Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

backdoor/exploit/win32k/rootkit/bootkit I'm all messed up, please help!


  • This topic is locked This topic is locked
32 replies to this topic

#1 bigrobifer

bigrobifer

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 18 June 2014 - 03:55 AM

 It started with a zip file that has since been deleted. But it sat in a folder(downloads) on my win7 hp laptop for almost two before i opened it and started going through it to make web pages out of it. I had free avg with malwarebytes at the time. I wanted to move away from avg because i wanted to try a free trial of trend micro, did that and TM picked up an exploit and a backdoor. Rebooted, all was well. Didnt realize where they came from so I started working with the same zipfile. After the laptop started getting to slow to allow for regular usage I started delving around and realized the really high latency was from ADS. So after going through  about 5-6 (??lost count) antimalware/spyare prog's trying to unsuccesfully find a rootkit i used sysinternal, gmer and a few others and they all crashed, in safe mode crashes occured also. I used defogger to disable emulation, disabled several services that were persistantly being started from manual/ disable mode (remote reg is always disabled as is a few others like that.) There was also the problem of active UnP activity whereas i always disabled  that. The print spooler, waking up from disable. A few other serious things like that letting me know i had an active infection. So i decided that i wanted an interactive firewall to try and find the culprit. Man a MISTAKE  i uninstalled MSE and disabled windows firewall and installed COMODO and knew immediately i messed up even before it was finished installing. After install though it rebooted went to bios start screen, the caps lock key started blinking and the screen went totally black. After a few minutes I cut the laptop off by button, waited, tried to boot up, same thing. Cut it back off but this time i took the battery out for a few minutes (it wasnt running hot though), it booted up and i went into safe mode, disabled all comodo services, enabled MSE and rebooted to my desktop. I uninstalled comodo. Ran gmer again and it finally took, ran defogger after that because i was gonna make another gmer log afterwards so you could compare but then the screen froze. I rebooted and was presented with a sytem recovery screen and, MISTAKE i clicked yeah. All over again with the battery removal but this time i had do it a few times. When it did come back on i booted into safe mode with networking ran a combofix and let it do it things. Back in regular mode it sent me and i rebooted back into safe mode to write this. I'm enclosing the last five logs from 3 scans. FRST, GMer, and combofix.  Would really be thankfull if you could help me get this stuff gone for good. Thanks for reading about my problems in your world lol. (should've sought out help to begin with).Attached File  defogger_disable.log   472bytes   0 downloadsAttached File  ComboFix.txt   32.35KB   1 downloadsAttached File  FRST.txt   190.2KB   3 downloadsAttached File  GMERstart_up.txt   4.55KB   3 downloads

 

The Other Gmer log is 250kb by itself and it got what looks like a quarter of my registry. Let me know if you want that as well. 

No more scans or random satoshi usage for me and I'm subscribed to the thread also. Ya'll are awesome and thanks alot. And i don't know if my win32k.sys is bad or not but i seen (another forum on inline hooks win32k.sys virus) a registry key associated with the bad win32k.sys (super long value referencing everything - drivers, dll, ect..) i deleted that after manually changing owner. That was yesterday sometime though.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:49 PM

Posted 22 June 2014 - 08:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

You are presently running the Farbar Recovery Scan Tool from the folder in bold.
C:\Users\owner\Downloads

Place this fixlist.txt that you will create in the same folder.

I feel confident that if you are able to run the fix from your Download folder you will be able to restart the computer in normal mode.

Run the fix as suggested below.

====

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2616320 2011-02-25] (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll (AdTrustMedia)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\owner\Desktop\Robert's\LPToolbar_x64.dll (LastPass)
Toolbar: HKCU - No Name - {7DCA8C02-B6EF-40D9-B9A4-7D92930B7F49} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -  No File
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} -  No File
Filter-x32: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (My Logon Manager) - C:\Program Files (x86)\My Logon Manager\NPMLMPlugin.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Plugin: (Advanced SystemCare 7) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\Plugin\ASCPlugin_Protect.dll No File
CHR Extension: (Speed Dial) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi [2014-06-02]
CHR Extension: (Foxtab Speed Dial) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcoecifcadmambfikillppkoafmgachp [2014-06-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

End
Save the files as fixlist.txt into the same folder as the FRST tool.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.
===

You have an old version of the tool. Please get the latest version.

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Create a folder on your Desktop and name it MY_FRST move the new version of FRST to that folder.

Run the tool and post a fresh log for my review.

If the fix worked and you got a log from the new version you can delete your current version of the Farbar Recovery Scan Tool from the download folder.

#3 bigrobifer

bigrobifer
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 23 June 2014 - 12:06 AM

i have been battling this thing hard for real. I figured out its a conficker worm variant, its not in the kernal but does load up from a dll when the srvchost starts. Cant find the dll because all my logging and tracing tools are not showing the real story. I read this  http://www.microsoft.com/security/pc-security/conficker.aspx                http://support.microsoft.com/kb/962007/en-us

I was able to, safe mode with command prompt, reset the loaded services (shutdown/g) then went into safe mode with networking and finally the remote desktop services stopped coming out of disabled. I deleted alot of files trying to disable it or make holes in its api calls where i could find it with a program. No luck with that but i did use "unhide" and it changed the 5 main registry entries for group policy and gave it a name "fake hdd rouge". I had already disabled  shadow copy and the EFS service plus all usb ports and the cd-dvd as well. I also found some udp ports open after i had disabled that protocol (not 100% sure if i disabled it correctly though) After all that i read the microsoft articles and am convinced about that based on services involved and permission changes and ring1 boot activity.

SO... since i deleted alot of files i was uncertain of, i found that i deleted FRST from my download folder. I had really thought the virus had immunized that program or something. I can download another copy to run with or without the fix list if you want or should i try and do the steps on the microsoft page? Since the troublesome remote service isnt starting on its own an security policies arent changing every folder i look into i can stop with the meddlin while you help. Thank you alot. Here's the last scan from unhide (been hitting ya'lls download section a whole lot). 

 

Unhide by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
 
Program started at: 06/22/2014 11:05:23 PM
Windows Version: Windows 7
 
Please be patient while your files are made visible again.
 
Processing the C:\ drive
Finished processing the C:\ drive. 791038 files processed.
 
Processing the D:\ drive
Finished processing the D:\ drive. 67 files processed.
 
The C:\Users\owner\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
 
Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.
 
Program finished at: 06/22/2014 11:16:52 PM
Execution time: 0 hours(s), 11 minute(s), and 28 seconds(s)


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:49 PM

Posted 23 June 2014 - 08:16 AM

Download a fresh copy of the FRST tool and place it on your desktop or in a folder on your desktop.

Create the fixlist.txt file and place it in the same folder as FRST.

Run FRST and select to fix it.

===

When done run the FRST tool normally and post a fresh log for my review.

#5 bigrobifer

bigrobifer
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 23 June 2014 - 10:18 AM

Followed instructs. I'm running in safe mode with networking. Had all the options checked on both runs. I'm not sure about alot of stuff i seen but I do know the You_Cam_Downloader and its patch weren't supposed to be on here. I keep the cam disabled so it couln't have been an auto update i dont think. Its also worth mentioning that i uninstalled youcam but it seems like it was reinstalled immediately after. Also something i found a day or 2 ago, a user profile named ALL USERS and the app data folder was a bottomless hole. Really i went like 10 or 15 deep inside a circular hole, i erased the whole profile. Here's all 7 logs, including the shortcut text so you could see the ones with arguments, some of those from the first scan seem funny. And the second scan didnt produce a fixlog.

Attached File  1Addition.txt   40.71KB   0 downloads  Attached File  1Fixlog.txt   10.56KB   0 downloads  Attached File  1FRST.txt   126.22KB   0 downloadsAttached File  1Shortcut.txt   64.79KB   0 downloads  Attached File  2Addition.txt   40.71KB   0 downloads

Cant upload the number 2FRST.TXT or 2Shortcut.txt. Will try for another post.  

 



#6 bigrobifer

bigrobifer
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 23 June 2014 - 10:21 AM

It tells me files to big, but the first FRST post was 2kb bigger. here it is without the shortcut txt.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by owner (administrator) on OWNER-HP on 23-06-2014 10:00:51
Running from C:\Users\owner\Desktop\FRST
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware)
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\RunOnce: [Application Restart #0] - C:\Windows\System32\ctfmon.exe ctfmon.exe
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Policies\Explorer: [NoAddPrinter] 1
BootExecute: PDBoot.exeautocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAB6AB6611C88CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\owner\Desktop\Robert's\LPToolbar_x64.dll (LastPass)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\owner\Desktop\Robert's\LPToolbar.dll (LastPass)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Handler: AnVirDisabled\skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: AnVirDisabled\skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.wix.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass - C:\Users\owner\Desktop\Robert's\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Users\owner\Desktop\Robert's\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: LastPass - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\support@lastpass.com [2014-06-07]
FF Extension: iMacros for Firefox - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-05-25]
FF Extension: Firebug - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\firebug@software.joehewitt.com.xpi [2014-06-04]
FF Extension: FlashDisable - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\jid0-bbA9VAawX3LMWDu668aUDrpQVXU@jetpack.xpi [2014-06-07]
FF Extension: CoinURL - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\jid1-L9YAQzMOANgNZg@jetpack.xpi [2014-06-03]
FF Extension: PrivDog - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\PrivDog@AdTrustMedia.com.xpi [2014-06-17]
FF Extension: SelectBoxTools - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\selectboxtools@nodomain.com.xpi [2014-06-04]
FF Extension: Speed DNS - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\speeddns@gmail.com.xpi [2014-06-04]
FF Extension: The Addon Bar (restored) - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-06-04]
FF Extension: YSlow - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\yslow@yahoo-inc.com.xpi [2014-06-04]
FF Extension: Greasemonkey - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-06-04]
FF Extension: User Agent Switcher - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-06-04]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\cache@status.org [2014-06-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\toolbar@unet.com [2014-06-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84} [2014-06-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2014-06-03]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn [2014-06-21]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF [2014-06-18]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "https://www.landofbitcoin.com/", "https://www.facebook.com/login.php?login_attempt=1"
CHR NewTab: "chrome-extension://dgpdioedihjhncjafcpgbbjdpbbkikmi/speeddial.html"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (My Logon Manager) - C:\Program Files (x86)\My Logon Manager\NPMLMPlugin.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (Advanced SystemCare 7) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\Plugin\ASCPlugin_Protect.dll No File
CHR Extension: (Angry Birds) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-04-30]
CHR Extension: (Tools for Amazon's Mechanical Turk) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoffgjejcepnijgahpckhajchahfpojo [2014-04-14]
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-18]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-18]
CHR Extension: (Website Protection) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\beiopafefbkbokhfglgppmhpeobgpmed [2014-04-17]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-06-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2014-06-02]
CHR Extension: (Facebook Color Changer) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\clnnapikbigkpjmgckhedmkgfkochicj [2014-06-02]
CHR Extension: (PrivDog) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-06-18]
CHR Extension: (MakeGIF Video Capture) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhdjbfjheoohmhpakglckehdcgfffbl [2014-06-02]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-18]
CHR Extension: (AdPend Exchange Network) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfjdkdceleofajflfmefffopfpodglfd [2014-06-17]
CHR Extension: (Turkopticon) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgefbojfgdddnignhmfmnencgiloojpe [2014-04-14]
CHR Extension: (Tampermonkey) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-04-13]
CHR Extension: (MindMup - Free Mind Map web site) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnenaecjcgeppfpaokiifokeieopppej [2014-04-13]
CHR Extension: (Sumo Paint) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod [2014-06-02]
CHR Extension: (MozBar) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2014-06-02]
CHR Extension: (Authy Chrome Extension) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgenkpocbhhddlgkjnfghpjanffonno [2014-06-18]
CHR Extension: (Authy) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2014-06-18]
CHR Extension: (AppJump App Launcher and Organizer) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hccbinpobnjcpckmcfngmdpnbnjpmcbd [2014-04-13]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-04-11]
CHR Extension: (Website Destroyer) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfdklionolegofhffnhoagpmlailnnni [2014-04-17]
CHR Extension: (CoinURL) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hioofbdebnagjphoejaimfoklbcemnfh [2014-04-21]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-06-02]
CHR Extension: (elRTE - HTML edit) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokleipfjbnpkdlfaebfamgadpleagie [2014-05-27]
CHR Extension: (Seymour: Personal Typist) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iakakkmhombdnngelgjejblefgljkded [2014-05-26]
CHR Extension: (Word Count Tool) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjgdahgcdkpdlbkadidojhfddflblcm [2014-05-11]
CHR Extension: (Pixlr Editor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2014-05-04]
CHR Extension: (Photo To Cartoon) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphmndcanljimncebjfmknoadejhjjdd [2014-06-02]
CHR Extension: (Character Count) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbkelnohbkfdcdgoimhlhikgkehepal [2014-05-26]
CHR Extension: (KryptoKit Bitcoin Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhhipingoaiddcoalochnbjlkifbpmoj [2014-04-19]
CHR Extension: (Skype Click to Call) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-18]
CHR Extension: (Button for Bitly™) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfaclnajlpfhbehdkmonbapamejjdfio [2014-06-07]
CHR Extension: (Editor Lite) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nglgdmkkiemejlladcdjegcllaieegoe [2014-05-27]
CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-18]
CHR Extension: (Context Menu Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2014-04-14]
CHR Extension: (ScriptSafe) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-06-17]
CHR Extension: (Page Monitor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-04-14]
CHR Extension: (4chan Plus) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2014-06-02]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-18]
CHR Extension: (Bitcoin Address Lookup) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlblkdmadbidammhjiponepngbfcpge [2014-04-26]
CHR Extension: (Word Count) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnngehidikgomgfjbpffonkeimgbpjlh [2014-05-23]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-06-19]
CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-06-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S3 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
S3 SDScannerService; C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2013-12-18] (AVG)
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-06-08] (Emsisoft GmbH)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-17] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-17] (Symantec Corporation)
S1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-06-14] (REALiX™)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140620.001\IDSvia64.sys [525016 2014-06-17] (Symantec Corporation)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140621.001\ENG64.SYS [126040 2014-06-17] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140621.001\EX64.SYS [2099288 2014-06-17] (Symantec Corporation)
S3 PORTMON; C:\Users\owner\Desktop\New folder\PORTMSYS.SYS [28656 2014-06-22] (Systems Internals) [File not signed]
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-06-19] (Duplex Secure Ltd.)
S1 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-06-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-04] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-12] (Anchorfree Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 CrucialSMBusScan; \??\C:\Users\owner\AppData\Local\Temp\CrucialSMBusScan_V64.sys [X]
U4 ImapiService; 
U2 TMAgent; 
U4 WmdmPmSN; 
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140606.001\BHDrvx64.sys F10EFCE086C794F8A7C2C7A3EA52AC5F
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys 56685951208AC81CF923B9B08BEDF3B7
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\EEK\Run\cleanhlp64.sys B794DCF38C965FA2F93C45A7C3D582C5
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\DefragFS.sys 7194353A9303E80BA0B22187E559EB13
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\dfx11_1x64.sys 51D50A9A72C18E4629891BF381D123BA
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 1ED08A6264C5C92099D6D1DAE5E8F530
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 5E346ADBAD5110EAB2E9808ABE877A00
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 773ACF5823046FA40D7FD898559A7228
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\system32\drivers\HWiNFO64A.SYS D7E0591E2BA1289C875A9D948377441E
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140620.001\IDSvia64.sys F6F8CDA3CC5207BFD0B319A26E33ACD3
C:\Windows\System32\DRIVERS\igdkmd64.sys 8814F0B9A09C647D3D7BE735450E7B4C
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 336C3A6BF14D5A9AF35AF07C6B6B29CD
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MarvinBus64.sys 024DA28053D57E9E32BEE52600576BBB
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140621.001\ENG64.SYS 702E07EC32F96ACDB873E9A5465D4401
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140621.001\EX64.SYS 302EA314A1AF0D7CEF0A3D0195F79561
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PDFsFilter.sys 9F5E27C8B88A8DA1DC93E93A5C27BB9B
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Users\owner\Desktop\New folder\PORTMSYS.SYS C58AE9881CD83BB1662A7E062E11CBD6
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PSKMAD.sys 05A0C2744CEAC6F1B723EC469B650EF0
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RtsPStor.sys 546D7F426776090B90EF5F195B6AE662
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 3372196F61AF48503656EF6AA3E92D1B
C:\Windows\System32\DRIVERS\rtl8192Ce.sys 177963A6EEBAA9EF3B56A2DBE9D5D0FC
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Program Files\Sandboxie\SbieDrv.sys F22189298ABFC75F2A2D87BCCD3CA092
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys 74D30C2EF66C2EB19F17ED5423AA8038
C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS 2FD9346F9D76CB4192D37329CFA47A82
C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS 0E76CEF892C45734F7AED09FDDF35D4D
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\NISx64\1405000.01C\SYMDS64.SYS 52DC0048D667757A8A2E4C87182890AC
C:\Windows\System32\drivers\NISx64\1405000.01C\SYMEFA64.SYS 599872BAD7CFB45C7CE47CDED4B726D8
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS F19E5E37ED8134B9E5F6287F2D3A75D7
C:\Windows\System32\DRIVERS\SymIMv.sys BFD99DC6C7FEB2F8B20D488FDF3A9A55
C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS ADF37F1A715D6C56C8E065FD8569A9A4
C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS 9CDCA70485BD6B9D230365F67C31F132
C:\Windows\System32\DRIVERS\SynTP.sys AC3CC98B1BDB6540021D3FFB105AC2B9
C:\Windows\System32\DRIVERS\taphss6.sys A44268083CEC91EFE69AC0E371131745
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-23 08:50 - 2014-06-23 10:01 - 00000000 ____D () C:\Users\owner\Desktop\FRST
2014-06-22 23:05 - 2014-06-22 23:05 - 00000000 ____D () C:\SQLCritUpdPkg
2014-06-22 21:35 - 2014-06-22 23:16 - 00002808 _____ () C:\Users\owner\Desktop\unhide.txt
2014-06-22 21:32 - 2014-06-22 21:33 - 29183200 _____ (Microsoft Corporation) C:\Users\owner\Desktop\Windows-KB890830-x64-V5.13.exe
2014-06-22 21:29 - 2014-06-22 21:31 - 107726072 _____ (Microsoft Corporation) C:\Users\owner\Desktop\msert.exe
2014-06-22 13:46 - 2014-06-22 13:46 - 00000027 _____ () C:\Users\owner\Downloads\apppath.torun
2014-06-22 11:41 - 2014-06-22 11:41 - 00000000 ____D () C:\Users\owner\Desktop\DLL'S REPLACE
2014-06-22 01:49 - 2014-06-22 20:46 - 00000000 ____D () C:\Trend Micro
2014-06-22 01:28 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\Desktop\new antivirus
2014-06-21 13:32 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-21 13:32 - 2014-06-22 01:49 - 00002935 _____ () C:\Users\owner\Desktop\HiJackThis.lnk
2014-06-21 13:26 - 2014-06-21 13:26 - 05209566 _____ (Swearware) C:\Users\owner\Desktop\ComboFix.exe
2014-06-21 13:26 - 2014-06-21 13:26 - 01402880 _____ () C:\Users\owner\Desktop\HiJackThis.msi
2014-06-20 22:18 - 2014-06-20 22:24 - 00003392 _____ () C:\Windows\System32\Tasks\Log-Test1
2014-06-20 22:17 - 2014-06-20 22:17 - 00000114 _____ () C:\local.conf
2014-06-20 22:09 - 2014-06-20 22:13 - 00003792 _____ () C:\Windows\System32\Tasks\My BabyCakin
2014-06-20 19:51 - 2014-06-22 21:12 - 00000000 ____D () C:\Panda Cloud Cleaner
2014-06-20 19:51 - 2014-06-20 19:51 - 00000708 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-06-20 19:51 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-06-20 19:35 - 2014-06-20 19:35 - 01369720 _____ () C:\Users\owner\Desktop\PandaCloudAntivirus.exe
2014-06-20 19:34 - 2014-06-20 19:35 - 30115912 _____ (Panda Security ) C:\Users\owner\Desktop\PandaCloudCleaner.exe
2014-06-20 19:21 - 2014-06-20 19:21 - 00291863 _____ () C:\Users\owner\Desktop\Rootkit List.htm
2014-06-20 19:19 - 2014-06-20 19:19 - 00065137 _____ () C:\Users\owner\Desktop\How to Manually Remove a Rootkit Infection   eHow.htm
2014-06-20 19:17 - 2014-06-20 19:17 - 05124208 _____ (F-Secure Corporation) C:\Users\owner\Desktop\F-SecureOnlineScanner-HC.exe
2014-06-20 18:14 - 2014-06-20 18:55 - 00626118 _____ () C:\Windows\system32\HWiNFO64.DBG
2014-06-20 11:34 - 2014-06-20 11:34 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\owner\Desktop\unhide.exe
2014-06-20 00:11 - 2014-06-20 21:48 - 00000000 ____D () C:\Program Files\stinger
2014-06-20 00:08 - 2014-06-20 18:07 - 00000000 ____D () C:\Program Files (x86)\door2windows
2014-06-19 23:06 - 2014-06-19 23:22 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-06-19 23:00 - 2014-06-19 23:01 - 13429504 _____ (Disc Soft Ltd) C:\Users\owner\Downloads\DTLite4491-0356.exe
2014-06-19 22:56 - 2014-06-22 21:16 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-06-19 13:27 - 2014-06-22 21:15 - 00000000 ____D () C:\Windows\SHELLNEW
2014-06-19 11:55 - 2014-06-22 21:13 - 00000000 ____D () C:\Program Files (x86)\Spybot -1 Search & Destroy 2
2014-06-19 11:55 - 2014-06-19 11:55 - 00001352 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-19 11:55 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-06-19 10:01 - 2006-11-01 13:07 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\Users\owner\Desktop\RootkitRevealer.exe
2014-06-18 21:44 - 2014-06-18 21:44 - 19739904 _____ (SUPERAntiSpyware) C:\Users\owner\Downloads\SUPERAntiSpyware.exe
2014-06-18 19:34 - 2014-06-22 20:47 - 00000000 ____D () C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
2014-06-18 19:33 - 2014-06-22 21:19 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-18 19:33 - 2014-06-18 19:35 - 00001973 _____ () C:\Users\owner\Desktop\SUPERAntiSpyware Professional.lnk
2014-06-18 18:53 - 2014-06-18 18:54 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\eXplorer.exe
2014-06-18 18:52 - 2014-06-18 18:53 - 14349744 _____ (Malwarebytes Corp.) C:\Users\owner\Downloads\mbar-1.07.0.1012.exe
2014-06-18 18:10 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Local\AdTrustMedia
2014-06-18 18:09 - 2014-06-18 18:09 - 00000000 ____D () C:\Users\owner\AppData\Roaming\devcoin
2014-06-18 17:39 - 2014-06-22 23:07 - 00000000 ____D () C:\Users\owner\Desktop\File Checksum
2014-06-18 16:09 - 2014-06-18 16:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\owner\Downloads\revosetup.exe
2014-06-18 16:09 - 2014-06-18 16:09 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\FixExec.com
2014-06-18 16:03 - 2014-06-18 16:03 - 04707328 _____ () C:\Users\owner\Downloads\RogueKiller.exe
2014-06-18 16:03 - 2014-06-18 16:03 - 00000194 _____ () C:\Users\owner\Downloads\hosts-perm.bat
2014-06-18 16:00 - 2014-06-18 16:00 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\owner\Downloads\ADSSpy.exe
2014-06-18 13:27 - 2013-03-04 21:14 - 00043680 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2014-06-18 02:30 - 2014-06-18 02:30 - 00033123 _____ () C:\ComboFix.txt
2014-06-18 02:13 - 2014-06-19 22:51 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-06-18 02:10 - 2014-06-23 08:46 - 00005054 _____ () C:\Windows\PFRO.log
2014-06-18 02:00 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-18 02:00 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-18 02:00 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-18 02:00 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-18 02:00 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-18 02:00 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-18 02:00 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-18 02:00 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-18 01:50 - 2014-06-18 01:50 - 05206841 _____ (Swearware) C:\Users\owner\Downloads\ComboFix.exe
2014-06-18 01:44 - 2014-06-18 01:44 - 00000060 _____ () C:\Users\owner\Downloads\RestoreSecurityProcessorLoaderDriverWindows7.bat
2014-06-18 01:10 - 2014-06-23 10:00 - 00000000 ____D () C:\FRST
2014-06-17 23:56 - 2014-06-22 21:18 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-06-17 23:56 - 2014-06-19 12:49 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-06-17 23:56 - 2014-06-19 12:49 - 00007631 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-06-17 23:56 - 2014-06-17 23:56 - 00000000 ____D () C:\Program Files\Symantec
2014-06-17 23:55 - 2014-06-22 21:17 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-06-17 23:55 - 2014-06-22 21:15 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-06-17 23:19 - 2014-06-17 23:19 - 00269016 _____ () C:\Windows\Minidump\061714-26520-01.dmp
2014-06-17 23:18 - 2014-06-17 23:19 - 227445472 _____ () C:\Windows\MEMORY.DMP
2014-06-17 22:26 - 2014-06-17 22:26 - 00000000 _____ () C:\Users\owner\Documents\Default.rdp
2014-06-17 18:52 - 2014-06-17 18:52 - 00000000 _____ () C:\Users\owner\defogger_reenable
2014-06-17 15:34 - 2014-06-17 15:34 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-06-17 15:33 - 2014-06-22 21:13 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-06-17 15:33 - 2014-06-22 20:36 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-06-17 15:25 - 2014-06-17 15:28 - 230403208 _____ (COMODO) C:\Users\owner\Downloads\cfw_installer.exe
2014-06-17 15:10 - 2014-06-17 15:10 - 00688992 _____ (Swearware) C:\Users\owner\Downloads\dds.com
2014-06-17 15:09 - 2014-06-17 15:09 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ParetoLogic
2014-06-17 15:06 - 2014-06-17 15:06 - 00050477 _____ () C:\Users\owner\Downloads\Defogger.exe
2014-06-17 15:04 - 2014-06-17 15:05 - 05938328 _____ (ParetoLogic, Inc.) C:\Users\owner\Downloads\RegCureProSetup.exe
2014-06-17 14:40 - 2014-06-17 14:40 - 00000046 _____ () C:\Users\owner\Downloads\RestoreAppIDDriverWindows7.bat
2014-06-17 13:45 - 2014-06-21 15:25 - 00002520 _____ () C:\Windows\setupact.log
2014-06-17 13:45 - 2014-06-17 13:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-17 13:39 - 2014-06-17 13:39 - 00140592 _____ () C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-17 13:38 - 2014-06-17 13:39 - 00489936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-17 13:27 - 2014-06-23 00:13 - 00145883 _____ () C:\Windows\WindowsUpdate.log
2014-06-17 12:46 - 2014-06-17 12:46 - 00022528 _____ (Microsoft) C:\Users\owner\Downloads\RunAsSystem.exe
2014-06-17 11:00 - 2014-06-17 11:00 - 00047616 _____ () C:\Users\owner\Downloads\Win32kDiag.exe
2014-06-17 09:56 - 2014-06-17 09:56 - 00472064 _____ ( ) C:\Users\owner\Downloads\RootRepeal.exe
2014-06-17 09:46 - 2014-06-17 09:47 - 00854390 _____ () C:\Users\owner\Downloads\SecurityCheck.exe
2014-06-16 16:27 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Local\Unity
2014-06-16 16:25 - 2014-06-16 16:25 - 01080528 _____ (Unity Technologies ApS) C:\Users\owner\Downloads\UnityWebPlayer.exe
2014-06-16 11:27 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\Linkin Park - The Hunting Party (Deluxe Edition) 2014 2CD 320kbps CBR MP3 [VX]
2014-06-16 11:24 - 2014-06-16 11:24 - 00045342 _____ () C:\Users\owner\Downloads\Game.of.Thrones.S04E10.720p.HDTV.x264-KILLERS.srt
2014-06-15 17:20 - 2014-06-22 19:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-15 17:19 - 2014-06-22 21:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-15 17:19 - 2014-06-20 22:17 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-15 17:19 - 2014-06-15 17:19 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-15 17:19 - 2014-05-12 07:35 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-15 17:19 - 2014-05-12 07:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-15 16:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-15 16:24 - 2014-06-22 21:12 - 00000000 ____D () C:\AdwCleaner
2014-06-15 15:46 - 2014-06-22 23:05 - 00000000 ____D () C:\Users\owner\Desktop\Antivirus Folders
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\SysWOW64\FxsTmp
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\addins
2014-06-15 14:50 - 2014-06-15 14:50 - 00380416 _____ () C:\Users\owner\Downloads\7xw8cr4k.exe
2014-06-15 14:46 - 2014-06-15 14:46 - 00000020 _____ () C:\Windows\põ®
2014-06-15 14:15 - 2014-06-15 14:19 - 00231960 _____ () C:\Windows\RegBootClean64.exe
2014-06-15 14:15 - 2014-06-15 14:19 - 00013482 _____ () C:\Windows\RegBootClean64.CFG
2014-06-15 13:53 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ZumoDrive
2014-06-15 13:23 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Wise Registry Cleaner
2014-06-15 13:23 - 2014-06-15 13:23 - 00001209 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-06-15 13:22 - 2014-06-22 20:43 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-06-15 13:21 - 2014-06-15 13:21 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-Wise_Registry_Cleaner-SEO-10605508.exe
2014-06-15 12:47 - 2014-06-15 12:47 - 01333465 _____ () C:\Users\owner\Downloads\AdwCleaner.exe
2014-06-15 12:47 - 2014-06-15 12:47 - 00400384 _____ (Farbar) C:\Users\owner\Downloads\MiniToolBox.exe
2014-06-15 12:46 - 2014-06-15 12:46 - 01073152 _____ (Farbar) C:\Users\owner\Downloads\FRST.exe
2014-06-15 12:42 - 2014-06-15 12:42 - 02081792 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe
2014-06-15 12:39 - 2014-06-15 12:40 - 00000000 ____D () C:\MGADiagToolOutput
2014-06-15 12:36 - 2014-06-15 12:36 - 02031992 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MGADiag.exe
2014-06-15 12:20 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Desktop\New folder (2)
2014-06-15 09:31 - 2014-06-15 09:31 - 02670520 _____ (Martin Malík - REALiX ) C:\Users\owner\Downloads\hw64_440.exe
2014-06-14 16:58 - 2014-06-22 20:10 - 00000000 ____D () C:\Users\owner\Desktop\New folder
2014-06-14 16:06 - 2014-06-22 21:12 - 00000000 ____D () C:\Program Files (x86)\Badosoft
2014-06-14 16:02 - 2014-06-14 16:03 - 05477376 _____ () C:\Users\owner\Downloads\Latency Optimizer.msi
2014-06-14 15:51 - 2014-06-14 16:03 - 00000000 ____D () C:\Symbols
2014-06-14 15:48 - 2014-06-20 13:29 - 00000000 ____D () C:\Users\owner\Documents\WPA Files
2014-06-14 15:48 - 2014-06-14 16:03 - 00000000 ____D () C:\SymCache
2014-06-14 15:47 - 2014-06-14 15:48 - 00000000 ____D () C:\Users\owner\AppData\Local\Windows Performance Analyzer
2014-06-14 15:40 - 2014-06-14 15:42 - 52756480 _____ () C:\kernel.etl
2014-06-14 15:28 - 2014-06-14 15:28 - 01435472 _____ (Microsoft Corporation) C:\Users\owner\Downloads\adksetup.exe
2014-06-14 15:23 - 2014-06-14 15:23 - 00301688 _____ (Thesycon GmbH) C:\Users\owner\Downloads\dpclat.exe
2014-06-14 13:21 - 2014-06-14 13:25 - 204395288 _____ () C:\Users\owner\Downloads\YouCam_5.0.3618.0_HW_Patch_YUC131217-01.exe
2014-06-14 13:21 - 2014-06-14 13:21 - 01029080 _____ (CyberLink) C:\Users\owner\Downloads\CyberLink_YouCam_Downloader.exe
2014-06-14 11:23 - 2014-06-14 11:24 - 12329704 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\owner\Downloads\SASDEFINITIONS.EXE
2014-06-14 03:29 - 2014-06-14 03:29 - 00000000 ____D () C:\SUPERDelete
2014-06-14 03:22 - 2014-06-22 21:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-14 00:32 - 2014-06-14 00:32 - 01294512 _____ (Uniblue Systems Limited ) C:\Users\owner\Downloads\speedupmypc.exe
2014-06-13 20:53 - 2014-06-13 20:54 - 19671928 _____ (SUPERAntiSpyware) C:\Users\owner\Downloads\SUPERAntiSpywarePro.exe
2014-06-13 11:15 - 2014-06-22 20:46 - 00000000 ____D () C:\Users\owner\AppData\Local\ChemTable Software
2014-06-13 11:15 - 2014-06-22 20:46 - 00000000 ____D () C:\Users\owner\AppData\Local\AnVir
2014-06-13 11:15 - 2014-06-13 11:15 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ChemTable Software
2014-06-13 00:25 - 2014-06-13 00:25 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-AnVir_Task_Manager_Free-SEO-10802050.exe
2014-06-13 00:24 - 2014-06-13 00:24 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-Security_Task_Manager-SEO-10246545.exe
2014-06-12 18:40 - 2014-06-12 18:41 - 06185059 _____ (Ixcoin project) C:\Users\owner\Downloads\ixcoin-0.3.24.3-win32-setup.exe
2014-06-12 03:06 - 2014-05-23 21:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 03:06 - 2014-05-23 21:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 03:06 - 2014-05-23 21:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 03:06 - 2014-05-23 21:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 03:06 - 2014-05-23 21:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 03:06 - 2014-05-23 21:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 03:06 - 2014-05-23 20:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 03:06 - 2014-05-23 20:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 03:06 - 2014-05-23 20:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 03:06 - 2014-05-23 19:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-12 03:06 - 2014-05-23 19:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-12 03:06 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 03:06 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 03:06 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 03:06 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 03:06 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 03:06 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 03:06 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 03:06 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 03:06 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 03:06 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 03:06 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 03:06 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 03:06 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 03:06 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 14:24 - 2014-06-11 14:24 - 00000000 ____D () C:\Users\owner\AppData\Local\Adobe
2014-06-11 11:36 - 2014-06-11 11:37 - 00000085 _____ () C:\Windows\wininit.ini
2014-06-11 11:36 - 2014-06-11 11:36 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-11 11:27 - 2014-06-15 17:07 - 00000000 ____D () C:\Users\owner\AppData\Local\Trend Micro
2014-06-11 11:23 - 2014-06-17 13:27 - 00000000 ____D () C:\OETemp
2014-06-11 11:21 - 2014-06-11 11:21 - 00257865 _____ () C:\Users\owner\AppData\Local\census.cache
2014-06-11 11:21 - 2014-06-11 11:21 - 00172466 _____ () C:\Users\owner\AppData\Local\ars.cache
2014-06-11 10:57 - 2014-06-11 10:57 - 00000010 _____ () C:\Users\owner\AppData\Local\sponge.last.runtime.cache
2014-06-11 10:49 - 2014-06-11 10:49 - 02473936 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\HousecallLauncher64.exe
2014-06-11 10:47 - 2014-06-11 10:47 - 00186328 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2014-06-11 10:25 - 2014-06-11 10:26 - 111278192 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\TTi_7.0_HE_64bit.exe
2014-06-11 10:24 - 2014-06-11 10:24 - 14839344 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171x64 (1).exe
2014-06-11 10:06 - 2014-06-22 21:15 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 10:06 - 2014-06-22 20:46 - 00000000 ____D () C:\Qoobox
2014-06-10 16:18 - 2014-06-11 11:33 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-06-10 15:51 - 2014-06-10 15:51 - 14839344 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171x64.exe
2014-06-10 15:49 - 2014-06-17 18:56 - 00000000 ____D () C:\Users\owner\Downloads\TMRBLog
2014-06-10 14:54 - 2014-06-10 14:55 - 89095528 _____ (Sophos Limited) C:\Users\owner\Downloads\Sophos Virus Removal Tool.exe
2014-06-10 14:42 - 2014-06-22 20:53 - 00000000 ____D () C:\Users\owner\Downloads\TrendMicro AntiThreat Toolkit
2014-06-10 14:42 - 2014-06-10 14:42 - 00000036 _____ () C:\Users\owner\AppData\Local\housecall.guid.cache
2014-06-10 14:39 - 2014-06-10 14:42 - 25280863 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\attk_ScanCleanOnline_gui_x64.exe
2014-06-10 14:38 - 2014-06-10 14:39 - 10021424 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171.exe
2014-06-10 14:38 - 2014-06-10 14:38 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\owner\Downloads\RUBottedSetup.exe
2014-06-10 11:15 - 2014-06-10 11:14 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-10 11:14 - 2014-06-10 11:14 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Avira
2014-06-10 11:12 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-10 11:12 - 2014-05-09 11:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-10 11:12 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-10 11:10 - 2014-06-22 20:36 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-10 10:43 - 2014-06-10 10:44 - 06769280 _____ (SparkTrust) C:\Users\owner\Downloads\SparkTrust PC Cleaner Plus Setup_c9999cd_.exe
2014-06-09 22:50 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\The Campaign EXTENDED (2012)
2014-06-08 21:28 - 2014-06-08 21:28 - 00007398 _____ () C:\Users\owner\Documents\talk.txt
2014-06-08 10:17 - 2014-06-08 10:17 - 00001372 _____ () C:\Users\owner\Desktop\HWiNFO64.EXE.lnk
2014-06-08 08:37 - 2014-06-08 08:37 - 00000546 _____ () C:\Users\owner\Desktop\Emsisoft Emergency Kit.lnk
2014-06-08 08:36 - 2014-06-22 21:18 - 00000000 ____D () C:\EEK
2014-06-07 13:33 - 2014-06-11 11:22 - 00000981 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-07 12:31 - 2014-06-07 12:31 - 00001192 _____ () C:\Users\owner\Desktop\My LastPass Vault.lnk
2014-06-07 12:27 - 2014-06-07 12:28 - 14936064 _____ (LastPass) C:\Users\owner\Downloads\lastpass_x64.exe
2014-06-05 19:41 - 2014-06-05 19:40 - 00449885 _____ () C:\Windows\system32\Drivers\etc\hosts.20140605-194152.backup
2014-06-05 19:41 - 2014-06-05 19:40 - 00449885 _____ () C:\Windows\system32\Drivers\etc\hosts.20140605-194111.backup
2014-06-05 18:43 - 2014-06-05 18:43 - 00000000 ____D () C:\Users\owner\Documents\ProcAlyzer Dumps
2014-06-05 18:38 - 2014-06-22 21:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-05 08:42 - 2014-06-05 08:44 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\owner\Downloads\spybot-2.3.exe
2014-06-05 08:40 - 2014-06-18 12:15 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-06-05 08:38 - 2014-06-05 08:39 - 13829304 _____ (Microsoft Corporation) C:\Users\owner\Downloads\mseinstall (1).exe
2014-06-05 08:37 - 2014-06-05 08:37 - 00165376 _____ () C:\Users\owner\Downloads\SystemLook_x64.exe
2014-06-05 08:34 - 2014-06-05 08:34 - 13829304 _____ (Microsoft Corporation) C:\Users\owner\Downloads\mseinstall.exe
2014-06-05 08:32 - 2014-06-05 08:32 - 01059840 _____ () C:\Users\owner\Downloads\MicrosoftFixit50981.msi
2014-06-04 09:20 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\.ScreamingFrogSEOSpider
2014-06-04 09:03 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Local\Exar_Software_Research_Pv
2014-06-04 09:00 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Exar Software Research Pvt Ltd
2014-06-03 14:42 - 2014-06-04 18:39 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-02 15:53 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\[ www.Torrentday.com ] - LEGO.Star.Wars.The.Yoda.Chronicles.2013.DVDRip.XviD.AC3-EVO
2014-06-02 15:49 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\Downloads\Billboard Hot 100 (07 JUNE 2014)~CBR 320 Kbps~{AryaN_L33T}[LittleFairyRG]
2014-06-02 02:30 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\Future - Pluto {2012-Album}
2014-06-02 02:19 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\Emmure - Slave to the Game (2012)
2014-06-02 01:59 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\Mayday Parade - A Lesson In Romantics [Mp3-vrb-2007]
2014-06-02 01:54 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\Mayday Parade - Anywhere But Here
2014-06-02 01:41 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\Masks
2014-06-02 01:31 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\To Plant A Seed
2014-06-02 00:38 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\Escape_The_Fate-Dying_Is_Your_Latest_Fashion-2006-MP3
2014-06-02 00:30 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\A Skylit Drive - Rise - 2013
2014-06-01 17:32 - 2014-06-01 17:33 - 01119203 _____ (HANSoft, Inc. ) C:\Users\owner\Downloads\ERWsetup.exe
2014-06-01 13:06 - 2014-06-01 13:18 - 00000800 _____ () C:\Windows\system32\PDBootState
2014-06-01 13:03 - 2014-06-22 21:13 - 00000000 ____D () C:\Program Files\Common Files\Raxco
2014-06-01 13:03 - 2014-06-22 20:43 - 00000000 ____D () C:\Program Files\Raxco
2014-06-01 13:02 - 2014-06-22 20:41 - 00000000 ____D () C:\Program Files (x86)\Raxco
2014-06-01 12:46 - 2014-06-01 12:46 - 41891360 _____ (Raxco Software, Inc. ) C:\Users\owner\Downloads\PerfectDisk_Pro_Trial.exe
2014-06-01 00:59 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\Game.of.Thrones.S04E06.HDTV.XviD-RARBG
2014-06-01 00:59 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\Game.of.Thrones.S04E03.720p.HDTV.x264-KILLERS[rarbg]
2014-05-31 23:51 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\Documents\Altova
2014-05-31 23:40 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\Downloads\Game-of-Thrones
2014-05-31 23:32 - 2014-05-31 23:34 - 259919240 _____ (Altova GmbH) C:\Users\owner\Downloads\MissionKitEnt2014_x64.exe
2014-05-31 15:05 - 2014-05-31 15:05 - 00633360 _____ (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\owner\Downloads\biosagentplus_875.exe
2014-05-31 15:01 - 2014-05-31 15:01 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2014-05-31 14:52 - 2014-06-22 21:18 - 00000000 ____D () C:\Program Files\HWiNFO64
2014-05-31 14:52 - 2014-06-14 16:38 - 00031648 _____ (REALiX™) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2014-05-31 14:50 - 2014-05-31 14:51 - 02661768 _____ (Martin Malík - REALiX ) C:\Users\owner\Downloads\hw64_438.exe
2014-05-31 14:31 - 2014-05-31 14:31 - 00231760 _____ () C:\Users\owner\Downloads\CrucialScan.exe
2014-05-31 13:23 - 2014-05-31 13:23 - 04583424 _____ () C:\Users\owner\Downloads\HPSupportSolutionsFramework.msi
2014-05-30 17:37 - 2014-05-30 17:39 - 00000000 ____D () C:\Users\owner\Desktop\Legalities
2014-05-28 19:06 - 2014-05-28 19:06 - 00000000 ____D () C:\Windows\SystemRepair
2014-05-27 07:25 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\Legend (1985) [1080p]
2014-05-26 15:40 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Local\WindowsApplication1
2014-05-26 15:01 - 2014-06-22 20:46 - 00000000 ___RD () C:\Sandbox
2014-05-26 14:55 - 2014-06-18 17:25 - 00002404 _____ () C:\Windows\Sandboxie.ini
2014-05-26 14:55 - 2014-05-27 16:12 - 00001002 _____ () C:\Users\owner\Desktop\Sandboxed Web Browser.lnk
2014-05-26 14:53 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Desktop\SandBoxie
2014-05-26 14:53 - 2014-06-22 21:18 - 00000000 ____D () C:\Program Files\Sandboxie
2014-05-25 17:34 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\Documents\iMacros
2014-05-24 18:03 - 2014-05-24 18:03 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Curiolab
2014-05-24 15:05 - 2014-05-24 15:07 - 211221864 _____ (CURIOLAB S.M.B.A.) C:\Users\owner\Downloads\ExterminateItSetup.exe
2014-05-24 13:03 - 2014-06-22 21:18 - 00000000 ____D () C:\Program Files\iTunes
2014-05-24 13:03 - 2014-06-22 21:13 - 00000000 ____D () C:\Program Files\iPod
 
