Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD, dll errors and probable virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 Ali3n0id

Ali3n0id

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 12 June 2014 - 04:05 PM

Hi all,

I haven't been able to access my computer now for a couple of days due to the following problem.

Whenever I boot the computer reboots itself with error: ''STOP: C0000135 The program can't start because %hs is missing. Try reinstalling the program.''

I have try disabling restart on crash and I was able to see that blue screen. I have followed several tutorials with Windows DVD repair disc, rebuilding BCD/boot config and even making a backup of two backups in RegBack in C:\Windows\System32\config.

Nothing has worked so far, then I ran Farbar Recovery Scan Tool and generated the following log file, I'd really appreciate your helping determing what needs to be done so I can boot normally.

Just to clarify I'm using Windows 7 64bit Enterprise Edition

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by SYSTEM on MININT-6UUMRK0 on 10-06-2014 21:00:39
Running from I:\Apps
Platform: Windows 7 Enterprise (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CmPCIaudio] => C:\Windows\Syswow64\CMICNFG3.dll [8765440 2011-04-01] (C-Media Corporation)
HKLM\...\Run: [LogiScrollApp] => C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [Cmaudio8768GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8768GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10394392 2014-04-07] (Logitech Inc.)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom780\GameCom780.exe [777448 2011-12-01] ()
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [111696 2013-08-27] (VMware, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-05] (AVAST Software)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2013-07-11] (Alcor Micro Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Anubis\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-06-05] (Valve Corporation)
HKU\Anubis\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\Anubis\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [645296 2009-12-09] (Binary Fortress Software)
HKU\Anubis\...\Run: [MouseServer] => C:\Program Files (x86)\MouseServer\MouseServer.exe [244736 2013-08-26] (wifimouse.necta.us)
HKU\Anubis\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)
HKU\Anubis\...\Run: [Spotify Web Helper] => C:\Users\Anubis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-16] (Spotify Ltd)
HKU\Anubis\...\Run: [Google Update] => C:\Users\Anubis\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-06-22] (Google Inc.)
HKU\Anubis\...\Run: [Spotify] => C:\Users\Anubis\AppData\Roaming\Spotify\spotify.exe [6170168 2014-05-16] (Spotify Ltd)
HKU\Anubis\...\Run: [f.lux] => C:\Users\Anubis\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\Anubis\...\Run: [OpenVPN] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [423224 2014-05-02] ()
HKU\Anubis\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Default\...\Policies\Explorer: [HideSCAHealth] 1
HKU\Default User\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\Users\Anubis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Anubis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
Startup: C:\Users\Anubis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MightyText Notifier.lnk
Startup: C:\Users\Anubis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-05] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-04-05] (AVAST Software)
S2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1498000 2013-04-26] (Binary Fortress Software)
S2 HyperDeskCustomThemeEnabler; C:\Windows\Installer\MSIE361.tmp [102400 2013-06-22] ()
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-05-02] (The OpenVPN Project)
S2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2013-12-25] ()
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [728328 2014-03-30] (DEVGURU Co., LTD.)
S4 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14401104 2013-08-27] ()
S3 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X]
S3 wampapache; "Z:\wamp\bin\apache\apache2.4.4\bin\httpd.exe" -k runservice [X]
S3 wampmysqld; Z:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe wampmysqld [X]

