Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help i think my pc is infected


  • This topic is locked This topic is locked
20 replies to this topic

#1 kalapurkki

kalapurkki

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 28 July 2014 - 05:31 AM

My pc have been acting weird and slow here is the logs

 

Mod Edit:  Pasted DDS log into post - Hamluis.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207
Run by jol at 13:29:52 on 2014-07-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.358.1033.18.8157.5924 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Online Armor\OAcat.exe
C:\Program Files (x86)\Online Armor\oasrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\windows\System32\rundll32.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Online Armor\oaui.exe
C:\Program Files (x86)\Online Armor\OAhlp.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchFilterHost.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 77.223.60.102 77.223.61.2
TCP: Interfaces\{D6DC1512-DF3E-4E9F-A9F9-1C3D96EE6DE7} : DHCPNameServer = 77.223.60.102 77.223.61.2
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
SSODL: WebCheck - <orphaned>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\System32\wpdshserviceobj.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\windows\System32\rundll32.exe C:\windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [@OnlineArmor GUI] "C:\Program Files (x86)\Online Armor\oaui.exe"
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\System32\wpdshserviceobj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2014-7-27 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2014-7-27 224896]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2014-7-27 1041168]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2014-7-27 427360]
R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2014-7-27 64720]
R1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2014-7-27 62008]
R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2014-7-27 52360]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2014-7-11 915584]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-7-27 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2014-7-27 79184]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswStm.sys [2014-7-27 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-27 50344]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-7-19 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-7-19 21055432]
R2 OAcat;Online Armor Helper Service;C:\Program Files (x86)\Online Armor\oacat.exe [2014-7-27 584864]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-19 413128]
R2 SvcOnlineArmor;Online Armor;C:\Program Files (x86)\Online Armor\oasrv.exe [2014-7-27 4457688]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-7-19 5037888]
R3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2013-12-16 138456]
R3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2013-12-16 422616]
R3 huawei_enumerator;huawei_enumerator;C:\windows\System32\drivers\ew_jubusenum.sys [2014-6-21 90112]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-7-19 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\drivers\nvvad64v.sys [2014-7-19 40392]
R3 OAnet;OnlineArmor Service;C:\windows\System32\drivers\OAnet.sys [2014-7-27 35368]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2014-6-21 707688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\windows\System32\drivers\ew_usbenumfilter.sys [2014-6-21 14336]
S3 huawei_cdcacm;huawei_cdcacm;C:\windows\System32\drivers\ew_jucdcacm.sys [2014-6-21 104960]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\windows\System32\drivers\ew_juextctrl.sys [2014-6-21 30720]
S3 huawei_wwanecm;huawei_wwanecm;C:\windows\System32\drivers\ew_juwwanecm.sys [2014-6-21 240128]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-7-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-6-21 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2014-6-21 246376]
S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2014-6-21 16152]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-6-21 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-6-21 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-6-21 1255736]
.
=============== Created Last 30 ================
.