==================== One Month Modified Files and Folders =======
 
2014-06-23 10:01 - 2014-06-23 08:50 - 00000000 ____D () C:\Users\owner\Desktop\FRST
2014-06-23 10:00 - 2014-06-18 01:10 - 00000000 ____D () C:\FRST
2014-06-23 08:47 - 2013-02-15 03:21 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-06-23 08:46 - 2014-06-18 02:10 - 00005054 _____ () C:\Windows\PFRO.log
2014-06-23 00:13 - 2014-06-17 13:27 - 00145883 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 23:16 - 2014-06-22 21:35 - 00002808 _____ () C:\Users\owner\Desktop\unhide.txt
2014-06-22 23:07 - 2014-06-18 17:39 - 00000000 ____D () C:\Users\owner\Desktop\File Checksum
2014-06-22 23:05 - 2014-06-22 23:05 - 00000000 ____D () C:\SQLCritUpdPkg
2014-06-22 23:05 - 2014-06-15 15:46 - 00000000 ____D () C:\Users\owner\Desktop\Antivirus Folders
2014-06-22 21:33 - 2014-06-22 21:32 - 29183200 _____ (Microsoft Corporation) C:\Users\owner\Desktop\Windows-KB890830-x64-V5.13.exe
2014-06-22 21:31 - 2014-06-22 21:29 - 107726072 _____ (Microsoft Corporation) C:\Users\owner\Desktop\msert.exe
2014-06-22 21:19 - 2014-06-18 19:33 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-22 21:19 - 2011-04-08 12:10 - 00000000 ____D () C:\Program Files (x86)\PlayReady
2014-06-22 21:18 - 2014-06-17 23:56 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-06-22 21:18 - 2014-06-16 11:27 - 00000000 ____D () C:\Users\owner\Downloads\Linkin Park - The Hunting Party (Deluxe Edition) 2014 2CD 320kbps CBR MP3 [VX]
2014-06-22 21:18 - 2014-06-15 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-22 21:18 - 2014-06-15 13:53 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ZumoDrive
2014-06-22 21:18 - 2014-06-15 13:23 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Wise Registry Cleaner
2014-06-22 21:18 - 2014-06-15 12:20 - 00000000 ____D () C:\Users\owner\Desktop\New folder (2)
2014-06-22 21:18 - 2014-06-09 22:50 - 00000000 ____D () C:\Users\owner\Downloads\The Campaign EXTENDED (2012)
2014-06-22 21:18 - 2014-06-08 08:36 - 00000000 ____D () C:\EEK
2014-06-22 21:18 - 2014-06-05 18:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-22 21:18 - 2014-06-04 09:20 - 00000000 ____D () C:\Users\owner\.ScreamingFrogSEOSpider
2014-06-22 21:18 - 2014-06-02 15:53 - 00000000 ____D () C:\Users\owner\Downloads\[ www.Torrentday.com ] - LEGO.Star.Wars.The.Yoda.Chronicles.2013.DVDRip.XviD.AC3-EVO
2014-06-22 21:18 - 2014-06-02 00:38 - 00000000 ____D () C:\Users\owner\Downloads\Escape_The_Fate-Dying_Is_Your_Latest_Fashion-2006-MP3
2014-06-22 21:18 - 2014-06-02 00:30 - 00000000 ____D () C:\Users\owner\Downloads\A Skylit Drive - Rise - 2013
2014-06-22 21:18 - 2014-06-01 00:59 - 00000000 ____D () C:\Users\owner\Downloads\Game.of.Thrones.S04E06.HDTV.XviD-RARBG
2014-06-22 21:18 - 2014-06-01 00:59 - 00000000 ____D () C:\Users\owner\Downloads\Game.of.Thrones.S04E03.720p.HDTV.x264-KILLERS[rarbg]
2014-06-22 21:18 - 2014-05-31 14:52 - 00000000 ____D () C:\Program Files\HWiNFO64
2014-06-22 21:18 - 2014-05-27 07:25 - 00000000 ____D () C:\Users\owner\Downloads\Legend (1985) [1080p]
2014-06-22 21:18 - 2014-05-26 14:53 - 00000000 ____D () C:\Users\owner\Desktop\SandBoxie
2014-06-22 21:18 - 2014-05-26 14:53 - 00000000 ____D () C:\Program Files\Sandboxie
2014-06-22 21:18 - 2014-05-24 13:03 - 00000000 ____D () C:\Program Files\iTunes
2014-06-22 21:18 - 2014-05-14 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-22 21:18 - 2014-05-12 19:51 - 00000000 ____D () C:\Users\owner\Downloads\Alpha.House.2014.DVDRip.XviD.MP3-RARBG
2014-06-22 21:18 - 2014-05-11 10:19 - 00000000 ____D () C:\Windows\Minidump
2014-06-22 21:18 - 2014-05-10 21:25 - 00000000 ____D () C:\Users\owner\Downloads\Dead Shadows [2012] BRRip XViD juggs[ETRG]
2014-06-22 21:18 - 2014-05-05 20:50 - 00000000 ____D () C:\Users\owner\Downloads\RoboCop [2014] HDRip XviD-SaM[ETRG]
2014-06-22 21:18 - 2014-05-05 14:23 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-06-22 21:18 - 2014-05-03 14:00 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Intel
2014-06-22 21:18 - 2014-05-03 01:57 - 00000000 ____D () C:\Users\owner\AppData\Roaming\SystemRequirementsLab
2014-06-22 21:18 - 2014-05-03 01:57 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-06-22 21:18 - 2014-05-02 01:00 - 00000000 ____D () C:\Program Files (x86)\ScreenshotCaptor
2014-06-22 21:18 - 2014-05-01 20:42 - 00000000 ____D () C:\Users\owner\Desktop\Robert's
2014-06-22 21:18 - 2014-05-01 19:13 - 00000000 ____D () C:\Users\owner\Documents\Ccleaner reg. backups
2014-06-22 21:18 - 2014-04-30 19:22 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-22 21:18 - 2014-04-29 00:15 - 00000000 ____D () C:\Intel
2014-06-22 21:18 - 2014-04-28 11:29 - 00000000 ____D () C:\Users\owner\AppData\Roaming\DG
2014-06-22 21:18 - 2014-04-28 11:29 - 00000000 ____D () C:\Program Files (x86)\Thread Manager
2014-06-22 21:18 - 2014-04-23 16:12 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core
2014-06-22 21:18 - 2014-04-23 16:04 - 00000000 ____D () C:\Users\owner\Desktop\Bit Coin
2014-06-22 21:18 - 2014-04-22 22:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-22 21:18 - 2014-04-13 22:25 - 00000000 ____D () C:\Users\owner\Desktop\BOTS
2014-06-22 21:18 - 2014-04-13 20:15 - 00000000 ____D () C:\Users\owner\Desktop\ODesk Team App
2014-06-22 21:18 - 2014-04-12 15:55 - 00000000 ____D () C:\Users\owner\Desktop\Game Shortcuts
2014-06-22 21:18 - 2014-04-12 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-22 21:18 - 2014-04-12 14:42 - 00000000 ____D () C:\Windows\Microsoft.VC90.MFC
2014-06-22 21:18 - 2014-04-12 14:42 - 00000000 ____D () C:\Windows\Microsoft.VC90.CRT
2014-06-22 21:18 - 2014-04-12 14:42 - 00000000 ____D () C:\Windows\Microsoft.VC90.ATL
2014-06-22 21:18 - 2014-04-11 20:19 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2014-06-22 21:18 - 2013-10-17 21:36 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 21:18 - 2013-10-17 04:34 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-22 21:18 - 2013-10-07 16:29 - 00000000 ____D () C:\Users\owner\Desktop\Microsoft Office
2014-06-22 21:18 - 2013-10-07 16:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-06-22 21:18 - 2013-09-28 15:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-06-22 21:18 - 2013-09-11 14:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-22 21:18 - 2013-09-05 00:14 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-22 21:18 - 2013-09-01 12:03 - 00000000 ____D () C:\Program Files (x86)\Universal Document Converter
2014-06-22 21:18 - 2013-08-22 11:06 - 00000000 ____D () C:\Users\owner\AppData\Roaming\KompoZer
2014-06-22 21:18 - 2013-08-22 10:00 - 00000000 ____D () C:\Program Files (x86)\Ultimate Business Software
2014-06-22 21:18 - 2013-08-17 13:20 - 00000000 ____D () C:\Program Files (x86)\436534001
2014-06-22 21:18 - 2013-08-16 16:27 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2014-06-22 21:18 - 2013-07-27 16:07 - 00000000 ____D () C:\Windows\pss
2014-06-22 21:18 - 2013-04-10 21:48 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-22 21:18 - 2013-03-02 05:54 - 00000000 ____D () C:\Users\owner\Downloads\Games
2014-06-22 21:18 - 2011-02-10 14:23 - 00000000 ____D () C:\SYSTEM.SAV
2014-06-22 21:18 - 2010-01-13 18:44 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-06-22 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-06-22 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-06-22 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-06-22 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-06-22 21:18 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Recovery
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sppui
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ras
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\manifeststore
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\icsxml
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ias
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\he-IL
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\et-EE
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\com
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2014-06-22 21:17 - 2014-06-17 23:55 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-06-22 21:17 - 2014-06-14 03:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-22 21:17 - 2014-05-07 02:10 - 00000000 ____D () C:\Users\owner\Desktop\K-Lite Codec Pack
2014-06-22 21:17 - 2013-10-17 04:34 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Skype
2014-06-22 21:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-06-22 21:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-06-22 21:16 - 2014-06-19 22:56 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-06-22 21:16 - 2013-08-06 20:49 - 00000000 ____D () C:\Windows\system32\Macromed
2014-06-22 21:16 - 2013-07-12 13:58 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-06-22 21:16 - 2013-02-16 01:45 - 00000000 ____D () C:\Windows\SysWOW64\C2MP
2014-06-22 21:16 - 2011-04-08 12:25 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2014-06-22 21:16 - 2011-04-08 12:18 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-06-22 21:16 - 2011-04-08 12:10 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-06-22 21:16 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\system32\winrm
2014-06-22 21:16 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\system32\WCN
2014-06-22 21:16 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\system32\slmgr
2014-06-22 21:16 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-06-22 21:16 - 2010-01-13 18:45 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-06-22 21:16 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-06-22 21:16 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\spp
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\spool
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Speech
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\SMI
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NetworkList
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\IME
2014-06-22 21:15 - 2014-06-19 13:27 - 00000000 ____D () C:\Windows\SHELLNEW
2014-06-22 21:15 - 2014-06-17 23:55 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-06-22 21:15 - 2014-06-11 10:06 - 00000000 ____D () C:\Windows\erdnt
2014-06-22 21:15 - 2014-05-18 01:17 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-06-22 21:15 - 2013-02-20 14:20 - 00000000 ____D () C:\Windows\Bejeweled 3
2014-06-22 21:15 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup
2014-06-22 21:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2014-06-22 21:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2014-06-22 21:14 - 2014-06-22 01:28 - 00000000 ____D () C:\Users\owner\Desktop\new antivirus
2014-06-22 21:14 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-22 21:14 - 2014-06-18 18:10 - 00000000 ____D () C:\Users\owner\AppData\Local\AdTrustMedia
2014-06-22 21:14 - 2014-06-16 16:27 - 00000000 ____D () C:\Users\owner\AppData\Local\Unity
2014-06-22 21:14 - 2014-06-04 09:03 - 00000000 ____D () C:\Users\owner\AppData\Local\Exar_Software_Research_Pv
2014-06-22 21:14 - 2014-06-04 09:00 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Exar Software Research Pvt Ltd
2014-06-22 21:14 - 2014-06-02 15:49 - 00000000 ____D () C:\Users\owner\Downloads\Billboard Hot 100 (07 JUNE 2014)~CBR 320 Kbps~{AryaN_L33T}[LittleFairyRG]
2014-06-22 21:14 - 2014-05-31 23:51 - 00000000 ____D () C:\Users\owner\Documents\Altova
2014-06-22 21:14 - 2014-05-31 23:40 - 00000000 ____D () C:\Users\owner\Downloads\Game-of-Thrones
2014-06-22 21:14 - 2014-05-26 15:40 - 00000000 ____D () C:\Users\owner\AppData\Local\WindowsApplication1
2014-06-22 21:14 - 2014-05-25 17:34 - 00000000 ____D () C:\Users\owner\Documents\iMacros
2014-06-22 21:14 - 2014-05-17 20:24 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-22 21:14 - 2014-05-04 21:47 - 00000000 ____D () C:\Users\owner\Downloads\Civilization 3 Full by Zimoch
2014-06-22 21:14 - 2014-05-04 21:34 - 00000000 ____D () C:\Users\owner\Downloads\Reallusion CrazyTalk Animator Pro v1.2.2010.1 Incl Crack [TorDigger]
2014-06-22 21:14 - 2014-04-13 20:15 - 00000000 ____D () C:\Users\owner\Desktop\proxy google
2014-06-22 21:14 - 2013-10-22 16:34 - 00000000 ____D () C:\swsetup
2014-06-22 21:14 - 2013-09-23 18:00 - 00000000 ____D () C:\Users\owner\AppData\Local\Palo_Alto_Software
2014-06-22 21:14 - 2013-09-01 11:26 - 00000000 ____D () C:\Users\owner\AppData\Roaming\PDF Software
2014-06-22 21:14 - 2013-08-18 00:58 - 00000000 ____D () C:\Users\owner\Documents\Image-Line
2014-06-22 21:14 - 2013-08-18 00:36 - 00000000 ____D () C:\Users\owner\Documents\VirtualDJ Instructions
2014-06-22 21:14 - 2013-08-02 18:55 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-22 21:14 - 2013-02-09 16:51 - 00000000 ____D () C:\Users\owner\AppData\Local\Apps\2.0
2014-06-22 21:14 - 2013-01-22 21:26 - 00000000 ____D () C:\Users\Public\CyberLink
2014-06-22 21:14 - 2013-01-22 21:22 - 00000000 ____D () C:\Users\owner\AppData\Local\RemEngine
2014-06-22 21:14 - 2013-01-22 21:20 - 00000000 ____D () C:\Users\owner\AppData\Local\Hewlett-Packard_Company
2014-06-22 21:14 - 2013-01-22 21:20 - 00000000 ____D () C:\Users\owner\AppData\Local\Hewlett-Packard
2014-06-22 21:14 - 2013-01-22 21:18 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-22 21:14 - 2013-01-22 21:18 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-22 21:13 - 2014-06-19 11:55 - 00000000 ____D () C:\Program Files (x86)\Spybot -1 Search & Destroy 2
2014-06-22 21:13 - 2014-06-17 15:33 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-06-22 21:13 - 2014-06-01 13:03 - 00000000 ____D () C:\Program Files\Common Files\Raxco
2014-06-22 21:13 - 2014-05-24 13:03 - 00000000 ____D () C:\Program Files\iPod
2014-06-22 21:13 - 2014-05-05 14:23 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-22 21:13 - 2013-10-07 16:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-06-22 21:13 - 2013-10-07 16:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-06-22 21:13 - 2013-10-07 16:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-06-22 21:13 - 2013-09-13 14:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-22 21:13 - 2011-04-08 12:11 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-06-22 21:13 - 2011-04-08 12:09 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-06-22 21:13 - 2010-12-02 20:30 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-06-22 21:13 - 2010-01-13 18:45 - 00000000 ____D () C:\Program Files\Realtek
2014-06-22 21:13 - 2010-01-13 18:42 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-06-22 21:13 - 2010-01-13 18:41 - 00000000 ____D () C:\Program Files\Synaptics
2014-06-22 21:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-22 21:12 - 2014-06-20 19:51 - 00000000 ____D () C:\Panda Cloud Cleaner
2014-06-22 21:12 - 2014-06-15 16:24 - 00000000 ____D () C:\AdwCleaner
2014-06-22 21:12 - 2014-06-14 16:06 - 00000000 ____D () C:\Program Files (x86)\Badosoft
2014-06-22 21:12 - 2013-09-23 17:59 - 00000000 ____D () C:\Program Files (x86)\Business Plan Pro
2014-06-22 21:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-06-22 21:07 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-06-22 21:07 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-06-22 21:07 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-06-22 21:07 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-06-22 21:07 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Web
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Vss
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\spp
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\NetworkList
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Msdtc
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\InstallShield
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\IME
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-06-22 20:59 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Performance
2014-06-22 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-06-22 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2014-06-22 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-06-22 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-22 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
2014-06-22 20:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\IME
2014-06-22 20:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Globalization
2014-06-22 20:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2014-06-22 20:54 - 2013-08-19 22:15 - 00000000 ____D () C:\Users\Public\Documents\My Projects
2014-06-22 20:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-06-22 20:53 - 2014-06-10 14:42 - 00000000 ____D () C:\Users\owner\Downloads\TrendMicro AntiThreat Toolkit
2014-06-22 20:50 - 2014-05-02 01:00 - 00000000 ____D () C:\Users\owner\Documents\DonationCoder
2014-06-22 20:50 - 2014-04-15 15:38 - 00000000 ____D () C:\Users\owner\Desktop\Win Tweak
2014-06-22 20:47 - 2014-06-18 19:34 - 00000000 ____D () C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
2014-06-22 20:46 - 2014-06-22 01:49 - 00000000 ____D () C:\Trend Micro
2014-06-22 20:46 - 2014-06-13 11:15 - 00000000 ____D () C:\Users\owner\AppData\Local\ChemTable Software
2014-06-22 20:46 - 2014-06-13 11:15 - 00000000 ____D () C:\Users\owner\AppData\Local\AnVir
2014-06-22 20:46 - 2014-06-11 10:06 - 00000000 ____D () C:\Qoobox
2014-06-22 20:46 - 2014-05-26 15:01 - 00000000 ___RD () C:\Sandbox
2014-06-22 20:46 - 2014-05-09 17:03 - 00000000 ____D () C:\Users\owner\AppData\Roaming\IObit
2014-06-22 20:46 - 2014-04-25 16:50 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Bitcoin
2014-06-22 20:46 - 2014-04-15 16:27 - 00000000 ____D () C:\Users\owner\AppData\Local\Skype
2014-06-22 20:46 - 2013-10-15 11:32 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Dropbox
2014-06-22 20:46 - 2013-09-23 11:21 - 00000000 ____D () C:\Users\owner\AppData\Local\SlimWare Utilities Inc
2014-06-22 20:46 - 2013-08-18 00:58 - 00000000 ____D () C:\Users\owner\AppData\Roaming\FlowStone
2014-06-22 20:46 - 2013-02-15 22:35 - 00000000 ____D () C:\Users\owner\AppData\Roaming\DAEMON Tools Lite
2014-06-22 20:46 - 2013-02-08 16:05 - 00000000 ____D () C:\Users\owner\AppData\Local\Microsoft Games
2014-06-22 20:46 - 2013-02-06 16:38 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Mozilla
2014-06-22 20:46 - 2013-02-06 16:38 - 00000000 ____D () C:\Users\owner\AppData\Local\Google
2014-06-22 20:46 - 2013-02-05 18:48 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Adobe
2014-06-22 20:46 - 2013-01-22 21:26 - 00000000 ____D () C:\Users\owner\AppData\Local\CyberLink
2014-06-22 20:46 - 2013-01-22 21:19 - 00000000 ____D () C:\Users\owner\AppData\Local\VirtualStore
2014-06-22 20:46 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default
2014-06-22 20:44 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-06-22 20:44 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-22 20:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-06-22 20:43 - 2014-06-15 13:22 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-06-22 20:43 - 2014-06-01 13:03 - 00000000 ____D () C:\Program Files\Raxco
2014-06-22 20:43 - 2013-10-07 16:04 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-06-22 20:43 - 2011-04-08 12:24 - 00000000 ____D () C:\Program Files\Java
2014-06-22 20:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-06-22 20:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-06-22 20:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-06-22 20:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-06-22 20:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2014-06-22 20:41 - 2014-06-01 13:02 - 00000000 ____D () C:\Program Files (x86)\Raxco
2014-06-22 20:41 - 2013-09-23 17:39 - 00000000 ____D () C:\Program Files (x86)\STM8en
2014-06-22 20:41 - 2013-08-19 20:15 - 00000000 ____D () C:\Program Files (x86)\Outsim
2014-06-22 20:41 - 2013-07-27 18:27 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-22 20:41 - 2013-02-06 16:37 - 00000000 ____D () C:\Program Files (x86)\Rovio
2014-06-22 20:41 - 2011-04-08 12:19 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-06-22 20:41 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-06-22 20:41 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-22 20:41 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-06-22 20:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2014-06-22 20:40 - 2011-04-08 12:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE
2014-06-22 20:39 - 2014-04-15 13:57 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-06-22 20:39 - 2013-08-14 20:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-22 20:39 - 2011-04-08 12:23 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-06-22 20:39 - 2011-04-08 12:10 - 00000000 ____D () C:\Program Files (x86)\K-NFB Reading Technology Inc
2014-06-22 20:39 - 2010-01-13 18:43 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-06-22 20:38 - 2013-09-09 16:11 - 00000000 ____D () C:\Program Files (x86)\eBay
2014-06-22 20:37 - 2013-10-17 04:10 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-06-22 20:36 - 2014-06-17 15:33 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-06-22 20:36 - 2014-06-10 11:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-22 20:36 - 2011-04-08 12:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-22 20:36 - 2010-01-13 18:42 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-22 20:35 - 2014-04-26 17:45 - 00000000 ____D () C:\MinGW
2014-06-22 20:35 - 2013-10-07 16:03 - 00000000 ___RD () C:\MSOCache
2014-06-22 20:34 - 2011-02-14 14:38 - 00000000 ____D () C:\HP
2014-06-22 20:10 - 2014-06-14 16:58 - 00000000 ____D () C:\Users\owner\Desktop\New folder
2014-06-22 20:04 - 2013-02-13 00:27 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps
2014-06-22 19:43 - 2014-06-15 17:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-22 18:45 - 2013-01-22 21:18 - 00000000 ____D () C:\Users\owner
2014-06-22 16:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-06-22 15:16 - 2013-02-06 17:15 - 00007611 _____ () C:\Users\owner\AppData\Local\Resmon.ResmonCfg
2014-06-22 13:46 - 2014-06-22 13:46 - 00000027 _____ () C:\Users\owner\Downloads\apppath.torun
2014-06-22 11:41 - 2014-06-22 11:41 - 00000000 ____D () C:\Users\owner\Desktop\DLL'S REPLACE
2014-06-22 01:49 - 2014-06-21 13:32 - 00002935 _____ () C:\Users\owner\Desktop\HiJackThis.lnk
2014-06-21 15:31 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-21 15:31 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-21 15:30 - 2009-07-14 00:13 - 00791212 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-21 15:25 - 2014-06-17 13:45 - 00002520 _____ () C:\Windows\setupact.log
2014-06-21 15:25 - 2009-07-14 00:08 - 00000006 _____ () C:\Windows\Tasks\SA.DAT
2014-06-21 13:26 - 2014-06-21 13:26 - 05209566 _____ (Swearware) C:\Users\owner\Desktop\ComboFix.exe
2014-06-21 13:26 - 2014-06-21 13:26 - 01402880 _____ () C:\Users\owner\Desktop\HiJackThis.msi
2014-06-20 22:24 - 2014-06-20 22:18 - 00003392 _____ () C:\Windows\System32\Tasks\Log-Test1
2014-06-20 22:17 - 2014-06-20 22:17 - 00000114 _____ () C:\local.conf
2014-06-20 22:17 - 2014-06-15 17:19 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-20 22:13 - 2014-06-20 22:09 - 00003792 _____ () C:\Windows\System32\Tasks\My BabyCakin
2014-06-20 21:48 - 2014-06-20 00:11 - 00000000 ____D () C:\Program Files\stinger
2014-06-20 19:51 - 2014-06-20 19:51 - 00000708 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-06-20 19:47 - 2013-09-02 21:20 - 00000000 ____D () C:\Users\owner\AppData\Roaming\NCH Software
2014-06-20 19:35 - 2014-06-20 19:35 - 01369720 _____ () C:\Users\owner\Desktop\PandaCloudAntivirus.exe
2014-06-20 19:35 - 2014-06-20 19:34 - 30115912 _____ (Panda Security ) C:\Users\owner\Desktop\PandaCloudCleaner.exe
2014-06-20 19:21 - 2014-06-20 19:21 - 00291863 _____ () C:\Users\owner\Desktop\Rootkit List.htm
2014-06-20 19:19 - 2014-06-20 19:19 - 00065137 _____ () C:\Users\owner\Desktop\How to Manually Remove a Rootkit Infection   eHow.htm
2014-06-20 19:17 - 2014-06-20 19:17 - 05124208 _____ (F-Secure Corporation) C:\Users\owner\Desktop\F-SecureOnlineScanner-HC.exe
2014-06-20 18:55 - 2014-06-20 18:14 - 00626118 _____ () C:\Windows\system32\HWiNFO64.DBG
2014-06-20 18:11 - 2014-06-02 02:30 - 00000000 ____D () C:\Users\owner\Downloads\Future - Pluto {2012-Album}
2014-06-20 18:11 - 2014-06-02 02:19 - 00000000 ____D () C:\Users\owner\Downloads\Emmure - Slave to the Game (2012)
2014-06-20 18:11 - 2014-06-02 01:59 - 00000000 ____D () C:\Users\owner\Downloads\Mayday Parade - A Lesson In Romantics [Mp3-vrb-2007]
2014-06-20 18:11 - 2014-06-02 01:54 - 00000000 ____D () C:\Users\owner\Downloads\Mayday Parade - Anywhere But Here
2014-06-20 18:11 - 2014-06-02 01:41 - 00000000 ____D () C:\Users\owner\Downloads\Masks
2014-06-20 18:11 - 2014-06-02 01:31 - 00000000 ____D () C:\Users\owner\Downloads\To Plant A Seed
2014-06-20 18:11 - 2013-09-01 12:03 - 00000000 ___RD () C:\Users\owner\Documents\UDC Output Files
2014-06-20 18:07 - 2014-06-20 00:08 - 00000000 ____D () C:\Program Files (x86)\door2windows
2014-06-20 13:45 - 2013-09-23 12:18 - 00000000 ____D () C:\Program Files (x86)\Softlogic Innovations
2014-06-20 13:29 - 2014-06-14 15:48 - 00000000 ____D () C:\Users\owner\Documents\WPA Files
2014-06-20 13:25 - 2013-09-28 15:03 - 00000000 ____D () C:\Users\owner\AppData\Local\Windows Live
2014-06-20 13:18 - 2013-10-05 23:52 - 00000000 ____D () C:\Users\owner\AppData\Local\IsolatedStorage
2014-06-20 12:55 - 2013-08-17 22:18 - 00000000 ____D () C:\Users\owner\Downloads\Movies
2014-06-20 11:49 - 2013-10-17 06:18 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-06-20 11:48 - 2013-02-06 15:48 - 00000000 ____D () C:\Users\owner\AppData\Roaming\uTorrent
2014-06-20 11:34 - 2014-06-20 11:34 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\owner\Desktop\unhide.exe
2014-06-19 23:22 - 2014-06-19 23:06 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-06-19 23:01 - 2014-06-19 23:00 - 13429504 _____ (Disc Soft Ltd) C:\Users\owner\Downloads\DTLite4491-0356.exe
2014-06-19 22:51 - 2014-06-18 02:13 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-06-19 12:49 - 2014-06-17 23:56 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-06-19 12:49 - 2014-06-17 23:56 - 00007631 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-06-19 11:55 - 2014-06-19 11:55 - 00001352 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-18 21:44 - 2014-06-18 21:44 - 19739904 _____ (SUPERAntiSpyware) C:\Users\owner\Downloads\SUPERAntiSpyware.exe
2014-06-18 19:35 - 2014-06-18 19:33 - 00001973 _____ () C:\Users\owner\Desktop\SUPERAntiSpyware Professional.lnk
2014-06-18 18:54 - 2014-06-18 18:53 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\eXplorer.exe
2014-06-18 18:53 - 2014-06-18 18:52 - 14349744 _____ (Malwarebytes Corp.) C:\Users\owner\Downloads\mbar-1.07.0.1012.exe
2014-06-18 18:09 - 2014-06-18 18:09 - 00000000 ____D () C:\Users\owner\AppData\Roaming\devcoin
2014-06-18 17:25 - 2014-05-26 14:55 - 00002404 _____ () C:\Windows\Sandboxie.ini
2014-06-18 16:09 - 2014-06-18 16:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\owner\Downloads\revosetup.exe
2014-06-18 16:09 - 2014-06-18 16:09 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\FixExec.com
2014-06-18 16:03 - 2014-06-18 16:03 - 04707328 _____ () C:\Users\owner\Downloads\RogueKiller.exe
2014-06-18 16:03 - 2014-06-18 16:03 - 00000194 _____ () C:\Users\owner\Downloads\hosts-perm.bat
2014-06-18 16:00 - 2014-06-18 16:00 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\owner\Downloads\ADSSpy.exe
2014-06-18 12:15 - 2014-06-05 08:40 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-06-18 02:30 - 2014-06-18 02:30 - 00033123 _____ () C:\ComboFix.txt
2014-06-18 02:12 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-18 02:09 - 2014-05-18 02:14 - 84672512 _____ () C:\Windows\system32\config\software.bak
2014-06-18 02:09 - 2009-07-13 21:34 - 04980736 _____ () C:\Windows\system32\config\default.bak
2014-06-18 02:09 - 2009-07-13 21:34 - 00090112 _____ () C:\Windows\system32\config\sam.bak
2014-06-18 02:09 - 2009-07-13 21:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-06-18 01:50 - 2014-06-18 01:50 - 05206841 _____ (Swearware) C:\Users\owner\Downloads\ComboFix.exe
2014-06-18 01:44 - 2014-06-18 01:44 - 00000060 _____ () C:\Users\owner\Downloads\RestoreSecurityProcessorLoaderDriverWindows7.bat
2014-06-18 01:28 - 2013-02-09 01:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-06-17 23:56 - 2014-06-17 23:56 - 00000000 ____D () C:\Program Files\Symantec
2014-06-17 23:19 - 2014-06-17 23:19 - 00269016 _____ () C:\Windows\Minidump\061714-26520-01.dmp
2014-06-17 23:19 - 2014-06-17 23:18 - 227445472 _____ () C:\Windows\MEMORY.DMP
2014-06-17 22:28 - 2007-01-01 20:25 - 00000000 ____D () C:\Windows\Panther
2014-06-17 22:26 - 2014-06-17 22:26 - 00000000 _____ () C:\Users\owner\Documents\Default.rdp
2014-06-17 18:56 - 2014-06-10 15:49 - 00000000 ____D () C:\Users\owner\Downloads\TMRBLog
2014-06-17 18:52 - 2014-06-17 18:52 - 00000000 _____ () C:\Users\owner\defogger_reenable
2014-06-17 15:36 - 2013-08-03 17:29 - 00000000 ____D () C:\Users\Guest
2014-06-17 15:36 - 2013-08-03 17:29 - 00000000 ____D () C:\Users\Administrator
2014-06-17 15:34 - 2014-06-17 15:34 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-06-17 15:28 - 2014-06-17 15:25 - 230403208 _____ (COMODO) C:\Users\owner\Downloads\cfw_installer.exe
2014-06-17 15:10 - 2014-06-17 15:10 - 00688992 _____ (Swearware) C:\Users\owner\Downloads\dds.com
2014-06-17 15:09 - 2014-06-17 15:09 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ParetoLogic
2014-06-17 15:06 - 2014-06-17 15:06 - 00050477 _____ () C:\Users\owner\Downloads\Defogger.exe
2014-06-17 15:05 - 2014-06-17 15:04 - 05938328 _____ (ParetoLogic, Inc.) C:\Users\owner\Downloads\RegCureProSetup.exe
2014-06-17 14:40 - 2014-06-17 14:40 - 00000046 _____ () C:\Users\owner\Downloads\RestoreAppIDDriverWindows7.bat
2014-06-17 13:45 - 2014-06-17 13:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-17 13:39 - 2014-06-17 13:39 - 00140592 _____ () C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-17 13:39 - 2014-06-17 13:38 - 00489936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-17 13:27 - 2014-06-11 11:23 - 00000000 ____D () C:\OETemp
2014-06-17 13:24 - 2013-10-15 09:59 - 00000294 _____ () C:\Windows\Tasks\SlimCleaner Run.job
2014-06-17 12:46 - 2014-06-17 12:46 - 00022528 _____ (Microsoft) C:\Users\owner\Downloads\RunAsSystem.exe
2014-06-17 11:00 - 2014-06-17 11:00 - 00047616 _____ () C:\Users\owner\Downloads\Win32kDiag.exe
2014-06-17 09:56 - 2014-06-17 09:56 - 00472064 _____ ( ) C:\Users\owner\Downloads\RootRepeal.exe
2014-06-17 09:47 - 2014-06-17 09:46 - 00854390 _____ () C:\Users\owner\Downloads\SecurityCheck.exe
2014-06-16 16:25 - 2014-06-16 16:25 - 01080528 _____ (Unity Technologies ApS) C:\Users\owner\Downloads\UnityWebPlayer.exe
2014-06-16 11:24 - 2014-06-16 11:24 - 00045342 _____ () C:\Users\owner\Downloads\Game.of.Thrones.S04E10.720p.HDTV.x264-KILLERS.srt
2014-06-15 17:19 - 2014-06-15 17:19 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-15 17:07 - 2014-06-11 11:27 - 00000000 ____D () C:\Users\owner\AppData\Local\Trend Micro
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\SysWOW64\FxsTmp
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\addins
2014-06-15 15:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-06-15 15:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-06-15 14:50 - 2014-06-15 14:50 - 00380416 _____ () C:\Users\owner\Downloads\7xw8cr4k.exe
2014-06-15 14:46 - 2014-06-15 14:46 - 00000020 _____ () C:\Windows\põ®
2014-06-15 14:19 - 2014-06-15 14:15 - 00231960 _____ () C:\Windows\RegBootClean64.exe
2014-06-15 14:19 - 2014-06-15 14:15 - 00013482 _____ () C:\Windows\RegBootClean64.CFG
2014-06-15 13:23 - 2014-06-15 13:23 - 00001209 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-06-15 13:21 - 2014-06-15 13:21 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-Wise_Registry_Cleaner-SEO-10605508.exe
2014-06-15 12:47 - 2014-06-15 12:47 - 01333465 _____ () C:\Users\owner\Downloads\AdwCleaner.exe
2014-06-15 12:47 - 2014-06-15 12:47 - 00400384 _____ (Farbar) C:\Users\owner\Downloads\MiniToolBox.exe
2014-06-15 12:46 - 2014-06-15 12:46 - 01073152 _____ (Farbar) C:\Users\owner\Downloads\FRST.exe
2014-06-15 12:42 - 2014-06-15 12:42 - 02081792 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe
2014-06-15 12:40 - 2014-06-15 12:39 - 00000000 ____D () C:\MGADiagToolOutput
2014-06-15 12:36 - 2014-06-15 12:36 - 02031992 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MGADiag.exe
2014-06-15 09:31 - 2014-06-15 09:31 - 02670520 _____ (Martin Malík - REALiX ) C:\Users\owner\Downloads\hw64_440.exe
2014-06-14 16:38 - 2014-05-31 14:52 - 00031648 _____ (REALiX™) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2014-06-14 16:03 - 2014-06-14 16:02 - 05477376 _____ () C:\Users\owner\Downloads\Latency Optimizer.msi
2014-06-14 16:03 - 2014-06-14 15:51 - 00000000 ____D () C:\Symbols
2014-06-14 16:03 - 2014-06-14 15:48 - 00000000 ____D () C:\SymCache
2014-06-14 15:48 - 2014-06-14 15:47 - 00000000 ____D () C:\Users\owner\AppData\Local\Windows Performance Analyzer
2014-06-14 15:42 - 2014-06-14 15:40 - 52756480 _____ () C:\kernel.etl
2014-06-14 15:28 - 2014-06-14 15:28 - 01435472 _____ (Microsoft Corporation) C:\Users\owner\Downloads\adksetup.exe
2014-06-14 15:23 - 2014-06-14 15:23 - 00301688 _____ (Thesycon GmbH) C:\Users\owner\Downloads\dpclat.exe
2014-06-14 13:31 - 2013-10-17 04:12 - 00000000 ____D () C:\Users\owner\Documents\Youcam
2014-06-14 13:25 - 2014-06-14 13:21 - 204395288 _____ () C:\Users\owner\Downloads\YouCam_5.0.3618.0_HW_Patch_YUC131217-01.exe
2014-06-14 13:21 - 2014-06-14 13:21 - 01029080 _____ (CyberLink) C:\Users\owner\Downloads\CyberLink_YouCam_Downloader.exe
2014-06-14 11:24 - 2014-06-14 11:23 - 12329704 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\owner\Downloads\SASDEFINITIONS.EXE
2014-06-14 03:29 - 2014-06-14 03:29 - 00000000 ____D () C:\SUPERDelete
2014-06-14 00:32 - 2014-06-14 00:32 - 01294512 _____ (Uniblue Systems Limited ) C:\Users\owner\Downloads\speedupmypc.exe
2014-06-13 20:54 - 2014-06-13 20:53 - 19671928 _____ (SUPERAntiSpyware) C:\Users\owner\Downloads\SUPERAntiSpywarePro.exe
2014-06-13 11:15 - 2014-06-13 11:15 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ChemTable Software
2014-06-13 00:25 - 2014-06-13 00:25 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-AnVir_Task_Manager_Free-SEO-10802050.exe
2014-06-13 00:24 - 2014-06-13 00:24 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-Security_Task_Manager-SEO-10246545.exe
2014-06-12 18:41 - 2014-06-12 18:40 - 06185059 _____ (Ixcoin project) C:\Users\owner\Downloads\ixcoin-0.3.24.3-win32-setup.exe
2014-06-12 04:41 - 2013-07-27 19:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 04:40 - 2013-02-09 04:23 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 14:24 - 2014-06-11 14:24 - 00000000 ____D () C:\Users\owner\AppData\Local\Adobe
2014-06-11 11:37 - 2014-06-11 11:36 - 00000085 _____ () C:\Windows\wininit.ini
2014-06-11 11:36 - 2014-06-11 11:36 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-11 11:33 - 2014-06-10 16:18 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-06-11 11:22 - 2014-06-07 13:33 - 00000981 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-11 11:21 - 2014-06-11 11:21 - 00257865 _____ () C:\Users\owner\AppData\Local\census.cache
2014-06-11 11:21 - 2014-06-11 11:21 - 00172466 _____ () C:\Users\owner\AppData\Local\ars.cache
2014-06-11 10:57 - 2014-06-11 10:57 - 00000010 _____ () C:\Users\owner\AppData\Local\sponge.last.runtime.cache
2014-06-11 10:49 - 2014-06-11 10:49 - 02473936 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\HousecallLauncher64.exe
2014-06-11 10:47 - 2014-06-11 10:47 - 00186328 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2014-06-11 10:26 - 2014-06-11 10:25 - 111278192 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\TTi_7.0_HE_64bit.exe
2014-06-11 10:24 - 2014-06-11 10:24 - 14839344 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171x64 (1).exe
2014-06-10 15:51 - 2014-06-10 15:51 - 14839344 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171x64.exe
2014-06-10 14:55 - 2014-06-10 14:54 - 89095528 _____ (Sophos Limited) C:\Users\owner\Downloads\Sophos Virus Removal Tool.exe
2014-06-10 14:42 - 2014-06-10 14:42 - 00000036 _____ () C:\Users\owner\AppData\Local\housecall.guid.cache
2014-06-10 14:42 - 2014-06-10 14:39 - 25280863 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\attk_ScanCleanOnline_gui_x64.exe
2014-06-10 14:39 - 2014-06-10 14:38 - 10021424 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171.exe
2014-06-10 14:38 - 2014-06-10 14:38 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\owner\Downloads\RUBottedSetup.exe
2014-06-10 11:14 - 2014-06-10 11:15 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-10 11:14 - 2014-06-10 11:14 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Avira
2014-06-10 10:44 - 2014-06-10 10:43 - 06769280 _____ (SparkTrust) C:\Users\owner\Downloads\SparkTrust PC Cleaner Plus Setup_c9999cd_.exe
2014-06-08 21:28 - 2014-06-08 21:28 - 00007398 _____ () C:\Users\owner\Documents\talk.txt
2014-06-08 12:45 - 2013-01-22 21:18 - 10747904 _____ () C:\Users\owner\ntuser.bak
2014-06-08 10:17 - 2014-06-08 10:17 - 00001372 _____ () C:\Users\owner\Desktop\HWiNFO64.EXE.lnk
2014-06-08 08:37 - 2014-06-08 08:37 - 00000546 _____ () C:\Users\owner\Desktop\Emsisoft Emergency Kit.lnk
2014-06-07 12:31 - 2014-06-07 12:31 - 00001192 _____ () C:\Users\owner\Desktop\My LastPass Vault.lnk
2014-06-07 12:28 - 2014-06-07 12:27 - 14936064 _____ (LastPass) C:\Users\owner\Downloads\lastpass_x64.exe
2014-06-07 09:17 - 2013-08-12 22:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 18:17 - 2013-08-12 22:24 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-06 18:17 - 2013-08-06 20:49 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-06 18:17 - 2013-08-06 20:49 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-06 07:54 - 2013-02-18 19:23 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Apple Computer
2014-06-05 19:40 - 2014-06-05 19:41 - 00449885 _____ () C:\Windows\system32\Drivers\etc\hosts.20140605-194152.backup
2014-06-05 19:40 - 2014-06-05 19:41 - 00449885 _____ () C:\Windows\system32\Drivers\etc\hosts.20140605-194111.backup
2014-06-05 19:27 - 2009-07-13 21:34 - 00449885 _____ () C:\Windows\system32\Drivers\etc\hosts.20140605-194046.backup
2014-06-05 18:43 - 2014-06-05 18:43 - 00000000 ____D () C:\Users\owner\Documents\ProcAlyzer Dumps
2014-06-05 08:44 - 2014-06-05 08:42 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\owner\Downloads\spybot-2.3.exe
2014-06-05 08:39 - 2014-06-05 08:38 - 13829304 _____ (Microsoft Corporation) C:\Users\owner\Downloads\mseinstall (1).exe
2014-06-05 08:37 - 2014-06-05 08:37 - 00165376 _____ () C:\Users\owner\Downloads\SystemLook_x64.exe
2014-06-05 08:34 - 2014-06-05 08:34 - 13829304 _____ (Microsoft Corporation) C:\Users\owner\Downloads\mseinstall.exe
2014-06-05 08:32 - 2014-06-05 08:32 - 01059840 _____ () C:\Users\owner\Downloads\MicrosoftFixit50981.msi
2014-06-04 18:39 - 2014-06-03 14:42 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-04 09:07 - 2013-02-18 19:23 - 00000000 ____D () C:\Users\owner\AppData\Local\Apple Computer
2014-06-01 17:33 - 2014-06-01 17:32 - 01119203 _____ (HANSoft, Inc. ) C:\Users\owner\Downloads\ERWsetup.exe
2014-06-01 13:18 - 2014-06-01 13:06 - 00000800 _____ () C:\Windows\system32\PDBootState
2014-06-01 12:46 - 2014-06-01 12:46 - 41891360 _____ (Raxco Software, Inc. ) C:\Users\owner\Downloads\PerfectDisk_Pro_Trial.exe
2014-05-31 23:34 - 2014-05-31 23:32 - 259919240 _____ (Altova GmbH) C:\Users\owner\Downloads\MissionKitEnt2014_x64.exe
2014-05-31 15:05 - 2014-05-31 15:05 - 00633360 _____ (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\owner\Downloads\biosagentplus_875.exe
2014-05-31 15:01 - 2014-05-31 15:01 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2014-05-31 14:51 - 2014-05-31 14:50 - 02661768 _____ (Martin Malík - REALiX ) C:\Users\owner\Downloads\hw64_438.exe
2014-05-31 14:31 - 2014-05-31 14:31 - 00231760 _____ () C:\Users\owner\Downloads\CrucialScan.exe
2014-05-31 13:23 - 2014-05-31 13:23 - 04583424 _____ () C:\Users\owner\Downloads\HPSupportSolutionsFramework.msi
2014-05-30 17:39 - 2014-05-30 17:37 - 00000000 ____D () C:\Users\owner\Desktop\Legalities
2014-05-28 19:06 - 2014-05-28 19:06 - 00000000 ____D () C:\Windows\SystemRepair
2014-05-27 16:12 - 2014-05-26 14:55 - 00001002 _____ () C:\Users\owner\Desktop\Sandboxed Web Browser.lnk
2014-05-25 17:18 - 2009-07-14 00:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-24 18:03 - 2014-05-24 18:03 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Curiolab
2014-05-24 15:07 - 2014-05-24 15:05 - 211221864 _____ (CURIOLAB S.M.B.A.) C:\Users\owner\Downloads\ExterminateItSetup.exe
 