==================== Drivers (Whitelisted) ====================

S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
S0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-03-14] (Asmedia Technology)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-05] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-05] (AVAST Software)
S0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [445304 2014-04-05] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-05] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-05] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-05] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-05] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-05] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-05] ()
S3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [2491392 2011-03-30] (C-Media Inc)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2013-06-22] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-02-26] (Intel Corporation)
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
S3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1327104 2011-11-04] (C-Media Electronics Inc)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S1 SafDskNT; C:\Windows\system32\drivers\SAFDSKNT.SYS [76112 2009-12-07] (PC Dynamics, Inc.)
S0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-08-15] (VMware, Inc.)
S2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-21] (VMware, Inc.)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-06-08] ()
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys FBB35875FEFE53D4280259842069ED72
C:\Windows\System32\DRIVERS\atikmpag.sys A32BCAD9377E3B75D034CAFBA463A0AE
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AppleCharger.sys CC19A6452BA688EA32D14D8DBEC190F4
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asahci64.sys AA1A87CF0B150A765B55A671A32F992B
C:\Windows\System32\DRIVERS\asstor64.sys AA264E87A84F0E95E4752C1896CF7F8C
C:\Windows\system32\drivers\aswKbd.sys 60DD9BDD4F96FC4A1E4F528BC70EB630
C:\Windows\system32\drivers\aswMonFlt.sys 8BE618EB795A87DBFD1E09DA63F009C7
C:\Windows\System32\DRIVERS\aswNdisFlt.sys 693CB948002DD650C2CFA6BD58808FEE
C:\Windows\system32\drivers\aswRdr2.sys D4259F75734EBCC8D815753B09EB2F0A
C:\Windows\System32\Drivers\aswRvrt.sys 8D4B8BF93C65BDBC133B20706A3B5208
C:\Windows\system32\drivers\aswSnx.sys AA0D1B47BE967E1E17301DDFB66C432C
C:\Windows\system32\drivers\aswSP.sys 15C6B7D20EE0E44A4DF82183A89CCFC2
C:\Windows\system32\drivers\aswStm.sys 81FA56F29440406A7264CBD7B1C7CB29
C:\Windows\System32\Drivers\aswVmm.sys 0606875650850B0697D662934529F6FC
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 770A3B0D78232B0C1054495392A1FBA3
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\drivers\cmudax3.sys 277D3ED6B6901A9C15B7828D40269509
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys C7071D8CFBC8FCA8AC6266625F65F144
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys D3D64CF7B2BCEAA34A270F45A3FFFB36
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\epmntdrv.sys 6106653B08F4F72EEAA7F099E7C408A4
C:\Windows\SysWOW64\epmntdrv.sys F17F09BA097D8EC3CE2084FA97886B85
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\EuGdiDrv.sys 991C04A31777ED77CB92A4F96F14C2E2
C:\Windows\SysWOW64\EuGdiDrv.sys F1DE3EEF501DDA7DDF99F2EDF0C5540E
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcmon.sys 23AF3730B7B757A385721E900250CF3B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D1753C06EE17E29352B065EACF3F10D0
C:\Windows\System32\DRIVERS\iaStorA.sys 815499B59D675E42A70894118E7A6422
C:\Windows\System32\DRIVERS\iaStorF.sys C9FFC9330A5944A709549A28B5EB37C5
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ikbevent.sys E18725531054FE222115873AC1CCB02B
C:\Windows\System32\DRIVERS\imsevent.sys 45060257BCA3D60204FEC29F6E6DE458
C:\Windows\System32\drivers\RTKVHD64.sys FA2B7507CD49908B2260949E52F8B9FE
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ISCTD64.sys 4EE2423C38F43D37F8497A672FD10BDC
C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys 9C6F3F69163133FB8E56AC4A6E163452
C:\Windows\System32\DRIVERS\iusb3hcs.sys D596D915CF091DA1F8CE4BD38BB5D509
C:\Windows\System32\DRIVERS\iusb3hub.sys 3DD76F45DA45CEDCDFC7BF7AB93E6216
C:\Windows\System32\DRIVERS\iusb3xhc.sys B0342584DAB73797F584CADD41EEC6BD
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\drivers\LGBusEnum.sys FA529FB35694C24BF98A9EF67C1CD9D0
C:\Windows\System32\DRIVERS\LGSHidFilt.Sys 94AF1384A67B9FCF5651E70BC9D4C526
C:\Windows\System32\drivers\LGVirHid.sys 94B29CE153765E768F004FB3440BE2B0
C:\Windows\System32\DRIVERS\LHidFilt.Sys 241F2648ADF090E2A10095BD6D6F5DCB
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys 342ED5A4B3326014438F36D22D803737
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TeeDriverx64.sys 8751062F2F7EC78DE92D778A08099DDE
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MijXfilt.sys C030F9E822A057C1A7A9BB4EA3E8877E
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nlndis.sys AD42FB061166AF0643806800304BD76F
C:\Windows\System32\DRIVERS\nlndis.sys AD42FB061166AF0643806800304BD76F
C:\Program Files\NetLimiter 3\nltdi.sys 75E6581DE9A0B155EDAB6807E668BE06
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\drivers\PLTGC.sys AB168D5CF1CD69F9FA6F09C828FEA660
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\pwdrvio.sys C32ECB99AD25E9A04F01C8665DF29EF8
C:\Windows\system32\pwdspio.sys D619356B955EEFA642F5FF72755E8B3C
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RtHDMIVX.sys C20F64FCD5E2B40310A1774495877ACD
C:\Windows\System32\DRIVERS\Rt64win7.sys DEADB98AFDE5EA8F93DB9411E880EAE0
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\SAFDSKNT.SYS 593F9D5CE0CC58BC863AC01FBD8A186D
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\DRIVERS\tap0901.sys 3C32FF010F869BC184DF71290477384E
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\TVALZ_O.SYS 9A744CC3D804EC38A6C2C65BC3C6FCD8
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\emBDA64.sys 6276D51E3D1E351399CAEA22E8E78AA6
C:\Windows\System32\DRIVERS\emOEM64.sys D93916D3CD04B57A9E145C41150A4671
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\DRIVERS\usb8023x.sys 70D05EE263568A742D14E1876DF80532
C:\Windows\System32\DRIVERS\VBoxDrv.sys 197AF90E01A473A1862BB5381BE77877
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 9AFB83D5E465E7F3C2C20F968C774756
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys 132DFA8D09CE78952259D1A9B480C335
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmci.sys BE8E5E5D53ACF71D4E8E686B68C99B04
C:\Windows\System32\DRIVERS\vmnetadapter.sys 18AA5F4A3B1204AD00045EE5AD39BCDB
C:\Windows\System32\DRIVERS\vmnetbridge.sys 04CD4347CD9E8C40F78AD51F7FF426D0
C:\Windows\system32\drivers\vmnetuserif.sys 748FD60D1B73F50020CFD126F940543F
C:\Windows\System32\DRIVERS\vmusb.sys F347A28F63162FF82BDDAADC14935BA4
C:\Windows\system32\drivers\vmx86.sys CB41CC41F83C9A6081A2AE71251A16D5
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vsock.sys 108196FE0580A18AB6237EA36FD210F2
C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys E7CE8988B98202A5CF429CA358D26CC5
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\WPRO_41_2001.sys 7CA09731EB7FC99B910C7F239E57720F
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xnacc.sys 4A5CE13408945E525503B5F73D29B9C5
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 21:00 - 2014-06-10 21:00 - 00000000 ____D () C:\FRST
2014-06-09 22:12 - 2014-06-09 22:12 - 00000000 ____D () C:\Windows\System32\config\mybackup2
2014-06-09 21:58 - 2014-06-09 21:59 - 00000000 ____D () C:\Windows\System32\config\mybackup
2014-06-09 13:39 - 2014-06-08 01:58 - 96468992 _____ () C:\Windows\System32\config\SOFTWARE.TPBAK
2014-06-09 13:39 - 2014-06-08 01:58 - 27000832 _____ () C:\Windows\System32\config\SYSTEM.TPBAK
2014-06-09 13:39 - 2014-06-08 01:58 - 00262144 _____ () C:\Windows\System32\config\SECURITY.TPBAK
2014-06-09 13:39 - 2014-06-08 01:58 - 00262144 _____ () C:\Windows\System32\config\SAM.TPBAK
2014-06-09 12:42 - 2014-06-09 12:42 - 00003472 ____N () C:\bootsqm.dat
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\uk-UA
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\th-TH
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\sr-Latn-CS
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\sl-SI
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\sk-SK
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\ro-RO
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\migwiz
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\lv-LV
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\lt-LT
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\hr-HR
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\he-IL
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\et-EE
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\bg-BG
2014-06-08 11:10 - 2014-06-08 11:10 - 00646360 _____ () C:\Users\Anubis\Downloads\photolistic.1.3.zip
2014-06-08 10:24 - 2014-06-08 11:03 - 00000000 ____D () C:\Users\Anubis\Desktop\Slides
2014-06-08 08:06 - 2014-06-08 07:39 - 00004736 _____ () C:\Users\Anubis\Desktop\Client1.ovpn
2014-06-08 07:41 - 2014-06-08 07:40 - 00004736 _____ () C:\Users\Anubis\Desktop\Client5.ovpn
2014-06-08 07:41 - 2014-06-08 07:40 - 00004736 _____ () C:\Users\Anubis\Desktop\Client3.ovpn
2014-06-08 07:41 - 2014-06-08 07:40 - 00004724 _____ () C:\Users\Anubis\Desktop\Client4.ovpn
2014-06-08 07:41 - 2014-06-08 07:39 - 00004736 _____ () C:\Users\Anubis\Desktop\Client2.ovpn
2014-06-08 07:41 - 2014-06-08 07:19 - 00004120 _____ () C:\Users\Anubis\Desktop\shi3ld.crt
2014-06-08 07:41 - 2014-06-08 07:19 - 00001383 _____ () C:\Users\Anubis\Desktop\ca.crt
2014-06-08 07:41 - 2014-06-08 07:19 - 00000920 _____ () C:\Users\Anubis\Desktop\ca.key
2014-06-06 12:12 - 2014-06-06 12:12 - 00041051 _____ () C:\Users\Anubis\Downloads\hypocrisy_eraser.ptb
2014-06-06 01:01 - 2014-06-06 01:01 - 00415759 _____ () C:\Users\Anubis\Downloads\ASIO4ALL_2_10_English.exe
2014-06-06 01:01 - 2014-06-06 01:01 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-06-06 00:55 - 2014-06-06 00:55 - 00000000 ____D () C:\Users\Anubis\Documents\Native Instruments
2014-06-06 00:55 - 2014-06-06 00:55 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Native Instruments
2014-06-06 00:52 - 2014-06-06 00:52 - 00000000 __HDC () C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}
2014-06-06 00:51 - 2014-06-06 00:51 - 00000000 __HDC () C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}
2014-06-06 00:46 - 2014-06-06 00:52 - 00014378 _____ () C:\Windows\DPINST.LOG
2014-06-06 00:46 - 2014-06-06 00:52 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2014-06-06 00:46 - 2014-06-06 00:51 - 00000000 ____D () C:\Program Files\Native Instruments
2014-06-06 00:46 - 2014-06-06 00:46 - 00000000 __HDC () C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2014-06-06 00:46 - 2014-06-06 00:46 - 00000000 __HDC () C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
2014-06-06 00:46 - 2014-06-06 00:46 - 00000000 __HDC () C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}
2014-06-06 00:46 - 2014-06-06 00:46 - 00000000 ____D () C:\ProgramData\Native Instruments
2014-06-06 00:15 - 2014-06-06 11:49 - 00000016 _____ () C:\Windows\SysWOW64\w3data.vss
2014-06-06 00:15 - 2014-06-06 11:49 - 00000016 _____ () C:\Windows\SysWOW64\msvcsv60.dll
2014-06-06 00:15 - 2014-06-06 11:49 - 00000016 _____ () C:\Windows\msocreg32.dat
2014-06-06 00:15 - 2014-06-06 11:49 - 00000016 _____ () C:\Users\Anubis\AppData\Roaming\msregsvv.dll
2014-06-06 00:15 - 2014-06-06 11:49 - 00000016 _____ () C:\ProgramData\autobk.inc
2014-06-06 00:14 - 2014-06-06 00:14 - 00000000 ____D () C:\Program Files (x86)\IK Multimedia
2014-06-06 00:14 - 2010-12-22 02:33 - 09410736 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4m.dll
2014-06-06 00:14 - 2010-12-22 02:33 - 09210032 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4.dll
2014-06-06 00:14 - 2010-12-22 02:33 - 09078960 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4p.dll
2014-06-06 00:14 - 2010-12-22 02:33 - 09033904 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4m3.dll
2014-06-06 00:14 - 2010-12-22 02:33 - 06944944 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_core.dll
2014-06-06 00:14 - 2010-12-22 02:33 - 03868848 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_intel_thread.dll
2014-06-06 00:14 - 2010-12-22 02:33 - 00530608 _____ (Intel Corporation) C:\Windows\SysWOW64\libiomp5md.dll
2014-06-06 00:14 - 2010-12-22 02:33 - 00354480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-06-06 00:14 - 2010-11-04 02:52 - 12708016 _____ (Intel Corporation) C:\Windows\System32\mkl_def.dll
2014-06-06 00:14 - 2010-11-04 02:52 - 12474544 _____ (Intel Corporation) C:\Windows\System32\mkl_core.dll
2014-06-06 00:14 - 2010-11-04 02:52 - 09917616 _____ (Intel Corporation) C:\Windows\System32\mkl_intel_thread.dll
2014-06-06 00:14 - 2010-11-04 02:52 - 00529072 _____ (Intel Corporation) C:\Windows\System32\libiomp5md.dll
2014-06-06 00:14 - 2009-10-14 07:15 - 00499712 _____ (Microsoft Corporation) C:\Windows\msvcp71.dll
2014-06-06 00:14 - 2009-10-14 07:15 - 00348160 _____ (Microsoft Corporation) C:\Windows\msvcr71.dll
2014-06-06 00:13 - 2014-06-06 00:14 - 00000000 ____D () C:\Users\Anubis\Documents\IK Multimedia
2014-06-06 00:13 - 2014-06-06 00:13 - 00000000 ____D () C:\Program Files\VstPlugIns
2014-06-06 00:13 - 2014-06-06 00:13 - 00000000 ____D () C:\Program Files (x86)\VstPlugIns
2014-06-03 01:32 - 2014-06-03 01:32 - 00000000 ____D () C:\Users\Anubis\Desktop\Old Firefox Data
2014-06-02 09:55 - 2014-06-10 11:26 - 00008516 _____ () C:\Windows\PFRO.log
2014-06-02 09:55 - 2014-06-08 00:59 - 00001344 _____ () C:\Windows\setupact.log
2014-06-02 09:55 - 2014-06-02 09:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-29 02:57 - 2014-05-29 02:57 - 00000000 ____D () C:\Users\Anubis\Desktop\Wind32diskinager
2014-05-29 01:54 - 2014-05-29 01:54 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Apple Computer
2014-05-28 12:23 - 2014-05-28 12:23 - 00000000 ____D () C:\Program Files (x86)\ASM106xSATA
2014-05-28 12:21 - 2014-04-22 18:25 - 00936664 _____ (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2014-05-28 12:21 - 2014-04-22 18:25 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll
2014-05-28 06:53 - 2014-05-28 06:53 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Apple
2014-05-28 06:53 - 2014-05-28 06:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-28 06:53 - 2014-05-28 06:53 - 00000000 ____D () C:\ProgramData\Apple
2014-05-28 06:53 - 2014-05-28 06:53 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-28 06:53 - 2014-05-28 06:53 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-05-28 05:09 - 2014-05-28 05:09 - 00003074 _____ () C:\Windows\System32\Tasks\{CAA169EA-EC15-4284-9588-215C73FF7CB9}
2014-05-27 12:28 - 2014-05-27 12:28 - 54607361 _____ () C:\Users\Anubis\Downloads\thefortyclub-co-uk-default-1-complete-2014-05-27-20-22-23.zip.part
2014-05-25 02:45 - 2014-05-25 02:45 - 00000000 ____D () C:\ProgramData\eBay
2014-05-22 08:05 - 2014-06-07 13:14 - 1025612115 ____N () C:\Windows\MEMORY.DMP
2014-05-22 02:53 - 2014-05-22 02:53 - 00382319 _____ () C:\Users\Anubis\Desktop\bookmarks.html
2014-05-21 11:13 - 2014-05-23 15:51 - 00000000 ____D () C:\Users\Anubis\Documents\FIFA 14
2014-05-21 11:00 - 2014-05-21 11:00 - 00001141 _____ () C:\Users\Anubis\Desktop\Play FIFA 14.lnk
2014-05-21 07:30 - 2014-05-21 07:30 - 00001007 _____ () C:\Users\Anubis\Desktop\ownCloud.lnk
2014-05-21 07:30 - 2014-05-21 07:30 - 00000000 ____D () C:\Users\Anubis\AppData\Local\ownCloud
2014-05-21 07:26 - 2014-05-21 07:30 - 00000000 ____D () C:\Program Files (x86)\ownCloud