2014-07-28 08:16:12 -------- d-----w- C:\Analysis
2014-07-28 08:16:00 253952 ------w- C:\windows\Setup1.exe
2014-07-28 08:15:59 73216 ----a-w- C:\windows\ST6UNST.EXE
2014-07-27 18:15:18 -------- d-----w- C:\Program Files (x86)\CleanUp!
2014-07-27 16:27:10 -------- d-----w- C:\FRST
2014-07-27 16:11:58 -------- d-----w- C:\windows\$regcmp$
2014-07-27 16:11:51 -------- d-----w- C:\Program Files (x86)\Registry Clean Expert
2014-07-27 15:03:38 -------- d-----w- C:\Program Files (x86)\NT Registry Optimizer
2014-07-27 00:48:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-07-27 00:42:12 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2014-07-26 23:17:33 -------- d-----w- C:\Users\jol\AppData\Roaming\OnlineArmor
2014-07-26 23:17:33 -------- d-----w- C:\ProgramData\OnlineArmor
2014-07-26 23:16:45 64720 ----a-w- C:\windows\SysWow64\drivers\OADriver.sys
2014-07-26 23:16:45 62008 ----a-w- C:\windows\SysWow64\drivers\oahlp64.sys
2014-07-26 23:16:45 52360 ----a-w- C:\windows\SysWow64\drivers\OAmon.sys
2014-07-26 23:16:45 35368 ----a-w- C:\windows\System32\drivers\OAnet.sys
2014-07-26 23:16:43 -------- d-----w- C:\Program Files (x86)\Online Armor
2014-07-26 23:15:28 -------- d-----w- C:\Users\jol\AppData\Roaming\AVAST Software
2014-07-26 23:15:12 92008 ----a-w- C:\windows\System32\drivers\aswStm.sys
2014-07-26 23:15:11 224896 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-07-26 23:15:11 1041168 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2014-07-26 23:15:10 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-07-26 23:15:09 79184 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-07-26 23:15:09 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-07-26 23:15:08 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-07-26 23:15:05 43152 ----a-w- C:\windows\avastSS.scr
2014-07-26 23:13:31 -------- d-----w- C:\Program Files\AVAST Software
2014-07-26 23:01:45 -------- d-----w- C:\Users\jol\AppData\Local\CrashDumps
2014-07-26 20:00:13 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-26 02:26:27 -------- d-----w- C:\Users\jol\AppData\Local\Diagnostics
2014-07-25 09:10:55 -------- d-----w- C:\Users\jol\AppData\Local\Rockstar Games
2014-07-24 22:23:49 -------- d-----w- C:\ProgramData\Package Cache
2014-07-24 22:23:32 -------- d-----w- C:\Program Files (x86)\Seagate
2014-07-24 19:38:24 -------- d-----w- C:\Users\jol\AppData\Roaming\SUPERAntiSpyware.com
2014-07-24 17:58:35 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-23 21:07:04 -------- d-----w- C:\ProgramData\GlarySoft
2014-07-23 21:03:05 28960 ----a-w- C:\windows\System32\RegBootDefrag.exe
2014-07-23 20:59:21 -------- d-----w- C:\Users\jol\AppData\Roaming\DiskDefrag
2014-07-23 20:59:20 -------- d-----w- C:\Users\jol\AppData\Roaming\GlarySoft
2014-07-23 20:48:55 -------- d-----w- C:\windows\System32\catroot2
2014-07-23 17:12:15 -------- d-----w- C:\Users\jol\AppData\Roaming\Comodo
2014-07-23 17:05:33 34080 ----a-w- C:\windows\System32\SmartDefragBootTime.exe
2014-07-23 17:05:24 128288 ----a-w- C:\windows\System32\IObitSmartDefragExtension.dll
2014-07-23 17:05:10 -------- d-----w- C:\Program Files (x86)\IObit
2014-07-23 17:04:57 -------- d-----w- C:\Users\jol\AppData\Roaming\IObit
2014-07-23 16:59:23 -------- d-----w- C:\Users\jol\AppData\Local\VirtualStore
2014-07-23 10:34:50 -------- d-----w- C:\windows\ERUNT
2014-07-22 22:35:36 -------- d-----w- C:\Users\jol\AppData\Local\Little_Apps
2014-07-22 19:20:25 129872 ----a-w- C:\windows\SysWow64\MSSTDFMT.DLL
2014-07-22 19:20:25 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2014-07-22 15:09:24 -------- d-----w- C:\Users\jol\AppData\Local\Skype
2014-07-22 12:14:08 -------- d-----w- C:\Users\jol\AppData\Local\Programs
2014-07-20 15:25:51 -------- d-----w- C:\Users\jol\AppData\Roaming\TeamViewer
2014-07-20 10:39:36 -------- d-sh--w- C:\Users\jol\AppData\Local\EmieUserList
2014-07-20 10:39:36 -------- d-sh--w- C:\Users\jol\AppData\Local\EmieSiteList
2014-07-20 10:38:24 -------- d-----w- C:\Users\jol\AppData\Local\NVIDIA Corporation
2014-07-20 10:37:20 -------- d-----w- C:\Users\jol\AppData\Local\NVIDIA
2014-07-19 18:31:54 -------- d-----w- C:\Program Files (x86)\TeamViewer
2014-07-19 16:51:54 -------- d-----w- C:\Program Files\CCleaner
2014-07-19 12:42:03 1715176 ----a-w- C:\windows\System32\nvspbridge64.dll