Files to move or delete:
====================
C:\Users\owner\AppData\Roaming\skype.ini
C:\Users\owner\LastPassBroker.exe
C:\Users\owner\nplastpass.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {158181c0-9a00-11db-8a1d-b11d19fd3102}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 10
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {3a4f682b-009c-11df-892f-bcc80dab5cc5}
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {3a4f682b-009c-11df-892f-bcc80dab5cc5}
truncatememory          0xc0000000
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {158181c0-9a00-11db-8a1d-b11d19fd3102}
nx                      OptIn
pae                     ForceDisable
numproc                 2
safeboot                Minimal
quietboot               Yes
usefirmwarepcisettings  No
safebootalternateshell  Yes
bootlog                 Yes
sos                     No
debug                   Yes
 
Windows Boot Loader
-------------------
identifier              {3a4f682b-009c-11df-892f-bcc80dab5cc5}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{3a4f682c-009c-11df-892f-bcc80dab5cc5}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{3a4f682c-009c-11df-892f-bcc80dab5cc5}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {572bcd60-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             Microsoft Windows PE 2.0 
osdevice                ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
detecthal               Yes
winpe                   Yes
ems                     Yes
 
Resume from Hibernate
---------------------
identifier              {158181c0-9a00-11db-8a1d-b11d19fd3102}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {3a4f682c-009c-11df-892f-bcc80dab5cc5}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk Options
ramdisksdidevice        boot
ramdisksdipath          \boot\boot.sdi
 
 
 
LastRegBack: 2014-06-09 01:40
 
==================== End Of Log ============================


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:49 PM

Posted 23 June 2014 - 12:32 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
CHR NewTab: "chrome-extension://dgpdioedihjhncjafcpgbbjdpbbkikmi/speeddial.html"
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (My Logon Manager) - C:\Program Files (x86)\My Logon Manager\NPMLMPlugin.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (Advanced SystemCare 7) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\Plugin\ASCPlugin_Protect.dll No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 CrucialSMBusScan; \??\C:\Users\owner\AppData\Local\Temp\CrucialSMBusScan_V64.sys [X]
U4 ImapiService;
U2 TMAgent;
U4 WmdmPmSN;

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Uncheck the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
====

#8 bigrobifer

bigrobifer
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 23 June 2014 - 01:47 PM

Ok i trust your skill but i have noticed a few things i think might be worth noting. I want you to know this before i run this new scan, Ive had boot options set from msconfig to go directly into safe mode. When i was preparing to run this new scan i went into msconfig to change it back to normal boot mode and uncheck all the startup items (programs an such). I see under startup tab there are three entries for microsoft windows operating system. The top one is ctfmon (one of the problem services i suspected of being used remotely) and  it lists the executable twice, theres only one .exe for ctfmon in that folder and i dont have office xp (windows office 2007 is what is installed). It seemed really funny to have the .exe. listed twice in this way.

C:\Windows\System32\ctfmon.exe ctfmon.exe           exactly like that no parethesis.

Also the command for windows defender is set to "hide"

Also a conduit floating plugin with rundll32.exe inside the syswow64 folder plus TBVerifier.dll in program file x86/ conduit. 

The C/ProgramFile/ hp wireless assistant/ DelayedAppStarter .exe is followed by 120  and the the same folder has a hidden  executable for HPWA_Main.exe/hidden.

Quicktime is unistalled (supposed to be) and there is this "C\PROGRAM FILES(x86) QUICK TIME\ QTTask.exe" -atboottime

Realtek audio is file path .exe. is followed by a  -s (the very first indicator i had of anything was the speakers going all staticy even after they were cutoff/disabled.)

Microsoft operating system -  cmd.exe /c reg delete HKCU\Software\AppDataLow\Software\toparcadehitsconfig /f

and "C:\ProgramFiles(x86)\CyberLink\YouCam\YouCamService.exe." /s

Do the parenthesis mean the command has been deprated? 

Also worth saying, sorry, i went to start and tried to type in sysconfig but typed in msiconfig then msconfig. A command window briefly appeared. Hope this dont change anything but i did need to reset to normal boot, forgot about it untill just before i started to run the new scan. 

Thank you for your patience. I'm waiting on instructs on the way i should set the boot config (other than simple regular mode) and whether i messed our progress up by the mistypo.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:49 PM

Posted 24 June 2014 - 07:32 AM

For now change your computer in normal mode.

Do the Fix and restart the computer.

In normal mode run the FRST.exe one more time and post a fresh log.

Let me know of any issues.

#10 bigrobifer

bigrobifer
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 24 June 2014 - 09:52 AM

Good morning, and thank you again for working with me. here are the logs created. Can't upload any logs it tells me file is to big to upload. Will copy and paste .

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by owner at 2014-06-24 09:02:04 Run:2
Running from C:\Users\owner\Desktop\FRST
Boot Mode: Safe Mode (with Networking)
==============================================
 
Content of fixlist:
*****************
start
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
CHR NewTab: "chrome-extension://dgpdioedihjhncjafcpgbbjdpbbkikmi/speeddial.html"
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (My Logon Manager) - C:\Program Files (x86)\My Logon Manager\NPMLMPlugin.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (Advanced SystemCare 7) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\Plugin\ASCPlugin_Protect.dll No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 CrucialSMBusScan; \??\C:\Users\owner\AppData\Local\Temp\CrucialSMBusScan_V64.sys [X]
U4 ImapiService;
U2 TMAgent;
U4 WmdmPmSN;
 
End
*****************
 
'HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon' => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Error deleting key. The key could be protected.
'HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\My Logon Manager\NPMLMPlugin.dll not found.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll not found.
C:\Windows\SysWOW64\npDeployJava1.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll not found.
c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll not found.
c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll not found.
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\Plugin\ASCPlugin_Protect.dll not found.
catchme => Service deleted successfully.
clwvd => Service deleted successfully.
CrucialSMBusScan => Service deleted successfully.
ImapiService => Service deleted successfully.
TMAgent => Service deleted successfully.
WmdmPmSN => Service deleted successfully.
 