2014-05-21 02:53 - 2014-06-08 07:54 - 00000000 ____D () C:\Program Files (x86)\Simple Port Forwarding
2014-05-21 02:53 - 2014-05-21 02:53 - 00000000 ____D () C:\Windows\Simple Port Forwarding
2014-05-20 02:09 - 2014-05-20 02:09 - 00004450 _____ () C:\Users\Anubis\Desktop\config.txt
2014-05-19 13:35 - 2014-05-19 13:35 - 00000024 _____ () C:\Users\Anubis\Desktop\lel.txt
2014-05-19 12:53 - 2014-05-19 13:15 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-19 12:53 - 2014-05-19 12:53 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-05-19 12:53 - 2014-05-19 12:53 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Opera Software
2014-05-19 12:53 - 2014-05-19 12:53 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Opera Software
2014-05-16 07:56 - 2014-05-16 07:56 - 00000000 ____D () C:\Users\Anubis\New folder
2014-05-16 06:53 - 2014-05-16 06:53 - 00000000 ____D () C:\Users\Anubis\AppData\Local\FluxSoftware
2014-05-16 05:50 - 2014-05-08 22:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-05-16 05:50 - 2014-05-08 22:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-05-12 11:19 - 2014-05-18 12:59 - 00000000 ___SD () C:\Windows\System32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-10 21:00 - 2014-06-10 21:00 - 00000000 ____D () C:\FRST
2014-06-10 11:26 - 2014-06-02 09:55 - 00008516 _____ () C:\Windows\PFRO.log
2014-06-09 22:12 - 2014-06-09 22:12 - 00000000 ____D () C:\Windows\System32\config\mybackup2
2014-06-09 22:09 - 2009-07-13 21:38 - 00025600 ___SH () C:\Windows\System32\config\BCD-Template.LOG
2014-06-09 22:09 - 2009-07-13 21:32 - 00028672 _____ () C:\Windows\System32\config\BCD-Template
2014-06-09 21:59 - 2014-06-09 21:58 - 00000000 ____D () C:\Windows\System32\config\mybackup
2014-06-09 12:42 - 2014-06-09 12:42 - 00003472 ____N () C:\bootsqm.dat
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\uk-UA
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\th-TH
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\sr-Latn-CS
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\sl-SI
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\sk-SK
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\ro-RO
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\migwiz
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\lv-LV
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\lt-LT
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\hr-HR
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\he-IL
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\et-EE
2014-06-08 12:35 - 2014-06-08 12:35 - 00000000 ____D () C:\Windows\System32\bg-BG
2014-06-08 12:35 - 2014-04-22 04:36 - 00009727 _____ () C:\Windows\SysWOW64\Gms.log
2014-06-08 12:35 - 2014-03-08 02:47 - 01873092 _____ () C:\Windows\WindowsUpdate.log
2014-06-08 12:35 - 2013-06-22 07:18 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Skype
2014-06-08 12:35 - 2013-05-21 09:43 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-06-08 12:35 - 2013-05-21 09:43 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-06-08 12:35 - 2013-05-21 09:43 - 00000000 ____D () C:\Windows\System32\zh-HK
2014-06-08 12:35 - 2013-05-21 09:43 - 00000000 ____D () C:\Windows\System32\tr-TR
2014-06-08 12:35 - 2010-11-20 19:24 - 01866240 _____ (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2014-06-08 12:35 - 2010-11-20 19:24 - 01493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2014-06-08 12:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\IME
2014-06-08 12:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\IME
2014-06-08 12:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\IME
2014-06-08 12:35 - 2009-07-13 15:57 - 20268032 _____ (Microsoft Corporation) C:\Windows\System32\imageres.dll
2014-06-08 12:35 - 2009-07-13 15:42 - 20268032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imageres.dll
2014-06-08 12:35 - 2009-07-13 15:16 - 00234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hdwwiz.cpl
2014-06-08 12:34 - 2009-07-13 15:55 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\modemui.dll
2014-06-08 12:34 - 2009-07-13 15:55 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdminst.dll
2014-06-08 12:34 - 2009-07-13 15:27 - 00241152 _____ (Microsoft Corporation) C:\Windows\System32\hdwwiz.cpl
2014-06-08 12:32 - 2013-06-22 07:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-08 12:32 - 2013-05-21 07:47 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Temp
2014-06-08 12:31 - 2014-04-22 04:15 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Spotify
2014-06-08 12:31 - 2009-07-13 20:45 - 00017328 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-08 12:31 - 2009-07-13 20:45 - 00017328 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-08 12:30 - 2014-02-18 14:37 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\uTorrent
2014-06-08 12:21 - 2013-09-18 16:37 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Dropbox
2014-06-08 12:07 - 2014-03-03 08:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf36fafbebbab3.job
2014-06-08 12:07 - 2013-06-22 14:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-08 12:07 - 2013-06-22 13:22 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-16944076-2070425846-3567714608-1000UA.job
2014-06-08 11:39 - 2013-09-03 13:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-08 11:10 - 2014-06-08 11:10 - 00646360 _____ () C:\Users\Anubis\Downloads\photolistic.1.3.zip
2014-06-08 11:03 - 2014-06-08 10:24 - 00000000 ____D () C:\Users\Anubis\Desktop\Slides
2014-06-08 10:45 - 2013-05-21 08:35 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\vlc
2014-06-08 08:16 - 2014-03-18 07:55 - 00000600 _____ () C:\Users\Anubis\AppData\Local\PUTTY.RND
2014-06-08 08:07 - 2013-08-08 04:59 - 04349952 _____ () C:\Users\Anubis\Desktop\unknown.sdsk
2014-06-08 07:54 - 2014-05-21 02:53 - 00000000 ____D () C:\Program Files (x86)\Simple Port Forwarding
2014-06-08 07:45 - 2013-12-10 16:08 - 00000600 _____ () C:\Users\Anubis\AppData\Roaming\winscp.rnd
2014-06-08 07:40 - 2014-06-08 07:41 - 00004736 _____ () C:\Users\Anubis\Desktop\Client5.ovpn
2014-06-08 07:40 - 2014-06-08 07:41 - 00004736 _____ () C:\Users\Anubis\Desktop\Client3.ovpn
2014-06-08 07:40 - 2014-06-08 07:41 - 00004724 _____ () C:\Users\Anubis\Desktop\Client4.ovpn
2014-06-08 07:39 - 2014-06-08 08:06 - 00004736 _____ () C:\Users\Anubis\Desktop\Client1.ovpn
2014-06-08 07:39 - 2014-06-08 07:41 - 00004736 _____ () C:\Users\Anubis\Desktop\Client2.ovpn
2014-06-08 07:19 - 2014-06-08 07:41 - 00004120 _____ () C:\Users\Anubis\Desktop\shi3ld.crt
2014-06-08 07:19 - 2014-06-08 07:41 - 00001383 _____ () C:\Users\Anubis\Desktop\ca.crt
2014-06-08 07:19 - 2014-06-08 07:41 - 00000920 _____ () C:\Users\Anubis\Desktop\ca.key
2014-06-08 02:25 - 2014-02-04 08:52 - 00004958 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for unknown-Anubis unknown
2014-06-08 02:07 - 2013-06-22 13:22 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-16944076-2070425846-3567714608-1000Core.job
2014-06-08 01:58 - 2014-06-09 13:39 - 96468992 _____ () C:\Windows\System32\config\SOFTWARE.TPBAK
2014-06-08 01:58 - 2014-06-09 13:39 - 27000832 _____ () C:\Windows\System32\config\SYSTEM.TPBAK
2014-06-08 01:58 - 2014-06-09 13:39 - 00262144 _____ () C:\Windows\System32\config\SECURITY.TPBAK
2014-06-08 01:58 - 2014-06-09 13:39 - 00262144 _____ () C:\Windows\System32\config\SAM.TPBAK
2014-06-08 01:10 - 2013-06-22 13:23 - 00002418 _____ () C:\Users\Anubis\Desktop\Google Chrome Canary.lnk
2014-06-08 01:09 - 2013-07-29 11:04 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Adobe
2014-06-08 01:00 - 2014-04-10 08:09 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\DropboxMaster
2014-06-08 00:59 - 2014-06-02 09:55 - 00001344 _____ () C:\Windows\setupact.log
2014-06-08 00:59 - 2013-06-23 09:19 - 00000000 ____D () C:\ProgramData\VMware
2014-06-08 00:59 - 2013-06-22 09:55 - 00034752 _____ () C:\Windows\System32\Drivers\WPRO_41_2001.sys
2014-06-08 00:59 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-07 14:22 - 2013-06-22 10:28 - 00000000 ____D () C:\Users\Anubis\AppData\Local\CrashDumps
2014-06-07 13:15 - 2013-05-21 08:52 - 00000000 ____D () C:\Windows\Minidump
2014-06-07 13:14 - 2014-05-22 08:05 - 1025612115 ____N () C:\Windows\MEMORY.DMP
2014-06-06 12:12 - 2014-06-06 12:12 - 00041051 _____ () C:\Users\Anubis\Downloads\hypocrisy_eraser.ptb
2014-06-06 11:49 - 2014-06-06 00:15 - 00000016 _____ () C:\Windows\SysWOW64\w3data.vss
2014-06-06 11:49 - 2014-06-06 00:15 - 00000016 _____ () C:\Windows\SysWOW64\msvcsv60.dll
2014-06-06 11:49 - 2014-06-06 00:15 - 00000016 _____ () C:\Windows\msocreg32.dat
2014-06-06 11:49 - 2014-06-06 00:15 - 00000016 _____ () C:\Users\Anubis\AppData\Roaming\msregsvv.dll
2014-06-06 11:49 - 2014-06-06 00:15 - 00000016 _____ () C:\ProgramData\autobk.inc
2014-06-06 10:29 - 2014-02-27 08:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-06 10:29 - 2013-06-22 07:18 - 00000000 ____D () C:\ProgramData\Skype
2014-06-06 01:01 - 2014-06-06 01:01 - 00415759 _____ () C:\Users\Anubis\Downloads\ASIO4ALL_2_10_English.exe
2014-06-06 01:01 - 2014-06-06 01:01 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-06-06 00:55 - 2014-06-06 00:55 - 00000000 ____D () C:\Users\Anubis\Documents\Native Instruments
2014-06-06 00:55 - 2014-06-06 00:55 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Native Instruments
2014-06-06 00:52 - 2014-06-06 00:52 - 00000000 __HDC () C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}
2014-06-06 00:52 - 2014-06-06 00:46 - 00014378 _____ () C:\Windows\DPINST.LOG
2014-06-06 00:52 - 2014-06-06 00:46 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2014-06-06 00:51 - 2014-06-06 00:51 - 00000000 __HDC () C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}
2014-06-06 00:51 - 2014-06-06 00:46 - 00000000 ____D () C:\Program Files\Native Instruments
2014-06-06 00:46 - 2014-06-06 00:46 - 00000000 __HDC () C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2014-06-06 00:46 - 2014-06-06 00:46 - 00000000 __HDC () C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
2014-06-06 00:46 - 2014-06-06 00:46 - 00000000 __HDC () C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}
2014-06-06 00:46 - 2014-06-06 00:46 - 00000000 ____D () C:\ProgramData\Native Instruments
2014-06-06 00:40 - 2013-09-16 09:59 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Guitar Pro 6
2014-06-06 00:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-06-06 00:14 - 2014-06-06 00:14 - 00000000 ____D () C:\Program Files (x86)\IK Multimedia
2014-06-06 00:14 - 2014-06-06 00:13 - 00000000 ____D () C:\Users\Anubis\Documents\IK Multimedia
2014-06-06 00:13 - 2014-06-06 00:13 - 00000000 ____D () C:\Program Files\VstPlugIns
2014-06-06 00:13 - 2014-06-06 00:13 - 00000000 ____D () C:\Program Files (x86)\VstPlugIns
2014-06-03 12:52 - 2009-07-13 21:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-03 12:15 - 2009-07-13 21:13 - 00792750 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-06-03 05:08 - 2013-06-22 15:38 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-03 01:32 - 2014-06-03 01:32 - 00000000 ____D () C:\Users\Anubis\Desktop\Old Firefox Data
2014-06-02 09:59 - 2014-04-22 04:39 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Spotify
2014-06-02 09:55 - 2014-06-02 09:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-01 13:52 - 2014-05-09 14:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-29 08:52 - 2013-08-09 03:56 - 00000000 ____D () C:\ProgramData\Origin
2014-05-29 02:57 - 2014-05-29 02:57 - 00000000 ____D () C:\Users\Anubis\Desktop\Wind32diskinager
2014-05-29 01:54 - 2014-05-29 01:54 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Apple Computer
2014-05-28 12:23 - 2014-05-28 12:23 - 00000000 ____D () C:\Program Files (x86)\ASM106xSATA
2014-05-28 12:21 - 2013-05-21 08:02 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-05-28 12:17 - 2013-06-22 08:57 - 00000000 ____D () C:\ProgramData\DriverGenius
2014-05-28 11:38 - 2013-05-21 08:27 - 00001135 _____ () C:\Windows\Cmicnfg3.ini.imi
2014-05-28 06:53 - 2014-05-28 06:53 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Apple
2014-05-28 06:53 - 2014-05-28 06:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-28 06:53 - 2014-05-28 06:53 - 00000000 ____D () C:\ProgramData\Apple
2014-05-28 06:53 - 2014-05-28 06:53 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-28 06:53 - 2014-05-28 06:53 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-05-28 05:19 - 2013-07-29 05:32 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Notepad++
2014-05-28 05:09 - 2014-05-28 05:09 - 00003074 _____ () C:\Windows\System32\Tasks\{CAA169EA-EC15-4284-9588-215C73FF7CB9}
2014-05-27 12:28 - 2014-05-27 12:28 - 54607361 _____ () C:\Users\Anubis\Downloads\thefortyclub-co-uk-default-1-complete-2014-05-27-20-22-23.zip.part
2014-05-27 11:22 - 2013-12-03 16:34 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-05-26 01:32 - 2013-09-18 16:41 - 00001019 _____ () C:\Users\Anubis\Desktop\Dropbox.lnk
2014-05-26 01:25 - 2013-05-21 07:47 - 00000000 ____D () C:\users\Anubis
2014-05-25 02:45 - 2014-05-25 02:45 - 00000000 ____D () C:\ProgramData\eBay
2014-05-23 15:51 - 2014-05-21 11:13 - 00000000 ____D () C:\Users\Anubis\Documents\FIFA 14
2014-05-22 02:53 - 2014-05-22 02:53 - 00382319 _____ () C:\Users\Anubis\Desktop\bookmarks.html
2014-05-21 11:00 - 2014-05-21 11:00 - 00001141 _____ () C:\Users\Anubis\Desktop\Play FIFA 14.lnk
2014-05-21 07:30 - 2014-05-21 07:30 - 00001007 _____ () C:\Users\Anubis\Desktop\ownCloud.lnk
2014-05-21 07:30 - 2014-05-21 07:30 - 00000000 ____D () C:\Users\Anubis\AppData\Local\ownCloud
2014-05-21 07:30 - 2014-05-21 07:26 - 00000000 ____D () C:\Program Files (x86)\ownCloud
2014-05-21 02:53 - 2014-05-21 02:53 - 00000000 ____D () C:\Windows\Simple Port Forwarding
2014-05-21 02:40 - 2014-04-07 07:46 - 00000000 ____D () C:\Program Files\OpenVPN
2014-05-20 04:56 - 2013-06-23 09:19 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\VMware
2014-05-20 04:56 - 2013-06-23 09:19 - 00000000 ____D () C:\Users\Anubis\AppData\Local\VMware
2014-05-20 02:09 - 2014-05-20 02:09 - 00004450 _____ () C:\Users\Anubis\Desktop\config.txt
2014-05-19 13:35 - 2014-05-19 13:35 - 00000024 _____ () C:\Users\Anubis\Desktop\lel.txt
2014-05-19 13:15 - 2014-05-19 12:53 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-19 12:53 - 2014-05-19 12:53 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-05-19 12:53 - 2014-05-19 12:53 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Opera Software
2014-05-19 12:53 - 2014-05-19 12:53 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Opera Software
2014-05-18 12:59 - 2014-05-12 11:19 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-05-17 13:21 - 2013-08-06 08:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 09:00 - 2009-07-13 18:34 - 00000478 _____ () C:\Windows\win.ini
2014-05-16 08:39 - 2013-09-03 13:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-16 08:39 - 2013-06-22 09:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 08:39 - 2013-06-22 09:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 07:56 - 2014-05-16 07:56 - 00000000 ____D () C:\Users\Anubis\New folder
2014-05-16 07:54 - 2014-04-07 07:47 - 00000952 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-05-16 06:53 - 2014-05-16 06:53 - 00000000 ____D () C:\Users\Anubis\AppData\Local\FluxSoftware
2014-05-15 05:03 - 2013-08-30 11:49 - 00000000 ____D () C:\Users\Anubis\Documents\Outlook Files
2014-05-13 10:52 - 2013-06-22 11:31 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\DisplayFusion
2014-05-13 06:31 - 2009-07-13 19:20 - 00000000 __RSD () C:\Windows\Media