2014-07-19 12:42:03 1291232 ----a-w- C:\windows\SysWow64\nvspbridge.dll
2014-07-19 12:27:09 1279480 ----a-w- C:\windows\System32\nvspcap64.dll
2014-07-19 12:27:09 1122312 ----a-w- C:\windows\SysWow64\nvspcap.dll
2014-07-19 12:26:13 601432 ----a-w- C:\windows\SysWow64\nvStreaming.exe
2014-07-19 12:25:43 927520 ----a-w- C:\windows\System32\nvvsvc.exe
2014-07-19 12:25:43 6769096 ----a-w- C:\windows\System32\nvcpl.dll
2014-07-19 12:25:43 62808 ----a-w- C:\windows\System32\nvshext.dll
2014-07-19 12:25:43 387528 ----a-w- C:\windows\System32\nvmctray.dll
2014-07-19 12:25:43 3774821 ----a-w- C:\windows\System32\nvcoproc.bin
2014-07-19 12:25:43 3514144 ----a-w- C:\windows\System32\nvsvc64.dll
2014-07-19 12:25:43 2560968 ----a-w- C:\windows\System32\nvsvcr.dll
2014-07-19 12:25:28 61216 ----a-w- C:\windows\System32\OpenCL.dll
2014-07-19 12:25:28 52056 ----a-w- C:\windows\SysWow64\OpenCL.dll
2014-07-19 12:23:01 40392 ----a-w- C:\windows\System32\drivers\nvvad64v.sys
2014-07-19 12:22:58 37320 ----a-w- C:\windows\System32\nvaudcap64v.dll
2014-07-19 12:22:58 34760 ----a-w- C:\windows\SysWow64\nvaudcap32v.dll
2014-07-15 12:43:32 -------- d-----w- C:\windows\SysWow64\wbem\Performance
2014-07-11 15:28:53 28640 ----a-w- C:\windows\System32\DriveCleanup.exe
2014-07-11 14:58:39 -------- d-----w- C:\Program Files (x86)\Windows Resource Kits
2014-07-11 12:28:58 30312 ----a-w- C:\windows\System32\drivers\TrueSight.sys
2014-07-11 12:28:58 -------- d-----w- C:\ProgramData\RogueKiller
2014-07-11 09:18:05 255552 ----a-w- C:\windows\System32\drivers\mcdbus.sys
2014-07-11 08:58:00 -------- d-----w- C:\Program Files (x86)\MagicISO
2014-07-11 08:43:48 16896 ----a-w- C:\windows\AsTaskSched.dll
2014-07-11 08:42:19 28672 ----a-w- C:\windows\SysWow64\AsIO.dll
2014-07-11 08:42:19 13440 ----a-w- C:\windows\SysWow64\drivers\AsIO.sys
2014-07-11 08:42:15 11832 ----a-w- C:\windows\SysWow64\drivers\AsInsHelp64.sys
2014-07-11 08:42:15 10216 ----a-w- C:\windows\SysWow64\drivers\AsInsHelp32.sys
2014-07-11 08:28:32 1051072 ----a-w- C:\windows\PE_File.dll
2014-07-11 08:28:28 985536 ----a-w- C:\windows\PE_Rom.dll
2014-07-11 08:27:43 14464 ----a-w- C:\windows\SysWow64\drivers\AsUpIO.sys
2014-07-11 08:27:42 -------- d-----w- C:\Program Files (x86)\ASUS
2014-07-11 08:27:31 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-07-11 08:27:31 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-07-11 08:27:31 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-07-11 08:27:31 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-07-11 08:27:30 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2014-07-11 07:59:59 624128 ----a-w- C:\windows\System32\qedit.dll
2014-07-11 07:59:59 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-07-11 07:59:01 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2014-07-11 07:53:24 810160 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-07-11 07:52:28 692736 ----a-w- C:\windows\System32\osk.exe
2014-07-11 07:50:39 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-07-11 07:50:38 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-07-11 07:50:38 22016 ----a-w- C:\windows\SysWow64\secur32.dll
.
==================== Find3M  ====================
.
2014-07-27 17:24:39 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-27 17:24:39 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-06-30 02:09:33 519168 ----a-w- C:\windows\System32\aepdu.dll
2014-06-30 02:04:49 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-06-22 09:01:53 16152 ----a-w- C:\windows\System32\drivers\SWDUMon.sys
2014-06-22 08:08:41 178800 ----a-w- C:\windows\SysWow64\CmdLineExt_x64.dll
2014-06-21 13:38:38 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-21 12:42:08 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2014-06-21 12:42:08 1700352 ----a-w- C:\windows\SysWow64\gdiplus.dll
2014-06-21 12:42:08 1060864 ----a-w- C:\windows\SysWow64\mfc71.dll
2014-06-19 01:06:55 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\windows\SysWow64\wininet.dll
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\windows\System32\win32k.sys
2014-05-30 08:08:52 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-05-08 09:32:11 3178496 ----a-w- C:\windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\windows\System32\RdpGroupPolicyExtension.dll
.
============= FINISH: 13:30:30,16 ===============
 