==== End of Fixlog ====
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by owner (administrator) on OWNER-HP on 24-06-2014 09:09:47
Running from C:\Users\owner\Desktop\FRST
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Trend Micro Inc.) C:\Users\owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDUpdSvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\synaptics\syntp\syntpenh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware)
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Policies\Explorer: [NoAddPrinter] 1
BootExecute: PDBoot.exeautocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAB6AB6611C88CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\owner\Desktop\Robert's\LPToolbar_x64.dll (LastPass)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\owner\Desktop\Robert's\LPToolbar.dll (LastPass)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Handler: AnVirDisabled\skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: AnVirDisabled\skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.wix.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass - C:\Users\owner\Desktop\Robert's\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Users\owner\Desktop\Robert's\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: LastPass - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\support@lastpass.com [2014-06-07]
FF Extension: iMacros for Firefox - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-05-25]
FF Extension: Firebug - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\firebug@software.joehewitt.com.xpi [2014-06-04]
FF Extension: FlashDisable - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\jid0-bbA9VAawX3LMWDu668aUDrpQVXU@jetpack.xpi [2014-06-07]
FF Extension: CoinURL - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\jid1-L9YAQzMOANgNZg@jetpack.xpi [2014-06-03]
FF Extension: PrivDog - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\PrivDog@AdTrustMedia.com.xpi [2014-06-17]
FF Extension: SelectBoxTools - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\selectboxtools@nodomain.com.xpi [2014-06-04]
FF Extension: Speed DNS - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\speeddns@gmail.com.xpi [2014-06-04]
FF Extension: The Addon Bar (restored) - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-06-04]
FF Extension: YSlow - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\yslow@yahoo-inc.com.xpi [2014-06-04]
FF Extension: Greasemonkey - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-06-04]
FF Extension: User Agent Switcher - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-06-04]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\cache@status.org [2014-06-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\toolbar@unet.com [2014-06-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84} [2014-06-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2014-06-03]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn [2014-06-24]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF [2014-06-18]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR NewTab: "chrome-extension://dgpdioedihjhncjafcpgbbjdpbbkikmi/speeddial.html"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (My Logon Manager) - C:\Program Files (x86)\My Logon Manager\NPMLMPlugin.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (Advanced SystemCare 7) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\Plugin\ASCPlugin_Protect.dll No File
CHR Extension: (Angry Birds) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-04-30]
CHR Extension: (Tools for Amazon's Mechanical Turk) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoffgjejcepnijgahpckhajchahfpojo [2014-04-14]
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-18]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-18]
CHR Extension: (Website Protection) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\beiopafefbkbokhfglgppmhpeobgpmed [2014-04-17]
CHR Extension: (Norton Identity Safe for Google Chromeâ„¢) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-06-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2014-06-02]
CHR Extension: (Facebook Color Changer) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\clnnapikbigkpjmgckhedmkgfkochicj [2014-06-02]
CHR Extension: (PrivDog) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-06-18]
CHR Extension: (MakeGIF Video Capture) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhdjbfjheoohmhpakglckehdcgfffbl [2014-06-02]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-18]
CHR Extension: (AdPend Exchange Network) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfjdkdceleofajflfmefffopfpodglfd [2014-06-17]
CHR Extension: (Turkopticon) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgefbojfgdddnignhmfmnencgiloojpe [2014-04-14]
CHR Extension: (Tampermonkey) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-04-13]
CHR Extension: (MindMup - Free Mind Map web site) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnenaecjcgeppfpaokiifokeieopppej [2014-04-13]
CHR Extension: (Sumo Paint) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod [2014-06-02]
CHR Extension: (MozBar) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2014-06-02]
CHR Extension: (Authy Chrome Extension) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgenkpocbhhddlgkjnfghpjanffonno [2014-06-18]
CHR Extension: (Authy) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2014-06-18]
CHR Extension: (AppJump App Launcher and Organizer) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hccbinpobnjcpckmcfngmdpnbnjpmcbd [2014-04-13]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-04-11]
CHR Extension: (Website Destroyer) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfdklionolegofhffnhoagpmlailnnni [2014-04-17]
CHR Extension: (CoinURL) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hioofbdebnagjphoejaimfoklbcemnfh [2014-04-21]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-06-02]
CHR Extension: (elRTE - HTML edit) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokleipfjbnpkdlfaebfamgadpleagie [2014-05-27]
CHR Extension: (Seymour: Personal Typist) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iakakkmhombdnngelgjejblefgljkded [2014-05-26]
CHR Extension: (Word Count Tool) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjgdahgcdkpdlbkadidojhfddflblcm [2014-05-11]
CHR Extension: (Pixlr Editor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2014-05-04]
CHR Extension: (Photo To Cartoon) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphmndcanljimncebjfmknoadejhjjdd [2014-06-02]
CHR Extension: (Character Count) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbkelnohbkfdcdgoimhlhikgkehepal [2014-05-26]
CHR Extension: (KryptoKit Bitcoin Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhhipingoaiddcoalochnbjlkifbpmoj [2014-04-19]
CHR Extension: (Skype Click to Call) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-18]
CHR Extension: (Button for Bitlyâ„¢) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfaclnajlpfhbehdkmonbapamejjdfio [2014-06-07]
CHR Extension: (Editor Lite) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nglgdmkkiemejlladcdjegcllaieegoe [2014-05-27]
CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-18]
CHR Extension: (Context Menu Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2014-04-14]
CHR Extension: (ScriptSafe) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-06-17]
CHR Extension: (Page Monitor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-04-14]
CHR Extension: (4chan Plus) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2014-06-02]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-18]
CHR Extension: (Bitcoin Address Lookup) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlblkdmadbidammhjiponepngbfcpge [2014-04-26]
CHR Extension: (Word Count) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnngehidikgomgfjbpffonkeimgbpjlh [2014-05-23]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-06-19]
CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-06-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
S3 SDScannerService; C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R3 SDUpdateService; C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2013-12-18] (AVG)
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-06-08] (Emsisoft GmbH)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-17] (Symantec Corporation)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-06-14] (REALiX™)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140620.001\IDSvia64.sys [525016 2014-06-17] (Symantec Corporation)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140621.001\ENG64.SYS [126040 2014-06-17] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140621.001\EX64.SYS [2099288 2014-06-17] (Symantec Corporation)
S3 PORTMON; C:\Users\owner\Desktop\New folder\PORTMSYS.SYS [28656 2014-06-22] (Systems Internals) [File not signed]
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-06-19] (Duplex Secure Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-06-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-12] (Anchorfree Inc.)
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140606.001\BHDrvx64.sys F10EFCE086C794F8A7C2C7A3EA52AC5F
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys 56685951208AC81CF923B9B08BEDF3B7
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\EEK\Run\cleanhlp64.sys B794DCF38C965FA2F93C45A7C3D582C5
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\DefragFS.sys 7194353A9303E80BA0B22187E559EB13
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\dfx11_1x64.sys 51D50A9A72C18E4629891BF381D123BA
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 1ED08A6264C5C92099D6D1DAE5E8F530
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 5E346ADBAD5110EAB2E9808ABE877A00
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 773ACF5823046FA40D7FD898559A7228
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\system32\drivers\HWiNFO64A.SYS D7E0591E2BA1289C875A9D948377441E
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140620.001\IDSvia64.sys F6F8CDA3CC5207BFD0B319A26E33ACD3
C:\Windows\System32\DRIVERS\igdkmd64.sys 8814F0B9A09C647D3D7BE735450E7B4C
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 336C3A6BF14D5A9AF35AF07C6B6B29CD
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MarvinBus64.sys 024DA28053D57E9E32BEE52600576BBB
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140621.001\ENG64.SYS 702E07EC32F96ACDB873E9A5465D4401
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140621.001\EX64.SYS 302EA314A1AF0D7CEF0A3D0195F79561
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PDFsFilter.sys 9F5E27C8B88A8DA1DC93E93A5C27BB9B
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Users\owner\Desktop\New folder\PORTMSYS.SYS C58AE9881CD83BB1662A7E062E11CBD6
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PSKMAD.sys 05A0C2744CEAC6F1B723EC469B650EF0
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RtsPStor.sys 546D7F426776090B90EF5F195B6AE662
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 3372196F61AF48503656EF6AA3E92D1B
C:\Windows\System32\DRIVERS\rtl8192Ce.sys 177963A6EEBAA9EF3B56A2DBE9D5D0FC
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Program Files\Sandboxie\SbieDrv.sys F22189298ABFC75F2A2D87BCCD3CA092
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys 74D30C2EF66C2EB19F17ED5423AA8038
C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS 2FD9346F9D76CB4192D37329CFA47A82
C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS 0E76CEF892C45734F7AED09FDDF35D4D
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\NISx64\1405000.01C\SYMDS64.SYS 52DC0048D667757A8A2E4C87182890AC
C:\Windows\System32\drivers\NISx64\1405000.01C\SYMEFA64.SYS 599872BAD7CFB45C7CE47CDED4B726D8
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS F19E5E37ED8134B9E5F6287F2D3A75D7
C:\Windows\System32\DRIVERS\SymIMv.sys BFD99DC6C7FEB2F8B20D488FDF3A9A55
C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS ADF37F1A715D6C56C8E065FD8569A9A4
C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS 9CDCA70485BD6B9D230365F67C31F132
C:\Windows\System32\DRIVERS\SynTP.sys AC3CC98B1BDB6540021D3FFB105AC2B9
C:\Windows\System32\DRIVERS\taphss6.sys A44268083CEC91EFE69AC0E371131745
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-23 08:50 - 2014-06-24 09:09 - 00000000 ____D () C:\Users\owner\Desktop\FRST
2014-06-22 23:05 - 2014-06-22 23:05 - 00000000 ____D () C:\SQLCritUpdPkg
2014-06-22 21:35 - 2014-06-22 23:16 - 00002808 _____ () C:\Users\owner\Desktop\unhide.txt
2014-06-22 21:32 - 2014-06-22 21:33 - 29183200 _____ (Microsoft Corporation) C:\Users\owner\Desktop\Windows-KB890830-x64-V5.13.exe
2014-06-22 21:29 - 2014-06-22 21:31 - 107726072 _____ (Microsoft Corporation) C:\Users\owner\Desktop\msert.exe
2014-06-22 13:46 - 2014-06-22 13:46 - 00000027 _____ () C:\Users\owner\Downloads\apppath.torun
2014-06-22 11:41 - 2014-06-22 11:41 - 00000000 ____D () C:\Users\owner\Desktop\DLL'S REPLACE
2014-06-22 01:49 - 2014-06-22 20:46 - 00000000 ____D () C:\Trend Micro
2014-06-22 01:28 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\Desktop\new antivirus
2014-06-21 13:32 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-21 13:32 - 2014-06-22 01:49 - 00002935 _____ () C:\Users\owner\Desktop\HiJackThis.lnk
2014-06-21 13:26 - 2014-06-21 13:26 - 05209566 _____ (Swearware) C:\Users\owner\Desktop\ComboFix.exe
2014-06-21 13:26 - 2014-06-21 13:26 - 01402880 _____ () C:\Users\owner\Desktop\HiJackThis.msi
2014-06-20 22:18 - 2014-06-20 22:24 - 00003392 _____ () C:\Windows\System32\Tasks\Log-Test1
2014-06-20 22:17 - 2014-06-20 22:17 - 00000114 _____ () C:\local.conf
2014-06-20 22:09 - 2014-06-20 22:13 - 00003792 _____ () C:\Windows\System32\Tasks\My BabyCakin
2014-06-20 19:51 - 2014-06-22 21:12 - 00000000 ____D () C:\Panda Cloud Cleaner
2014-06-20 19:51 - 2014-06-20 19:51 - 00000708 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-06-20 19:51 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-06-20 19:35 - 2014-06-20 19:35 - 01369720 _____ () C:\Users\owner\Desktop\PandaCloudAntivirus.exe
2014-06-20 19:34 - 2014-06-20 19:35 - 30115912 _____ (Panda Security ) C:\Users\owner\Desktop\PandaCloudCleaner.exe
2014-06-20 19:21 - 2014-06-20 19:21 - 00291863 _____ () C:\Users\owner\Desktop\Rootkit List.htm
2014-06-20 19:19 - 2014-06-20 19:19 - 00065137 _____ () C:\Users\owner\Desktop\How to Manually Remove a Rootkit Infection   eHow.htm
2014-06-20 19:17 - 2014-06-20 19:17 - 05124208 _____ (F-Secure Corporation) C:\Users\owner\Desktop\F-SecureOnlineScanner-HC.exe
2014-06-20 18:14 - 2014-06-20 18:55 - 00626118 _____ () C:\Windows\system32\HWiNFO64.DBG
2014-06-20 11:34 - 2014-06-20 11:34 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\owner\Desktop\unhide.exe
2014-06-20 00:11 - 2014-06-20 21:48 - 00000000 ____D () C:\Program Files\stinger
2014-06-20 00:08 - 2014-06-20 18:07 - 00000000 ____D () C:\Program Files (x86)\door2windows
2014-06-19 23:06 - 2014-06-19 23:22 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-06-19 23:00 - 2014-06-19 23:01 - 13429504 _____ (Disc Soft Ltd) C:\Users\owner\Downloads\DTLite4491-0356.exe
2014-06-19 22:56 - 2014-06-22 21:16 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-06-19 13:27 - 2014-06-22 21:15 - 00000000 ____D () C:\Windows\SHELLNEW
2014-06-19 11:55 - 2014-06-22 21:13 - 00000000 ____D () C:\Program Files (x86)\Spybot -1 Search & Destroy 2
2014-06-19 11:55 - 2014-06-19 11:55 - 00001352 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-19 11:55 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-06-19 10:01 - 2006-11-01 13:07 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\Users\owner\Desktop\RootkitRevealer.exe
2014-06-18 21:44 - 2014-06-18 21:44 - 19739904 _____ (SUPERAntiSpyware) C:\Users\owner\Downloads\SUPERAntiSpyware.exe
2014-06-18 19:34 - 2014-06-22 20:47 - 00000000 ____D () C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
2014-06-18 19:33 - 2014-06-22 21:19 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-18 19:33 - 2014-06-18 19:35 - 00001973 _____ () C:\Users\owner\Desktop\SUPERAntiSpyware Professional.lnk
2014-06-18 18:53 - 2014-06-18 18:54 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\eXplorer.exe
2014-06-18 18:52 - 2014-06-18 18:53 - 14349744 _____ (Malwarebytes Corp.) C:\Users\owner\Downloads\mbar-1.07.0.1012.exe
2014-06-18 18:10 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Local\AdTrustMedia
2014-06-18 18:09 - 2014-06-18 18:09 - 00000000 ____D () C:\Users\owner\AppData\Roaming\devcoin
2014-06-18 17:39 - 2014-06-22 23:07 - 00000000 ____D () C:\Users\owner\Desktop\File Checksum
2014-06-18 16:09 - 2014-06-18 16:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\owner\Downloads\revosetup.exe
2014-06-18 16:09 - 2014-06-18 16:09 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\FixExec.com
2014-06-18 16:03 - 2014-06-18 16:03 - 04707328 _____ () C:\Users\owner\Downloads\RogueKiller.exe
2014-06-18 16:03 - 2014-06-18 16:03 - 00000194 _____ () C:\Users\owner\Downloads\hosts-perm.bat
2014-06-18 16:00 - 2014-06-18 16:00 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\owner\Downloads\ADSSpy.exe
2014-06-18 13:27 - 2013-03-04 21:14 - 00043680 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2014-06-18 02:30 - 2014-06-18 02:30 - 00033123 _____ () C:\ComboFix.txt
2014-06-18 02:13 - 2014-06-19 22:51 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-06-18 02:10 - 2014-06-23 08:46 - 00005054 _____ () C:\Windows\PFRO.log
2014-06-18 02:00 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-18 02:00 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-18 02:00 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-18 02:00 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-18 02:00 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-18 02:00 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-18 02:00 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-18 02:00 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-18 01:50 - 2014-06-18 01:50 - 05206841 _____ (Swearware) C:\Users\owner\Downloads\ComboFix.exe
2014-06-18 01:44 - 2014-06-18 01:44 - 00000060 _____ () C:\Users\owner\Downloads\RestoreSecurityProcessorLoaderDriverWindows7.bat
2014-06-18 01:10 - 2014-06-24 09:09 - 00000000 ____D () C:\FRST
2014-06-17 23:56 - 2014-06-22 21:18 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-06-17 23:56 - 2014-06-19 12:49 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-06-17 23:56 - 2014-06-19 12:49 - 00007631 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-06-17 23:56 - 2014-06-17 23:56 - 00000000 ____D () C:\Program Files\Symantec
2014-06-17 23:55 - 2014-06-22 21:17 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-06-17 23:55 - 2014-06-22 21:15 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-06-17 23:19 - 2014-06-17 23:19 - 00269016 _____ () C:\Windows\Minidump\061714-26520-01.dmp
2014-06-17 23:18 - 2014-06-17 23:19 - 227445472 _____ () C:\Windows\MEMORY.DMP
2014-06-17 22:26 - 2014-06-17 22:26 - 00000000 _____ () C:\Users\owner\Documents\Default.rdp
2014-06-17 18:52 - 2014-06-17 18:52 - 00000000 _____ () C:\Users\owner\defogger_reenable
2014-06-17 15:34 - 2014-06-17 15:34 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-06-17 15:33 - 2014-06-22 21:13 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-06-17 15:33 - 2014-06-22 20:36 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-06-17 15:25 - 2014-06-17 15:28 - 230403208 _____ (COMODO) C:\Users\owner\Downloads\cfw_installer.exe
2014-06-17 15:10 - 2014-06-17 15:10 - 00688992 _____ (Swearware) C:\Users\owner\Downloads\dds.com
2014-06-17 15:09 - 2014-06-17 15:09 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ParetoLogic
2014-06-17 15:06 - 2014-06-17 15:06 - 00050477 _____ () C:\Users\owner\Downloads\Defogger.exe
2014-06-17 15:04 - 2014-06-17 15:05 - 05938328 _____ (ParetoLogic, Inc.) C:\Users\owner\Downloads\RegCureProSetup.exe
2014-06-17 14:40 - 2014-06-17 14:40 - 00000046 _____ () C:\Users\owner\Downloads\RestoreAppIDDriverWindows7.bat
2014-06-17 13:45 - 2014-06-21 15:25 - 00002520 _____ () C:\Windows\setupact.log
2014-06-17 13:45 - 2014-06-17 13:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-17 13:39 - 2014-06-17 13:39 - 00140592 _____ () C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-17 13:38 - 2014-06-17 13:39 - 00489936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-17 13:27 - 2014-06-23 00:13 - 00145883 _____ () C:\Windows\WindowsUpdate.log
2014-06-17 12:46 - 2014-06-17 12:46 - 00022528 _____ (Microsoft) C:\Users\owner\Downloads\RunAsSystem.exe
2014-06-17 11:00 - 2014-06-17 11:00 - 00047616 _____ () C:\Users\owner\Downloads\Win32kDiag.exe
2014-06-17 09:56 - 2014-06-17 09:56 - 00472064 _____ ( ) C:\Users\owner\Downloads\RootRepeal.exe
2014-06-17 09:46 - 2014-06-17 09:47 - 00854390 _____ () C:\Users\owner\Downloads\SecurityCheck.exe
2014-06-16 16:27 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Local\Unity
2014-06-16 16:25 - 2014-06-16 16:25 - 01080528 _____ (Unity Technologies ApS) C:\Users\owner\Downloads\UnityWebPlayer.exe
2014-06-16 11:27 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\Linkin Park - The Hunting Party (Deluxe Edition) 2014 2CD 320kbps CBR MP3 [VX]
2014-06-16 11:24 - 2014-06-16 11:24 - 00045342 _____ () C:\Users\owner\Downloads\Game.of.Thrones.S04E10.720p.HDTV.x264-KILLERS.srt
2014-06-15 17:20 - 2014-06-22 19:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-15 17:19 - 2014-06-22 21:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-15 17:19 - 2014-06-20 22:17 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-15 17:19 - 2014-06-15 17:19 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-15 17:19 - 2014-05-12 07:35 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-15 17:19 - 2014-05-12 07:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-15 16:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-15 16:24 - 2014-06-22 21:12 - 00000000 ____D () C:\AdwCleaner
2014-06-15 15:46 - 2014-06-22 23:05 - 00000000 ____D () C:\Users\owner\Desktop\Antivirus Folders
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\SysWOW64\FxsTmp
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\addins
2014-06-15 14:50 - 2014-06-15 14:50 - 00380416 _____ () C:\Users\owner\Downloads\7xw8cr4k.exe
2014-06-15 14:46 - 2014-06-15 14:46 - 00000020 _____ () C:\Windows\põ®
2014-06-15 14:15 - 2014-06-15 14:19 - 00231960 _____ () C:\Windows\RegBootClean64.exe
2014-06-15 14:15 - 2014-06-15 14:19 - 00013482 _____ () C:\Windows\RegBootClean64.CFG
2014-06-15 13:53 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ZumoDrive
2014-06-15 13:23 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Wise Registry Cleaner
2014-06-15 13:23 - 2014-06-15 13:23 - 00001209 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-06-15 13:22 - 2014-06-22 20:43 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-06-15 13:21 - 2014-06-15 13:21 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-Wise_Registry_Cleaner-SEO-10605508.exe
2014-06-15 12:47 - 2014-06-15 12:47 - 01333465 _____ () C:\Users\owner\Downloads\AdwCleaner.exe
2014-06-15 12:47 - 2014-06-15 12:47 - 00400384 _____ (Farbar) C:\Users\owner\Downloads\MiniToolBox.exe
2014-06-15 12:46 - 2014-06-15 12:46 - 01073152 _____ (Farbar) C:\Users\owner\Downloads\FRST.exe
2014-06-15 12:42 - 2014-06-15 12:42 - 02081792 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe
2014-06-15 12:39 - 2014-06-15 12:40 - 00000000 ____D () C:\MGADiagToolOutput
2014-06-15 12:36 - 2014-06-15 12:36 - 02031992 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MGADiag.exe
2014-06-15 12:20 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Desktop\New folder (2)
2014-06-15 09:31 - 2014-06-15 09:31 - 02670520 _____ (Martin Malík - REALiX ) C:\Users\owner\Downloads\hw64_440.exe
2014-06-14 16:58 - 2014-06-22 20:10 - 00000000 ____D () C:\Users\owner\Desktop\New folder
2014-06-14 16:06 - 2014-06-22 21:12 - 00000000 ____D () C:\Program Files (x86)\Badosoft
2014-06-14 16:02 - 2014-06-14 16:03 - 05477376 _____ () C:\Users\owner\Downloads\Latency Optimizer.msi
2014-06-14 15:51 - 2014-06-14 16:03 - 00000000 ____D () C:\Symbols
2014-06-14 15:48 - 2014-06-20 13:29 - 00000000 ____D () C:\Users\owner\Documents\WPA Files
2014-06-14 15:48 - 2014-06-14 16:03 - 00000000 ____D () C:\SymCache
2014-06-14 15:47 - 2014-06-14 15:48 - 00000000 ____D () C:\Users\owner\AppData\Local\Windows Performance Analyzer
2014-06-14 15:40 - 2014-06-14 15:42 - 52756480 _____ () C:\kernel.etl
2014-06-14 15:28 - 2014-06-14 15:28 - 01435472 _____ (Microsoft Corporation) C:\Users\owner\Downloads\adksetup.exe
2014-06-14 15:23 - 2014-06-14 15:23 - 00301688 _____ (Thesycon GmbH) C:\Users\owner\Downloads\dpclat.exe
2014-06-14 13:21 - 2014-06-14 13:25 - 204395288 _____ () C:\Users\owner\Downloads\YouCam_5.0.3618.0_HW_Patch_YUC131217-01.exe
2014-06-14 13:21 - 2014-06-14 13:21 - 01029080 _____ (CyberLink) C:\Users\owner\Downloads\CyberLink_YouCam_Downloader.exe
2014-06-14 11:23 - 2014-06-14 11:24 - 12329704 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\owner\Downloads\SASDEFINITIONS.EXE
2014-06-14 03:29 - 2014-06-14 03:29 - 00000000 ____D () C:\SUPERDelete
2014-06-14 03:22 - 2014-06-22 21:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-14 00:32 - 2014-06-14 00:32 - 01294512 _____ (Uniblue Systems Limited ) C:\Users\owner\Downloads\speedupmypc.exe
2014-06-13 20:53 - 2014-06-13 20:54 - 19671928 _____ (SUPERAntiSpyware) C:\Users\owner\Downloads\SUPERAntiSpywarePro.exe
2014-06-13 11:15 - 2014-06-22 20:46 - 00000000 ____D () C:\Users\owner\AppData\Local\ChemTable Software
2014-06-13 11:15 - 2014-06-22 20:46 - 00000000 ____D () C:\Users\owner\AppData\Local\AnVir
2014-06-13 11:15 - 2014-06-13 11:15 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ChemTable Software
2014-06-13 00:25 - 2014-06-13 00:25 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-AnVir_Task_Manager_Free-SEO-10802050.exe
2014-06-13 00:24 - 2014-06-13 00:24 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-Security_Task_Manager-SEO-10246545.exe
2014-06-12 18:40 - 2014-06-12 18:41 - 06185059 _____ (Ixcoin project) C:\Users\owner\Downloads\ixcoin-0.3.24.3-win32-setup.exe
2014-06-12 03:06 - 2014-05-23 21:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 03:06 - 2014-05-23 21:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 03:06 - 2014-05-23 21:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 03:06 - 2014-05-23 21:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 03:06 - 2014-05-23 21:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 03:06 - 2014-05-23 21:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 03:06 - 2014-05-23 20:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 03:06 - 2014-05-23 20:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 03:06 - 2014-05-23 20:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 03:06 - 2014-05-23 19:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-12 03:06 - 2014-05-23 19:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-12 03:06 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 03:06 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 03:06 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 03:06 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 03:06 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 03:06 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 03:06 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 03:06 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 03:06 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 03:06 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 03:06 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 03:06 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 03:06 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 03:06 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 14:24 - 2014-06-11 14:24 - 00000000 ____D () C:\Users\owner\AppData\Local\Adobe
2014-06-11 11:36 - 2014-06-11 11:37 - 00000085 _____ () C:\Windows\wininit.ini
2014-06-11 11:36 - 2014-06-11 11:36 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-11 11:27 - 2014-06-15 17:07 - 00000000 ____D () C:\Users\owner\AppData\Local\Trend Micro
2014-06-11 11:23 - 2014-06-17 13:27 - 00000000 ____D () C:\OETemp
2014-06-11 11:21 - 2014-06-11 11:21 - 00257865 _____ () C:\Users\owner\AppData\Local\census.cache
2014-06-11 11:21 - 2014-06-11 11:21 - 00172466 _____ () C:\Users\owner\AppData\Local\ars.cache
2014-06-11 10:57 - 2014-06-11 10:57 - 00000010 _____ () C:\Users\owner\AppData\Local\sponge.last.runtime.cache
2014-06-11 10:49 - 2014-06-11 10:49 - 02473936 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\HousecallLauncher64.exe
2014-06-11 10:47 - 2014-06-11 10:47 - 00186328 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2014-06-11 10:25 - 2014-06-11 10:26 - 111278192 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\TTi_7.0_HE_64bit.exe
2014-06-11 10:24 - 2014-06-11 10:24 - 14839344 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171x64 (1).exe
2014-06-11 10:06 - 2014-06-22 21:15 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 10:06 - 2014-06-22 20:46 - 00000000 ____D () C:\Qoobox
2014-06-10 16:18 - 2014-06-11 11:33 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-06-10 15:51 - 2014-06-10 15:51 - 14839344 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171x64.exe
2014-06-10 15:49 - 2014-06-17 18:56 - 00000000 ____D () C:\Users\owner\Downloads\TMRBLog
2014-06-10 14:54 - 2014-06-10 14:55 - 89095528 _____ (Sophos Limited) C:\Users\owner\Downloads\Sophos Virus Removal Tool.exe
2014-06-10 14:42 - 2014-06-22 20:53 - 00000000 ____D () C:\Users\owner\Downloads\TrendMicro AntiThreat Toolkit
2014-06-10 14:42 - 2014-06-10 14:42 - 00000036 _____ () C:\Users\owner\AppData\Local\housecall.guid.cache
2014-06-10 14:39 - 2014-06-10 14:42 - 25280863 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\attk_ScanCleanOnline_gui_x64.exe
2014-06-10 14:38 - 2014-06-10 14:39 - 10021424 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171.exe
2014-06-10 14:38 - 2014-06-10 14:38 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\owner\Downloads\RUBottedSetup.exe
2014-06-10 11:15 - 2014-06-10 11:14 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-10 11:14 - 2014-06-10 11:14 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Avira
2014-06-10 11:12 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-10 11:12 - 2014-05-09 11:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-10 11:12 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-10 11:10 - 2014-06-22 20:36 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-10 10:43 - 2014-06-10 10:44 - 06769280 _____ (SparkTrust) C:\Users\owner\Downloads\SparkTrust PC Cleaner Plus Setup_c9999cd_.exe
2014-06-09 22:50 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\The Campaign EXTENDED (2012)
2014-06-08 21:28 - 2014-06-08 21:28 - 00007398 _____ () C:\Users\owner\Documents\talk.txt
2014-06-08 10:17 - 2014-06-08 10:17 - 00001372 _____ () C:\Users\owner\Desktop\HWiNFO64.EXE.lnk
2014-06-08 08:37 - 2014-06-08 08:37 - 00000546 _____ () C:\Users\owner\Desktop\Emsisoft Emergency Kit.lnk
2014-06-08 08:36 - 2014-06-22 21:18 - 00000000 ____D () C:\EEK
2014-06-07 13:33 - 2014-06-11 11:22 - 00000981 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-07 12:31 - 2014-06-07 12:31 - 00001192 _____ () C:\Users\owner\Desktop\My LastPass Vault.lnk
2014-06-07 12:27 - 2014-06-07 12:28 - 14936064 _____ (LastPass) C:\Users\owner\Downloads\lastpass_x64.exe
2014-06-05 19:41 - 2014-06-05 19:40 - 00449885 _____ () C:\Windows\system32\Drivers\etc\hosts.20140605-194152.backup
2014-06-05 19:41 - 2014-06-05 19:40 - 00449885 _____ () C:\Windows\system32\Drivers\etc\hosts.20140605-194111.backup
2014-06-05 18:43 - 2014-06-05 18:43 - 00000000 ____D () C:\Users\owner\Documents\ProcAlyzer Dumps
2014-06-05 18:38 - 2014-06-22 21:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-05 08:42 - 2014-06-05 08:44 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\owner\Downloads\spybot-2.3.exe
2014-06-05 08:40 - 2014-06-18 12:15 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-06-05 08:38 - 2014-06-05 08:39 - 13829304 _____ (Microsoft Corporation) C:\Users\owner\Downloads\mseinstall (1).exe
2014-06-05 08:37 - 2014-06-05 08:37 - 00165376 _____ () C:\Users\owner\Downloads\SystemLook_x64.exe
2014-06-05 08:34 - 2014-06-05 08:34 - 13829304 _____ (Microsoft Corporation) C:\Users\owner\Downloads\mseinstall.exe
2014-06-05 08:32 - 2014-06-05 08:32 - 01059840 _____ () C:\Users\owner\Downloads\MicrosoftFixit50981.msi
2014-06-04 09:20 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\.ScreamingFrogSEOSpider
2014-06-04 09:03 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Local\Exar_Software_Research_Pv
2014-06-04 09:00 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Exar Software Research Pvt Ltd
2014-06-03 14:42 - 2014-06-04 18:39 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-02 15:53 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\[ www.Torrentday.com ] - LEGO.Star.Wars.The.Yoda.Chronicles.2013.DVDRip.XviD.AC3-EVO
2014-06-02 15:49 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\Downloads\Billboard Hot 100 (07 JUNE 2014)~CBR 320 Kbps~{AryaN_L33T}[LittleFairyRG]
2014-06-02 02:30 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\Future - Pluto {2012-Album}
2014-06-02 02:19 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\Emmure - Slave to the Game (2012)
2014-06-02 01:59 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\Mayday Parade - A Lesson In Romantics [Mp3-vrb-2007]
2014-06-02 01:54 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\Mayday Parade - Anywhere But Here
2014-06-02 01:41 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\Masks
2014-06-02 01:31 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\To Plant A Seed
2014-06-02 00:38 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\Escape_The_Fate-Dying_Is_Your_Latest_Fashion-2006-MP3
2014-06-02 00:30 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\A Skylit Drive - Rise - 2013
2014-06-01 17:32 - 2014-06-01 17:33 - 01119203 _____ (HANSoft, Inc. ) C:\Users\owner\Downloads\ERWsetup.exe
2014-06-01 13:06 - 2014-06-01 13:18 - 00000800 _____ () C:\Windows\system32\PDBootState
2014-06-01 13:03 - 2014-06-22 21:13 - 00000000 ____D () C:\Program Files\Common Files\Raxco
2014-06-01 13:03 - 2014-06-22 20:43 - 00000000 ____D () C:\Program Files\Raxco
2014-06-01 13:02 - 2014-06-22 20:41 - 00000000 ____D () C:\Program Files (x86)\Raxco
2014-06-01 12:46 - 2014-06-01 12:46 - 41891360 _____ (Raxco Software, Inc. ) C:\Users\owner\Downloads\PerfectDisk_Pro_Trial.exe
2014-06-01 00:59 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\Game.of.Thrones.S04E06.HDTV.XviD-RARBG
2014-06-01 00:59 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\Game.of.Thrones.S04E03.720p.HDTV.x264-KILLERS[rarbg]
2014-05-31 23:51 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\Documents\Altova
2014-05-31 23:40 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\Downloads\Game-of-Thrones
2014-05-31 23:32 - 2014-05-31 23:34 - 259919240 _____ (Altova GmbH) C:\Users\owner\Downloads\MissionKitEnt2014_x64.exe
2014-05-31 15:05 - 2014-05-31 15:05 - 00633360 _____ (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\owner\Downloads\biosagentplus_875.exe
2014-05-31 15:01 - 2014-05-31 15:01 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2014-05-31 14:52 - 2014-06-22 21:18 - 00000000 ____D () C:\Program Files\HWiNFO64
2014-05-31 14:52 - 2014-06-14 16:38 - 00031648 _____ (REALiX™) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2014-05-31 14:50 - 2014-05-31 14:51 - 02661768 _____ (Martin Malík - REALiX ) C:\Users\owner\Downloads\hw64_438.exe
2014-05-31 14:31 - 2014-05-31 14:31 - 00231760 _____ () C:\Users\owner\Downloads\CrucialScan.exe
2014-05-31 13:23 - 2014-05-31 13:23 - 04583424 _____ () C:\Users\owner\Downloads\HPSupportSolutionsFramework.msi
2014-05-30 17:37 - 2014-05-30 17:39 - 00000000 ____D () C:\Users\owner\Desktop\Legalities
2014-05-28 19:06 - 2014-05-28 19:06 - 00000000 ____D () C:\Windows\SystemRepair
2014-05-27 07:25 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\Legend (1985) [1080p]
2014-05-26 15:40 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Local\WindowsApplication1
2014-05-26 15:01 - 2014-06-22 20:46 - 00000000 ___RD () C:\Sandbox
2014-05-26 14:55 - 2014-06-18 17:25 - 00002404 _____ () C:\Windows\Sandboxie.ini
2014-05-26 14:55 - 2014-05-27 16:12 - 00001002 _____ () C:\Users\owner\Desktop\Sandboxed Web Browser.lnk
2014-05-26 14:53 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Desktop\SandBoxie
2014-05-26 14:53 - 2014-06-22 21:18 - 00000000 ____D () C:\Program Files\Sandboxie
2014-05-25 17:34 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\Documents\iMacros
 