Some content of TEMP:
====================
C:\Users\Anubis\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxeyyaf.dll
C:\Users\Anubis\AppData\Local\Temp\GUR69D9.exe
C:\Users\Anubis\AppData\Local\Temp\proxy_vole9176502324457360188.dll
C:\Users\Anubis\AppData\Local\Temp\SkypeSetup.exe


==================== Known DLLs (Whitelisted) ================

C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================


==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-us
inherit {globalsettings}
default {default}
resumeobject {a8afa330-c278-11e2-b8a7-baec48903942}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {a8afa32e-c278-11e2-b8a7-baec48903942}
device ramdisk=[C:]\Recovery\a8afa32e-c278-11e2-b8a7-baec48903942\Winre.wim,{a8afa32f-c278-11e2-b8a7-baec48903942}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\a8afa32e-c278-11e2-b8a7-baec48903942\Winre.wim,{a8afa32f-c278-11e2-b8a7-baec48903942}
systemroot \windows
nx OptIn
winpe Yes

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \windows\system32\winload.exe
description Windows 7
locale en-us
inherit {bootloadersettings}
osdevice partition=C:
systemroot \windows
resumeobject {a8afa330-c278-11e2-b8a7-baec48903942}
nx OptIn
detecthal Yes

Resume from Hibernate
---------------------
identifier {a8afa330-c278-11e2-b8a7-baec48903942}
device partition=C:
path \windows\system32\winresume.exe
description Windows Resume Application
locale en-us
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-us
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {a8afa32f-c278-11e2-b8a7-baec48903942}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\a8afa32e-c278-11e2-b8a7-baec48903942\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 4050.55 MB
Available physical RAM: 3328.37 MB
Total Pagefile: 4048.7 MB
Available Pagefile: 3345.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:53 GB) (Free:0.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Games/Files) (Fixed) (Total:2794.52 GB) (Free:178.01 GB) NTFS
Drive f: (240GB SSD) (Fixed) (Total:223.57 GB) (Free:5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Downloads) (Fixed) (Total:1397.26 GB) (Free:164.6 GB) NTFS
Drive h: (Windows_7_Enterprise_64_Bit) (CDROM) (Total:3.49 GB) (Free:0 GB) UDF
Drive i: () (Removable) (Total:14.4 GB) (Free:0.65 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SataBeast3.0) (Fixed) (Total:2794.39 GB) (Free:176.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 03B25764)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 03B19762)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: 88787FEB)
Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: 5BC53D8B)
Partition 1: (Active) - (Size=224 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 02535153)
Partition 1: (Not Active) - (Size=-698724913152) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 14 GB) (Disk ID: 0414A23C)
Partition 1: (Not Active) - (Size=14 GB) - (Type=0B)


LastRegBack: 2014-06-08 01:58

==================== End Of Log ============================

I think the following files are the culprits...

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.

So I then 
replaced my winlogon.exe and user32.dll files from another computer and booted no problem - no BSOD.

But I can't do anything now - I can't move a windows, I can't open programs, automatic program start ups at not displaying and buttons have no text :(

How can I restore my original winlogon.exe and User32.dll files please! :(

I can rerun the FRST.exe file within Windows now if that is required.

 



BC AdBot (Login to Remove)

 


m

#2 Ali3n0id

Ali3n0id
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 14 June 2014 - 04:07 AM

I am attaching FRST.exe results from within Windows
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by Anubis (administrator) on UNKNOWN on 14-06-2014 09:57:56
Running from I:\Apps
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\winlogon.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
() C:\Windows\Installer\MSIE361.tmp
(AMD) C:\Windows\System32\atieclxx.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
() C:\Windows\system\HsMgr64.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpn.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\Fences\Fences.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CmPCIaudio] => C:\Windows\Syswow64\CMICNFG3.dll [8765440 2011-04-01] (C-Media Corporation)
HKLM\...\Run: [LogiScrollApp] => C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [Cmaudio8768GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8768GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10394392 2014-04-07] (Logitech Inc.)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom780\GameCom780.exe [777448 2011-12-01] ()
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [111696 2013-08-27] (VMware, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-05] (AVAST Software)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2013-07-12] (Alcor Micro Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-16944076-2070425846-3567714608-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-06-05] (Valve Corporation)
HKU\S-1-5-21-16944076-2070425846-3567714608-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-16944076-2070425846-3567714608-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [645296 2009-12-09] (Binary Fortress Software)
HKU\S-1-5-21-16944076-2070425846-3567714608-1000\...\Run: [MouseServer] => C:\Program Files (x86)\MouseServer\MouseServer.exe [244736 2013-08-26] (wifimouse.necta.us)
HKU\S-1-5-21-16944076-2070425846-3567714608-1000\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)
HKU\S-1-5-21-16944076-2070425846-3567714608-1000\...\Run: [Spotify Web Helper] => C:\Users\Anubis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-16] (Spotify Ltd)
HKU\S-1-5-21-16944076-2070425846-3567714608-1000\...\Run: [Google Update] => C:\Users\Anubis\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-06-22] (Google Inc.)
HKU\S-1-5-21-16944076-2070425846-3567714608-1000\...\Run: [Spotify] => C:\Users\Anubis\AppData\Roaming\Spotify\spotify.exe [6170168 2014-05-16] (Spotify Ltd)
HKU\S-1-5-21-16944076-2070425846-3567714608-1000\...\Run: [f.lux] => C:\Users\Anubis\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-16944076-2070425846-3567714608-1000\...\Run: [OpenVPN] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [423224 2014-05-02] ()
HKU\S-1-5-21-16944076-2070425846-3567714608-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-16944076-2070425846-3567714608-1000\...\MountPoints2: {300f528a-c232-11e2-999d-902b34dab853} - H:\start.exe
HKU\S-1-5-21-16944076-2070425846-3567714608-1000\...\MountPoints2: {4b750fcd-c22d-11e2-bc4f-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-16944076-2070425846-3567714608-1000\...\MountPoints2: {62b41dc9-db69-11e2-95dc-902b34dab853} - H:\Run.exe
HKU\S-1-5-21-16944076-2070425846-3567714608-1000\...\MountPoints2: {eee6a919-3a88-11e3-ab96-806e6f6e6963} - H:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\Anubis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Anubis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Anubis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
Startup: C:\Users\Anubis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MightyText Notifier.lnk
Startup: C:\Users\Anubis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
BootExecute: autocheck autochk /k:Y * 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=0fef4a5d-2564-db44-daca-0e55474b632b&searchtype=ds&q={searchTerms}&installDate=23/01/2014
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=0fef4a5d-2564-db44-daca-0e55474b632b&searchtype=hp&installDate=23/01/2014
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=0fef4a5d-2564-db44-daca-0e55474b632b&searchtype=ds&q={searchTerms}&installDate=23/01/2014
SearchScopes: HKLM - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=0fef4a5d-2564-db44-daca-0e55474b632b&searchtype=ds&q={searchTerms}&installDate=23/01/2014
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=0fef4a5d-2564-db44-daca-0e55474b632b&searchtype=ds&q={searchTerms}&installDate=23/01/2014
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=0fef4a5d-2564-db44-daca-0e55474b632b&searchtype=ds&q={searchTerms}&installDate=23/01/2014
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=0fef4a5d-2564-db44-daca-0e55474b632b&searchtype=ds&q={searchTerms}&installDate=23/01/2014
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - D:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218