Attached Files


Edited by hamluis, 28 July 2014 - 08:34 AM.


BC AdBot (Login to Remove)

 


m

#2 kalapurkki

kalapurkki
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 28 July 2014 - 08:06 AM

Can someone analayze my logs

 

Mod Edit:  Sent "now that you have posted" content in PM - Hamluis.


Edited by hamluis, 28 July 2014 - 08:36 AM.


#3 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:06 AM

Posted 29 July 2014 - 07:08 AM

:welcome:

Hello kalapurkki,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
It is important for you to check your topic at least once a day for a reply. You cannot rely on the e-mail notification system to inform you of new replies as it is not completely reliable.


***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 kalapurkki

kalapurkki
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 29 July 2014 - 02:12 PM

Here is logs

 

 

Results of screen317's Security Check version 0.99.86 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0   
 Java 7 Update 65 
 Adobe Flash Player 14.0.0.145 
````````Process Check: objlist.exe by Laurent```````` 
 Tall Emu Online Armor OAcat.exe
 Tall Emu Online Armor oasrv.exe
 Tall Emu Online Armor oaui.exe
 Tall Emu Online Armor OAhlp.exe
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

OTL logfile created on: 29.7.2014 22:07:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jol\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 0000040b | Country: Suomi | Language: FIN | Date Format: d.M.yyyy
 
7,97 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 79,61% Memory free
19,91 Gb Paging File | 18,23 Gb Available in Paging File | 91,53% Paging File free
Paging file location(s): c:\pagefile.sys 12234 12234 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 824,56 Gb Free Space | 88,53% Space Free | Partition Type: NTFS
 
Computer Name: ASUS100-PC | User Name: jol | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\jol\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Online Armor\oasrv.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Online Armor\oahlp.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Online Armor\oacat.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\aswProperty.dll ()
MOD - C:\Program Files (x86)\Steam\video.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\libavcodec-55.dll ()
MOD - C:\Program Files (x86)\Steam\libavutil-53.dll ()
MOD - C:\Program Files (x86)\Steam\libavformat-55.dll ()
MOD - C:\Program Files (x86)\Steam\libavresample-1.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\libswscale-2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SvcOnlineArmor) -- C:\Program Files (x86)\Online Armor\oasrv.exe (Emsisoft GmbH)
SRV - (OAcat) -- C:\Program Files (x86)\Online Armor\oacat.exe (Emsisoft GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (OAnet) -- C:\Windows\SysNative\drivers\OAnet.sys (Emsisoft)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (huawei_wwanecm) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_ext_ctrl) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (oahlpXX) -- C:\Windows\SysWOW64\drivers\oahlp64.sys ()
DRV - (OAmon) -- C:\Windows\SysWOW64\drivers\OAmon.sys (Emsisoft)
DRV - (OADevice) -- C:\Windows\SysWOW64\drivers\OADriver.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fi.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fi-FI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 1C AA 9E 3B AB CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.07.27 02:15:06 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2014.07.29 17:27:59 | 000,000,768 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 77.223.60.102 77.223.61.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6DC1512-DF3E-4E9F-A9F9-1C3D96EE6DE7}: DhcpNameServer = 77.223.60.102 77.223.61.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6DC1512-DF3E-4E9F-A9F9-1C3D96EE6DE7}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\SysNative\WPDShServiceObj.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.07.29 22:03:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jol\Desktop\OTL.exe
[2014.07.29 18:02:15 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\jol\Desktop\dds.com
[2014.07.29 17:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014.07.29 17:30:32 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV
[2014.07.29 17:05:37 | 000,128,728 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.07.29 16:40:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.07.29 16:31:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2014.07.29 16:31:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2014.07.29 16:31:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2014.07.29 16:31:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.07.29 16:29:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.07.29 16:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.07.29 16:28:00 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014.07.29 16:28:00 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014.07.29 16:28:00 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014.07.29 16:28:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014.07.29 16:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.07.28 17:32:44 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\Locktime
[2014.07.28 11:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OGT-Diagnostic Tool
[2014.07.28 11:16:12 | 000,000,000 | ---D | C] -- C:\Analysis
[2014.07.28 11:16:00 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\windows\Setup1.exe
[2014.07.28 11:15:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\ST6UNST.EXE
[2014.07.27 21:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2014.07.27 19:27:10 | 000,000,000 | ---D | C] -- C:\FRST
[2014.07.27 19:25:13 | 002,093,568 | ---- | C] (Farbar) -- C:\Users\jol\Desktop\FRST64.exe
[2014.07.27 19:11:58 | 000,000,000 | ---D | C] -- C:\windows\$regcmp$
[2014.07.27 18:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NT Registry Optimizer
[2014.07.27 18:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NT Registry Optimizer
[2014.07.27 03:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014.07.27 03:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2014.07.27 03:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2014.07.27 02:17:33 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\OnlineArmor
[2014.07.27 02:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor
[2014.07.27 02:16:45 | 000,052,360 | ---- | C] (Emsisoft) -- C:\windows\SysWow64\drivers\OAmon.sys
[2014.07.27 02:16:45 | 000,035,368 | ---- | C] (Emsisoft) -- C:\windows\SysNative\drivers\OAnet.sys
[2014.07.27 02:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
[2014.07.27 02:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Online Armor
[2014.07.27 02:15:28 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\AVAST Software
[2014.07.27 02:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014.07.27 02:15:12 | 000,092,008 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2014.07.27 02:15:11 | 001,041,168 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2014.07.27 02:15:10 | 000,427,360 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2014.07.27 02:15:09 | 000,079,184 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014.07.27 02:15:08 | 000,093,568 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014.07.27 02:15:06 | 000,307,344 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014.07.27 02:15:05 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2014.07.27 02:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014.07.27 02:01:45 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\CrashDumps
[2014.07.26 05:26:27 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\Diagnostics
[2014.07.25 17:09:17 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014.07.25 17:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014.07.25 12:13:16 | 000,000,000 | ---D | C] -- C:\Users\jol\Documents\Rockstar Games
[2014.07.25 12:10:55 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\Rockstar Games
[2014.07.25 12:10:19 | 000,000,000 | RH-D | C] -- C:\Users\jol\AppData\Roaming\SecuROM
[2014.07.25 01:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014.07.25 01:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2014.07.25 01:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2014.07.24 22:38:24 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\SUPERAntiSpyware.com
[2014.07.24 20:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014.07.24 00:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft
[2014.07.24 00:03:05 | 000,028,960 | ---- | C] (Glarysoft Ltd) -- C:\windows\SysNative\RegBootDefrag.exe
[2014.07.23 23:59:21 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\DiskDefrag
[2014.07.23 23:59:20 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\GlarySoft
[2014.07.23 23:56:26 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2014.07.23 23:48:55 | 000,000,000 | ---D | C] -- C:\windows\SysNative\catroot2
[2014.07.23 20:12:15 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\Comodo
[2014.07.23 20:05:33 | 000,034,080 | ---- | C] (IObit) -- C:\windows\SysNative\SmartDefragBootTime.exe
[2014.07.23 20:05:24 | 000,128,288 | ---- | C] (IObit) -- C:\windows\SysNative\IObitSmartDefragExtension.dll