==================== One Month Modified Files and Folders =======
 
2014-06-24 09:09 - 2014-06-23 08:50 - 00000000 ____D () C:\Users\owner\Desktop\FRST
2014-06-24 09:09 - 2014-06-18 01:10 - 00000000 ____D () C:\FRST
2014-06-24 09:05 - 2013-02-15 03:21 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-06-24 09:04 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-24 09:00 - 2013-07-27 16:07 - 00000000 ____D () C:\Windows\pss
2014-06-23 08:46 - 2014-06-18 02:10 - 00005054 _____ () C:\Windows\PFRO.log
2014-06-23 00:13 - 2014-06-17 13:27 - 00145883 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 23:16 - 2014-06-22 21:35 - 00002808 _____ () C:\Users\owner\Desktop\unhide.txt
2014-06-22 23:07 - 2014-06-18 17:39 - 00000000 ____D () C:\Users\owner\Desktop\File Checksum
2014-06-22 23:05 - 2014-06-22 23:05 - 00000000 ____D () C:\SQLCritUpdPkg
2014-06-22 23:05 - 2014-06-15 15:46 - 00000000 ____D () C:\Users\owner\Desktop\Antivirus Folders
2014-06-22 21:33 - 2014-06-22 21:32 - 29183200 _____ (Microsoft Corporation) C:\Users\owner\Desktop\Windows-KB890830-x64-V5.13.exe
2014-06-22 21:31 - 2014-06-22 21:29 - 107726072 _____ (Microsoft Corporation) C:\Users\owner\Desktop\msert.exe
2014-06-22 21:19 - 2014-06-18 19:33 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-22 21:19 - 2011-04-08 12:10 - 00000000 ____D () C:\Program Files (x86)\PlayReady
2014-06-22 21:18 - 2014-06-17 23:56 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-06-22 21:18 - 2014-06-16 11:27 - 00000000 ____D () C:\Users\owner\Downloads\Linkin Park - The Hunting Party (Deluxe Edition) 2014 2CD 320kbps CBR MP3 [VX]
2014-06-22 21:18 - 2014-06-15 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-22 21:18 - 2014-06-15 13:53 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ZumoDrive
2014-06-22 21:18 - 2014-06-15 13:23 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Wise Registry Cleaner
2014-06-22 21:18 - 2014-06-15 12:20 - 00000000 ____D () C:\Users\owner\Desktop\New folder (2)
2014-06-22 21:18 - 2014-06-09 22:50 - 00000000 ____D () C:\Users\owner\Downloads\The Campaign EXTENDED (2012)
2014-06-22 21:18 - 2014-06-08 08:36 - 00000000 ____D () C:\EEK
2014-06-22 21:18 - 2014-06-05 18:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-22 21:18 - 2014-06-04 09:20 - 00000000 ____D () C:\Users\owner\.ScreamingFrogSEOSpider
2014-06-22 21:18 - 2014-06-02 15:53 - 00000000 ____D () C:\Users\owner\Downloads\[ www.Torrentday.com ] - LEGO.Star.Wars.The.Yoda.Chronicles.2013.DVDRip.XviD.AC3-EVO
2014-06-22 21:18 - 2014-06-02 00:38 - 00000000 ____D () C:\Users\owner\Downloads\Escape_The_Fate-Dying_Is_Your_Latest_Fashion-2006-MP3
2014-06-22 21:18 - 2014-06-02 00:30 - 00000000 ____D () C:\Users\owner\Downloads\A Skylit Drive - Rise - 2013
2014-06-22 21:18 - 2014-06-01 00:59 - 00000000 ____D () C:\Users\owner\Downloads\Game.of.Thrones.S04E06.HDTV.XviD-RARBG
2014-06-22 21:18 - 2014-06-01 00:59 - 00000000 ____D () C:\Users\owner\Downloads\Game.of.Thrones.S04E03.720p.HDTV.x264-KILLERS[rarbg]
2014-06-22 21:18 - 2014-05-31 14:52 - 00000000 ____D () C:\Program Files\HWiNFO64
2014-06-22 21:18 - 2014-05-27 07:25 - 00000000 ____D () C:\Users\owner\Downloads\Legend (1985) [1080p]
2014-06-22 21:18 - 2014-05-26 14:53 - 00000000 ____D () C:\Users\owner\Desktop\SandBoxie
2014-06-22 21:18 - 2014-05-26 14:53 - 00000000 ____D () C:\Program Files\Sandboxie
2014-06-22 21:18 - 2014-05-24 13:03 - 00000000 ____D () C:\Program Files\iTunes
2014-06-22 21:18 - 2014-05-14 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-22 21:18 - 2014-05-12 19:51 - 00000000 ____D () C:\Users\owner\Downloads\Alpha.House.2014.DVDRip.XviD.MP3-RARBG
2014-06-22 21:18 - 2014-05-11 10:19 - 00000000 ____D () C:\Windows\Minidump
2014-06-22 21:18 - 2014-05-10 21:25 - 00000000 ____D () C:\Users\owner\Downloads\Dead Shadows [2012] BRRip XViD juggs[ETRG]
2014-06-22 21:18 - 2014-05-05 20:50 - 00000000 ____D () C:\Users\owner\Downloads\RoboCop [2014] HDRip XviD-SaM[ETRG]
2014-06-22 21:18 - 2014-05-05 14:23 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-06-22 21:18 - 2014-05-03 14:00 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Intel
2014-06-22 21:18 - 2014-05-03 01:57 - 00000000 ____D () C:\Users\owner\AppData\Roaming\SystemRequirementsLab
2014-06-22 21:18 - 2014-05-03 01:57 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-06-22 21:18 - 2014-05-02 01:00 - 00000000 ____D () C:\Program Files (x86)\ScreenshotCaptor
2014-06-22 21:18 - 2014-05-01 20:42 - 00000000 ____D () C:\Users\owner\Desktop\Robert's
2014-06-22 21:18 - 2014-05-01 19:13 - 00000000 ____D () C:\Users\owner\Documents\Ccleaner reg. backups
2014-06-22 21:18 - 2014-04-30 19:22 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-22 21:18 - 2014-04-29 00:15 - 00000000 ____D () C:\Intel
2014-06-22 21:18 - 2014-04-28 11:29 - 00000000 ____D () C:\Users\owner\AppData\Roaming\DG
2014-06-22 21:18 - 2014-04-28 11:29 - 00000000 ____D () C:\Program Files (x86)\Thread Manager
2014-06-22 21:18 - 2014-04-23 16:12 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core
2014-06-22 21:18 - 2014-04-23 16:04 - 00000000 ____D () C:\Users\owner\Desktop\Bit Coin
2014-06-22 21:18 - 2014-04-22 22:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-22 21:18 - 2014-04-13 22:25 - 00000000 ____D () C:\Users\owner\Desktop\BOTS
2014-06-22 21:18 - 2014-04-13 20:15 - 00000000 ____D () C:\Users\owner\Desktop\ODesk Team App
2014-06-22 21:18 - 2014-04-12 15:55 - 00000000 ____D () C:\Users\owner\Desktop\Game Shortcuts
2014-06-22 21:18 - 2014-04-12 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-22 21:18 - 2014-04-12 14:42 - 00000000 ____D () C:\Windows\Microsoft.VC90.MFC
2014-06-22 21:18 - 2014-04-12 14:42 - 00000000 ____D () C:\Windows\Microsoft.VC90.CRT
2014-06-22 21:18 - 2014-04-12 14:42 - 00000000 ____D () C:\Windows\Microsoft.VC90.ATL
2014-06-22 21:18 - 2014-04-11 20:19 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2014-06-22 21:18 - 2013-10-17 21:36 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 21:18 - 2013-10-17 04:34 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-22 21:18 - 2013-10-07 16:29 - 00000000 ____D () C:\Users\owner\Desktop\Microsoft Office
2014-06-22 21:18 - 2013-10-07 16:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-06-22 21:18 - 2013-09-28 15:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-06-22 21:18 - 2013-09-11 14:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-22 21:18 - 2013-09-05 00:14 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-22 21:18 - 2013-09-01 12:03 - 00000000 ____D () C:\Program Files (x86)\Universal Document Converter
2014-06-22 21:18 - 2013-08-22 11:06 - 00000000 ____D () C:\Users\owner\AppData\Roaming\KompoZer
2014-06-22 21:18 - 2013-08-22 10:00 - 00000000 ____D () C:\Program Files (x86)\Ultimate Business Software
2014-06-22 21:18 - 2013-08-17 13:20 - 00000000 ____D () C:\Program Files (x86)\436534001
2014-06-22 21:18 - 2013-08-16 16:27 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2014-06-22 21:18 - 2013-04-10 21:48 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-22 21:18 - 2013-03-02 05:54 - 00000000 ____D () C:\Users\owner\Downloads\Games
2014-06-22 21:18 - 2011-02-10 14:23 - 00000000 ____D () C:\SYSTEM.SAV
2014-06-22 21:18 - 2010-01-13 18:44 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-06-22 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-06-22 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-06-22 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-06-22 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-06-22 21:18 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Recovery
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sppui
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ras
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\manifeststore
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\icsxml
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ias
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\he-IL
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\et-EE
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\com
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2014-06-22 21:17 - 2014-06-17 23:55 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-06-22 21:17 - 2014-06-14 03:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-22 21:17 - 2014-05-07 02:10 - 00000000 ____D () C:\Users\owner\Desktop\K-Lite Codec Pack
2014-06-22 21:17 - 2013-10-17 04:34 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Skype
2014-06-22 21:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-06-22 21:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-06-22 21:16 - 2014-06-19 22:56 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-06-22 21:16 - 2013-08-06 20:49 - 00000000 ____D () C:\Windows\system32\Macromed
2014-06-22 21:16 - 2013-07-12 13:58 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-06-22 21:16 - 2013-02-16 01:45 - 00000000 ____D () C:\Windows\SysWOW64\C2MP
2014-06-22 21:16 - 2011-04-08 12:25 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2014-06-22 21:16 - 2011-04-08 12:18 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-06-22 21:16 - 2011-04-08 12:10 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-06-22 21:16 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\system32\winrm
2014-06-22 21:16 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\system32\WCN
2014-06-22 21:16 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\system32\slmgr
2014-06-22 21:16 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-06-22 21:16 - 2010-01-13 18:45 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-06-22 21:16 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-06-22 21:16 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\spp
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\spool
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Speech
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\SMI
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NetworkList
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\IME
2014-06-22 21:15 - 2014-06-19 13:27 - 00000000 ____D () C:\Windows\SHELLNEW
2014-06-22 21:15 - 2014-06-17 23:55 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-06-22 21:15 - 2014-06-11 10:06 - 00000000 ____D () C:\Windows\erdnt
2014-06-22 21:15 - 2014-05-18 01:17 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-06-22 21:15 - 2013-02-20 14:20 - 00000000 ____D () C:\Windows\Bejeweled 3
2014-06-22 21:15 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup
2014-06-22 21:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2014-06-22 21:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2014-06-22 21:14 - 2014-06-22 01:28 - 00000000 ____D () C:\Users\owner\Desktop\new antivirus
2014-06-22 21:14 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-22 21:14 - 2014-06-18 18:10 - 00000000 ____D () C:\Users\owner\AppData\Local\AdTrustMedia
2014-06-22 21:14 - 2014-06-16 16:27 - 00000000 ____D () C:\Users\owner\AppData\Local\Unity
2014-06-22 21:14 - 2014-06-04 09:03 - 00000000 ____D () C:\Users\owner\AppData\Local\Exar_Software_Research_Pv
2014-06-22 21:14 - 2014-06-04 09:00 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Exar Software Research Pvt Ltd
2014-06-22 21:14 - 2014-06-02 15:49 - 00000000 ____D () C:\Users\owner\Downloads\Billboard Hot 100 (07 JUNE 2014)~CBR 320 Kbps~{AryaN_L33T}[LittleFairyRG]
2014-06-22 21:14 - 2014-05-31 23:51 - 00000000 ____D () C:\Users\owner\Documents\Altova
2014-06-22 21:14 - 2014-05-31 23:40 - 00000000 ____D () C:\Users\owner\Downloads\Game-of-Thrones
2014-06-22 21:14 - 2014-05-26 15:40 - 00000000 ____D () C:\Users\owner\AppData\Local\WindowsApplication1
2014-06-22 21:14 - 2014-05-25 17:34 - 00000000 ____D () C:\Users\owner\Documents\iMacros
2014-06-22 21:14 - 2014-05-17 20:24 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-22 21:14 - 2014-05-04 21:47 - 00000000 ____D () C:\Users\owner\Downloads\Civilization 3 Full by Zimoch
2014-06-22 21:14 - 2014-05-04 21:34 - 00000000 ____D () C:\Users\owner\Downloads\Reallusion CrazyTalk Animator Pro v1.2.2010.1 Incl Crack [TorDigger]
2014-06-22 21:14 - 2014-04-13 20:15 - 00000000 ____D () C:\Users\owner\Desktop\proxy google
2014-06-22 21:14 - 2013-10-22 16:34 - 00000000 ____D () C:\swsetup
2014-06-22 21:14 - 2013-09-23 18:00 - 00000000 ____D () C:\Users\owner\AppData\Local\Palo_Alto_Software
2014-06-22 21:14 - 2013-09-01 11:26 - 00000000 ____D () C:\Users\owner\AppData\Roaming\PDF Software
2014-06-22 21:14 - 2013-08-18 00:58 - 00000000 ____D () C:\Users\owner\Documents\Image-Line
2014-06-22 21:14 - 2013-08-18 00:36 - 00000000 ____D () C:\Users\owner\Documents\VirtualDJ Instructions
2014-06-22 21:14 - 2013-08-02 18:55 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-22 21:14 - 2013-02-09 16:51 - 00000000 ____D () C:\Users\owner\AppData\Local\Apps\2.0
2014-06-22 21:14 - 2013-01-22 21:26 - 00000000 ____D () C:\Users\Public\CyberLink
2014-06-22 21:14 - 2013-01-22 21:22 - 00000000 ____D () C:\Users\owner\AppData\Local\RemEngine
2014-06-22 21:14 - 2013-01-22 21:20 - 00000000 ____D () C:\Users\owner\AppData\Local\Hewlett-Packard_Company
2014-06-22 21:14 - 2013-01-22 21:20 - 00000000 ____D () C:\Users\owner\AppData\Local\Hewlett-Packard
2014-06-22 21:14 - 2013-01-22 21:18 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-22 21:14 - 2013-01-22 21:18 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-22 21:13 - 2014-06-19 11:55 - 00000000 ____D () C:\Program Files (x86)\Spybot -1 Search & Destroy 2
2014-06-22 21:13 - 2014-06-17 15:33 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-06-22 21:13 - 2014-06-01 13:03 - 00000000 ____D () C:\Program Files\Common Files\Raxco
2014-06-22 21:13 - 2014-05-24 13:03 - 00000000 ____D () C:\Program Files\iPod
2014-06-22 21:13 - 2014-05-05 14:23 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-22 21:13 - 2013-10-07 16:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-06-22 21:13 - 2013-10-07 16:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-06-22 21:13 - 2013-10-07 16:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-06-22 21:13 - 2013-09-13 14:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-22 21:13 - 2011-04-08 12:11 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-06-22 21:13 - 2011-04-08 12:09 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-06-22 21:13 - 2010-12-02 20:30 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-06-22 21:13 - 2010-01-13 18:45 - 00000000 ____D () C:\Program Files\Realtek
2014-06-22 21:13 - 2010-01-13 18:42 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-06-22 21:13 - 2010-01-13 18:41 - 00000000 ____D () C:\Program Files\Synaptics
2014-06-22 21:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-22 21:12 - 2014-06-20 19:51 - 00000000 ____D () C:\Panda Cloud Cleaner
2014-06-22 21:12 - 2014-06-15 16:24 - 00000000 ____D () C:\AdwCleaner
2014-06-22 21:12 - 2014-06-14 16:06 - 00000000 ____D () C:\Program Files (x86)\Badosoft
2014-06-22 21:12 - 2013-09-23 17:59 - 00000000 ____D () C:\Program Files (x86)\Business Plan Pro
2014-06-22 21:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-06-22 21:07 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-06-22 21:07 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-06-22 21:07 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-06-22 21:07 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-06-22 21:07 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Web
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Vss
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\spp
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\NetworkList
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Msdtc
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\InstallShield
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\IME
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-06-22 20:59 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Performance
2014-06-22 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-06-22 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2014-06-22 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-06-22 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-22 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
2014-06-22 20:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\IME
2014-06-22 20:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Globalization
2014-06-22 20:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2014-06-22 20:54 - 2013-08-19 22:15 - 00000000 ____D () C:\Users\Public\Documents\My Projects
2014-06-22 20:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-06-22 20:53 - 2014-06-10 14:42 - 00000000 ____D () C:\Users\owner\Downloads\TrendMicro AntiThreat Toolkit
2014-06-22 20:50 - 2014-05-02 01:00 - 00000000 ____D () C:\Users\owner\Documents\DonationCoder
2014-06-22 20:50 - 2014-04-15 15:38 - 00000000 ____D () C:\Users\owner\Desktop\Win Tweak
2014-06-22 20:47 - 2014-06-18 19:34 - 00000000 ____D () C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
2014-06-22 20:46 - 2014-06-22 01:49 - 00000000 ____D () C:\Trend Micro
2014-06-22 20:46 - 2014-06-13 11:15 - 00000000 ____D () C:\Users\owner\AppData\Local\ChemTable Software
2014-06-22 20:46 - 2014-06-13 11:15 - 00000000 ____D () C:\Users\owner\AppData\Local\AnVir
2014-06-22 20:46 - 2014-06-11 10:06 - 00000000 ____D () C:\Qoobox
2014-06-22 20:46 - 2014-05-26 15:01 - 00000000 ___RD () C:\Sandbox
2014-06-22 20:46 - 2014-05-09 17:03 - 00000000 ____D () C:\Users\owner\AppData\Roaming\IObit
2014-06-22 20:46 - 2014-04-25 16:50 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Bitcoin
2014-06-22 20:46 - 2014-04-15 16:27 - 00000000 ____D () C:\Users\owner\AppData\Local\Skype
2014-06-22 20:46 - 2013-10-15 11:32 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Dropbox
2014-06-22 20:46 - 2013-09-23 11:21 - 00000000 ____D () C:\Users\owner\AppData\Local\SlimWare Utilities Inc
2014-06-22 20:46 - 2013-08-18 00:58 - 00000000 ____D () C:\Users\owner\AppData\Roaming\FlowStone
2014-06-22 20:46 - 2013-02-15 22:35 - 00000000 ____D () C:\Users\owner\AppData\Roaming\DAEMON Tools Lite
2014-06-22 20:46 - 2013-02-08 16:05 - 00000000 ____D () C:\Users\owner\AppData\Local\Microsoft Games
2014-06-22 20:46 - 2013-02-06 16:38 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Mozilla
2014-06-22 20:46 - 2013-02-06 16:38 - 00000000 ____D () C:\Users\owner\AppData\Local\Google
2014-06-22 20:46 - 2013-02-05 18:48 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Adobe
2014-06-22 20:46 - 2013-01-22 21:26 - 00000000 ____D () C:\Users\owner\AppData\Local\CyberLink
2014-06-22 20:46 - 2013-01-22 21:19 - 00000000 ____D () C:\Users\owner\AppData\Local\VirtualStore
2014-06-22 20:46 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default
2014-06-22 20:44 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-06-22 20:44 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-22 20:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-06-22 20:43 - 2014-06-15 13:22 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-06-22 20:43 - 2014-06-01 13:03 - 00000000 ____D () C:\Program Files\Raxco
2014-06-22 20:43 - 2013-10-07 16:04 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-06-22 20:43 - 2011-04-08 12:24 - 00000000 ____D () C:\Program Files\Java
2014-06-22 20:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-06-22 20:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-06-22 20:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-06-22 20:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-06-22 20:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2014-06-22 20:41 - 2014-06-01 13:02 - 00000000 ____D () C:\Program Files (x86)\Raxco
2014-06-22 20:41 - 2013-09-23 17:39 - 00000000 ____D () C:\Program Files (x86)\STM8en
2014-06-22 20:41 - 2013-08-19 20:15 - 00000000 ____D () C:\Program Files (x86)\Outsim
2014-06-22 20:41 - 2013-07-27 18:27 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-22 20:41 - 2013-02-06 16:37 - 00000000 ____D () C:\Program Files (x86)\Rovio
2014-06-22 20:41 - 2011-04-08 12:19 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-06-22 20:41 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-06-22 20:41 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-22 20:41 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-06-22 20:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2014-06-22 20:40 - 2011-04-08 12:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE
2014-06-22 20:39 - 2014-04-15 13:57 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-06-22 20:39 - 2013-08-14 20:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-22 20:39 - 2011-04-08 12:23 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-06-22 20:39 - 2011-04-08 12:10 - 00000000 ____D () C:\Program Files (x86)\K-NFB Reading Technology Inc
2014-06-22 20:39 - 2010-01-13 18:43 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-06-22 20:38 - 2013-09-09 16:11 - 00000000 ____D () C:\Program Files (x86)\eBay
2014-06-22 20:37 - 2013-10-17 04:10 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-06-22 20:36 - 2014-06-17 15:33 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-06-22 20:36 - 2014-06-10 11:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-22 20:36 - 2011-04-08 12:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-22 20:36 - 2010-01-13 18:42 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-22 20:35 - 2014-04-26 17:45 - 00000000 ____D () C:\MinGW
2014-06-22 20:35 - 2013-10-07 16:03 - 00000000 ___RD () C:\MSOCache
2014-06-22 20:34 - 2011-02-14 14:38 - 00000000 ____D () C:\HP
2014-06-22 20:10 - 2014-06-14 16:58 - 00000000 ____D () C:\Users\owner\Desktop\New folder
2014-06-22 20:04 - 2013-02-13 00:27 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps
2014-06-22 19:43 - 2014-06-15 17:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-22 18:45 - 2013-01-22 21:18 - 00000000 ____D () C:\Users\owner
2014-06-22 16:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-06-22 15:16 - 2013-02-06 17:15 - 00007611 _____ () C:\Users\owner\AppData\Local\Resmon.ResmonCfg
2014-06-22 13:46 - 2014-06-22 13:46 - 00000027 _____ () C:\Users\owner\Downloads\apppath.torun
2014-06-22 11:41 - 2014-06-22 11:41 - 00000000 ____D () C:\Users\owner\Desktop\DLL'S REPLACE
2014-06-22 01:49 - 2014-06-21 13:32 - 00002935 _____ () C:\Users\owner\Desktop\HiJackThis.lnk
2014-06-21 15:31 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-21 15:31 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-21 15:30 - 2009-07-14 00:13 - 00791212 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-21 15:25 - 2014-06-17 13:45 - 00002520 _____ () C:\Windows\setupact.log
2014-06-21 13:26 - 2014-06-21 13:26 - 05209566 _____ (Swearware) C:\Users\owner\Desktop\ComboFix.exe
2014-06-21 13:26 - 2014-06-21 13:26 - 01402880 _____ () C:\Users\owner\Desktop\HiJackThis.msi
2014-06-20 22:24 - 2014-06-20 22:18 - 00003392 _____ () C:\Windows\System32\Tasks\Log-Test1
2014-06-20 22:17 - 2014-06-20 22:17 - 00000114 _____ () C:\local.conf
2014-06-20 22:17 - 2014-06-15 17:19 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-20 22:13 - 2014-06-20 22:09 - 00003792 _____ () C:\Windows\System32\Tasks\My BabyCakin
2014-06-20 21:48 - 2014-06-20 00:11 - 00000000 ____D () C:\Program Files\stinger
2014-06-20 19:51 - 2014-06-20 19:51 - 00000708 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-06-20 19:47 - 2013-09-02 21:20 - 00000000 ____D () C:\Users\owner\AppData\Roaming\NCH Software
2014-06-20 19:35 - 2014-06-20 19:35 - 01369720 _____ () C:\Users\owner\Desktop\PandaCloudAntivirus.exe
2014-06-20 19:35 - 2014-06-20 19:34 - 30115912 _____ (Panda Security ) C:\Users\owner\Desktop\PandaCloudCleaner.exe
2014-06-20 19:21 - 2014-06-20 19:21 - 00291863 _____ () C:\Users\owner\Desktop\Rootkit List.htm
2014-06-20 19:19 - 2014-06-20 19:19 - 00065137 _____ () C:\Users\owner\Desktop\How to Manually Remove a Rootkit Infection   eHow.htm
2014-06-20 19:17 - 2014-06-20 19:17 - 05124208 _____ (F-Secure Corporation) C:\Users\owner\Desktop\F-SecureOnlineScanner-HC.exe
2014-06-20 18:55 - 2014-06-20 18:14 - 00626118 _____ () C:\Windows\system32\HWiNFO64.DBG
2014-06-20 18:11 - 2014-06-02 02:30 - 00000000 ____D () C:\Users\owner\Downloads\Future - Pluto {2012-Album}
2014-06-20 18:11 - 2014-06-02 02:19 - 00000000 ____D () C:\Users\owner\Downloads\Emmure - Slave to the Game (2012)
2014-06-20 18:11 - 2014-06-02 01:59 - 00000000 ____D () C:\Users\owner\Downloads\Mayday Parade - A Lesson In Romantics [Mp3-vrb-2007]
2014-06-20 18:11 - 2014-06-02 01:54 - 00000000 ____D () C:\Users\owner\Downloads\Mayday Parade - Anywhere But Here
2014-06-20 18:11 - 2014-06-02 01:41 - 00000000 ____D () C:\Users\owner\Downloads\Masks
2014-06-20 18:11 - 2014-06-02 01:31 - 00000000 ____D () C:\Users\owner\Downloads\To Plant A Seed
2014-06-20 18:11 - 2013-09-01 12:03 - 00000000 ___RD () C:\Users\owner\Documents\UDC Output Files
2014-06-20 18:07 - 2014-06-20 00:08 - 00000000 ____D () C:\Program Files (x86)\door2windows
2014-06-20 13:45 - 2013-09-23 12:18 - 00000000 ____D () C:\Program Files (x86)\Softlogic Innovations
2014-06-20 13:29 - 2014-06-14 15:48 - 00000000 ____D () C:\Users\owner\Documents\WPA Files
2014-06-20 13:25 - 2013-09-28 15:03 - 00000000 ____D () C:\Users\owner\AppData\Local\Windows Live
2014-06-20 13:18 - 2013-10-05 23:52 - 00000000 ____D () C:\Users\owner\AppData\Local\IsolatedStorage
2014-06-20 12:55 - 2013-08-17 22:18 - 00000000 ____D () C:\Users\owner\Downloads\Movies
2014-06-20 11:49 - 2013-10-17 06:18 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-06-20 11:48 - 2013-02-06 15:48 - 00000000 ____D () C:\Users\owner\AppData\Roaming\uTorrent
2014-06-20 11:34 - 2014-06-20 11:34 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\owner\Desktop\unhide.exe
2014-06-19 23:22 - 2014-06-19 23:06 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-06-19 23:01 - 2014-06-19 23:00 - 13429504 _____ (Disc Soft Ltd) C:\Users\owner\Downloads\DTLite4491-0356.exe
2014-06-19 22:51 - 2014-06-18 02:13 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-06-19 12:49 - 2014-06-17 23:56 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-06-19 12:49 - 2014-06-17 23:56 - 00007631 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-06-19 11:55 - 2014-06-19 11:55 - 00001352 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-18 21:44 - 2014-06-18 21:44 - 19739904 _____ (SUPERAntiSpyware) C:\Users\owner\Downloads\SUPERAntiSpyware.exe
2014-06-18 19:35 - 2014-06-18 19:33 - 00001973 _____ () C:\Users\owner\Desktop\SUPERAntiSpyware Professional.lnk
2014-06-18 18:54 - 2014-06-18 18:53 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\eXplorer.exe
2014-06-18 18:53 - 2014-06-18 18:52 - 14349744 _____ (Malwarebytes Corp.) C:\Users\owner\Downloads\mbar-1.07.0.1012.exe
2014-06-18 18:09 - 2014-06-18 18:09 - 00000000 ____D () C:\Users\owner\AppData\Roaming\devcoin
2014-06-18 17:25 - 2014-05-26 14:55 - 00002404 _____ () C:\Windows\Sandboxie.ini
2014-06-18 16:09 - 2014-06-18 16:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\owner\Downloads\revosetup.exe
2014-06-18 16:09 - 2014-06-18 16:09 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\FixExec.com
2014-06-18 16:03 - 2014-06-18 16:03 - 04707328 _____ () C:\Users\owner\Downloads\RogueKiller.exe
2014-06-18 16:03 - 2014-06-18 16:03 - 00000194 _____ () C:\Users\owner\Downloads\hosts-perm.bat
2014-06-18 16:00 - 2014-06-18 16:00 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\owner\Downloads\ADSSpy.exe
2014-06-18 12:15 - 2014-06-05 08:40 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-06-18 02:30 - 2014-06-18 02:30 - 00033123 _____ () C:\ComboFix.txt
2014-06-18 02:12 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-18 02:09 - 2014-05-18 02:14 - 84672512 _____ () C:\Windows\system32\config\software.bak
2014-06-18 02:09 - 2009-07-13 21:34 - 04980736 _____ () C:\Windows\system32\config\default.bak
2014-06-18 02:09 - 2009-07-13 21:34 - 00090112 _____ () C:\Windows\system32\config\sam.bak
2014-06-18 02:09 - 2009-07-13 21:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-06-18 01:50 - 2014-06-18 01:50 - 05206841 _____ (Swearware) C:\Users\owner\Downloads\ComboFix.exe
2014-06-18 01:44 - 2014-06-18 01:44 - 00000060 _____ () C:\Users\owner\Downloads\RestoreSecurityProcessorLoaderDriverWindows7.bat
2014-06-18 01:28 - 2013-02-09 01:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-06-17 23:56 - 2014-06-17 23:56 - 00000000 ____D () C:\Program Files\Symantec
2014-06-17 23:19 - 2014-06-17 23:19 - 00269016 _____ () C:\Windows\Minidump\061714-26520-01.dmp
2014-06-17 23:19 - 2014-06-17 23:18 - 227445472 _____ () C:\Windows\MEMORY.DMP
2014-06-17 22:28 - 2007-01-01 20:25 - 00000000 ____D () C:\Windows\Panther
2014-06-17 22:26 - 2014-06-17 22:26 - 00000000 _____ () C:\Users\owner\Documents\Default.rdp
2014-06-17 18:56 - 2014-06-10 15:49 - 00000000 ____D () C:\Users\owner\Downloads\TMRBLog
2014-06-17 18:52 - 2014-06-17 18:52 - 00000000 _____ () C:\Users\owner\defogger_reenable
2014-06-17 15:36 - 2013-08-03 17:29 - 00000000 ____D () C:\Users\Guest
2014-06-17 15:36 - 2013-08-03 17:29 - 00000000 ____D () C:\Users\Administrator
2014-06-17 15:34 - 2014-06-17 15:34 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-06-17 15:28 - 2014-06-17 15:25 - 230403208 _____ (COMODO) C:\Users\owner\Downloads\cfw_installer.exe
2014-06-17 15:10 - 2014-06-17 15:10 - 00688992 _____ (Swearware) C:\Users\owner\Downloads\dds.com
2014-06-17 15:09 - 2014-06-17 15:09 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ParetoLogic
2014-06-17 15:06 - 2014-06-17 15:06 - 00050477 _____ () C:\Users\owner\Downloads\Defogger.exe
2014-06-17 15:05 - 2014-06-17 15:04 - 05938328 _____ (ParetoLogic, Inc.) C:\Users\owner\Downloads\RegCureProSetup.exe
2014-06-17 14:40 - 2014-06-17 14:40 - 00000046 _____ () C:\Users\owner\Downloads\RestoreAppIDDriverWindows7.bat
2014-06-17 13:45 - 2014-06-17 13:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-17 13:39 - 2014-06-17 13:39 - 00140592 _____ () C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-17 13:39 - 2014-06-17 13:38 - 00489936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-17 13:27 - 2014-06-11 11:23 - 00000000 ____D () C:\OETemp
2014-06-17 13:24 - 2013-10-15 09:59 - 00000294 _____ () C:\Windows\Tasks\SlimCleaner Run.job
2014-06-17 12:46 - 2014-06-17 12:46 - 00022528 _____ (Microsoft) C:\Users\owner\Downloads\RunAsSystem.exe
2014-06-17 11:00 - 2014-06-17 11:00 - 00047616 _____ () C:\Users\owner\Downloads\Win32kDiag.exe
2014-06-17 09:56 - 2014-06-17 09:56 - 00472064 _____ ( ) C:\Users\owner\Downloads\RootRepeal.exe
2014-06-17 09:47 - 2014-06-17 09:46 - 00854390 _____ () C:\Users\owner\Downloads\SecurityCheck.exe
2014-06-16 16:25 - 2014-06-16 16:25 - 01080528 _____ (Unity Technologies ApS) C:\Users\owner\Downloads\UnityWebPlayer.exe
2014-06-16 11:24 - 2014-06-16 11:24 - 00045342 _____ () C:\Users\owner\Downloads\Game.of.Thrones.S04E10.720p.HDTV.x264-KILLERS.srt
2014-06-15 17:19 - 2014-06-15 17:19 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-15 17:07 - 2014-06-11 11:27 - 00000000 ____D () C:\Users\owner\AppData\Local\Trend Micro
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\SysWOW64\FxsTmp
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\addins
2014-06-15 15:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-06-15 15:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-06-15 14:50 - 2014-06-15 14:50 - 00380416 _____ () C:\Users\owner\Downloads\7xw8cr4k.exe
2014-06-15 14:46 - 2014-06-15 14:46 - 00000020 _____ () C:\Windows\põ®
2014-06-15 14:19 - 2014-06-15 14:15 - 00231960 _____ () C:\Windows\RegBootClean64.exe
2014-06-15 14:19 - 2014-06-15 14:15 - 00013482 _____ () C:\Windows\RegBootClean64.CFG
2014-06-15 13:23 - 2014-06-15 13:23 - 00001209 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-06-15 13:21 - 2014-06-15 13:21 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-Wise_Registry_Cleaner-SEO-10605508.exe
2014-06-15 12:47 - 2014-06-15 12:47 - 01333465 _____ () C:\Users\owner\Downloads\AdwCleaner.exe
2014-06-15 12:47 - 2014-06-15 12:47 - 00400384 _____ (Farbar) C:\Users\owner\Downloads\MiniToolBox.exe
2014-06-15 12:46 - 2014-06-15 12:46 - 01073152 _____ (Farbar) C:\Users\owner\Downloads\FRST.exe
2014-06-15 12:42 - 2014-06-15 12:42 - 02081792 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe
2014-06-15 12:40 - 2014-06-15 12:39 - 00000000 ____D () C:\MGADiagToolOutput
2014-06-15 12:36 - 2014-06-15 12:36 - 02031992 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MGADiag.exe
2014-06-15 09:31 - 2014-06-15 09:31 - 02670520 _____ (Martin Malík - REALiX ) C:\Users\owner\Downloads\hw64_440.exe
2014-06-14 16:38 - 2014-05-31 14:52 - 00031648 _____ (REALiX™) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2014-06-14 16:03 - 2014-06-14 16:02 - 05477376 _____ () C:\Users\owner\Downloads\Latency Optimizer.msi
2014-06-14 16:03 - 2014-06-14 15:51 - 00000000 ____D () C:\Symbols
2014-06-14 16:03 - 2014-06-14 15:48 - 00000000 ____D () C:\SymCache
2014-06-14 15:48 - 2014-06-14 15:47 - 00000000 ____D () C:\Users\owner\AppData\Local\Windows Performance Analyzer
2014-06-14 15:42 - 2014-06-14 15:40 - 52756480 _____ () C:\kernel.etl
2014-06-14 15:28 - 2014-06-14 15:28 - 01435472 _____ (Microsoft Corporation) C:\Users\owner\Downloads\adksetup.exe
2014-06-14 15:23 - 2014-06-14 15:23 - 00301688 _____ (Thesycon GmbH) C:\Users\owner\Downloads\dpclat.exe
2014-06-14 13:31 - 2013-10-17 04:12 - 00000000 ____D () C:\Users\owner\Documents\Youcam
2014-06-14 13:25 - 2014-06-14 13:21 - 204395288 _____ () C:\Users\owner\Downloads\YouCam_5.0.3618.0_HW_Patch_YUC131217-01.exe
2014-06-14 13:21 - 2014-06-14 13:21 - 01029080 _____ (CyberLink) C:\Users\owner\Downloads\CyberLink_YouCam_Downloader.exe
2014-06-14 11:24 - 2014-06-14 11:23 - 12329704 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\owner\Downloads\SASDEFINITIONS.EXE
2014-06-14 03:29 - 2014-06-14 03:29 - 00000000 ____D () C:\SUPERDelete
2014-06-14 00:32 - 2014-06-14 00:32 - 01294512 _____ (Uniblue Systems Limited ) C:\Users\owner\Downloads\speedupmypc.exe
2014-06-13 20:54 - 2014-06-13 20:53 - 19671928 _____ (SUPERAntiSpyware) C:\Users\owner\Downloads\SUPERAntiSpywarePro.exe
2014-06-13 11:15 - 2014-06-13 11:15 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ChemTable Software
2014-06-13 00:25 - 2014-06-13 00:25 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-AnVir_Task_Manager_Free-SEO-10802050.exe
2014-06-13 00:24 - 2014-06-13 00:24 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-Security_Task_Manager-SEO-10246545.exe
2014-06-12 18:41 - 2014-06-12 18:40 - 06185059 _____ (Ixcoin project) C:\Users\owner\Downloads\ixcoin-0.3.24.3-win32-setup.exe
2014-06-12 04:41 - 2013-07-27 19:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 04:40 - 2013-02-09 04:23 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 14:24 - 2014-06-11 14:24 - 00000000 ____D () C:\Users\owner\AppData\Local\Adobe
2014-06-11 11:37 - 2014-06-11 11:36 - 00000085 _____ () C:\Windows\wininit.ini
2014-06-11 11:36 - 2014-06-11 11:36 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-11 11:33 - 2014-06-10 16:18 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-06-11 11:22 - 2014-06-07 13:33 - 00000981 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-11 11:21 - 2014-06-11 11:21 - 00257865 _____ () C:\Users\owner\AppData\Local\census.cache
2014-06-11 11:21 - 2014-06-11 11:21 - 00172466 _____ () C:\Users\owner\AppData\Local\ars.cache
2014-06-11 10:57 - 2014-06-11 10:57 - 00000010 _____ () C:\Users\owner\AppData\Local\sponge.last.runtime.cache
2014-06-11 10:49 - 2014-06-11 10:49 - 02473936 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\HousecallLauncher64.exe
2014-06-11 10:47 - 2014-06-11 10:47 - 00186328 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2014-06-11 10:26 - 2014-06-11 10:25 - 111278192 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\TTi_7.0_HE_64bit.exe
2014-06-11 10:24 - 2014-06-11 10:24 - 14839344 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171x64 (1).exe
2014-06-10 15:51 - 2014-06-10 15:51 - 14839344 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171x64.exe
2014-06-10 14:55 - 2014-06-10 14:54 - 89095528 _____ (Sophos Limited) C:\Users\owner\Downloads\Sophos Virus Removal Tool.exe
2014-06-10 14:42 - 2014-06-10 14:42 - 00000036 _____ () C:\Users\owner\AppData\Local\housecall.guid.cache
2014-06-10 14:42 - 2014-06-10 14:39 - 25280863 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\attk_ScanCleanOnline_gui_x64.exe
2014-06-10 14:39 - 2014-06-10 14:38 - 10021424 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171.exe
2014-06-10 14:38 - 2014-06-10 14:38 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\owner\Downloads\RUBottedSetup.exe
2014-06-10 11:14 - 2014-06-10 11:15 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-10 11:14 - 2014-06-10 11:14 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Avira
2014-06-10 10:44 - 2014-06-10 10:43 - 06769280 _____ (SparkTrust) C:\Users\owner\Downloads\SparkTrust PC Cleaner Plus Setup_c9999cd_.exe
2014-06-08 21:28 - 2014-06-08 21:28 - 00007398 _____ () C:\Users\owner\Documents\talk.txt
2014-06-08 12:45 - 2013-01-22 21:18 - 10747904 _____ () C:\Users\owner\ntuser.bak
2014-06-08 10:17 - 2014-06-08 10:17 - 00001372 _____ () C:\Users\owner\Desktop\HWiNFO64.EXE.lnk
2014-06-08 08:37 - 2014-06-08 08:37 - 00000546 _____ () C:\Users\owner\Desktop\Emsisoft Emergency Kit.lnk
2014-06-07 12:31 - 2014-06-07 12:31 - 00001192 _____ () C:\Users\owner\Desktop\My LastPass Vault.lnk
2014-06-07 12:28 - 2014-06-07 12:27 - 14936064 _____ (LastPass) C:\Users\owner\Downloads\lastpass_x64.exe
2014-06-07 09:17 - 2013-08-12 22:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 18:17 - 2013-08-12 22:24 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-06 18:17 - 2013-08-06 20:49 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-06 18:17 - 2013-08-06 20:49 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-06 07:54 - 2013-02-18 19:23 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Apple Computer
2014-06-05 19:40 - 2014-06-05 19:41 - 00449885 _____ () C:\Windows\system32\Drivers\etc\hosts.20140605-194152.backup
2014-06-05 19:40 - 2014-06-05 19:41 - 00449885 _____ () C:\Windows\system32\Drivers\etc\hosts.20140605-194111.backup
2014-06-05 19:27 - 2009-07-13 21:34 - 00449885 _____ () C:\Windows\system32\Drivers\etc\hosts.20140605-194046.backup
2014-06-05 18:43 - 2014-06-05 18:43 - 00000000 ____D () C:\Users\owner\Documents\ProcAlyzer Dumps
2014-06-05 08:44 - 2014-06-05 08:42 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\owner\Downloads\spybot-2.3.exe
2014-06-05 08:39 - 2014-06-05 08:38 - 13829304 _____ (Microsoft Corporation) C:\Users\owner\Downloads\mseinstall (1).exe
2014-06-05 08:37 - 2014-06-05 08:37 - 00165376 _____ () C:\Users\owner\Downloads\SystemLook_x64.exe
2014-06-05 08:34 - 2014-06-05 08:34 - 13829304 _____ (Microsoft Corporation) C:\Users\owner\Downloads\mseinstall.exe
2014-06-05 08:32 - 2014-06-05 08:32 - 01059840 _____ () C:\Users\owner\Downloads\MicrosoftFixit50981.msi
2014-06-04 18:39 - 2014-06-03 14:42 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-04 09:07 - 2013-02-18 19:23 - 00000000 ____D () C:\Users\owner\AppData\Local\Apple Computer
2014-06-01 17:33 - 2014-06-01 17:32 - 01119203 _____ (HANSoft, Inc. ) C:\Users\owner\Downloads\ERWsetup.exe
2014-06-01 13:18 - 2014-06-01 13:06 - 00000800 _____ () C:\Windows\system32\PDBootState
2014-06-01 12:46 - 2014-06-01 12:46 - 41891360 _____ (Raxco Software, Inc. ) C:\Users\owner\Downloads\PerfectDisk_Pro_Trial.exe
2014-05-31 23:34 - 2014-05-31 23:32 - 259919240 _____ (Altova GmbH) C:\Users\owner\Downloads\MissionKitEnt2014_x64.exe
2014-05-31 15:05 - 2014-05-31 15:05 - 00633360 _____ (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\owner\Downloads\biosagentplus_875.exe
2014-05-31 15:01 - 2014-05-31 15:01 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2014-05-31 14:51 - 2014-05-31 14:50 - 02661768 _____ (Martin Malík - REALiX ) C:\Users\owner\Downloads\hw64_438.exe
2014-05-31 14:31 - 2014-05-31 14:31 - 00231760 _____ () C:\Users\owner\Downloads\CrucialScan.exe
2014-05-31 13:23 - 2014-05-31 13:23 - 04583424 _____ () C:\Users\owner\Downloads\HPSupportSolutionsFramework.msi
2014-05-30 17:39 - 2014-05-30 17:37 - 00000000 ____D () C:\Users\owner\Desktop\Legalities
2014-05-28 19:06 - 2014-05-28 19:06 - 00000000 ____D () C:\Windows\SystemRepair
2014-05-27 16:12 - 2014-05-26 14:55 - 00001002 _____ () C:\Users\owner\Desktop\Sandboxed Web Browser.lnk
2014-05-25 17:18 - 2009-07-14 00:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
Files to move or delete:
====================
C:\Users\owner\AppData\Roaming\skype.ini
C:\Users\owner\LastPassBroker.exe
C:\Users\owner\nplastpass.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {158181c0-9a00-11db-8a1d-b11d19fd3102}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 10
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {3a4f682b-009c-11df-892f-bcc80dab5cc5}
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {3a4f682b-009c-11df-892f-bcc80dab5cc5}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {158181c0-9a00-11db-8a1d-b11d19fd3102}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {3a4f682b-009c-11df-892f-bcc80dab5cc5}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{3a4f682c-009c-11df-892f-bcc80dab5cc5}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{3a4f682c-009c-11df-892f-bcc80dab5cc5}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {572bcd60-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             Microsoft Windows PE 2.0 
osdevice                ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
detecthal               Yes
winpe                   Yes
ems                     Yes
 