FireFox:
========
FF ProfilePath: C:\Users\Anubis\AppData\Roaming\Mozilla\Firefox\Profiles\q6nc45mt.default-1401787938480
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - D:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Anubis\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Anubis\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Anubis\AppData\Roaming\Mozilla\Firefox\Profiles\q6nc45mt.default-1401787938480\searchplugins\duckduckgo.xml
FF Extension: Fasterfox Lite - C:\Users\Anubis\AppData\Roaming\Mozilla\Firefox\Profiles\q6nc45mt.default-1401787938480\Extensions\FasterFox_Lite@BigRedBrent [2014-06-05]
FF Extension: EPUBReader - C:\Users\Anubis\AppData\Roaming\Mozilla\Firefox\Profiles\q6nc45mt.default-1401787938480\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-06-03]
FF Extension: Ghostery - C:\Users\Anubis\AppData\Roaming\Mozilla\Firefox\Profiles\q6nc45mt.default-1401787938480\Extensions\firefox@ghostery.com.xpi [2014-06-03]
FF Extension: DuckDuckGo Plus - C:\Users\Anubis\AppData\Roaming\Mozilla\Firefox\Profiles\q6nc45mt.default-1401787938480\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-06-04]
FF Extension: The Fox, Only Better - C:\Users\Anubis\AppData\Roaming\Mozilla\Firefox\Profiles\q6nc45mt.default-1401787938480\Extensions\thefoxonlybetter@quicksaver.xpi [2014-06-04]
FF Extension: Web Developer - C:\Users\Anubis\AppData\Roaming\Mozilla\Firefox\Profiles\q6nc45mt.default-1401787938480\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-06-03]
FF Extension: Adblock Plus - C:\Users\Anubis\AppData\Roaming\Mozilla\Firefox\Profiles\q6nc45mt.default-1401787938480\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-03]
FF Extension: BetterPrivacy - C:\Users\Anubis\AppData\Roaming\Mozilla\Firefox\Profiles\q6nc45mt.default-1401787938480\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-06-03]
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: Logitech Flow Scroll - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2013-06-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-05]

Chrome: 
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=GB&userid=0fef4a5d-2564-db44-daca-0e55474b632b&searchtype=hp&installDate=23/01/2014
CHR StartupUrls: "hxxp://www.google.com"
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (         "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (         "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Extension: (New Tab Page) - C:\Users\Anubis\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2014-01-23]
CHR Extension: (Google Docs) - C:\Users\Anubis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-23]
CHR Extension: (Google Drive) - C:\Users\Anubis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-23]
CHR Extension: (YouTube) - C:\Users\Anubis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-23]
CHR Extension: (Adblock Plus) - C:\Users\Anubis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-03]
CHR Extension: (Go away Cameron) - C:\Users\Anubis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2014-05-26]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Anubis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-05-27]
CHR Extension: (Google Search) - C:\Users\Anubis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-23]
CHR Extension: (Logitech Flow Scroll) - C:\Users\Anubis\AppData\Local\Google\Chrome\User Data\Default\Extensions\geooogfhpjdpeiphckpbgkhpbeobcaoi [2013-06-23]
CHR Extension: (avast! Online Security) - C:\Users\Anubis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-05]
CHR Extension: (Google Wallet) - C:\Users\Anubis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Anubis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-23]
CHR HKLM-x32\...\Chrome\Extension: [geooogfhpjdpeiphckpbgkhpbeobcaoi] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-06-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-05]