[2014.07.23 20:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014.07.23 20:04:57 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\IObit
[2014.07.23 19:59:23 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\VirtualStore
[2014.07.23 13:34:50 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014.07.23 01:35:36 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\Little_Apps
[2014.07.22 22:20:25 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCTL.OCX
[2014.07.22 22:20:25 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSSTDFMT.DLL
[2014.07.22 18:09:24 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\Skype
[2014.07.22 18:09:20 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\Skype
[2014.07.22 15:14:08 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\Programs
[2014.07.20 18:25:51 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\TeamViewer
[2014.07.20 13:40:04 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\WinRAR
[2014.07.20 13:39:55 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\Macromedia
[2014.07.20 13:39:36 | 000,000,000 | -HSD | C] -- C:\Users\jol\AppData\Local\EmieUserList
[2014.07.20 13:39:36 | 000,000,000 | -HSD | C] -- C:\Users\jol\AppData\Local\EmieSiteList
[2014.07.20 13:38:24 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\NVIDIA Corporation
[2014.07.20 13:37:20 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\NVIDIA
[2014.07.20 13:37:13 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\Adobe
[2014.07.20 13:37:10 | 000,000,000 | R--D | C] -- C:\Users\jol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014.07.20 13:37:10 | 000,000,000 | R--D | C] -- C:\Users\jol\Searches
[2014.07.20 13:37:10 | 000,000,000 | R--D | C] -- C:\Users\jol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014.07.20 13:37:10 | 000,000,000 | -H-D | C] -- C:\Users\jol\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014.07.20 13:37:00 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\Identities
[2014.07.20 13:36:57 | 000,000,000 | R--D | C] -- C:\Users\jol\Contacts
[2014.07.20 13:36:51 | 000,000,000 | -HSD | C] -- C:\Users\jol\AppData\Local\Temporary Internet Files
[2014.07.20 13:36:51 | 000,000,000 | -HSD | C] -- C:\Users\jol\AppData\Local\History
[2014.07.20 13:36:51 | 000,000,000 | -HSD | C] -- C:\Users\jol\AppData\Local\Application Data
[2014.07.20 13:36:50 | 000,000,000 | --SD | C] -- C:\Users\jol\AppData\Roaming\Microsoft
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Videos
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Saved Games
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Pictures
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Music
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Links
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Favorites
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Downloads
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Documents
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Desktop
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Templates
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Start Menu
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\SendTo
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Recent
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\PrintHood
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\NetHood
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Documents\My Videos
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Documents\My Pictures
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Documents\My Music
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\My Documents
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Local Settings
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Cookies
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Application Data
[2014.07.20 13:36:50 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\temp
[2014.07.20 13:36:50 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\Microsoft
[2014.07.20 13:36:50 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\Media Center Programs
[2014.07.20 13:36:50 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData
[2014.07.19 21:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014.07.19 19:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014.07.19 19:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014.07.19 15:42:03 | 001,715,176 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvspbridge64.dll
[2014.07.19 15:42:03 | 001,291,232 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvspbridge.dll
[2014.07.19 15:27:09 | 001,279,480 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvspcap64.dll