Resume from Hibernate
---------------------
identifier              {158181c0-9a00-11db-8a1d-b11d19fd3102}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {3a4f682c-009c-11df-892f-bcc80dab5cc5}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk Options
ramdisksdidevice        boot
ramdisksdipath          \boot\boot.sdi
 
 
 
LastRegBack: 2014-06-09 01:40
 
==================== End Of Log ============================
 
 
 


#11 bigrobifer

bigrobifer
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 24 June 2014 - 09:56 AM

Here's the additional text. Also, the remote desktop service hasn't started but its not set to disabled the way I thought I had it, almost all the other unneeded services are disabled but this one is set to auto?? I never connect remotely other than p2p with torrents perhaps.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014
Ran by owner at 2014-06-24 09:11:26
Running from C:\Users\owner\Desktop\FRST
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.295 - AVG) Hidden
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.295 - AVG) Hidden
Bitcoin Core (64-bit) (HKCU\...\Bitcoin Core (64-bit)) (Version: 0.9.1 - Bitcoin Core project)
Blio (HKLM-x32\...\{7BCD1A5E-F903-48C9-9CB2-37E5A6FB2111}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
Business Plan Pro 11.0 (HKLM-x32\...\{7E0E01E6-8F0B-428B-9A06-668104DA6872}) (Version: 11.14.0002 - Palo Alto Software, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{212A6F92-4871-4BD9-8E4F-F876595DE899}) (Version: 1.1.0.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13155.3599 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
HWiNFO64 Version 4.40 (HKLM\...\HWiNFO64_is1) (Version: 4.40 - Martin Malík - REALiX)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel® SDK for OpenCL* - CPU Only Runtime Package 2013 (HKLM\...\{E1AD72DE-9FF3-4E66-8A0E-34778EDBDB57}) (Version: 3.0.1.15216 - Intel Corporation)
Intel® SDK for OpenCL* Applications 2013 (HKLM\...\{ECAD1063-CF2B-45F3-5487-A8B970013CFB}) (Version: 3.0.0.81147 - Intel Corporation)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 5 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
LastPass (uninstall only) (HKCU\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual Basic PowerPacks 1.2 (HKLM-x32\...\{5169D2E2-0B94-3320-8C7A-718F92BE20CE}) (Version: 9.0.30729 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.102 - Panda Security)
PerfectDisk Professional (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.783 - Raxco Software Inc.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PrivDog (HKLM-x32\...\PrivDog) (Version: 1.8.0.15 - privdog.com)
QBFC 5.0 (HKLM-x32\...\{0E31CA83-8E2B-4B0D-A84D-F561B6CD482D}) (Version: 5.0.00203.0 - Intuit)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Screenshot Captor 4.5.00 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Ultimate Business Plan Starter (HKLM-x32\...\Ultimate Business Plan Starter) (Version: 5.0.72 - Atlas Business Solutions, Inc.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Universal Document Converter (Demo) (HKLM-x32\...\Universal Document Converter_is1) (Version: 6.0 - fCoder Group, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wise Registry Cleaner 8.12 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.12 - WiseCleaner.com, Inc.)
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2014-06-18 02:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {09060EFE-5592-4993-9D9F-67CA60257FA0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {13FFB3AD-6A6E-438A-B9ED-8422F902E1DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.)
Task: {165409EE-2964-4952-820A-790810CEA3D9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION
Task: {275C3F3C-AB64-4791-BC61-27988BE3E668} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {29C459C1-B169-4CC4-B45E-44D7FB27077E} - \TuneUpUtilities_Task_BkGndMaintenance2013 No Task File <==== ATTENTION
Task: {2DFAD835-0D16-4DF2-954A-DCEFE6E25192} - \SlimCleaner Run No Task File <==== ATTENTION
Task: {429E9303-7AE7-4ECF-BF7D-3BAB3B59074B} - \Microsoft\Windows\Wininet\CacheTask No Task File <==== ATTENTION
Task: {52282AA7-981C-4F82-AF94-5816C7FAC305} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-3236511648-3986067080-1068869680-1000 No Task File <==== ATTENTION
Task: {5BF2F405-26A9-4D34-A834-98459A5AB88C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-04-22] (Microsoft)
Task: {5D176205-A54B-4146-8165-45DDF3124BC7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\hijack log => C:\Users\owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2014-06-22] (Trend Micro Inc.)
Task: {5E2A2736-17B9-4AB2-8911-0A85323635D4} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-3236511648-3986067080-1068869680-1000 No Task File <==== ATTENTION
Task: {9910591A-FE8A-4295-AB56-52F0E1F527FC} - \JetBoost_AutoUpdate No Task File <==== ATTENTION
Task: {9C51DCFE-154C-45A0-AE2C-E10B23BC1F97} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3236511648-3986067080-1068869680-1000 No Task File <==== ATTENTION
Task: {A24EB9ED-E2CF-4FA6-9A20-6648D9C5D3BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-13] (Google Inc.)
Task: {B91D4162-47AD-45F2-BC50-10A2DF0C4D69} - System32\Tasks\My BabyCakin
Task: {CC332C88-2E7E-4545-BCE4-3532EFE2261B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-06] (Adobe Systems Incorporated)
Task: {CC3730AB-B573-4AF8-A8CC-33EE0EE7D246} - System32\Tasks\Log-Test1 => C:\Users\owner\Desktop\mbar\mbar.exe
Task: {D5EB7DE7-BCB6-46DA-B512-45F2660BED1E} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe [2010-12-10] (Microsoft)
Task: {D60E8B97-759F-417B-A523-0075816509CF} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {D91B7813-6009-460C-9714-18580E3A108C} - \Razer_Game_Booster_AutoUpdate No Task File <==== ATTENTION
Task: {E12709DF-CD34-4B84-A3C3-73CE119E9885} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3236511648-3986067080-1068869680-1000 No Task File <==== ATTENTION
Task: {FC97966E-F100-46BB-933B-95149FB0766A} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-3236511648-3986067080-1068869680-1000 No Task File <==== ATTENTION
Task: {FF7E7D93-BBF3-4CDE-B971-D6C529F27ECD} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimCleaner Run.job => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-19 11:55 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot -1 Search & Destroy 2\snlThirdParty150.bpl
2014-06-19 11:55 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot -1 Search & Destroy 2\DEC150.bpl
2014-06-19 11:55 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot -1 Search & Destroy 2\snlFileFormats150.bpl
2014-06-19 20:42 - 2012-05-30 09:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll
2014-01-03 01:59 - 2014-02-10 12:04 - 00430080 _____ () C:\Windows\mod_frst.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 2
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: Apple Mobile Device => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BITS => 3
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: CISVC => 3
MSCONFIG\Services: clr_optimization_v2.0.50727_32 => 3
MSCONFIG\Services: clr_optimization_v2.0.50727_64 => 3
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 3
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: FastFreeConverterUpdt => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HP Wireless Assistant Service => 3
MSCONFIG\Services: HPAuto => 2
MSCONFIG\Services: HPClientSvc => 3
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 3
MSCONFIG\Services: IAStorDataMgrSvc => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: iphlpsvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: Microsoft Office Groove Audit Service => 3
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: NvtlService => 2
MSCONFIG\Services: odserv => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PDAgent => 3
MSCONFIG\Services: PDEngine => 3
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: ProtectedStorage => 2
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RoxioNow Service => 2
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SbieSvc => 3
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: ShellHWDetection => 3
MSCONFIG\Services: Skype C2C Service => 3
MSCONFIG\Services: SkypeUpdate => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 3
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UxSms => 3
MSCONFIG\Services: UxTuneUp => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: vToolbarUpdater14.2.0 => 2
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WiFiPasswordRevealer.exe => C:\Windows\pss\WiFiPasswordRevealer.exe.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Application Restart #0 => C:\Windows\System32\ctfmon.exe ctfmon.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: BlueStacks Agent => 
MSCONFIG\startupreg: ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3289663\plugins\TBVerifier.dll",RunConduitFloatingPlugin nemfjadlboooiffmcelkafilagddogim
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Users\owner\Desktop\MINES\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Glary Memory Optimizer => 
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HijackThis startup scan => C:\Users\owner\Desktop\PROGRAMS\HijackThis.exe /startupscan
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Quick Launch => 
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MzCpuAccelerator => 
MSCONFIG\startupreg: NCPluginUpdater => "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SMessaging => 
MSCONFIG\startupreg: SpUninstallDeleteDir => 
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => 
MSCONFIG\startupreg: ThreadManager.exe => C:\Program Files (x86)\Thread Manager\ThreadManager.exe
MSCONFIG\startupreg: TkBellExe => 
MSCONFIG\startupreg: TopArcadeHits153 => 
MSCONFIG\startupreg: TopArcadeHits406 => 
MSCONFIG\startupreg: TopArcadeHits447 => 
MSCONFIG\startupreg: TopArcadeHits720 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -uninstall-extension=gpdgdlcjhlbaphcjmagicjhhgfnkiihp
MSCONFIG\startupreg: Uninstall C: => 
MSCONFIG\startupreg: vProt => 
MSCONFIG\startupreg: Wallpaper Changer => 
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: YouCam Service => "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® ICH9 Family USB2 Enhanced Host Controller - 293C
Description: Intel® ICH9 Family USB2 Enhanced Host Controller - 293C
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2934
Description: Intel® ICH9 Family USB Universal Host Controller - 2934
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp CDDVDW SN-208BB
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2935
Description: Intel® ICH9 Family USB Universal Host Controller - 2935
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2936
Description: Intel® ICH9 Family USB Universal Host Controller - 2936
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2937
Description: Intel® ICH9 Family USB Universal Host Controller - 2937
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2938
Description: Intel® ICH9 Family USB Universal Host Controller - 2938
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2939
Description: Intel® ICH9 Family USB Universal Host Controller - 2939
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® ICH9 Family USB2 Enhanced Host Controller - 293A
Description: Intel® ICH9 Family USB2 Enhanced Host Controller - 293A
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/24/2014 09:11:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (06/24/2014 09:11:28 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (06/24/2014 09:06:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/24/2014 09:05:18 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {35841d15-72c5-4480-8ecc-269d8c06c61b}
 
Error: (06/24/2014 09:05:18 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Subscribing Writer
 
Context:
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {35841d15-72c5-4480-8ecc-269d8c06c61b}
 
Error: (06/23/2014 08:49:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/22/2014 11:03:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/22/2014 10:52:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/22/2014 08:51:38 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDCleaner.exe Files (x86)\Spybot -1 Search & Destroy 2\SDCleaner.exe" ; Description = Cleaner (Spybot - Search & Destroy 2.3, administrator privileges; Error = 0x8007043c).
 
Error: (06/22/2014 08:04:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x190
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3
 
 
System errors:
=============
Error: (06/24/2014 09:05:16 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (06/24/2014 09:04:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Identity service terminated with the following error: 
%%31
 
Error: (06/23/2014 08:48:16 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (06/23/2014 08:48:16 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (06/23/2014 08:48:11 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (06/23/2014 08:48:03 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (06/23/2014 08:48:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
Error: (06/23/2014 08:48:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
Error: (06/23/2014 08:47:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
Error: (06/23/2014 08:47:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-18 02:08:41.508
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-18 02:08:41.399
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-11 14:46:21.117
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\owner\Desktop\tools\SysInternals\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-11 14:46:20.929
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\owner\Desktop\tools\SysInternals\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-13 17:44:51.098
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\owner\Desktop\Cwindows Sys32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-13 17:44:50.810
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\owner\Desktop\Cwindows Sys32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-13 17:44:50.533
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\owner\Desktop\Cwindows Sys32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-13 17:44:50.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\owner\Desktop\Cwindows Sys32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-13 17:36:03.980
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\owner\Desktop\Cwindows Sys32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-13 17:36:03.597
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\owner\Desktop\Cwindows Sys32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 34%
Total physical RAM: 3001.89 MB
Available physical RAM: 1969.76 MB
Total Pagefile: 6000.07 MB
Available Pagefile: 5026.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:284.23 GB) (Free:145.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.55 GB) (Free:1.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D4A520EE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=110 MB) - (Type=0E)
 
==================== End Of Log ============================


#12 bigrobifer

bigrobifer
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 24 June 2014 - 10:11 AM

Still not able to update windows. My last update was on the 19. And when i looked the error code up it says the most likely cause would be a virus blocking updates.  http://windows.microsoft.com/en-us/windows-vista/windows-update-error-80070422-80244019-or-8ddd0018         I was updating my spyware programs.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:49 PM

Posted 24 June 2014 - 01:34 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014

Your only log from FRST is this one dated 22/06/2014.

Please run the FRST.exe and post a fresh log for my review.

===

Download this new tool, run it and post the log.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#14 bigrobifer

bigrobifer
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 24 June 2014 - 02:03 PM

posted the wrong log. will post correct one. I noticed a few things. First in the task man it shows winlogon.exe and csrss.exe processes and niether one shows image path or file path. The csrss is i/o reads is 386,000 and climbing  0 i/o writes but 6600 i/o other. idk just seemed strange. UAC virtualization is turned off, on for everything else except semantic. Also a strange thing last night when i logged onto mturk. looked at my balance page and there was a number and it said my amazon payments account isnt in good standing, i know it is an that message wasnt there today. Also the services are running in my task man but the scanner says different. 