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-05] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-04-05] (AVAST Software)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1498000 2013-04-26] (Binary Fortress Software)
R2 HyperDeskCustomThemeEnabler; C:\Windows\Installer\MSIE361.tmp [102400 2013-06-22] () [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-05-02] (The OpenVPN Project)
S2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2013-12-25] ()
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [728328 2014-03-31] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-08-03] (Microsoft Corporation) [File not signed]
S4 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14401104 2013-08-27] ()
S3 wampapache; Z:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation) [File not signed]
S3 wampmysqld; Z:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] () [File not signed]
S3 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-03-14] (Asmedia Technology)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-05] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [445304 2014-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-05] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-05] ()
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [2491392 2011-03-30] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2013-06-22] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-02-26] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
S3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1327104 2011-11-05] (C-Media Electronics Inc)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 SafDskNT; C:\Windows\system32\drivers\SAFDSKNT.SYS [76112 2009-12-07] (PC Dynamics, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-08-15] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-06-14] ()
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys FBB35875FEFE53D4280259842069ED72
C:\Windows\System32\DRIVERS\atikmpag.sys A32BCAD9377E3B75D034CAFBA463A0AE
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AppleCharger.sys CC19A6452BA688EA32D14D8DBEC190F4
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asahci64.sys AA1A87CF0B150A765B55A671A32F992B
C:\Windows\System32\DRIVERS\asstor64.sys AA264E87A84F0E95E4752C1896CF7F8C
C:\Windows\system32\drivers\aswKbd.sys 60DD9BDD4F96FC4A1E4F528BC70EB630
C:\Windows\system32\drivers\aswMonFlt.sys 8BE618EB795A87DBFD1E09DA63F009C7
C:\Windows\System32\DRIVERS\aswNdisFlt.sys 693CB948002DD650C2CFA6BD58808FEE
C:\Windows\system32\drivers\aswRdr2.sys D4259F75734EBCC8D815753B09EB2F0A
C:\Windows\System32\Drivers\aswRvrt.sys 8D4B8BF93C65BDBC133B20706A3B5208
C:\Windows\system32\drivers\aswSnx.sys AA0D1B47BE967E1E17301DDFB66C432C
C:\Windows\system32\drivers\aswSP.sys 15C6B7D20EE0E44A4DF82183A89CCFC2
C:\Windows\system32\drivers\aswStm.sys 81FA56F29440406A7264CBD7B1C7CB29
C:\Windows\System32\Drivers\aswVmm.sys 0606875650850B0697D662934529F6FC
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 770A3B0D78232B0C1054495392A1FBA3
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\drivers\cmudax3.sys 277D3ED6B6901A9C15B7828D40269509
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys C7071D8CFBC8FCA8AC6266625F65F144
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys D3D64CF7B2BCEAA34A270F45A3FFFB36
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\epmntdrv.sys 6106653B08F4F72EEAA7F099E7C408A4
C:\Windows\SysWOW64\epmntdrv.sys F17F09BA097D8EC3CE2084FA97886B85
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\EuGdiDrv.sys 991C04A31777ED77CB92A4F96F14C2E2
C:\Windows\SysWOW64\EuGdiDrv.sys F1DE3EEF501DDA7DDF99F2EDF0C5540E
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcmon.sys 23AF3730B7B757A385721E900250CF3B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D1753C06EE17E29352B065EACF3F10D0
C:\Windows\System32\DRIVERS\iaStorA.sys 815499B59D675E42A70894118E7A6422
C:\Windows\System32\DRIVERS\iaStorF.sys C9FFC9330A5944A709549A28B5EB37C5
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ikbevent.sys E18725531054FE222115873AC1CCB02B
C:\Windows\System32\DRIVERS\imsevent.sys 45060257BCA3D60204FEC29F6E6DE458
C:\Windows\System32\drivers\RTKVHD64.sys FA2B7507CD49908B2260949E52F8B9FE
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ISCTD64.sys 4EE2423C38F43D37F8497A672FD10BDC
C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys 9C6F3F69163133FB8E56AC4A6E163452
C:\Windows\System32\DRIVERS\iusb3hcs.sys D596D915CF091DA1F8CE4BD38BB5D509
C:\Windows\System32\DRIVERS\iusb3hub.sys 3DD76F45DA45CEDCDFC7BF7AB93E6216
C:\Windows\System32\DRIVERS\iusb3xhc.sys B0342584DAB73797F584CADD41EEC6BD
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\drivers\LGBusEnum.sys FA529FB35694C24BF98A9EF67C1CD9D0
C:\Windows\System32\DRIVERS\LGSHidFilt.Sys 94AF1384A67B9FCF5651E70BC9D4C526
C:\Windows\System32\drivers\LGVirHid.sys 94B29CE153765E768F004FB3440BE2B0
C:\Windows\System32\DRIVERS\LHidFilt.Sys 241F2648ADF090E2A10095BD6D6F5DCB
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys 342ED5A4B3326014438F36D22D803737
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TeeDriverx64.sys 8751062F2F7EC78DE92D778A08099DDE
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MijXfilt.sys C030F9E822A057C1A7A9BB4EA3E8877E
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nlndis.sys AD42FB061166AF0643806800304BD76F
C:\Windows\System32\DRIVERS\nlndis.sys AD42FB061166AF0643806800304BD76F
C:\Program Files\NetLimiter 3\nltdi.sys 75E6581DE9A0B155EDAB6807E668BE06
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\drivers\PLTGC.sys AB168D5CF1CD69F9FA6F09C828FEA660
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\pwdrvio.sys C32ECB99AD25E9A04F01C8665DF29EF8
C:\Windows\system32\pwdspio.sys D619356B955EEFA642F5FF72755E8B3C
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RtHDMIVX.sys C20F64FCD5E2B40310A1774495877ACD
C:\Windows\System32\DRIVERS\Rt64win7.sys DEADB98AFDE5EA8F93DB9411E880EAE0
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\SAFDSKNT.SYS 593F9D5CE0CC58BC863AC01FBD8A186D
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\DRIVERS\tap0901.sys 3C32FF010F869BC184DF71290477384E
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\TVALZ_O.SYS 9A744CC3D804EC38A6C2C65BC3C6FCD8
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\emBDA64.sys 6276D51E3D1E351399CAEA22E8E78AA6
C:\Windows\System32\DRIVERS\emOEM64.sys D93916D3CD04B57A9E145C41150A4671
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\DRIVERS\usb8023x.sys 70D05EE263568A742D14E1876DF80532
C:\Windows\System32\DRIVERS\VBoxDrv.sys 197AF90E01A473A1862BB5381BE77877
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 9AFB83D5E465E7F3C2C20F968C774756
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys 132DFA8D09CE78952259D1A9B480C335
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmci.sys BE8E5E5D53ACF71D4E8E686B68C99B04
C:\Windows\System32\DRIVERS\vmnetadapter.sys 18AA5F4A3B1204AD00045EE5AD39BCDB
C:\Windows\System32\DRIVERS\vmnetbridge.sys 04CD4347CD9E8C40F78AD51F7FF426D0
C:\Windows\system32\drivers\vmnetuserif.sys 748FD60D1B73F50020CFD126F940543F
C:\Windows\System32\DRIVERS\vmusb.sys F347A28F63162FF82BDDAADC14935BA4
C:\Windows\system32\drivers\vmx86.sys CB41CC41F83C9A6081A2AE71251A16D5
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vsock.sys 108196FE0580A18AB6237EA36FD210F2
C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys E7CE8988B98202A5CF429CA358D26CC5
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\WPRO_41_2001.sys 7CA09731EB7FC99B910C7F239E57720F
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xnacc.sys 4A5CE13408945E525503B5F73D29B9C5
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-14 09:56 - 2014-06-14 09:56 - 00094656 _____ (CACE Technologies) C:\windows\system32\WPRO_41_2001woem.tmp
2014-06-12 19:00 - 2014-06-14 09:56 - 00000224 _____ () C:\windows\setupact.log
2014-06-12 19:00 - 2014-06-13 23:34 - 00001332 _____ () C:\windows\PFRO.log
2014-06-12 19:00 - 2014-06-12 19:00 - 00000000 _____ () C:\windows\setuperr.log
2014-06-12 18:57 - 2014-06-13 23:33 - 01673262 _____ () C:\windows\WindowsUpdate.log
2014-06-12 18:48 - 2014-06-14 09:57 - 00002020 _____ () C:\Users\Anubis\Desktop\Purchase Fences.lnk
2014-06-12 18:46 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\winlogon.exe
2014-06-12 18:46 - 2010-11-20 15:27 - 01008128 _____ (Microsoft Corporation) C:\windows\user32.dll
2014-06-11 06:00 - 2014-06-14 09:57 - 00000000 ____D () C:\FRST
2014-06-10 07:12 - 2014-06-10 07:12 - 00000000 ____D () C:\windows\system32\config\mybackup2
2014-06-10 06:58 - 2014-06-10 06:59 - 00000000 ____D () C:\windows\system32\config\mybackup
2014-06-09 22:39 - 2014-06-08 10:58 - 96468992 _____ () C:\windows\system32\config\SOFTWARE.TPBAK
2014-06-09 22:39 - 2014-06-08 10:58 - 27000832 _____ () C:\windows\system32\config\SYSTEM.TPBAK
2014-06-09 22:39 - 2014-06-08 10:58 - 00262144 _____ () C:\windows\system32\config\SECURITY.TPBAK
2014-06-09 22:39 - 2014-06-08 10:58 - 00262144 _____ () C:\windows\system32\config\SAM.TPBAK
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\uk-UA
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\th-TH
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\sr-Latn-CS
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\sl-SI
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\sk-SK
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\ro-RO
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\migwiz
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\lv-LV
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\lt-LT
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\hr-HR
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\he-IL
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\et-EE
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\bg-BG
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\uk-UA
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\th-TH
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\sr-Latn-CS
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\sl-SI
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\sk-SK
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\ro-RO
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\migwiz
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\lv-LV
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\lt-LT
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\hr-HR
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\he-IL
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\et-EE
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\bg-BG
2014-06-08 20:10 - 2014-06-08 20:10 - 00646360 _____ () C:\Users\Anubis\Downloads\photolistic.1.3.zip
2014-06-08 19:24 - 2014-06-08 20:03 - 00000000 ____D () C:\Users\Anubis\Desktop\Slides
2014-06-08 17:06 - 2014-06-08 16:39 - 00004736 _____ () C:\Users\Anubis\Desktop\Client1.ovpn
2014-06-08 16:41 - 2014-06-08 16:40 - 00004736 _____ () C:\Users\Anubis\Desktop\Client5.ovpn
2014-06-08 16:41 - 2014-06-08 16:40 - 00004736 _____ () C:\Users\Anubis\Desktop\Client3.ovpn
2014-06-08 16:41 - 2014-06-08 16:40 - 00004724 _____ () C:\Users\Anubis\Desktop\Client4.ovpn
2014-06-08 16:41 - 2014-06-08 16:39 - 00004736 _____ () C:\Users\Anubis\Desktop\Client2.ovpn
2014-06-08 16:41 - 2014-06-08 16:19 - 00004120 _____ () C:\Users\Anubis\Desktop\shi3ld.crt
2014-06-08 16:41 - 2014-06-08 16:19 - 00001383 _____ () C:\Users\Anubis\Desktop\ca.crt
2014-06-08 16:41 - 2014-06-08 16:19 - 00000920 _____ () C:\Users\Anubis\Desktop\ca.key
2014-06-06 21:12 - 2014-06-06 21:12 - 00041051 _____ () C:\Users\Anubis\Downloads\hypocrisy_eraser.ptb
2014-06-06 10:01 - 2014-06-06 10:01 - 00415759 _____ () C:\Users\Anubis\Downloads\ASIO4ALL_2_10_English.exe
2014-06-06 10:01 - 2014-06-06 10:01 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-06-06 10:01 - 2014-06-06 10:01 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-06-06 09:55 - 2014-06-06 09:55 - 00000000 ____D () C:\Users\Anubis\Documents\Native Instruments
2014-06-06 09:55 - 2014-06-06 09:55 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Native Instruments
2014-06-06 09:52 - 2014-06-06 09:52 - 00000000 __HDC () C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}
2014-06-06 09:51 - 2014-06-06 09:51 - 00000000 __HDC () C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}
2014-06-06 09:46 - 2014-06-06 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-06-06 09:46 - 2014-06-06 09:52 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2014-06-06 09:46 - 2014-06-06 09:51 - 00000000 ____D () C:\Program Files\Native Instruments
2014-06-06 09:46 - 2014-06-06 09:46 - 00000000 __HDC () C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2014-06-06 09:46 - 2014-06-06 09:46 - 00000000 __HDC () C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
2014-06-06 09:46 - 2014-06-06 09:46 - 00000000 __HDC () C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}
2014-06-06 09:46 - 2014-06-06 09:46 - 00000000 ____D () C:\ProgramData\Native Instruments
2014-06-06 09:39 - 2014-06-06 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
2014-06-06 09:15 - 2014-06-06 20:49 - 00000016 _____ () C:\windows\SysWOW64\w3data.vss
2014-06-06 09:15 - 2014-06-06 20:49 - 00000016 _____ () C:\windows\SysWOW64\msvcsv60.dll
2014-06-06 09:15 - 2014-06-06 20:49 - 00000016 _____ () C:\windows\msocreg32.dat
2014-06-06 09:15 - 2014-06-06 20:49 - 00000016 _____ () C:\Users\Anubis\AppData\Roaming\msregsvv.dll
2014-06-06 09:15 - 2014-06-06 20:49 - 00000016 _____ () C:\ProgramData\autobk.inc
2014-06-06 09:14 - 2014-06-06 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2014-06-06 09:14 - 2014-06-06 09:14 - 00000000 ____D () C:\Program Files (x86)\IK Multimedia
2014-06-06 09:14 - 2010-12-22 11:33 - 09410736 _____ (Intel Corporation) C:\windows\SysWOW64\mkl_p4m.dll
2014-06-06 09:14 - 2010-12-22 11:33 - 09210032 _____ (Intel Corporation) C:\windows\SysWOW64\mkl_p4.dll
2014-06-06 09:14 - 2010-12-22 11:33 - 09078960 _____ (Intel Corporation) C:\windows\SysWOW64\mkl_p4p.dll
2014-06-06 09:14 - 2010-12-22 11:33 - 09033904 _____ (Intel Corporation) C:\windows\SysWOW64\mkl_p4m3.dll
2014-06-06 09:14 - 2010-12-22 11:33 - 06944944 _____ (Intel Corporation) C:\windows\SysWOW64\mkl_core.dll
2014-06-06 09:14 - 2010-12-22 11:33 - 03868848 _____ (Intel Corporation) C:\windows\SysWOW64\mkl_intel_thread.dll
2014-06-06 09:14 - 2010-12-22 11:33 - 00530608 _____ (Intel Corporation) C:\windows\SysWOW64\libiomp5md.dll
2014-06-06 09:14 - 2010-12-22 11:33 - 00354480 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll
2014-06-06 09:14 - 2010-11-04 11:52 - 12708016 _____ (Intel Corporation) C:\windows\system32\mkl_def.dll
2014-06-06 09:14 - 2010-11-04 11:52 - 12474544 _____ (Intel Corporation) C:\windows\system32\mkl_core.dll
2014-06-06 09:14 - 2010-11-04 11:52 - 09917616 _____ (Intel Corporation) C:\windows\system32\mkl_intel_thread.dll
2014-06-06 09:14 - 2010-11-04 11:52 - 00529072 _____ (Intel Corporation) C:\windows\system32\libiomp5md.dll
2014-06-06 09:14 - 2009-10-14 16:15 - 00499712 _____ (Microsoft Corporation) C:\windows\msvcp71.dll
2014-06-06 09:14 - 2009-10-14 16:15 - 00348160 _____ (Microsoft Corporation) C:\windows\msvcr71.dll
2014-06-06 09:13 - 2014-06-06 09:14 - 00000000 ____D () C:\Users\Anubis\Documents\IK Multimedia
2014-06-06 09:13 - 2014-06-06 09:13 - 00000000 ____D () C:\Program Files\VstPlugIns
2014-06-06 09:13 - 2014-06-06 09:13 - 00000000 ____D () C:\Program Files (x86)\VstPlugIns
2014-06-03 10:32 - 2014-06-03 10:32 - 00000000 ____D () C:\Users\Anubis\Desktop\Old Firefox Data
2014-05-29 11:57 - 2014-05-29 11:57 - 00000000 ____D () C:\Users\Anubis\Desktop\Wind32diskinager
2014-05-29 10:54 - 2014-05-29 10:54 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Apple Computer
2014-05-28 21:23 - 2014-05-28 21:23 - 00000000 ____D () C:\Program Files (x86)\ASM106xSATA
2014-05-28 21:21 - 2014-04-23 03:25 - 00936664 _____ (Realtek ) C:\windows\system32\Drivers\Rt64win7.sys
2014-05-28 21:21 - 2014-04-23 03:25 - 00073800 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll
2014-05-28 15:53 - 2014-05-28 15:53 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-05-28 15:53 - 2014-05-28 15:53 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Apple
2014-05-28 15:53 - 2014-05-28 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-28 15:53 - 2014-05-28 15:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-28 15:53 - 2014-05-28 15:53 - 00000000 ____D () C:\ProgramData\Apple
2014-05-28 15:53 - 2014-05-28 15:53 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-28 15:53 - 2014-05-28 15:53 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-05-28 14:09 - 2014-05-28 14:09 - 00003074 _____ () C:\windows\System32\Tasks\{CAA169EA-EC15-4284-9588-215C73FF7CB9}
2014-05-27 21:28 - 2014-05-27 21:28 - 54607361 _____ () C:\Users\Anubis\Downloads\thefortyclub-co-uk-default-1-complete-2014-05-27-20-22-23.zip.part
2014-05-25 11:45 - 2014-05-25 11:45 - 00000000 ____D () C:\ProgramData\eBay
2014-05-22 17:05 - 2014-06-07 22:14 - 1025612115 ____N () C:\windows\MEMORY.DMP
2014-05-22 11:53 - 2014-05-22 11:53 - 00382319 _____ () C:\Users\Anubis\Desktop\bookmarks.html
2014-05-21 20:13 - 2014-05-24 00:51 - 00000000 ____D () C:\Users\Anubis\Documents\FIFA 14
2014-05-21 20:00 - 2014-05-21 20:00 - 00001141 _____ () C:\Users\Anubis\Desktop\Play FIFA 14.lnk
2014-05-21 16:30 - 2014-05-21 16:30 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk
2014-05-21 16:30 - 2014-05-21 16:30 - 00001007 _____ () C:\Users\Anubis\Desktop\ownCloud.lnk
2014-05-21 16:30 - 2014-05-21 16:30 - 00000000 ____D () C:\Users\Anubis\AppData\Local\ownCloud
2014-05-21 16:26 - 2014-05-21 16:30 - 00000000 ____D () C:\Program Files (x86)\ownCloud
2014-05-21 11:53 - 2014-06-08 16:54 - 00000000 ____D () C:\Program Files (x86)\Simple Port Forwarding
2014-05-21 11:53 - 2014-05-21 11:53 - 00000000 ____D () C:\windows\Simple Port Forwarding
2014-05-21 11:53 - 2014-05-21 11:53 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Forwarding
2014-05-20 11:09 - 2014-05-20 11:09 - 00004450 _____ () C:\Users\Anubis\Desktop\config.txt
2014-05-19 22:35 - 2014-05-19 22:35 - 00000024 _____ () C:\Users\Anubis\Desktop\lel.txt
2014-05-19 21:53 - 2014-05-19 22:15 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-19 21:53 - 2014-05-19 21:53 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-05-19 21:53 - 2014-05-19 21:53 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-05-19 21:53 - 2014-05-19 21:53 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Opera Software
2014-05-19 21:53 - 2014-05-19 21:53 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Opera Software
2014-05-16 16:56 - 2014-05-16 16:56 - 00000000 ____D () C:\Users\Anubis\New folder
2014-05-16 15:53 - 2014-05-16 15:53 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2014-05-16 15:53 - 2014-05-16 15:53 - 00000000 ____D () C:\Users\Anubis\AppData\Local\FluxSoftware
2014-05-16 14:50 - 2014-05-09 07:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-16 14:50 - 2014-05-09 07:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

