40 - 2009-07-14 12:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-18 22:37 - 2014-02-02 01:27 - 00000600 _____ () C:\Users\Moon\AppData\Roaming\winscp.rnd
2014-05-18 21:40 - 2014-05-11 11:50 - 00000514 _____ () C:\Users\Moon\AppData\Roaming\burnaware.ini
2014-05-18 17:41 - 2014-05-18 17:41 - 00000000 ____D () C:\Program Files (x86)\GoodGames
2014-05-17 21:55 - 2014-05-17 21:55 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-05-17 21:55 - 2014-05-17 21:55 - 00002622 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-05-17 21:55 - 2014-05-17 21:55 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-05-17 21:55 - 2014-05-17 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-05-17 21:55 - 2013-11-30 20:30 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-05-17 21:55 - 2013-11-30 20:22 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\GlarySoft
2014-05-16 20:14 - 2014-01-12 20:58 - 00000000 ____D () C:\Users\Moon\AppData\Local\Battle.net
2014-05-16 20:06 - 2014-01-13 21:16 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-05-14 21:54 - 2013-09-11 00:33 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 21:54 - 2013-09-11 00:33 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 21:54 - 2013-09-11 00:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 18:36 - 2013-09-14 23:40 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B945DB95-F7BE-48ED-9855-5667B6519722}
2014-05-13 18:31 - 2014-05-10 09:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-13 18:31 - 2013-11-03 23:04 - 00000000 ____D () C:\ProgramData\Xfire
2014-05-13 18:31 - 2013-10-29 19:32 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\GoodSync
2014-05-13 18:31 - 2013-10-03 15:33 - 00000000 ____D () C:\Windows\Minidump
2014-05-13 17:59 - 2013-09-11 10:50 - 00828384 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-13 17:58 - 2014-05-13 17:58 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2014-05-13 17:58 - 2014-05-13 17:58 - 00000000 ____D () C:\Windows\system32\BestPractices
2014-05-13 17:58 - 2009-07-14 12:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-05-13 17:58 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-05-13 17:58 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-05-13 17:57 - 2014-05-13 17:57 - 00000000 ____D () C:\inetpub
2014-05-13 14:47 - 2014-05-09 04:39 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetLimiter 3
2014-05-13 14:45 - 2014-05-09 04:38 - 00000000 ____D () C:\Program Files\NetLimiter 3
2014-05-13 13:46 - 2014-05-04 19:58 - 00000132 _____ () C:\Users\Moon\AppData\Roaming\Adobe Targa Format CS6 Prefs
2014-05-13 13:27 - 2013-09-11 00:34 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Adobe
2014-05-11 18:14 - 2013-09-10 23:59 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Notepad++
2014-05-11 18:10 - 2014-03-10 19:28 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-11 18:10 - 2014-02-27 19:37 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-05-11 16:50 - 2014-01-12 20:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-11 13:02 - 2014-04-06 20:49 - 00000000 ____D () C:\Users\Moon\AppData\Local\Xmarks
2014-05-11 12:12 - 2009-07-14 11:45 - 05019184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-11 11:51 - 2009-07-14 09:34 - 00000426 _____ () C:\Windows\win.ini
2014-05-11 11:49 - 2014-05-11 11:49 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-05-11 11:48 - 2013-10-17 19:12 - 00000000 ____D () C:\Users\Moon\AppData\Local\Downloaded Installations
2014-05-11 11:41 - 2013-09-10 23:57 - 00104384 _____ () C:\Users\Moon\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-11 11:39 - 2014-05-11 11:39 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\CrystalIdea Software
2014-05-11 11:34 - 2014-03-17 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter
2014-05-10 16:40 - 2013-09-11 00:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 14:30 - 2013-09-11 14:42 - 00000000 ____D () C:\Windows\Panther
2014-05-09 05:15 - 2014-05-09 05:08 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-05-09 05:10 - 2009-07-14 10:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-09 05:09 - 2014-05-09 05:09 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-09 05:08 - 2014-05-09 05:08 - 00000000 ____D () C:\Users\Moon\AppData\Local\Bluestacks
2014-05-09 04:39 - 2014-05-09 04:39 - 00000000 ____D () C:\Users\Moon\AppData\Local\Locktime
2014-05-09 04:38 - 2014-05-09 04:38 - 00000000 ____D () C:\ProgramData\Locktime
2014-05-09 04:06 - 2014-05-05 04:01 - 00004114 _____ () C:\Windows\SysWOW64\secushr.dat
2014-05-08 04:18 - 2014-05-08 04:18 - 00000000 ____D () C:\Users\Moon\AppData\Local\DDMSettings
2014-05-08 04:02 - 2014-05-08 04:02 - 00000000 ____D () C:\Program Files\DivX
2014-05-08 04:02 - 2014-05-08 03:53 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-08 04:02 - 2014-05-08 03:49 - 00000000 ____D () C:\ProgramData\DivX
2014-05-08 04:02 - 2014-04-19 11:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-08 04:01 - 2014-05-08 04:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-08 03:50 - 2014-05-02 01:52 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\vlc
2014-05-07 23:14 - 2014-05-07 23:14 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-05-07 23:13 - 2014-05-07 23:13 - 00000000 ____D () C:\Users\Moon\AppData\Local\TechSmith
2014-05-07 23:13 - 2014-05-07 23:13 - 00000000 ____D () C:\ProgramData\TechSmith
2014-05-07 23:13 - 2014-05-07 23:13 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-05-07 18:15 - 2013-09-14 23:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 18:15 - 2013-09-14 23:45 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-06 22:15 - 2013-09-14 23:45 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 22:15 - 2013-09-14 23:45 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 19:42 - 2014-05-06 19:42 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\EverPlanet
2014-05-06 19:41 - 2014-05-06 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AsiaSoft
2014-05-06 19:36 - 2014-05-06 19:36 - 00000000 ____D () C:\Program Files (x86)\AsiaSoft
2014-05-06 04:57 - 2013-12-08 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winner
2014-05-06 04:41 - 2014-05-06 04:41 - 00000000 ____D () C:\Winner
2014-05-05 19:53 - 2013-12-19 19:39 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-05-05 18:42 - 2014-05-05 18:42 - 00000000 ____D () C:\Program Files\VideoLAN
2014-05-05 18:42 - 2014-04-19 11:08 - 00002102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-05-05 18:41 - 2014-05-05 18:41 - 00003094 _____ () C:\Windows\System32\Tasks\Process Lasso Core Engine Only
2014-05-05 18:41 - 2014-05-05 18:41 - 00003088 _____ () C:\Windows\System32\Tasks\Process Lasso Management Console (GUI)
2014-05-05 18:41 - 2014-05-05 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
2014-05-05 18:40 - 2014-04-07 17:17 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-05 18:40 - 2014-03-25 13:57 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-05 18:39 - 2014-03-19 02:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2014-05-05 18:39 - 2013-09-11 00:47 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-05-05 02:58 - 2014-05-05 02:58 - 00001480 _____ () C:\Users\Moon\Desktop\FlashGet downloads.lnk
2014-05-05 02:58 - 2014-05-05 02:58 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
2014-05-05 02:58 - 2014-05-05 02:58 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\FlashGetBHO
2014-05-05 02:58 - 2014-05-05 02:58 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\FlashGet
2014-05-05 02:58 - 2014-05-05 02:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
2014-05-05 02:58 - 2014-03-19 04:57 - 00000000 ____D () C:\Program Files (x86)\FlashGet Network
2014-05-05 02:44 - 2014-05-05 02:44 - 00000218 _____ () C:\Users\Moon\AppData\Local\recently-used.xbel
2014-05-05 02:44 - 2014-05-05 02:44 - 00000000 ____D () C:\Users\Moon\AppData\Local\gtk-2.0
2014-05-04 12:07 - 2014-04-29 11:16 - 00000000 ____D () C:\Users\Moon\AppData\Local\The Witcher
2014-05-04 09:38 - 2014-05-04 09:38 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\Blizzard Entertainment
2014-05-04 03:27 - 2014-05-04 03:27 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\EAC
2014-05-04 01:05 - 2013-09-15 23:08 - 00000000 ____D () C:\Users\Moon\AppData\Roaming\ImgBurn