I ran the FSS then ran FRST and hit fix then ran FSS again. The Fss are numbered 1 and 2 because of this.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by owner (administrator) on OWNER-HP on 24-06-2014 13:58:18
Running from C:\Users\owner\Desktop\FRST
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDUpdSvc.exe
(Trend Micro Inc.) C:\Users\owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\synaptics\syntp\syntpenh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware)
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3236511648-3986067080-1068869680-1000\...\Policies\Explorer: [NoAddPrinter] 1
BootExecute: PDBoot.exeautocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAB6AB6611C88CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Users\owner\Desktop\Robert's\LPToolbar_x64.dll (LastPass)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\owner\Desktop\Robert's\LPToolbar.dll (LastPass)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Handler: AnVirDisabled\skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: AnVirDisabled\skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.wix.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass - C:\Users\owner\Desktop\Robert's\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Users\owner\Desktop\Robert's\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: LastPass - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\support@lastpass.com [2014-06-07]
FF Extension: iMacros for Firefox - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-05-25]
FF Extension: Firebug - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\firebug@software.joehewitt.com.xpi [2014-06-04]
FF Extension: FlashDisable - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\jid0-bbA9VAawX3LMWDu668aUDrpQVXU@jetpack.xpi [2014-06-07]
FF Extension: CoinURL - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\jid1-L9YAQzMOANgNZg@jetpack.xpi [2014-06-03]
FF Extension: PrivDog - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\PrivDog@AdTrustMedia.com.xpi [2014-06-17]
FF Extension: SelectBoxTools - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\selectboxtools@nodomain.com.xpi [2014-06-04]
FF Extension: Speed DNS - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\speeddns@gmail.com.xpi [2014-06-04]
FF Extension: The Addon Bar (restored) - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-06-04]
FF Extension: YSlow - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\yslow@yahoo-inc.com.xpi [2014-06-04]
FF Extension: Greasemonkey - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-06-04]
FF Extension: User Agent Switcher - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\nsdqcfj7.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-06-04]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\cache@status.org [2014-06-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\toolbar@unet.com [2014-06-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84} [2014-06-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2014-06-03]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn [2014-06-24]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF [2014-06-18]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "https://www.landofbitcoin.com/", "https://www.facebook.com/login.php?login_attempt=1"
CHR NewTab: "chrome-extension://dgpdioedihjhncjafcpgbbjdpbbkikmi/speeddial.html"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (My Logon Manager) - C:\Program Files (x86)\My Logon Manager\NPMLMPlugin.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (Advanced SystemCare 7) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\Plugin\ASCPlugin_Protect.dll No File
CHR Extension: (Angry Birds) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-04-30]
CHR Extension: (Tools for Amazon's Mechanical Turk) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoffgjejcepnijgahpckhajchahfpojo [2014-04-14]
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-18]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-18]
CHR Extension: (Website Protection) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\beiopafefbkbokhfglgppmhpeobgpmed [2014-04-17]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-06-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2014-06-02]
CHR Extension: (Facebook Color Changer) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\clnnapikbigkpjmgckhedmkgfkochicj [2014-06-02]
CHR Extension: (PrivDog) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-06-18]
CHR Extension: (MakeGIF Video Capture) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhdjbfjheoohmhpakglckehdcgfffbl [2014-06-02]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-18]
CHR Extension: (AdPend Exchange Network) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfjdkdceleofajflfmefffopfpodglfd [2014-06-17]
CHR Extension: (Turkopticon) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgefbojfgdddnignhmfmnencgiloojpe [2014-04-14]
CHR Extension: (Tampermonkey) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-04-13]
CHR Extension: (MindMup - Free Mind Map web site) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnenaecjcgeppfpaokiifokeieopppej [2014-04-13]
CHR Extension: (Sumo Paint) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod [2014-06-02]
CHR Extension: (MozBar) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2014-06-02]
CHR Extension: (Authy Chrome Extension) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgenkpocbhhddlgkjnfghpjanffonno [2014-06-18]
CHR Extension: (Authy) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2014-06-18]
CHR Extension: (AppJump App Launcher and Organizer) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hccbinpobnjcpckmcfngmdpnbnjpmcbd [2014-04-13]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-04-11]
CHR Extension: (Website Destroyer) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfdklionolegofhffnhoagpmlailnnni [2014-04-17]
CHR Extension: (CoinURL) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hioofbdebnagjphoejaimfoklbcemnfh [2014-04-21]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-06-02]
CHR Extension: (elRTE - HTML edit) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokleipfjbnpkdlfaebfamgadpleagie [2014-05-27]
CHR Extension: (Seymour: Personal Typist) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iakakkmhombdnngelgjejblefgljkded [2014-05-26]
CHR Extension: (Word Count Tool) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjgdahgcdkpdlbkadidojhfddflblcm [2014-05-11]
CHR Extension: (Pixlr Editor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2014-05-04]
CHR Extension: (Photo To Cartoon) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphmndcanljimncebjfmknoadejhjjdd [2014-06-02]
CHR Extension: (Character Count) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbkelnohbkfdcdgoimhlhikgkehepal [2014-05-26]
CHR Extension: (KryptoKit Bitcoin Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhhipingoaiddcoalochnbjlkifbpmoj [2014-04-19]
CHR Extension: (Skype Click to Call) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-18]
CHR Extension: (Button for Bitly™) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfaclnajlpfhbehdkmonbapamejjdfio [2014-06-07]
CHR Extension: (Editor Lite) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nglgdmkkiemejlladcdjegcllaieegoe [2014-05-27]
CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-18]
CHR Extension: (Context Menu Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2014-04-14]
CHR Extension: (ScriptSafe) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-06-17]
CHR Extension: (Page Monitor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-04-14]
CHR Extension: (4chan Plus) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2014-06-02]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-18]
CHR Extension: (Bitcoin Address Lookup) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlblkdmadbidammhjiponepngbfcpge [2014-04-26]
CHR Extension: (Word Count) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnngehidikgomgfjbpffonkeimgbpjlh [2014-05-23]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-06-19]
CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-06-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
S3 SDScannerService; C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R3 SDUpdateService; C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot -1 Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2013-12-18] (AVG)
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-06-08] (Emsisoft GmbH)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-17] (Symantec Corporation)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-06-14] (REALiX™)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140623.001\IDSvia64.sys [525016 2014-06-17] (Symantec Corporation)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140623.023\ENG64.SYS [126040 2014-06-17] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140623.023\EX64.SYS [2099288 2014-06-17] (Symantec Corporation)
S3 PORTMON; C:\Users\owner\Desktop\New folder\PORTMSYS.SYS [28656 2014-06-22] (Systems Internals) [File not signed]
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-06-19] (Duplex Secure Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-06-19] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-12] (Anchorfree Inc.)
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140606.001\BHDrvx64.sys F10EFCE086C794F8A7C2C7A3EA52AC5F
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys 56685951208AC81CF923B9B08BEDF3B7
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\EEK\Run\cleanhlp64.sys B794DCF38C965FA2F93C45A7C3D582C5
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\DefragFS.sys 7194353A9303E80BA0B22187E559EB13
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\dfx11_1x64.sys 51D50A9A72C18E4629891BF381D123BA
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 1ED08A6264C5C92099D6D1DAE5E8F530
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 5E346ADBAD5110EAB2E9808ABE877A00
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 773ACF5823046FA40D7FD898559A7228
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\system32\drivers\HWiNFO64A.SYS D7E0591E2BA1289C875A9D948377441E
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140623.001\IDSvia64.sys F6F8CDA3CC5207BFD0B319A26E33ACD3
C:\Windows\System32\DRIVERS\igdkmd64.sys 8814F0B9A09C647D3D7BE735450E7B4C
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 336C3A6BF14D5A9AF35AF07C6B6B29CD
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MarvinBus64.sys 024DA28053D57E9E32BEE52600576BBB
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140623.023\ENG64.SYS 702E07EC32F96ACDB873E9A5465D4401
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140623.023\EX64.SYS 302EA314A1AF0D7CEF0A3D0195F79561
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PDFsFilter.sys 9F5E27C8B88A8DA1DC93E93A5C27BB9B
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Users\owner\Desktop\New folder\PORTMSYS.SYS C58AE9881CD83BB1662A7E062E11CBD6
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PSKMAD.sys 05A0C2744CEAC6F1B723EC469B650EF0
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RtsPStor.sys 546D7F426776090B90EF5F195B6AE662
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 3372196F61AF48503656EF6AA3E92D1B
C:\Windows\System32\DRIVERS\rtl8192Ce.sys 177963A6EEBAA9EF3B56A2DBE9D5D0FC
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Program Files\Sandboxie\SbieDrv.sys F22189298ABFC75F2A2D87BCCD3CA092
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys 74D30C2EF66C2EB19F17ED5423AA8038
C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS 2FD9346F9D76CB4192D37329CFA47A82
C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS 0E76CEF892C45734F7AED09FDDF35D4D
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\NISx64\1405000.01C\SYMDS64.SYS 52DC0048D667757A8A2E4C87182890AC
C:\Windows\System32\drivers\NISx64\1405000.01C\SYMEFA64.SYS 599872BAD7CFB45C7CE47CDED4B726D8
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS F19E5E37ED8134B9E5F6287F2D3A75D7
C:\Windows\System32\DRIVERS\SymIMv.sys BFD99DC6C7FEB2F8B20D488FDF3A9A55
C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS ADF37F1A715D6C56C8E065FD8569A9A4
C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS 9CDCA70485BD6B9D230365F67C31F132
C:\Windows\System32\DRIVERS\SynTP.sys AC3CC98B1BDB6540021D3FFB105AC2B9
C:\Windows\System32\DRIVERS\taphss6.sys A44268083CEC91EFE69AC0E371131745
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-24 13:42 - 2014-06-24 13:43 - 00003166 _____ () C:\Users\owner\Desktop\FSS.txt
2014-06-24 13:39 - 2014-06-24 13:39 - 00415744 _____ (Farbar) C:\Users\owner\Desktop\FSS.exe
2014-06-23 08:50 - 2014-06-24 13:58 - 00000000 ____D () C:\Users\owner\Desktop\FRST
2014-06-22 23:05 - 2014-06-22 23:05 - 00000000 ____D () C:\SQLCritUpdPkg
2014-06-22 21:35 - 2014-06-22 23:16 - 00002808 _____ () C:\Users\owner\Desktop\unhide.txt
2014-06-22 21:32 - 2014-06-22 21:33 - 29183200 _____ (Microsoft Corporation) C:\Users\owner\Desktop\Windows-KB890830-x64-V5.13.exe
2014-06-22 21:29 - 2014-06-22 21:31 - 107726072 _____ (Microsoft Corporation) C:\Users\owner\Desktop\msert.exe
2014-06-22 13:46 - 2014-06-22 13:46 - 00000027 _____ () C:\Users\owner\Downloads\apppath.torun
2014-06-22 11:41 - 2014-06-22 11:41 - 00000000 ____D () C:\Users\owner\Desktop\DLL'S REPLACE
2014-06-22 01:49 - 2014-06-22 20:46 - 00000000 ____D () C:\Trend Micro
2014-06-22 01:28 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\Desktop\new antivirus
2014-06-21 13:32 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-21 13:32 - 2014-06-22 01:49 - 00002935 _____ () C:\Users\owner\Desktop\HiJackThis.lnk
2014-06-21 13:26 - 2014-06-21 13:26 - 05209566 _____ (Swearware) C:\Users\owner\Desktop\ComboFix.exe
2014-06-21 13:26 - 2014-06-21 13:26 - 01402880 _____ () C:\Users\owner\Desktop\HiJackThis.msi
2014-06-20 22:18 - 2014-06-20 22:24 - 00003392 _____ () C:\Windows\System32\Tasks\Log-Test1
2014-06-20 22:17 - 2014-06-20 22:17 - 00000114 _____ () C:\local.conf
2014-06-20 22:09 - 2014-06-20 22:13 - 00003792 _____ () C:\Windows\System32\Tasks\My BabyCakin
2014-06-20 19:51 - 2014-06-22 21:12 - 00000000 ____D () C:\Panda Cloud Cleaner
2014-06-20 19:51 - 2014-06-20 19:51 - 00000708 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-06-20 19:51 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-06-20 19:35 - 2014-06-20 19:35 - 01369720 _____ () C:\Users\owner\Desktop\PandaCloudAntivirus.exe
2014-06-20 19:34 - 2014-06-20 19:35 - 30115912 _____ (Panda Security ) C:\Users\owner\Desktop\PandaCloudCleaner.exe
2014-06-20 19:21 - 2014-06-20 19:21 - 00291863 _____ () C:\Users\owner\Desktop\Rootkit List.htm
2014-06-20 19:19 - 2014-06-20 19:19 - 00065137 _____ () C:\Users\owner\Desktop\How to Manually Remove a Rootkit Infection   eHow.htm
2014-06-20 19:17 - 2014-06-20 19:17 - 05124208 _____ (F-Secure Corporation) C:\Users\owner\Desktop\F-SecureOnlineScanner-HC.exe
2014-06-20 18:14 - 2014-06-20 18:55 - 00626118 _____ () C:\Windows\system32\HWiNFO64.DBG
2014-06-20 11:34 - 2014-06-20 11:34 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\owner\Desktop\unhide.exe
2014-06-20 00:11 - 2014-06-20 21:48 - 00000000 ____D () C:\Program Files\stinger
2014-06-20 00:08 - 2014-06-20 18:07 - 00000000 ____D () C:\Program Files (x86)\door2windows
2014-06-19 23:06 - 2014-06-19 23:22 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-06-19 23:00 - 2014-06-19 23:01 - 13429504 _____ (Disc Soft Ltd) C:\Users\owner\Downloads\DTLite4491-0356.exe
2014-06-19 22:56 - 2014-06-22 21:16 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-06-19 13:27 - 2014-06-22 21:15 - 00000000 ____D () C:\Windows\SHELLNEW
2014-06-19 11:55 - 2014-06-22 21:13 - 00000000 ____D () C:\Program Files (x86)\Spybot -1 Search & Destroy 2
2014-06-19 11:55 - 2014-06-19 11:55 - 00001352 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-19 11:55 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-06-19 10:01 - 2006-11-01 13:07 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\Users\owner\Desktop\RootkitRevealer.exe
2014-06-18 21:44 - 2014-06-18 21:44 - 19739904 _____ (SUPERAntiSpyware) C:\Users\owner\Downloads\SUPERAntiSpyware.exe
2014-06-18 19:34 - 2014-06-22 20:47 - 00000000 ____D () C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
2014-06-18 19:33 - 2014-06-22 21:19 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-18 19:33 - 2014-06-18 19:35 - 00001973 _____ () C:\Users\owner\Desktop\SUPERAntiSpyware Professional.lnk
2014-06-18 18:53 - 2014-06-18 18:54 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\eXplorer.exe
2014-06-18 18:52 - 2014-06-18 18:53 - 14349744 _____ (Malwarebytes Corp.) C:\Users\owner\Downloads\mbar-1.07.0.1012.exe
2014-06-18 18:10 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Local\AdTrustMedia
2014-06-18 18:09 - 2014-06-18 18:09 - 00000000 ____D () C:\Users\owner\AppData\Roaming\devcoin
2014-06-18 17:39 - 2014-06-22 23:07 - 00000000 ____D () C:\Users\owner\Desktop\File Checksum
2014-06-18 16:09 - 2014-06-18 16:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\owner\Downloads\revosetup.exe
2014-06-18 16:09 - 2014-06-18 16:09 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\FixExec.com
2014-06-18 16:03 - 2014-06-18 16:03 - 04707328 _____ () C:\Users\owner\Downloads\RogueKiller.exe
2014-06-18 16:03 - 2014-06-18 16:03 - 00000194 _____ () C:\Users\owner\Downloads\hosts-perm.bat
2014-06-18 16:00 - 2014-06-18 16:00 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\owner\Downloads\ADSSpy.exe
2014-06-18 13:27 - 2013-03-04 21:14 - 00043680 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2014-06-18 02:30 - 2014-06-18 02:30 - 00033123 _____ () C:\ComboFix.txt
2014-06-18 02:13 - 2014-06-19 22:51 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-06-18 02:10 - 2014-06-23 08:46 - 00005054 _____ () C:\Windows\PFRO.log
2014-06-18 02:00 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-18 02:00 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-18 02:00 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-18 02:00 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-18 02:00 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-18 02:00 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-18 02:00 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-18 02:00 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-18 01:50 - 2014-06-18 01:50 - 05206841 _____ (Swearware) C:\Users\owner\Downloads\ComboFix.exe
2014-06-18 01:44 - 2014-06-18 01:44 - 00000060 _____ () C:\Users\owner\Downloads\RestoreSecurityProcessorLoaderDriverWindows7.bat
2014-06-18 01:10 - 2014-06-24 13:58 - 00000000 ____D () C:\FRST
2014-06-17 23:56 - 2014-06-22 21:18 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-06-17 23:56 - 2014-06-19 12:49 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-06-17 23:56 - 2014-06-19 12:49 - 00007631 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-06-17 23:56 - 2014-06-17 23:56 - 00000000 ____D () C:\Program Files\Symantec
2014-06-17 23:55 - 2014-06-22 21:17 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-06-17 23:55 - 2014-06-22 21:15 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-06-17 23:19 - 2014-06-17 23:19 - 00269016 _____ () C:\Windows\Minidump\061714-26520-01.dmp
2014-06-17 23:18 - 2014-06-17 23:19 - 227445472 _____ () C:\Windows\MEMORY.DMP
2014-06-17 22:26 - 2014-06-17 22:26 - 00000000 _____ () C:\Users\owner\Documents\Default.rdp
2014-06-17 18:52 - 2014-06-17 18:52 - 00000000 _____ () C:\Users\owner\defogger_reenable
2014-06-17 15:34 - 2014-06-17 15:34 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-06-17 15:33 - 2014-06-22 21:13 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-06-17 15:33 - 2014-06-22 20:36 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-06-17 15:25 - 2014-06-17 15:28 - 230403208 _____ (COMODO) C:\Users\owner\Downloads\cfw_installer.exe
2014-06-17 15:10 - 2014-06-17 15:10 - 00688992 _____ (Swearware) C:\Users\owner\Downloads\dds.com
2014-06-17 15:09 - 2014-06-17 15:09 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ParetoLogic
2014-06-17 15:06 - 2014-06-17 15:06 - 00050477 _____ () C:\Users\owner\Downloads\Defogger.exe
2014-06-17 15:04 - 2014-06-17 15:05 - 05938328 _____ (ParetoLogic, Inc.) C:\Users\owner\Downloads\RegCureProSetup.exe
2014-06-17 14:40 - 2014-06-17 14:40 - 00000046 _____ () C:\Users\owner\Downloads\RestoreAppIDDriverWindows7.bat
2014-06-17 13:45 - 2014-06-21 15:25 - 00002520 _____ () C:\Windows\setupact.log
2014-06-17 13:45 - 2014-06-17 13:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-17 13:39 - 2014-06-17 13:39 - 00140592 _____ () C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-17 13:38 - 2014-06-17 13:39 - 00489936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-17 13:27 - 2014-06-24 13:34 - 00218964 _____ () C:\Windows\WindowsUpdate.log
2014-06-17 12:46 - 2014-06-17 12:46 - 00022528 _____ (Microsoft) C:\Users\owner\Downloads\RunAsSystem.exe
2014-06-17 11:00 - 2014-06-17 11:00 - 00047616 _____ () C:\Users\owner\Downloads\Win32kDiag.exe
2014-06-17 09:56 - 2014-06-17 09:56 - 00472064 _____ ( ) C:\Users\owner\Downloads\RootRepeal.exe
2014-06-17 09:46 - 2014-06-17 09:47 - 00854390 _____ () C:\Users\owner\Downloads\SecurityCheck.exe
2014-06-16 16:27 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Local\Unity
2014-06-16 16:25 - 2014-06-16 16:25 - 01080528 _____ (Unity Technologies ApS) C:\Users\owner\Downloads\UnityWebPlayer.exe
2014-06-16 11:27 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\Linkin Park - The Hunting Party (Deluxe Edition) 2014 2CD 320kbps CBR MP3 [VX]
2014-06-16 11:24 - 2014-06-16 11:24 - 00045342 _____ () C:\Users\owner\Downloads\Game.of.Thrones.S04E10.720p.HDTV.x264-KILLERS.srt
2014-06-15 17:20 - 2014-06-24 09:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-15 17:19 - 2014-06-22 21:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-15 17:19 - 2014-06-20 22:17 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-15 17:19 - 2014-06-15 17:19 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-15 17:19 - 2014-05-12 07:35 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-15 17:19 - 2014-05-12 07:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-15 16:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-15 16:24 - 2014-06-22 21:12 - 00000000 ____D () C:\AdwCleaner
2014-06-15 15:46 - 2014-06-22 23:05 - 00000000 ____D () C:\Users\owner\Desktop\Antivirus Folders
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\SysWOW64\FxsTmp
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\addins
2014-06-15 14:50 - 2014-06-15 14:50 - 00380416 _____ () C:\Users\owner\Downloads\7xw8cr4k.exe
2014-06-15 14:46 - 2014-06-15 14:46 - 00000020 _____ () C:\Windows\põ®
2014-06-15 14:15 - 2014-06-15 14:19 - 00231960 _____ () C:\Windows\RegBootClean64.exe
2014-06-15 14:15 - 2014-06-15 14:19 - 00013482 _____ () C:\Windows\RegBootClean64.CFG
2014-06-15 13:53 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ZumoDrive
2014-06-15 13:23 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Wise Registry Cleaner
2014-06-15 13:23 - 2014-06-15 13:23 - 00001209 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-06-15 13:22 - 2014-06-22 20:43 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-06-15 13:21 - 2014-06-15 13:21 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-Wise_Registry_Cleaner-SEO-10605508.exe
2014-06-15 12:47 - 2014-06-15 12:47 - 01333465 _____ () C:\Users\owner\Downloads\AdwCleaner.exe
2014-06-15 12:47 - 2014-06-15 12:47 - 00400384 _____ (Farbar) C:\Users\owner\Downloads\MiniToolBox.exe
2014-06-15 12:46 - 2014-06-15 12:46 - 01073152 _____ (Farbar) C:\Users\owner\Downloads\FRST.exe
2014-06-15 12:42 - 2014-06-15 12:42 - 02081792 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe
2014-06-15 12:39 - 2014-06-15 12:40 - 00000000 ____D () C:\MGADiagToolOutput
2014-06-15 12:36 - 2014-06-15 12:36 - 02031992 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MGADiag.exe
2014-06-15 12:20 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Desktop\New folder (2)
2014-06-15 09:31 - 2014-06-15 09:31 - 02670520 _____ (Martin Malík - REALiX ) C:\Users\owner\Downloads\hw64_440.exe
2014-06-14 16:58 - 2014-06-22 20:10 - 00000000 ____D () C:\Users\owner\Desktop\New folder
2014-06-14 16:06 - 2014-06-22 21:12 - 00000000 ____D () C:\Program Files (x86)\Badosoft
2014-06-14 16:02 - 2014-06-14 16:03 - 05477376 _____ () C:\Users\owner\Downloads\Latency Optimizer.msi
2014-06-14 15:51 - 2014-06-14 16:03 - 00000000 ____D () C:\Symbols
2014-06-14 15:48 - 2014-06-20 13:29 - 00000000 ____D () C:\Users\owner\Documents\WPA Files
2014-06-14 15:48 - 2014-06-14 16:03 - 00000000 ____D () C:\SymCache
2014-06-14 15:47 - 2014-06-14 15:48 - 00000000 ____D () C:\Users\owner\AppData\Local\Windows Performance Analyzer
2014-06-14 15:40 - 2014-06-14 15:42 - 52756480 _____ () C:\kernel.etl
2014-06-14 15:28 - 2014-06-14 15:28 - 01435472 _____ (Microsoft Corporation) C:\Users\owner\Downloads\adksetup.exe
2014-06-14 15:23 - 2014-06-14 15:23 - 00301688 _____ (Thesycon GmbH) C:\Users\owner\Downloads\dpclat.exe
2014-06-14 13:21 - 2014-06-14 13:25 - 204395288 _____ () C:\Users\owner\Downloads\YouCam_5.0.3618.0_HW_Patch_YUC131217-01.exe
2014-06-14 13:21 - 2014-06-14 13:21 - 01029080 _____ (CyberLink) C:\Users\owner\Downloads\CyberLink_YouCam_Downloader.exe
2014-06-14 11:23 - 2014-06-14 11:24 - 12329704 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\owner\Downloads\SASDEFINITIONS.EXE
2014-06-14 03:29 - 2014-06-14 03:29 - 00000000 ____D () C:\SUPERDelete
2014-06-14 03:22 - 2014-06-22 21:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-14 00:32 - 2014-06-14 00:32 - 01294512 _____ (Uniblue Systems Limited ) C:\Users\owner\Downloads\speedupmypc.exe
2014-06-13 20:53 - 2014-06-13 20:54 - 19671928 _____ (SUPERAntiSpyware) C:\Users\owner\Downloads\SUPERAntiSpywarePro.exe
2014-06-13 11:15 - 2014-06-22 20:46 - 00000000 ____D () C:\Users\owner\AppData\Local\ChemTable Software
2014-06-13 11:15 - 2014-06-22 20:46 - 00000000 ____D () C:\Users\owner\AppData\Local\AnVir
2014-06-13 11:15 - 2014-06-13 11:15 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ChemTable Software
2014-06-13 00:25 - 2014-06-13 00:25 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-AnVir_Task_Manager_Free-SEO-10802050.exe
2014-06-13 00:24 - 2014-06-13 00:24 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-Security_Task_Manager-SEO-10246545.exe
2014-06-12 18:40 - 2014-06-12 18:41 - 06185059 _____ (Ixcoin project) C:\Users\owner\Downloads\ixcoin-0.3.24.3-win32-setup.exe
2014-06-12 03:06 - 2014-05-23 21:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 03:06 - 2014-05-23 21:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 03:06 - 2014-05-23 21:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 03:06 - 2014-05-23 21:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 03:06 - 2014-05-23 21:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 03:06 - 2014-05-23 21:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 03:06 - 2014-05-23 21:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 03:06 - 2014-05-23 20:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 03:06 - 2014-05-23 20:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 03:06 - 2014-05-23 20:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 03:06 - 2014-05-23 20:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 03:06 - 2014-05-23 20:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 03:06 - 2014-05-23 19:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-12 03:06 - 2014-05-23 19:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-12 03:06 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 03:06 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 03:06 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 03:06 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 03:06 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 03:06 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 03:06 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 03:06 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 03:06 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 03:06 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 03:06 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 03:06 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 03:06 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 03:06 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 14:24 - 2014-06-11 14:24 - 00000000 ____D () C:\Users\owner\AppData\Local\Adobe
2014-06-11 11:36 - 2014-06-11 11:37 - 00000085 _____ () C:\Windows\wininit.ini
2014-06-11 11:36 - 2014-06-11 11:36 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-11 11:27 - 2014-06-15 17:07 - 00000000 ____D () C:\Users\owner\AppData\Local\Trend Micro
2014-06-11 11:23 - 2014-06-17 13:27 - 00000000 ____D () C:\OETemp
2014-06-11 11:21 - 2014-06-11 11:21 - 00257865 _____ () C:\Users\owner\AppData\Local\census.cache
2014-06-11 11:21 - 2014-06-11 11:21 - 00172466 _____ () C:\Users\owner\AppData\Local\ars.cache
2014-06-11 10:57 - 2014-06-11 10:57 - 00000010 _____ () C:\Users\owner\AppData\Local\sponge.last.runtime.cache
2014-06-11 10:49 - 2014-06-11 10:49 - 02473936 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\HousecallLauncher64.exe
2014-06-11 10:47 - 2014-06-11 10:47 - 00186328 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2014-06-11 10:25 - 2014-06-11 10:26 - 111278192 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\TTi_7.0_HE_64bit.exe
2014-06-11 10:24 - 2014-06-11 10:24 - 14839344 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171x64 (1).exe
2014-06-11 10:06 - 2014-06-22 21:15 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 10:06 - 2014-06-22 20:46 - 00000000 ____D () C:\Qoobox
2014-06-10 16:18 - 2014-06-11 11:33 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-06-10 15:51 - 2014-06-10 15:51 - 14839344 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171x64.exe
2014-06-10 15:49 - 2014-06-17 18:56 - 00000000 ____D () C:\Users\owner\Downloads\TMRBLog
2014-06-10 14:54 - 2014-06-10 14:55 - 89095528 _____ (Sophos Limited) C:\Users\owner\Downloads\Sophos Virus Removal Tool.exe
2014-06-10 14:42 - 2014-06-22 20:53 - 00000000 ____D () C:\Users\owner\Downloads\TrendMicro AntiThreat Toolkit
2014-06-10 14:42 - 2014-06-10 14:42 - 00000036 _____ () C:\Users\owner\AppData\Local\housecall.guid.cache
2014-06-10 14:39 - 2014-06-10 14:42 - 25280863 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\attk_ScanCleanOnline_gui_x64.exe
2014-06-10 14:38 - 2014-06-10 14:39 - 10021424 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171.exe
2014-06-10 14:38 - 2014-06-10 14:38 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\owner\Downloads\RUBottedSetup.exe
2014-06-10 11:15 - 2014-06-10 11:14 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-10 11:14 - 2014-06-10 11:14 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Avira
2014-06-10 11:12 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-10 11:12 - 2014-05-09 11:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-10 11:12 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-10 11:10 - 2014-06-22 20:36 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-10 10:43 - 2014-06-10 10:44 - 06769280 _____ (SparkTrust) C:\Users\owner\Downloads\SparkTrust PC Cleaner Plus Setup_c9999cd_.exe
2014-06-09 22:50 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\The Campaign EXTENDED (2012)
2014-06-08 21:28 - 2014-06-08 21:28 - 00007398 _____ () C:\Users\owner\Documents\talk.txt
2014-06-08 10:17 - 2014-06-08 10:17 - 00001372 _____ () C:\Users\owner\Desktop\HWiNFO64.EXE.lnk
2014-06-08 08:37 - 2014-06-08 08:37 - 00000546 _____ () C:\Users\owner\Desktop\Emsisoft Emergency Kit.lnk
2014-06-08 08:36 - 2014-06-22 21:18 - 00000000 ____D () C:\EEK
2014-06-07 13:33 - 2014-06-11 11:22 - 00000981 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-07 12:31 - 2014-06-07 12:31 - 00001192 _____ () C:\Users\owner\Desktop\My LastPass Vault.lnk
2014-06-07 12:27 - 2014-06-07 12:28 - 14936064 _____ (LastPass) C:\Users\owner\Downloads\lastpass_x64.exe
2014-06-05 19:41 - 2014-06-05 19:40 - 00449885 _____ () C:\Windows\system32\Drivers\etc\hosts.20140605-194152.backup
2014-06-05 19:41 - 2014-06-05 19:40 - 00449885 _____ () C:\Windows\system32\Drivers\etc\hosts.20140605-194111.backup
2014-06-05 18:43 - 2014-06-05 18:43 - 00000000 ____D () C:\Users\owner\Documents\ProcAlyzer Dumps
2014-06-05 18:38 - 2014-06-22 21:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-05 08:42 - 2014-06-05 08:44 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\owner\Downloads\spybot-2.3.exe
2014-06-05 08:40 - 2014-06-18 12:15 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-06-05 08:38 - 2014-06-05 08:39 - 13829304 _____ (Microsoft Corporation) C:\Users\owner\Downloads\mseinstall (1).exe
2014-06-05 08:37 - 2014-06-05 08:37 - 00165376 _____ () C:\Users\owner\Downloads\SystemLook_x64.exe
2014-06-05 08:34 - 2014-06-05 08:34 - 13829304 _____ (Microsoft Corporation) C:\Users\owner\Downloads\mseinstall.exe
2014-06-05 08:32 - 2014-06-05 08:32 - 01059840 _____ () C:\Users\owner\Downloads\MicrosoftFixit50981.msi
2014-06-04 09:20 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\.ScreamingFrogSEOSpider
2014-06-04 09:03 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Local\Exar_Software_Research_Pv
2014-06-04 09:00 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Exar Software Research Pvt Ltd
2014-06-03 14:42 - 2014-06-04 18:39 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-02 15:53 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\[ www.Torrentday.com ] - LEGO.Star.Wars.The.Yoda.Chronicles.2013.DVDRip.XviD.AC3-EVO
2014-06-02 15:49 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\Downloads\Billboard Hot 100 (07 JUNE 2014)~CBR 320 Kbps~{AryaN_L33T}[LittleFairyRG]
2014-06-02 02:30 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\Future - Pluto {2012-Album}
2014-06-02 02:19 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\Emmure - Slave to the Game (2012)
2014-06-02 01:59 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\Mayday Parade - A Lesson In Romantics [Mp3-vrb-2007]
2014-06-02 01:54 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\Mayday Parade - Anywhere But Here
2014-06-02 01:41 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\Masks
2014-06-02 01:31 - 2014-06-20 18:11 - 00000000 ____D () C:\Users\owner\Downloads\To Plant A Seed
2014-06-02 00:38 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\Escape_The_Fate-Dying_Is_Your_Latest_Fashion-2006-MP3
2014-06-02 00:30 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\A Skylit Drive - Rise - 2013
2014-06-01 17:32 - 2014-06-01 17:33 - 01119203 _____ (HANSoft, Inc. ) C:\Users\owner\Downloads\ERWsetup.exe
2014-06-01 13:06 - 2014-06-01 13:18 - 00000800 _____ () C:\Windows\system32\PDBootState
2014-06-01 13:03 - 2014-06-22 21:13 - 00000000 ____D () C:\Program Files\Common Files\Raxco
2014-06-01 13:03 - 2014-06-22 20:43 - 00000000 ____D () C:\Program Files\Raxco
2014-06-01 13:02 - 2014-06-22 20:41 - 00000000 ____D () C:\Program Files (x86)\Raxco
2014-06-01 12:46 - 2014-06-01 12:46 - 41891360 _____ (Raxco Software, Inc. ) C:\Users\owner\Downloads\PerfectDisk_Pro_Trial.exe
2014-06-01 00:59 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\Game.of.Thrones.S04E06.HDTV.XviD-RARBG
2014-06-01 00:59 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\Game.of.Thrones.S04E03.720p.HDTV.x264-KILLERS[rarbg]
2014-05-31 23:51 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\Documents\Altova
2014-05-31 23:40 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\Downloads\Game-of-Thrones
2014-05-31 23:32 - 2014-05-31 23:34 - 259919240 _____ (Altova GmbH) C:\Users\owner\Downloads\MissionKitEnt2014_x64.exe
2014-05-31 15:05 - 2014-05-31 15:05 - 00633360 _____ (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\owner\Downloads\biosagentplus_875.exe
2014-05-31 15:01 - 2014-05-31 15:01 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2014-05-31 14:52 - 2014-06-22 21:18 - 00000000 ____D () C:\Program Files\HWiNFO64
2014-05-31 14:52 - 2014-06-14 16:38 - 00031648 _____ (REALiX™) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2014-05-31 14:50 - 2014-05-31 14:51 - 02661768 _____ (Martin Malík - REALiX ) C:\Users\owner\Downloads\hw64_438.exe
2014-05-31 14:31 - 2014-05-31 14:31 - 00231760 _____ () C:\Users\owner\Downloads\CrucialScan.exe
2014-05-31 13:23 - 2014-05-31 13:23 - 04583424 _____ () C:\Users\owner\Downloads\HPSupportSolutionsFramework.msi
2014-05-30 17:37 - 2014-05-30 17:39 - 00000000 ____D () C:\Users\owner\Desktop\Legalities
2014-05-28 19:06 - 2014-05-28 19:06 - 00000000 ____D () C:\Windows\SystemRepair
2014-05-27 07:25 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Downloads\Legend (1985) [1080p]
2014-05-26 15:40 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\AppData\Local\WindowsApplication1
2014-05-26 15:01 - 2014-06-22 20:46 - 00000000 ___RD () C:\Sandbox
2014-05-26 14:55 - 2014-06-18 17:25 - 00002404 _____ () C:\Windows\Sandboxie.ini
2014-05-26 14:55 - 2014-05-27 16:12 - 00001002 _____ () C:\Users\owner\Desktop\Sandboxed Web Browser.lnk
2014-05-26 14:53 - 2014-06-22 21:18 - 00000000 ____D () C:\Users\owner\Desktop\SandBoxie
2014-05-26 14:53 - 2014-06-22 21:18 - 00000000 ____D () C:\Program Files\Sandboxie
2014-05-25 17:34 - 2014-06-22 21:14 - 00000000 ____D () C:\Users\owner\Documents\iMacros
 