2014-06-14 09:58 - 2013-05-21 16:47 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Temp
2014-06-14 09:57 - 2014-06-12 18:48 - 00002020 _____ () C:\Users\Anubis\Desktop\Purchase Fences.lnk
2014-06-14 09:57 - 2014-06-11 06:00 - 00000000 ____D () C:\FRST
2014-06-14 09:57 - 2013-06-22 23:45 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-14 09:56 - 2014-06-14 09:56 - 00094656 _____ (CACE Technologies) C:\windows\system32\WPRO_41_2001woem.tmp
2014-06-14 09:56 - 2014-06-12 19:00 - 00000224 _____ () C:\windows\setupact.log
2014-06-14 09:56 - 2013-06-22 18:55 - 00034752 _____ () C:\windows\system32\Drivers\WPRO_41_2001.sys
2014-06-14 09:56 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-13 23:34 - 2014-06-12 19:00 - 00001332 _____ () C:\windows\PFRO.log
2014-06-13 23:33 - 2014-06-12 18:57 - 01673262 _____ () C:\windows\WindowsUpdate.log
2014-06-13 23:33 - 2009-07-14 05:45 - 00017328 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-13 23:33 - 2009-07-14 05:45 - 00017328 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-13 23:24 - 2013-06-22 19:28 - 00000000 ____D () C:\Users\Anubis\AppData\Local\CrashDumps
2014-06-12 20:07 - 2014-03-03 17:09 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf36fafbebbab3.job
2014-06-12 20:07 - 2013-06-22 22:22 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-16944076-2070425846-3567714608-1000UA.job
2014-06-12 19:39 - 2013-09-03 22:03 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-12 19:04 - 2009-07-14 06:13 - 00792750 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-12 19:00 - 2014-06-12 19:00 - 00000000 _____ () C:\windows\setuperr.log
2014-06-12 18:56 - 2013-06-22 16:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-12 18:54 - 2009-07-14 05:45 - 04976768 _____ () C:\windows\system32\FNTCACHE.DAT
2014-06-10 07:12 - 2014-06-10 07:12 - 00000000 ____D () C:\windows\system32\config\mybackup2
2014-06-10 07:09 - 2009-07-14 06:38 - 00025600 ___SH () C:\windows\system32\config\BCD-Template.LOG
2014-06-10 07:09 - 2009-07-14 06:32 - 00028672 _____ () C:\windows\system32\config\BCD-Template
2014-06-10 06:59 - 2014-06-10 06:58 - 00000000 ____D () C:\windows\system32\config\mybackup
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\uk-UA
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\th-TH
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\sr-Latn-CS
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\sl-SI
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\sk-SK
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\ro-RO
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\migwiz
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\lv-LV
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\lt-LT
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\hr-HR
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\he-IL
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\et-EE
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\SysWOW64\bg-BG
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\uk-UA
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\th-TH
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\sr-Latn-CS
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\sl-SI
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\sk-SK
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\ro-RO
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\migwiz
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\lv-LV
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\lt-LT
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\hr-HR
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\he-IL
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\et-EE
2014-06-08 21:35 - 2014-06-08 21:35 - 00000000 ____D () C:\windows\system32\bg-BG
2014-06-08 21:35 - 2014-04-22 13:36 - 00009727 _____ () C:\windows\SysWOW64\Gms.log
2014-06-08 21:35 - 2013-06-22 16:18 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Skype
2014-06-08 21:35 - 2013-05-21 18:43 - 00000000 ____D () C:\windows\SysWOW64\zh-HK
2014-06-08 21:35 - 2013-05-21 18:43 - 00000000 ____D () C:\windows\SysWOW64\tr-TR
2014-06-08 21:35 - 2013-05-21 18:43 - 00000000 ____D () C:\windows\system32\zh-HK
2014-06-08 21:35 - 2013-05-21 18:43 - 00000000 ____D () C:\windows\system32\tr-TR
2014-06-08 21:35 - 2010-11-21 04:24 - 01866240 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2014-06-08 21:35 - 2010-11-21 04:24 - 01493504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2014-06-08 21:35 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\SysWOW64\IME
2014-06-08 21:35 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\IME
2014-06-08 21:35 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\IME
2014-06-08 21:35 - 2009-07-14 00:57 - 20268032 _____ (Microsoft Corporation) C:\windows\system32\imageres.dll
2014-06-08 21:35 - 2009-07-14 00:42 - 20268032 _____ (Microsoft Corporation) C:\windows\SysWOW64\imageres.dll
2014-06-08 21:35 - 2009-07-14 00:16 - 00234496 _____ (Microsoft Corporation) C:\windows\SysWOW64\hdwwiz.cpl
2014-06-08 21:34 - 2009-07-14 00:55 - 00288768 _____ (Microsoft Corporation) C:\windows\SysWOW64\modemui.dll
2014-06-08 21:34 - 2009-07-14 00:55 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mdminst.dll
2014-06-08 21:34 - 2009-07-14 00:27 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\hdwwiz.cpl
2014-06-08 21:31 - 2014-04-22 13:15 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Spotify
2014-06-08 21:30 - 2014-02-18 23:37 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\uTorrent
2014-06-08 21:21 - 2013-09-19 01:37 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Dropbox
2014-06-08 20:10 - 2014-06-08 20:10 - 00646360 _____ () C:\Users\Anubis\Downloads\photolistic.1.3.zip
2014-06-08 20:03 - 2014-06-08 19:24 - 00000000 ____D () C:\Users\Anubis\Desktop\Slides
2014-06-08 19:45 - 2013-05-21 17:35 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\vlc
2014-06-08 17:16 - 2014-03-18 16:55 - 00000600 _____ () C:\Users\Anubis\AppData\Local\PUTTY.RND
2014-06-08 17:07 - 2013-08-08 13:59 - 04349952 _____ () C:\Users\Anubis\Desktop\unknown.sdsk
2014-06-08 16:54 - 2014-05-21 11:53 - 00000000 ____D () C:\Program Files (x86)\Simple Port Forwarding
2014-06-08 16:45 - 2013-12-11 01:08 - 00000600 _____ () C:\Users\Anubis\AppData\Roaming\winscp.rnd
2014-06-08 16:40 - 2014-06-08 16:41 - 00004736 _____ () C:\Users\Anubis\Desktop\Client5.ovpn
2014-06-08 16:40 - 2014-06-08 16:41 - 00004736 _____ () C:\Users\Anubis\Desktop\Client3.ovpn
2014-06-08 16:40 - 2014-06-08 16:41 - 00004724 _____ () C:\Users\Anubis\Desktop\Client4.ovpn
2014-06-08 16:39 - 2014-06-08 17:06 - 00004736 _____ () C:\Users\Anubis\Desktop\Client1.ovpn
2014-06-08 16:39 - 2014-06-08 16:41 - 00004736 _____ () C:\Users\Anubis\Desktop\Client2.ovpn
2014-06-08 16:19 - 2014-06-08 16:41 - 00004120 _____ () C:\Users\Anubis\Desktop\shi3ld.crt
2014-06-08 16:19 - 2014-06-08 16:41 - 00001383 _____ () C:\Users\Anubis\Desktop\ca.crt
2014-06-08 16:19 - 2014-06-08 16:41 - 00000920 _____ () C:\Users\Anubis\Desktop\ca.key
2014-06-08 11:25 - 2014-02-04 17:52 - 00004958 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for unknown-Anubis unknown
2014-06-08 11:07 - 2013-06-22 22:22 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-16944076-2070425846-3567714608-1000Core.job
2014-06-08 10:58 - 2014-06-09 22:39 - 96468992 _____ () C:\windows\system32\config\SOFTWARE.TPBAK
2014-06-08 10:58 - 2014-06-09 22:39 - 27000832 _____ () C:\windows\system32\config\SYSTEM.TPBAK
2014-06-08 10:58 - 2014-06-09 22:39 - 00262144 _____ () C:\windows\system32\config\SECURITY.TPBAK
2014-06-08 10:58 - 2014-06-09 22:39 - 00262144 _____ () C:\windows\system32\config\SAM.TPBAK
2014-06-08 10:10 - 2013-06-22 22:23 - 00002418 _____ () C:\Users\Anubis\Desktop\Google Chrome Canary.lnk
2014-06-08 10:09 - 2013-07-29 20:04 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Adobe
2014-06-08 10:00 - 2014-04-10 17:09 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\DropboxMaster
2014-06-08 09:59 - 2013-06-23 18:19 - 00000000 ____D () C:\ProgramData\VMware
2014-06-07 22:15 - 2013-05-21 17:52 - 00000000 ____D () C:\windows\Minidump
2014-06-07 22:14 - 2014-05-22 17:05 - 1025612115 ____N () C:\windows\MEMORY.DMP
2014-06-07 11:55 - 2014-02-02 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-06 21:12 - 2014-06-06 21:12 - 00041051 _____ () C:\Users\Anubis\Downloads\hypocrisy_eraser.ptb
2014-06-06 20:49 - 2014-06-06 09:15 - 00000016 _____ () C:\windows\SysWOW64\w3data.vss
2014-06-06 20:49 - 2014-06-06 09:15 - 00000016 _____ () C:\windows\SysWOW64\msvcsv60.dll
2014-06-06 20:49 - 2014-06-06 09:15 - 00000016 _____ () C:\windows\msocreg32.dat
2014-06-06 20:49 - 2014-06-06 09:15 - 00000016 _____ () C:\Users\Anubis\AppData\Roaming\msregsvv.dll
2014-06-06 20:49 - 2014-06-06 09:15 - 00000016 _____ () C:\ProgramData\autobk.inc
2014-06-06 19:29 - 2014-02-27 17:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-06 19:29 - 2013-06-22 16:18 - 00000000 ____D () C:\ProgramData\Skype
2014-06-06 10:01 - 2014-06-06 10:01 - 00415759 _____ () C:\Users\Anubis\Downloads\ASIO4ALL_2_10_English.exe
2014-06-06 10:01 - 2014-06-06 10:01 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-06-06 10:01 - 2014-06-06 10:01 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-06-06 09:55 - 2014-06-06 09:55 - 00000000 ____D () C:\Users\Anubis\Documents\Native Instruments
2014-06-06 09:55 - 2014-06-06 09:55 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Native Instruments
2014-06-06 09:52 - 2014-06-06 09:52 - 00000000 __HDC () C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}
2014-06-06 09:52 - 2014-06-06 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-06-06 09:52 - 2014-06-06 09:46 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2014-06-06 09:51 - 2014-06-06 09:51 - 00000000 __HDC () C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}
2014-06-06 09:51 - 2014-06-06 09:46 - 00000000 ____D () C:\Program Files\Native Instruments
2014-06-06 09:46 - 2014-06-06 09:46 - 00000000 __HDC () C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2014-06-06 09:46 - 2014-06-06 09:46 - 00000000 __HDC () C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
2014-06-06 09:46 - 2014-06-06 09:46 - 00000000 __HDC () C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}
2014-06-06 09:46 - 2014-06-06 09:46 - 00000000 ____D () C:\ProgramData\Native Instruments
2014-06-06 09:40 - 2013-09-16 18:59 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Guitar Pro 6
2014-06-06 09:39 - 2014-06-06 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
2014-06-06 09:34 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-06-06 09:14 - 2014-06-06 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2014-06-06 09:14 - 2014-06-06 09:14 - 00000000 ____D () C:\Program Files (x86)\IK Multimedia
2014-06-06 09:14 - 2014-06-06 09:13 - 00000000 ____D () C:\Users\Anubis\Documents\IK Multimedia
2014-06-06 09:13 - 2014-06-06 09:13 - 00000000 ____D () C:\Program Files\VstPlugIns
2014-06-06 09:13 - 2014-06-06 09:13 - 00000000 ____D () C:\Program Files (x86)\VstPlugIns
2014-06-03 21:52 - 2009-07-14 06:08 - 00032608 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-06-03 14:08 - 2013-06-23 00:38 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-03 10:32 - 2014-06-03 10:32 - 00000000 ____D () C:\Users\Anubis\Desktop\Old Firefox Data
2014-06-02 18:59 - 2014-04-22 13:39 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Spotify
2014-06-01 22:52 - 2014-05-09 23:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-29 17:52 - 2013-08-09 12:56 - 00000000 ____D () C:\ProgramData\Origin
2014-05-29 11:57 - 2014-05-29 11:57 - 00000000 ____D () C:\Users\Anubis\Desktop\Wind32diskinager
2014-05-29 10:54 - 2014-05-29 10:54 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Apple Computer
2014-05-28 21:23 - 2014-05-28 21:23 - 00000000 ____D () C:\Program Files (x86)\ASM106xSATA
2014-05-28 21:21 - 2013-05-21 17:02 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-05-28 21:17 - 2013-06-22 17:57 - 00000000 ____D () C:\ProgramData\DriverGenius
2014-05-28 20:38 - 2013-05-21 17:27 - 00001135 _____ () C:\windows\Cmicnfg3.ini.imi
2014-05-28 15:53 - 2014-05-28 15:53 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-05-28 15:53 - 2014-05-28 15:53 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Apple
2014-05-28 15:53 - 2014-05-28 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-28 15:53 - 2014-05-28 15:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-28 15:53 - 2014-05-28 15:53 - 00000000 ____D () C:\ProgramData\Apple
2014-05-28 15:53 - 2014-05-28 15:53 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-28 15:53 - 2014-05-28 15:53 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-05-28 14:19 - 2013-07-29 14:32 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Notepad++
2014-05-28 14:09 - 2014-05-28 14:09 - 00003074 _____ () C:\windows\System32\Tasks\{CAA169EA-EC15-4284-9588-215C73FF7CB9}
2014-05-27 21:28 - 2014-05-27 21:28 - 54607361 _____ () C:\Users\Anubis\Downloads\thefortyclub-co-uk-default-1-complete-2014-05-27-20-22-23.zip.part
2014-05-27 20:22 - 2013-12-04 01:34 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-05-26 10:32 - 2013-09-19 01:41 - 00001019 _____ () C:\Users\Anubis\Desktop\Dropbox.lnk
2014-05-26 10:32 - 2013-09-19 01:37 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-26 10:32 - 2013-05-21 16:55 - 00000000 ___RD () C:\Users\Anubis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-26 10:25 - 2013-05-21 16:47 - 00000000 ____D () C:\Users\Anubis
2014-05-25 11:45 - 2014-05-25 11:45 - 00000000 ____D () C:\ProgramData\eBay
2014-05-24 00:51 - 2014-05-21 20:13 - 00000000 ____D () C:\Users\Anubis\Documents\FIFA 14
2014-05-22 11:53 - 2014-05-22 11:53 - 00382319 _____ () C:\Users\Anubis\Desktop\bookmarks.html
2014-05-21 20:00 - 2014-05-21 20:00 - 00001141 _____ () C:\Users\Anubis\Desktop\Play FIFA 14.lnk
2014-05-21 16:30 - 2014-05-21 16:30 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk
2014-05-21 16:30 - 2014-05-21 16:30 - 00001007 _____ () C:\Users\Anubis\Desktop\ownCloud.lnk
2014-05-21 16:30 - 2014-05-21 16:30 - 00000000 ____D () C:\Users\Anubis\AppData\Local\ownCloud
2014-05-21 16:30 - 2014-05-21 16:26 - 00000000 ____D () C:\Program Files (x86)\ownCloud
2014-05-21 11:53 - 2014-05-21 11:53 - 00000000 ____D () C:\windows\Simple Port Forwarding
2014-05-21 11:53 - 2014-05-21 11:53 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Forwarding
2014-05-21 11:40 - 2014-04-07 16:46 - 00000000 ____D () C:\Program Files\OpenVPN
2014-05-20 13:56 - 2013-06-23 18:19 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\VMware
2014-05-20 13:56 - 2013-06-23 18:19 - 00000000 ____D () C:\Users\Anubis\AppData\Local\VMware
2014-05-20 11:09 - 2014-05-20 11:09 - 00004450 _____ () C:\Users\Anubis\Desktop\config.txt
2014-05-19 22:35 - 2014-05-19 22:35 - 00000024 _____ () C:\Users\Anubis\Desktop\lel.txt
2014-05-19 22:15 - 2014-05-19 21:53 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-19 21:53 - 2014-05-19 21:53 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-05-19 21:53 - 2014-05-19 21:53 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-05-19 21:53 - 2014-05-19 21:53 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Opera Software
2014-05-19 21:53 - 2014-05-19 21:53 - 00000000 ____D () C:\Users\Anubis\AppData\Local\Opera Software
2014-05-18 21:59 - 2014-05-12 20:19 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-17 22:21 - 2013-08-06 17:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 18:00 - 2009-07-14 03:34 - 00000478 _____ () C:\windows\win.ini
2014-05-16 17:39 - 2013-09-03 22:03 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-16 17:39 - 2013-06-22 18:20 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 17:39 - 2013-06-22 18:20 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 16:56 - 2014-05-16 16:56 - 00000000 ____D () C:\Users\Anubis\New folder
2014-05-16 16:54 - 2014-04-07 16:47 - 00000952 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-05-16 15:53 - 2014-05-16 15:53 - 00000000 ____D () C:\Users\Anubis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2014-05-16 15:53 - 2014-05-16 15:53 - 00000000 ____D () C:\Users\Anubis\AppData\Local\FluxSoftware
2014-05-15 14:03 - 2013-08-30 20:49 - 00000000 ____D () C:\Users\Anubis\Documents\Outlook Files