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Moon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkea4ya.dll
C:\Users\Moon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy9qsql.dll
C:\Users\Moon\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Moon\AppData\Local\Temp\Quarantine.exe
C:\Users\Moon\AppData\Local\Temp\SandboxieInstall-64-bit-25527130.exe
C:\Users\Moon\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 11:35

==================== End Of Log ============================

 

How it be?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 PM

Posted 03 June 2014 - 08:25 AM

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

How is the computer running now?

#7 spidamonkee

spidamonkee
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 03 June 2014 - 09:08 AM

 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Ad-Aware Antivirus   
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
 Java version out of Date!
 Adobe Flash Player 13.0.0.214  
 Mozilla Firefox (29.0.1)
 Mozilla Thunderbird (24.5.0)
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.1.5354.0\AdAwareService.exe
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.1.5354.0\AdAwareTray.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````
 

Everything is fine and System back to narmal.

Thanks for your many help



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 PM

Posted 03 June 2014 - 12:18 PM

Ad-Aware Antivirus

Antivirus out of date!


I suggest you update immediately.

If you do not want to maintain this suscription I suggest your Install the free Microsoft Security Essentials.
http://windows.microsoft.com/en-CA/windows/security-essentials-download
It's free.

Remove Ad-Aware using the Add/Remove Programs if you install MSE.

===

Activate the Windows Firewall for your added protection.
http://windows.microsoft.com/en-ca/windows/turn-windows-firewall-on-off#turn-windows-firewall-on-off=windows-7

===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u60.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 51
---

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 PM

Posted 09 June 2014 - 08:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users