==================== One Month Modified Files and Folders =======
 
2014-06-24 13:58 - 2014-06-23 08:50 - 00000000 ____D () C:\Users\owner\Desktop\FRST
2014-06-24 13:58 - 2014-06-18 01:10 - 00000000 ____D () C:\FRST
2014-06-24 13:43 - 2014-06-24 13:42 - 00003166 _____ () C:\Users\owner\Desktop\FSS.txt
2014-06-24 13:39 - 2014-06-24 13:39 - 00415744 _____ (Farbar) C:\Users\owner\Desktop\FSS.exe
2014-06-24 13:34 - 2014-06-17 13:27 - 00218964 _____ () C:\Windows\WindowsUpdate.log
2014-06-24 09:57 - 2014-06-15 17:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-24 09:10 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-24 09:10 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-24 09:05 - 2013-02-15 03:21 - 00262144 _____ () C:\Windows\system32\Ikeext.etl
2014-06-24 09:04 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-24 09:00 - 2013-07-27 16:07 - 00000000 ____D () C:\Windows\pss
2014-06-23 08:46 - 2014-06-18 02:10 - 00005054 _____ () C:\Windows\PFRO.log
2014-06-22 23:16 - 2014-06-22 21:35 - 00002808 _____ () C:\Users\owner\Desktop\unhide.txt
2014-06-22 23:07 - 2014-06-18 17:39 - 00000000 ____D () C:\Users\owner\Desktop\File Checksum
2014-06-22 23:05 - 2014-06-22 23:05 - 00000000 ____D () C:\SQLCritUpdPkg
2014-06-22 23:05 - 2014-06-15 15:46 - 00000000 ____D () C:\Users\owner\Desktop\Antivirus Folders
2014-06-22 21:33 - 2014-06-22 21:32 - 29183200 _____ (Microsoft Corporation) C:\Users\owner\Desktop\Windows-KB890830-x64-V5.13.exe
2014-06-22 21:31 - 2014-06-22 21:29 - 107726072 _____ (Microsoft Corporation) C:\Users\owner\Desktop\msert.exe
2014-06-22 21:19 - 2014-06-18 19:33 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-22 21:19 - 2011-04-08 12:10 - 00000000 ____D () C:\Program Files (x86)\PlayReady
2014-06-22 21:18 - 2014-06-17 23:56 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-06-22 21:18 - 2014-06-16 11:27 - 00000000 ____D () C:\Users\owner\Downloads\Linkin Park - The Hunting Party (Deluxe Edition) 2014 2CD 320kbps CBR MP3 [VX]
2014-06-22 21:18 - 2014-06-15 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-22 21:18 - 2014-06-15 13:53 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ZumoDrive
2014-06-22 21:18 - 2014-06-15 13:23 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Wise Registry Cleaner
2014-06-22 21:18 - 2014-06-15 12:20 - 00000000 ____D () C:\Users\owner\Desktop\New folder (2)
2014-06-22 21:18 - 2014-06-09 22:50 - 00000000 ____D () C:\Users\owner\Downloads\The Campaign EXTENDED (2012)
2014-06-22 21:18 - 2014-06-08 08:36 - 00000000 ____D () C:\EEK
2014-06-22 21:18 - 2014-06-05 18:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-22 21:18 - 2014-06-04 09:20 - 00000000 ____D () C:\Users\owner\.ScreamingFrogSEOSpider
2014-06-22 21:18 - 2014-06-02 15:53 - 00000000 ____D () C:\Users\owner\Downloads\[ www.Torrentday.com ] - LEGO.Star.Wars.The.Yoda.Chronicles.2013.DVDRip.XviD.AC3-EVO
2014-06-22 21:18 - 2014-06-02 00:38 - 00000000 ____D () C:\Users\owner\Downloads\Escape_The_Fate-Dying_Is_Your_Latest_Fashion-2006-MP3
2014-06-22 21:18 - 2014-06-02 00:30 - 00000000 ____D () C:\Users\owner\Downloads\A Skylit Drive - Rise - 2013
2014-06-22 21:18 - 2014-06-01 00:59 - 00000000 ____D () C:\Users\owner\Downloads\Game.of.Thrones.S04E06.HDTV.XviD-RARBG
2014-06-22 21:18 - 2014-06-01 00:59 - 00000000 ____D () C:\Users\owner\Downloads\Game.of.Thrones.S04E03.720p.HDTV.x264-KILLERS[rarbg]
2014-06-22 21:18 - 2014-05-31 14:52 - 00000000 ____D () C:\Program Files\HWiNFO64
2014-06-22 21:18 - 2014-05-27 07:25 - 00000000 ____D () C:\Users\owner\Downloads\Legend (1985) [1080p]
2014-06-22 21:18 - 2014-05-26 14:53 - 00000000 ____D () C:\Users\owner\Desktop\SandBoxie
2014-06-22 21:18 - 2014-05-26 14:53 - 00000000 ____D () C:\Program Files\Sandboxie
2014-06-22 21:18 - 2014-05-24 13:03 - 00000000 ____D () C:\Program Files\iTunes
2014-06-22 21:18 - 2014-05-14 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-22 21:18 - 2014-05-12 19:51 - 00000000 ____D () C:\Users\owner\Downloads\Alpha.House.2014.DVDRip.XviD.MP3-RARBG
2014-06-22 21:18 - 2014-05-11 10:19 - 00000000 ____D () C:\Windows\Minidump
2014-06-22 21:18 - 2014-05-10 21:25 - 00000000 ____D () C:\Users\owner\Downloads\Dead Shadows [2012] BRRip XViD juggs[ETRG]
2014-06-22 21:18 - 2014-05-05 20:50 - 00000000 ____D () C:\Users\owner\Downloads\RoboCop [2014] HDRip XviD-SaM[ETRG]
2014-06-22 21:18 - 2014-05-05 14:23 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-06-22 21:18 - 2014-05-03 14:00 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Intel
2014-06-22 21:18 - 2014-05-03 01:57 - 00000000 ____D () C:\Users\owner\AppData\Roaming\SystemRequirementsLab
2014-06-22 21:18 - 2014-05-03 01:57 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-06-22 21:18 - 2014-05-02 01:00 - 00000000 ____D () C:\Program Files (x86)\ScreenshotCaptor
2014-06-22 21:18 - 2014-05-01 20:42 - 00000000 ____D () C:\Users\owner\Desktop\Robert's
2014-06-22 21:18 - 2014-05-01 19:13 - 00000000 ____D () C:\Users\owner\Documents\Ccleaner reg. backups
2014-06-22 21:18 - 2014-04-30 19:22 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-22 21:18 - 2014-04-29 00:15 - 00000000 ____D () C:\Intel
2014-06-22 21:18 - 2014-04-28 11:29 - 00000000 ____D () C:\Users\owner\AppData\Roaming\DG
2014-06-22 21:18 - 2014-04-28 11:29 - 00000000 ____D () C:\Program Files (x86)\Thread Manager
2014-06-22 21:18 - 2014-04-23 16:12 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core
2014-06-22 21:18 - 2014-04-23 16:04 - 00000000 ____D () C:\Users\owner\Desktop\Bit Coin
2014-06-22 21:18 - 2014-04-22 22:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-22 21:18 - 2014-04-13 22:25 - 00000000 ____D () C:\Users\owner\Desktop\BOTS
2014-06-22 21:18 - 2014-04-13 20:15 - 00000000 ____D () C:\Users\owner\Desktop\ODesk Team App
2014-06-22 21:18 - 2014-04-12 15:55 - 00000000 ____D () C:\Users\owner\Desktop\Game Shortcuts
2014-06-22 21:18 - 2014-04-12 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-22 21:18 - 2014-04-12 14:42 - 00000000 ____D () C:\Windows\Microsoft.VC90.MFC
2014-06-22 21:18 - 2014-04-12 14:42 - 00000000 ____D () C:\Windows\Microsoft.VC90.CRT
2014-06-22 21:18 - 2014-04-12 14:42 - 00000000 ____D () C:\Windows\Microsoft.VC90.ATL
2014-06-22 21:18 - 2014-04-11 20:19 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2014-06-22 21:18 - 2013-10-17 21:36 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-22 21:18 - 2013-10-17 04:34 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-22 21:18 - 2013-10-07 16:29 - 00000000 ____D () C:\Users\owner\Desktop\Microsoft Office
2014-06-22 21:18 - 2013-10-07 16:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-06-22 21:18 - 2013-09-28 15:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-06-22 21:18 - 2013-09-11 14:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-22 21:18 - 2013-09-05 00:14 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-22 21:18 - 2013-09-01 12:03 - 00000000 ____D () C:\Program Files (x86)\Universal Document Converter
2014-06-22 21:18 - 2013-08-22 11:06 - 00000000 ____D () C:\Users\owner\AppData\Roaming\KompoZer
2014-06-22 21:18 - 2013-08-22 10:00 - 00000000 ____D () C:\Program Files (x86)\Ultimate Business Software
2014-06-22 21:18 - 2013-08-17 13:20 - 00000000 ____D () C:\Program Files (x86)\436534001
2014-06-22 21:18 - 2013-08-16 16:27 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2014-06-22 21:18 - 2013-04-10 21:48 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-22 21:18 - 2013-03-02 05:54 - 00000000 ____D () C:\Users\owner\Downloads\Games
2014-06-22 21:18 - 2011-02-10 14:23 - 00000000 ____D () C:\SYSTEM.SAV
2014-06-22 21:18 - 2010-01-13 18:44 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-06-22 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-06-22 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-06-22 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-06-22 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-06-22 21:18 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Recovery
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sppui
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ras
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\manifeststore
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\icsxml
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ias
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\he-IL
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\et-EE
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\com
2014-06-22 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2014-06-22 21:17 - 2014-06-17 23:55 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-06-22 21:17 - 2014-06-14 03:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-22 21:17 - 2014-05-07 02:10 - 00000000 ____D () C:\Users\owner\Desktop\K-Lite Codec Pack
2014-06-22 21:17 - 2013-10-17 04:34 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Skype
2014-06-22 21:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-06-22 21:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-06-22 21:16 - 2014-06-19 22:56 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-06-22 21:16 - 2013-08-06 20:49 - 00000000 ____D () C:\Windows\system32\Macromed
2014-06-22 21:16 - 2013-07-12 13:58 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-06-22 21:16 - 2013-02-16 01:45 - 00000000 ____D () C:\Windows\SysWOW64\C2MP
2014-06-22 21:16 - 2011-04-08 12:25 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2014-06-22 21:16 - 2011-04-08 12:18 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-06-22 21:16 - 2011-04-08 12:10 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-06-22 21:16 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\system32\winrm
2014-06-22 21:16 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\system32\WCN
2014-06-22 21:16 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\system32\slmgr
2014-06-22 21:16 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-06-22 21:16 - 2010-01-13 18:45 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-06-22 21:16 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-06-22 21:16 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\spp
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\spool
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Speech
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\SMI
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NetworkList
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-06-22 21:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\IME
2014-06-22 21:15 - 2014-06-19 13:27 - 00000000 ____D () C:\Windows\SHELLNEW
2014-06-22 21:15 - 2014-06-17 23:55 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-06-22 21:15 - 2014-06-11 10:06 - 00000000 ____D () C:\Windows\erdnt
2014-06-22 21:15 - 2014-05-18 01:17 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-06-22 21:15 - 2013-02-20 14:20 - 00000000 ____D () C:\Windows\Bejeweled 3
2014-06-22 21:15 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup
2014-06-22 21:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2014-06-22 21:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2014-06-22 21:14 - 2014-06-22 01:28 - 00000000 ____D () C:\Users\owner\Desktop\new antivirus
2014-06-22 21:14 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-22 21:14 - 2014-06-18 18:10 - 00000000 ____D () C:\Users\owner\AppData\Local\AdTrustMedia
2014-06-22 21:14 - 2014-06-16 16:27 - 00000000 ____D () C:\Users\owner\AppData\Local\Unity
2014-06-22 21:14 - 2014-06-04 09:03 - 00000000 ____D () C:\Users\owner\AppData\Local\Exar_Software_Research_Pv
2014-06-22 21:14 - 2014-06-04 09:00 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Exar Software Research Pvt Ltd
2014-06-22 21:14 - 2014-06-02 15:49 - 00000000 ____D () C:\Users\owner\Downloads\Billboard Hot 100 (07 JUNE 2014)~CBR 320 Kbps~{AryaN_L33T}[LittleFairyRG]
2014-06-22 21:14 - 2014-05-31 23:51 - 00000000 ____D () C:\Users\owner\Documents\Altova
2014-06-22 21:14 - 2014-05-31 23:40 - 00000000 ____D () C:\Users\owner\Downloads\Game-of-Thrones
2014-06-22 21:14 - 2014-05-26 15:40 - 00000000 ____D () C:\Users\owner\AppData\Local\WindowsApplication1
2014-06-22 21:14 - 2014-05-25 17:34 - 00000000 ____D () C:\Users\owner\Documents\iMacros
2014-06-22 21:14 - 2014-05-17 20:24 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-22 21:14 - 2014-05-04 21:47 - 00000000 ____D () C:\Users\owner\Downloads\Civilization 3 Full by Zimoch
2014-06-22 21:14 - 2014-05-04 21:34 - 00000000 ____D () C:\Users\owner\Downloads\Reallusion CrazyTalk Animator Pro v1.2.2010.1 Incl Crack [TorDigger]
2014-06-22 21:14 - 2014-04-13 20:15 - 00000000 ____D () C:\Users\owner\Desktop\proxy google
2014-06-22 21:14 - 2013-10-22 16:34 - 00000000 ____D () C:\swsetup
2014-06-22 21:14 - 2013-09-23 18:00 - 00000000 ____D () C:\Users\owner\AppData\Local\Palo_Alto_Software
2014-06-22 21:14 - 2013-09-01 11:26 - 00000000 ____D () C:\Users\owner\AppData\Roaming\PDF Software
2014-06-22 21:14 - 2013-08-18 00:58 - 00000000 ____D () C:\Users\owner\Documents\Image-Line
2014-06-22 21:14 - 2013-08-18 00:36 - 00000000 ____D () C:\Users\owner\Documents\VirtualDJ Instructions
2014-06-22 21:14 - 2013-08-02 18:55 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-22 21:14 - 2013-02-09 16:51 - 00000000 ____D () C:\Users\owner\AppData\Local\Apps\2.0
2014-06-22 21:14 - 2013-01-22 21:26 - 00000000 ____D () C:\Users\Public\CyberLink
2014-06-22 21:14 - 2013-01-22 21:22 - 00000000 ____D () C:\Users\owner\AppData\Local\RemEngine
2014-06-22 21:14 - 2013-01-22 21:20 - 00000000 ____D () C:\Users\owner\AppData\Local\Hewlett-Packard_Company
2014-06-22 21:14 - 2013-01-22 21:20 - 00000000 ____D () C:\Users\owner\AppData\Local\Hewlett-Packard
2014-06-22 21:14 - 2013-01-22 21:18 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-22 21:14 - 2013-01-22 21:18 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-22 21:13 - 2014-06-19 11:55 - 00000000 ____D () C:\Program Files (x86)\Spybot -1 Search & Destroy 2
2014-06-22 21:13 - 2014-06-17 15:33 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-06-22 21:13 - 2014-06-01 13:03 - 00000000 ____D () C:\Program Files\Common Files\Raxco
2014-06-22 21:13 - 2014-05-24 13:03 - 00000000 ____D () C:\Program Files\iPod
2014-06-22 21:13 - 2014-05-05 14:23 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-22 21:13 - 2013-10-07 16:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-06-22 21:13 - 2013-10-07 16:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-06-22 21:13 - 2013-10-07 16:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-06-22 21:13 - 2013-09-13 14:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-22 21:13 - 2011-04-08 12:11 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-06-22 21:13 - 2011-04-08 12:09 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-06-22 21:13 - 2010-12-02 20:30 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-06-22 21:13 - 2010-01-13 18:45 - 00000000 ____D () C:\Program Files\Realtek
2014-06-22 21:13 - 2010-01-13 18:42 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-06-22 21:13 - 2010-01-13 18:41 - 00000000 ____D () C:\Program Files\Synaptics
2014-06-22 21:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-22 21:12 - 2014-06-20 19:51 - 00000000 ____D () C:\Panda Cloud Cleaner
2014-06-22 21:12 - 2014-06-15 16:24 - 00000000 ____D () C:\AdwCleaner
2014-06-22 21:12 - 2014-06-14 16:06 - 00000000 ____D () C:\Program Files (x86)\Badosoft
2014-06-22 21:12 - 2013-09-23 17:59 - 00000000 ____D () C:\Program Files (x86)\Business Plan Pro
2014-06-22 21:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-06-22 21:07 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-06-22 21:07 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-06-22 21:07 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-06-22 21:07 - 2010-11-21 02:06 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-06-22 21:07 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Web
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Vss
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\spp
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\NetworkList
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Msdtc
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\InstallShield
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\IME
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-06-22 21:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-06-22 20:59 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Performance
2014-06-22 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-06-22 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2014-06-22 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-06-22 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-22 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PLA
2014-06-22 20:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\IME
2014-06-22 20:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Globalization
2014-06-22 20:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2014-06-22 20:54 - 2013-08-19 22:15 - 00000000 ____D () C:\Users\Public\Documents\My Projects
2014-06-22 20:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-06-22 20:53 - 2014-06-10 14:42 - 00000000 ____D () C:\Users\owner\Downloads\TrendMicro AntiThreat Toolkit
2014-06-22 20:50 - 2014-05-02 01:00 - 00000000 ____D () C:\Users\owner\Documents\DonationCoder
2014-06-22 20:50 - 2014-04-15 15:38 - 00000000 ____D () C:\Users\owner\Desktop\Win Tweak
2014-06-22 20:47 - 2014-06-18 19:34 - 00000000 ____D () C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
2014-06-22 20:46 - 2014-06-22 01:49 - 00000000 ____D () C:\Trend Micro
2014-06-22 20:46 - 2014-06-13 11:15 - 00000000 ____D () C:\Users\owner\AppData\Local\ChemTable Software
2014-06-22 20:46 - 2014-06-13 11:15 - 00000000 ____D () C:\Users\owner\AppData\Local\AnVir
2014-06-22 20:46 - 2014-06-11 10:06 - 00000000 ____D () C:\Qoobox
2014-06-22 20:46 - 2014-05-26 15:01 - 00000000 ___RD () C:\Sandbox
2014-06-22 20:46 - 2014-05-09 17:03 - 00000000 ____D () C:\Users\owner\AppData\Roaming\IObit
2014-06-22 20:46 - 2014-04-25 16:50 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Bitcoin
2014-06-22 20:46 - 2014-04-15 16:27 - 00000000 ____D () C:\Users\owner\AppData\Local\Skype
2014-06-22 20:46 - 2013-10-15 11:32 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Dropbox
2014-06-22 20:46 - 2013-09-23 11:21 - 00000000 ____D () C:\Users\owner\AppData\Local\SlimWare Utilities Inc
2014-06-22 20:46 - 2013-08-18 00:58 - 00000000 ____D () C:\Users\owner\AppData\Roaming\FlowStone
2014-06-22 20:46 - 2013-02-15 22:35 - 00000000 ____D () C:\Users\owner\AppData\Roaming\DAEMON Tools Lite
2014-06-22 20:46 - 2013-02-08 16:05 - 00000000 ____D () C:\Users\owner\AppData\Local\Microsoft Games
2014-06-22 20:46 - 2013-02-06 16:38 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Mozilla
2014-06-22 20:46 - 2013-02-06 16:38 - 00000000 ____D () C:\Users\owner\AppData\Local\Google
2014-06-22 20:46 - 2013-02-05 18:48 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Adobe
2014-06-22 20:46 - 2013-01-22 21:26 - 00000000 ____D () C:\Users\owner\AppData\Local\CyberLink
2014-06-22 20:46 - 2013-01-22 21:19 - 00000000 ____D () C:\Users\owner\AppData\Local\VirtualStore
2014-06-22 20:46 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default
2014-06-22 20:44 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-06-22 20:44 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-22 20:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-06-22 20:43 - 2014-06-15 13:22 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-06-22 20:43 - 2014-06-01 13:03 - 00000000 ____D () C:\Program Files\Raxco
2014-06-22 20:43 - 2013-10-07 16:04 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-06-22 20:43 - 2011-04-08 12:24 - 00000000 ____D () C:\Program Files\Java
2014-06-22 20:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-06-22 20:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-06-22 20:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-06-22 20:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-06-22 20:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2014-06-22 20:41 - 2014-06-01 13:02 - 00000000 ____D () C:\Program Files (x86)\Raxco
2014-06-22 20:41 - 2013-09-23 17:39 - 00000000 ____D () C:\Program Files (x86)\STM8en
2014-06-22 20:41 - 2013-08-19 20:15 - 00000000 ____D () C:\Program Files (x86)\Outsim
2014-06-22 20:41 - 2013-07-27 18:27 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-22 20:41 - 2013-02-06 16:37 - 00000000 ____D () C:\Program Files (x86)\Rovio
2014-06-22 20:41 - 2011-04-08 12:19 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-06-22 20:41 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-06-22 20:41 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-22 20:41 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-06-22 20:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2014-06-22 20:40 - 2011-04-08 12:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE
2014-06-22 20:39 - 2014-04-15 13:57 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-06-22 20:39 - 2013-08-14 20:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-22 20:39 - 2011-04-08 12:23 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-06-22 20:39 - 2011-04-08 12:10 - 00000000 ____D () C:\Program Files (x86)\K-NFB Reading Technology Inc
2014-06-22 20:39 - 2010-01-13 18:43 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-06-22 20:38 - 2013-09-09 16:11 - 00000000 ____D () C:\Program Files (x86)\eBay
2014-06-22 20:37 - 2013-10-17 04:10 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-06-22 20:36 - 2014-06-17 15:33 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-06-22 20:36 - 2014-06-10 11:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-22 20:36 - 2011-04-08 12:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-22 20:36 - 2010-01-13 18:42 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-22 20:35 - 2014-04-26 17:45 - 00000000 ____D () C:\MinGW
2014-06-22 20:35 - 2013-10-07 16:03 - 00000000 ___RD () C:\MSOCache
2014-06-22 20:34 - 2011-02-14 14:38 - 00000000 ____D () C:\HP
2014-06-22 20:10 - 2014-06-14 16:58 - 00000000 ____D () C:\Users\owner\Desktop\New folder
2014-06-22 20:04 - 2013-02-13 00:27 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps
2014-06-22 18:45 - 2013-01-22 21:18 - 00000000 ____D () C:\Users\owner
2014-06-22 16:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-06-22 15:16 - 2013-02-06 17:15 - 00007611 _____ () C:\Users\owner\AppData\Local\Resmon.ResmonCfg
2014-06-22 13:46 - 2014-06-22 13:46 - 00000027 _____ () C:\Users\owner\Downloads\apppath.torun
2014-06-22 11:41 - 2014-06-22 11:41 - 00000000 ____D () C:\Users\owner\Desktop\DLL'S REPLACE
2014-06-22 01:49 - 2014-06-21 13:32 - 00002935 _____ () C:\Users\owner\Desktop\HiJackThis.lnk
2014-06-21 15:30 - 2009-07-14 00:13 - 00791212 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-21 15:25 - 2014-06-17 13:45 - 00002520 _____ () C:\Windows\setupact.log
2014-06-21 13:26 - 2014-06-21 13:26 - 05209566 _____ (Swearware) C:\Users\owner\Desktop\ComboFix.exe
2014-06-21 13:26 - 2014-06-21 13:26 - 01402880 _____ () C:\Users\owner\Desktop\HiJackThis.msi
2014-06-20 22:24 - 2014-06-20 22:18 - 00003392 _____ () C:\Windows\System32\Tasks\Log-Test1
2014-06-20 22:17 - 2014-06-20 22:17 - 00000114 _____ () C:\local.conf
2014-06-20 22:17 - 2014-06-15 17:19 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-20 22:13 - 2014-06-20 22:09 - 00003792 _____ () C:\Windows\System32\Tasks\My BabyCakin
2014-06-20 21:48 - 2014-06-20 00:11 - 00000000 ____D () C:\Program Files\stinger
2014-06-20 19:51 - 2014-06-20 19:51 - 00000708 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-06-20 19:47 - 2013-09-02 21:20 - 00000000 ____D () C:\Users\owner\AppData\Roaming\NCH Software
2014-06-20 19:35 - 2014-06-20 19:35 - 01369720 _____ () C:\Users\owner\Desktop\PandaCloudAntivirus.exe
2014-06-20 19:35 - 2014-06-20 19:34 - 30115912 _____ (Panda Security ) C:\Users\owner\Desktop\PandaCloudCleaner.exe
2014-06-20 19:21 - 2014-06-20 19:21 - 00291863 _____ () C:\Users\owner\Desktop\Rootkit List.htm
2014-06-20 19:19 - 2014-06-20 19:19 - 00065137 _____ () C:\Users\owner\Desktop\How to Manually Remove a Rootkit Infection   eHow.htm
2014-06-20 19:17 - 2014-06-20 19:17 - 05124208 _____ (F-Secure Corporation) C:\Users\owner\Desktop\F-SecureOnlineScanner-HC.exe
2014-06-20 18:55 - 2014-06-20 18:14 - 00626118 _____ () C:\Windows\system32\HWiNFO64.DBG
2014-06-20 18:11 - 2014-06-02 02:30 - 00000000 ____D () C:\Users\owner\Downloads\Future - Pluto {2012-Album}
2014-06-20 18:11 - 2014-06-02 02:19 - 00000000 ____D () C:\Users\owner\Downloads\Emmure - Slave to the Game (2012)
2014-06-20 18:11 - 2014-06-02 01:59 - 00000000 ____D () C:\Users\owner\Downloads\Mayday Parade - A Lesson In Romantics [Mp3-vrb-2007]
2014-06-20 18:11 - 2014-06-02 01:54 - 00000000 ____D () C:\Users\owner\Downloads\Mayday Parade - Anywhere But Here
2014-06-20 18:11 - 2014-06-02 01:41 - 00000000 ____D () C:\Users\owner\Downloads\Masks
2014-06-20 18:11 - 2014-06-02 01:31 - 00000000 ____D () C:\Users\owner\Downloads\To Plant A Seed
2014-06-20 18:11 - 2013-09-01 12:03 - 00000000 ___RD () C:\Users\owner\Documents\UDC Output Files
2014-06-20 18:07 - 2014-06-20 00:08 - 00000000 ____D () C:\Program Files (x86)\door2windows
2014-06-20 13:45 - 2013-09-23 12:18 - 00000000 ____D () C:\Program Files (x86)\Softlogic Innovations
2014-06-20 13:29 - 2014-06-14 15:48 - 00000000 ____D () C:\Users\owner\Documents\WPA Files
2014-06-20 13:25 - 2013-09-28 15:03 - 00000000 ____D () C:\Users\owner\AppData\Local\Windows Live
2014-06-20 13:18 - 2013-10-05 23:52 - 00000000 ____D () C:\Users\owner\AppData\Local\IsolatedStorage
2014-06-20 12:55 - 2013-08-17 22:18 - 00000000 ____D () C:\Users\owner\Downloads\Movies
2014-06-20 11:49 - 2013-10-17 06:18 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-06-20 11:48 - 2013-02-06 15:48 - 00000000 ____D () C:\Users\owner\AppData\Roaming\uTorrent
2014-06-20 11:34 - 2014-06-20 11:34 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\owner\Desktop\unhide.exe
2014-06-19 23:22 - 2014-06-19 23:06 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-06-19 23:01 - 2014-06-19 23:00 - 13429504 _____ (Disc Soft Ltd) C:\Users\owner\Downloads\DTLite4491-0356.exe
2014-06-19 22:51 - 2014-06-18 02:13 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-06-19 12:49 - 2014-06-17 23:56 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-06-19 12:49 - 2014-06-17 23:56 - 00007631 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-06-19 11:55 - 2014-06-19 11:55 - 00001352 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-18 21:44 - 2014-06-18 21:44 - 19739904 _____ (SUPERAntiSpyware) C:\Users\owner\Downloads\SUPERAntiSpyware.exe
2014-06-18 19:35 - 2014-06-18 19:33 - 00001973 _____ () C:\Users\owner\Desktop\SUPERAntiSpyware Professional.lnk
2014-06-18 18:54 - 2014-06-18 18:53 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\eXplorer.exe
2014-06-18 18:53 - 2014-06-18 18:52 - 14349744 _____ (Malwarebytes Corp.) C:\Users\owner\Downloads\mbar-1.07.0.1012.exe
2014-06-18 18:09 - 2014-06-18 18:09 - 00000000 ____D () C:\Users\owner\AppData\Roaming\devcoin
2014-06-18 17:25 - 2014-05-26 14:55 - 00002404 _____ () C:\Windows\Sandboxie.ini
2014-06-18 16:09 - 2014-06-18 16:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\owner\Downloads\revosetup.exe
2014-06-18 16:09 - 2014-06-18 16:09 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\FixExec.com
2014-06-18 16:03 - 2014-06-18 16:03 - 04707328 _____ () C:\Users\owner\Downloads\RogueKiller.exe
2014-06-18 16:03 - 2014-06-18 16:03 - 00000194 _____ () C:\Users\owner\Downloads\hosts-perm.bat
2014-06-18 16:00 - 2014-06-18 16:00 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\owner\Downloads\ADSSpy.exe
2014-06-18 12:15 - 2014-06-05 08:40 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-06-18 02:30 - 2014-06-18 02:30 - 00033123 _____ () C:\ComboFix.txt
2014-06-18 02:12 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-18 02:09 - 2014-05-18 02:14 - 84672512 _____ () C:\Windows\system32\config\software.bak
2014-06-18 02:09 - 2009-07-13 21:34 - 04980736 _____ () C:\Windows\system32\config\default.bak
2014-06-18 02:09 - 2009-07-13 21:34 - 00090112 _____ () C:\Windows\system32\config\sam.bak
2014-06-18 02:09 - 2009-07-13 21:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-06-18 01:50 - 2014-06-18 01:50 - 05206841 _____ (Swearware) C:\Users\owner\Downloads\ComboFix.exe
2014-06-18 01:44 - 2014-06-18 01:44 - 00000060 _____ () C:\Users\owner\Downloads\RestoreSecurityProcessorLoaderDriverWindows7.bat
2014-06-18 01:28 - 2013-02-09 01:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-06-17 23:56 - 2014-06-17 23:56 - 00000000 ____D () C:\Program Files\Symantec
2014-06-17 23:19 - 2014-06-17 23:19 - 00269016 _____ () C:\Windows\Minidump\061714-26520-01.dmp
2014-06-17 23:19 - 2014-06-17 23:18 - 227445472 _____ () C:\Windows\MEMORY.DMP
2014-06-17 22:28 - 2007-01-01 20:25 - 00000000 ____D () C:\Windows\Panther
2014-06-17 22:26 - 2014-06-17 22:26 - 00000000 _____ () C:\Users\owner\Documents\Default.rdp
2014-06-17 18:56 - 2014-06-10 15:49 - 00000000 ____D () C:\Users\owner\Downloads\TMRBLog
2014-06-17 18:52 - 2014-06-17 18:52 - 00000000 _____ () C:\Users\owner\defogger_reenable
2014-06-17 15:36 - 2013-08-03 17:29 - 00000000 ____D () C:\Users\Guest
2014-06-17 15:36 - 2013-08-03 17:29 - 00000000 ____D () C:\Users\Administrator
2014-06-17 15:34 - 2014-06-17 15:34 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-06-17 15:28 - 2014-06-17 15:25 - 230403208 _____ (COMODO) C:\Users\owner\Downloads\cfw_installer.exe
2014-06-17 15:10 - 2014-06-17 15:10 - 00688992 _____ (Swearware) C:\Users\owner\Downloads\dds.com
2014-06-17 15:09 - 2014-06-17 15:09 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ParetoLogic
2014-06-17 15:06 - 2014-06-17 15:06 - 00050477 _____ () C:\Users\owner\Downloads\Defogger.exe
2014-06-17 15:05 - 2014-06-17 15:04 - 05938328 _____ (ParetoLogic, Inc.) C:\Users\owner\Downloads\RegCureProSetup.exe
2014-06-17 14:40 - 2014-06-17 14:40 - 00000046 _____ () C:\Users\owner\Downloads\RestoreAppIDDriverWindows7.bat
2014-06-17 13:45 - 2014-06-17 13:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-17 13:39 - 2014-06-17 13:39 - 00140592 _____ () C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-17 13:39 - 2014-06-17 13:38 - 00489936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-17 13:27 - 2014-06-11 11:23 - 00000000 ____D () C:\OETemp
2014-06-17 13:24 - 2013-10-15 09:59 - 00000294 _____ () C:\Windows\Tasks\SlimCleaner Run.job
2014-06-17 12:46 - 2014-06-17 12:46 - 00022528 _____ (Microsoft) C:\Users\owner\Downloads\RunAsSystem.exe
2014-06-17 11:00 - 2014-06-17 11:00 - 00047616 _____ () C:\Users\owner\Downloads\Win32kDiag.exe
2014-06-17 09:56 - 2014-06-17 09:56 - 00472064 _____ ( ) C:\Users\owner\Downloads\RootRepeal.exe
2014-06-17 09:47 - 2014-06-17 09:46 - 00854390 _____ () C:\Users\owner\Downloads\SecurityCheck.exe
2014-06-16 16:25 - 2014-06-16 16:25 - 01080528 _____ (Unity Technologies ApS) C:\Users\owner\Downloads\UnityWebPlayer.exe
2014-06-16 11:24 - 2014-06-16 11:24 - 00045342 _____ () C:\Users\owner\Downloads\Game.of.Thrones.S04E10.720p.HDTV.x264-KILLERS.srt
2014-06-15 17:19 - 2014-06-15 17:19 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-15 17:07 - 2014-06-11 11:27 - 00000000 ____D () C:\Users\owner\AppData\Local\Trend Micro
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\SysWOW64\FxsTmp
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-15 15:31 - 2014-06-15 15:31 - 00000000 ____D () C:\Windows\addins
2014-06-15 15:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-06-15 15:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-06-15 14:50 - 2014-06-15 14:50 - 00380416 _____ () C:\Users\owner\Downloads\7xw8cr4k.exe
2014-06-15 14:46 - 2014-06-15 14:46 - 00000020 _____ () C:\Windows\põ®
2014-06-15 14:19 - 2014-06-15 14:15 - 00231960 _____ () C:\Windows\RegBootClean64.exe
2014-06-15 14:19 - 2014-06-15 14:15 - 00013482 _____ () C:\Windows\RegBootClean64.CFG
2014-06-15 13:23 - 2014-06-15 13:23 - 00001209 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-06-15 13:21 - 2014-06-15 13:21 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-Wise_Registry_Cleaner-SEO-10605508.exe
2014-06-15 12:47 - 2014-06-15 12:47 - 01333465 _____ () C:\Users\owner\Downloads\AdwCleaner.exe
2014-06-15 12:47 - 2014-06-15 12:47 - 00400384 _____ (Farbar) C:\Users\owner\Downloads\MiniToolBox.exe
2014-06-15 12:46 - 2014-06-15 12:46 - 01073152 _____ (Farbar) C:\Users\owner\Downloads\FRST.exe
2014-06-15 12:42 - 2014-06-15 12:42 - 02081792 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe
2014-06-15 12:40 - 2014-06-15 12:39 - 00000000 ____D () C:\MGADiagToolOutput
2014-06-15 12:36 - 2014-06-15 12:36 - 02031992 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MGADiag.exe
2014-06-15 09:31 - 2014-06-15 09:31 - 02670520 _____ (Martin Malík - REALiX ) C:\Users\owner\Downloads\hw64_440.exe
2014-06-14 16:38 - 2014-05-31 14:52 - 00031648 _____ (REALiX™) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2014-06-14 16:03 - 2014-06-14 16:02 - 05477376 _____ () C:\Users\owner\Downloads\Latency Optimizer.msi
2014-06-14 16:03 - 2014-06-14 15:51 - 00000000 ____D () C:\Symbols
2014-06-14 16:03 - 2014-06-14 15:48 - 00000000 ____D () C:\SymCache
2014-06-14 15:48 - 2014-06-14 15:47 - 00000000 ____D () C:\Users\owner\AppData\Local\Windows Performance Analyzer
2014-06-14 15:42 - 2014-06-14 15:40 - 52756480 _____ () C:\kernel.etl
2014-06-14 15:28 - 2014-06-14 15:28 - 01435472 _____ (Microsoft Corporation) C:\Users\owner\Downloads\adksetup.exe
2014-06-14 15:23 - 2014-06-14 15:23 - 00301688 _____ (Thesycon GmbH) C:\Users\owner\Downloads\dpclat.exe
2014-06-14 13:31 - 2013-10-17 04:12 - 00000000 ____D () C:\Users\owner\Documents\Youcam
2014-06-14 13:25 - 2014-06-14 13:21 - 204395288 _____ () C:\Users\owner\Downloads\YouCam_5.0.3618.0_HW_Patch_YUC131217-01.exe
2014-06-14 13:21 - 2014-06-14 13:21 - 01029080 _____ (CyberLink) C:\Users\owner\Downloads\CyberLink_YouCam_Downloader.exe
2014-06-14 11:24 - 2014-06-14 11:23 - 12329704 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\owner\Downloads\SASDEFINITIONS.EXE
2014-06-14 03:29 - 2014-06-14 03:29 - 00000000 ____D () C:\SUPERDelete
2014-06-14 00:32 - 2014-06-14 00:32 - 01294512 _____ (Uniblue Systems Limited ) C:\Users\owner\Downloads\speedupmypc.exe
2014-06-13 20:54 - 2014-06-13 20:53 - 19671928 _____ (SUPERAntiSpyware) C:\Users\owner\Downloads\SUPERAntiSpywarePro.exe
2014-06-13 11:15 - 2014-06-13 11:15 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ChemTable Software
2014-06-13 00:25 - 2014-06-13 00:25 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-AnVir_Task_Manager_Free-SEO-10802050.exe
2014-06-13 00:24 - 2014-06-13 00:24 - 00929416 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi188-Security_Task_Manager-SEO-10246545.exe
2014-06-12 18:41 - 2014-06-12 18:40 - 06185059 _____ (Ixcoin project) C:\Users\owner\Downloads\ixcoin-0.3.24.3-win32-setup.exe
2014-06-12 04:41 - 2013-07-27 19:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 04:40 - 2013-02-09 04:23 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 14:24 - 2014-06-11 14:24 - 00000000 ____D () C:\Users\owner\AppData\Local\Adobe
2014-06-11 11:37 - 2014-06-11 11:36 - 00000085 _____ () C:\Windows\wininit.ini
2014-06-11 11:36 - 2014-06-11 11:36 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-11 11:33 - 2014-06-10 16:18 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-06-11 11:22 - 2014-06-07 13:33 - 00000981 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-11 11:21 - 2014-06-11 11:21 - 00257865 _____ () C:\Users\owner\AppData\Local\census.cache
2014-06-11 11:21 - 2014-06-11 11:21 - 00172466 _____ () C:\Users\owner\AppData\Local\ars.cache
2014-06-11 10:57 - 2014-06-11 10:57 - 00000010 _____ () C:\Users\owner\AppData\Local\sponge.last.runtime.cache
2014-06-11 10:49 - 2014-06-11 10:49 - 02473936 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\HousecallLauncher64.exe
2014-06-11 10:47 - 2014-06-11 10:47 - 00186328 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2014-06-11 10:26 - 2014-06-11 10:25 - 111278192 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\TTi_7.0_HE_64bit.exe
2014-06-11 10:24 - 2014-06-11 10:24 - 14839344 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171x64 (1).exe
2014-06-10 15:51 - 2014-06-10 15:51 - 14839344 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171x64.exe
2014-06-10 14:55 - 2014-06-10 14:54 - 89095528 _____ (Sophos Limited) C:\Users\owner\Downloads\Sophos Virus Removal Tool.exe
2014-06-10 14:42 - 2014-06-10 14:42 - 00000036 _____ () C:\Users\owner\AppData\Local\housecall.guid.cache
2014-06-10 14:42 - 2014-06-10 14:39 - 25280863 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\attk_ScanCleanOnline_gui_x64.exe
2014-06-10 14:39 - 2014-06-10 14:38 - 10021424 _____ (Trend Micro Inc.) C:\Users\owner\Downloads\RootkitBusterV5.0-1171.exe
2014-06-10 14:38 - 2014-06-10 14:38 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\owner\Downloads\RUBottedSetup.exe
2014-06-10 11:14 - 2014-06-10 11:15 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-10 11:14 - 2014-06-10 11:14 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Avira
2014-06-10 10:44 - 2014-06-10 10:43 - 06769280 _____ (SparkTrust) C:\Users\owner\Downloads\SparkTrust PC Cleaner Plus Setup_c9999cd_.exe
2014-06-08 21:28 - 2014-06-08 21:28 - 00007398 _____ () C:\Users\owner\Documents\talk.txt
2014-06-08 12:45 - 2013-01-22 21:18 - 10747904 _____ () C:\Users\owner\ntuser.bak
2014-06-08 10:17 - 2014-06-08 10:17 - 00001372 _____ () C:\Users\owner\Desktop\HWiNFO64.EXE.lnk
2014-06-08 08:37 - 2014-06-08 08:37 - 00000546 _____ () C:\Users\owner\Desktop\Emsisoft Emergency Kit.lnk
2014-06-07 12:31 - 2014-06-07 12:31 - 00001192 _____ () C:\Users\owner\Desktop\My LastPass Vault.lnk
2014-06-07 12:28 - 2014-06-07 12:27 - 14936064 _____ (LastPass) C:\Users\owner\Downloads\lastpass_x64.exe
2014-06-07 09:17 - 2013-08-12 22:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 18:17 - 2013-08-12 22:24 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-06 18:17 - 2013-08-06 20:49 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-06 18:17 - 2013-08-06 20:49 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-06 07:54 - 2013-02-18 19:23 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Apple Computer
2014-06-05 19:40 - 2014-06-05 19:41 - 00449885 _____ () C:\Windows\system32\Drivers\etc\hosts.20140605-194152.backup
2014-06-05 19:40 - 2014-06-05 19:41 - 00449885 _____ () C:\Windows\system32\Drivers\etc\hosts.20140605-194111.backup
2014-06-05 19:27 - 2009-07-13 21:34 - 00449885 _____ () C:\Windows\system32\Drivers\etc\hosts.20140605-194046.backup
2014-06-05 18:43 - 2014-06-05 18:43 - 00000000 ____D () C:\Users\owner\Documents\ProcAlyzer Dumps
2014-06-05 08:44 - 2014-06-05 08:42 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\owner\Downloads\spybot-2.3.exe
2014-06-05 08:39 - 2014-06-05 08:38 - 13829304 _____ (Microsoft Corporation) C:\Users\owner\Downloads\mseinstall (1).exe
2014-06-05 08:37 - 2014-06-05 08:37 - 00165376 _____ () C:\Users\owner\Downloads\SystemLook_x64.exe
2014-06-05 08:34 - 2014-06-05 08:34 - 13829304 _____ (Microsoft Corporation) C:\Users\owner\Downloads\mseinstall.exe
2014-06-05 08:32 - 2014-06-05 08:32 - 01059840 _____ () C:\Users\owner\Downloads\MicrosoftFixit50981.msi
2014-06-04 18:39 - 2014-06-03 14:42 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-04 09:07 - 2013-02-18 19:23 - 00000000 ____D () C:\Users\owner\AppData\Local\Apple Computer
2014-06-01 17:33 - 2014-06-01 17:32 - 01119203 _____ (HANSoft, Inc. ) C:\Users\owner\Downloads\ERWsetup.exe
2014-06-01 13:18 - 2014-06-01 13:06 - 00000800 _____ () C:\Windows\system32\PDBootState
2014-06-01 12:46 - 2014-06-01 12:46 - 41891360 _____ (Raxco Software, Inc. ) C:\Users\owner\Downloads\PerfectDisk_Pro_Trial.exe
2014-05-31 23:34 - 2014-05-31 23:32 - 259919240 _____ (Altova GmbH) C:\Users\owner\Downloads\MissionKitEnt2014_x64.exe
2014-05-31 15:05 - 2014-05-31 15:05 - 00633360 _____ (Copyright © 2010 eSupport.com. All Rights Reserved.) C:\Users\owner\Downloads\biosagentplus_875.exe
2014-05-31 15:01 - 2014-05-31 15:01 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2014-05-31 14:51 - 2014-05-31 14:50 - 02661768 _____ (Martin Malík - REALiX ) C:\Users\owner\Downloads\hw64_438.exe
2014-05-31 14:31 - 2014-05-31 14:31 - 00231760 _____ () C:\Users\owner\Downloads\CrucialScan.exe
2014-05-31 13:23 - 2014-05-31 13:23 - 04583424 _____ () C:\Users\owner\Downloads\HPSupportSolutionsFramework.msi
2014-05-30 17:39 - 2014-05-30 17:37 - 00000000 ____D () C:\Users\owner\Desktop\Legalities
2014-05-28 19:06 - 2014-05-28 19:06 - 00000000 ____D () C:\Windows\SystemRepair
2014-05-27 16:12 - 2014-05-26 14:55 - 00001002 _____ () C:\Users\owner\Desktop\Sandboxed Web Browser.lnk
2014-05-25 17:18 - 2009-07-14 00:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
Files to move or delete:
====================
C:\Users\owner\AppData\Roaming\skype.ini
C:\Users\owner\LastPassBroker.exe
C:\Users\owner\nplastpass.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {158181c0-9a00-11db-8a1d-b11d19fd3102}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 10
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {3a4f682b-009c-11df-892f-bcc80dab5cc5}
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {3a4f682b-009c-11df-892f-bcc80dab5cc5}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {158181c0-9a00-11db-8a1d-b11d19fd3102}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {3a4f682b-009c-11df-892f-bcc80dab5cc5}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{3a4f682c-009c-11df-892f-bcc80dab5cc5}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{3a4f682c-009c-11df-892f-bcc80dab5cc5}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {572bcd60-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             Microsoft Windows PE 2.0 
osdevice                ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
detecthal               Yes
winpe                   Yes
ems                     Yes
 
Resume from Hibernate
---------------------
identifier              {158181c0-9a00-11db-8a1d-b11d19fd3102}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {3a4f682c-009c-11df-892f-bcc80dab5cc5}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk Options
ramdisksdidevice        boot
ramdisksdipath          \boot\boot.sdi
 
 
 
LastRegBack: 2014-06-09 01:40
 
==================== End Of Log ===


#15 bigrobifer

bigrobifer
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 24 June 2014 - 02:07 PM

 Duh. here the FSS log. I cant upload because all file sharing is turned off (supposed to be) i'm gonna look at my firewall ports. Haven't been doing nothing but lookin if i see anything odd i'll post it in my next reply.

 

Farbar Service Scanner Version: 10-06-2014
Ran by owner (administrator) on 24-06-2014 at 13:42:51
Running from "C:\Users\owner\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is set to Disabled. The default start type is 3.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
 
VSS Service is not running. Checking service configuration:
The start type of VSS service is set to Disabled. The default start type is 3.
The ImagePath of VSS service is OK.
 
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
 
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Disabled. The default start type is Auto.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users