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-us
inherit                 {globalsettings}
default                 {current}
resumeobject            {a8afa330-c278-11e2-b8a7-baec48903942}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {a8afa32e-c278-11e2-b8a7-baec48903942}
device                  ramdisk=[C:]\Recovery\a8afa32e-c278-11e2-b8a7-baec48903942\Winre.wim,{a8afa32f-c278-11e2-b8a7-baec48903942}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\a8afa32e-c278-11e2-b8a7-baec48903942\Winre.wim,{a8afa32f-c278-11e2-b8a7-baec48903942}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  en-us
inherit                 {bootloadersettings}
osdevice                partition=C:
systemroot              \windows
resumeobject            {a8afa330-c278-11e2-b8a7-baec48903942}
nx                      OptIn
detecthal               Yes

Resume from Hibernate
---------------------
identifier              {a8afa330-c278-11e2-b8a7-baec48903942}
device                  partition=C:
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-us
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-us
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {a8afa32f-c278-11e2-b8a7-baec48903942}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\a8afa32e-c278-11e2-b8a7-baec48903942\boot.sdi



LastRegBack: 2014-06-08 10:58

==================== End Of Log ============================


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:09 AM

Posted 15 June 2014 - 06:06 PM

Greetings Ali3n0id and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Please rerun Farbar Recovery Scan Tool, making sure to place a check mark in Addition.txt, and copy/paste the results in your reply. Please just copy and paste rather than put the information in a code box.


===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:09 AM

Posted 18 June 2014 - 09:05 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:09 AM

Posted 20 June 2014 - 09:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users