[2014.07.19 15:27:09 | 001,122,312 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvspcap.dll
[2014.07.19 15:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2014.07.19 15:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014.07.19 15:26:13 | 000,601,432 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvStreaming.exe
[2014.07.19 15:25:43 | 006,769,096 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcpl.dll
[2014.07.19 15:25:43 | 003,514,144 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvsvc64.dll
[2014.07.19 15:25:43 | 002,560,968 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvsvcr.dll
[2014.07.19 15:25:43 | 000,387,528 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvmctray.dll
[2014.07.19 15:25:43 | 000,062,808 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvshext.dll
[2014.07.19 15:25:28 | 000,061,216 | ---- | C] (Khronos Group) -- C:\windows\SysNative\OpenCL.dll
[2014.07.19 15:25:28 | 000,052,056 | ---- | C] (Khronos Group) -- C:\windows\SysWow64\OpenCL.dll
[2014.07.19 15:24:26 | 031,387,936 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglv64.dll
[2014.07.19 15:24:26 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcompiler.dll
[2014.07.19 15:24:26 | 024,025,376 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglv32.dll
[2014.07.19 15:24:26 | 018,531,568 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvwgf2umx.dll
[2014.07.19 15:24:26 | 017,561,544 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcompiler.dll
[2014.07.19 15:24:26 | 017,480,432 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvd3dumx.dll
[2014.07.19 15:24:26 | 016,003,912 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvwgf2um.dll
[2014.07.19 15:24:26 | 014,434,704 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvd3dum.dll
[2014.07.19 15:24:26 | 011,644,928 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuda.dll
[2014.07.19 15:24:26 | 011,599,072 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvopencl.dll
[2014.07.19 15:24:26 | 009,735,256 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuda.dll
[2014.07.19 15:24:26 | 009,697,640 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvopencl.dll
[2014.07.19 15:24:26 | 003,141,976 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvid.dll
[2014.07.19 15:24:26 | 003,109,248 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvapi64.dll
[2014.07.19 15:24:26 | 002,953,672 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvid.dll
[2014.07.19 15:24:26 | 002,785,568 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvenc.dll
[2014.07.19 15:24:26 | 002,730,208 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvapi.dll
[2014.07.19 15:24:26 | 002,412,376 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvenc.dll
[2014.07.19 15:24:26 | 001,889,112 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispco6433788.dll
[2014.07.19 15:24:26 | 001,541,576 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispgenco6433788.dll
[2014.07.19 15:24:26 | 001,515,296 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvhdagenco6420103.dll
[2014.07.19 15:24:26 | 000,952,952 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvumdshimx.dll
[2014.07.19 15:24:26 | 000,895,776 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\NvIFR64.dll
[2014.07.19 15:24:26 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\NvFBC64.dll
[2014.07.19 15:24:26 | 000,867,784 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\NvIFR.dll
[2014.07.19 15:24:26 | 000,861,128 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\NvFBC.dll
[2014.07.19 15:24:26 | 000,837,056 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvumdshim.dll
[2014.07.19 15:24:26 | 000,354,016 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglshim64.dll
[2014.07.19 15:24:26 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglshim32.dll
[2014.07.19 15:24:26 | 000,197,408 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\drivers\nvhda64v.sys
[2014.07.19 15:24:26 | 000,166,568 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvinitx.dll
[2014.07.19 15:24:26 | 000,146,480 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvinit.dll
[2014.07.19 15:24:26 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvhdap64.dll
[2014.07.19 15:23:01 | 000,040,392 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\drivers\nvvad64v.sys
[2014.07.19 15:22:58 | 000,037,320 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvaudcap64v.dll
[2014.07.19 15:22:58 | 000,034,760 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvaudcap32v.dll
[2014.07.15 14:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014.07.11 18:28:53 | 000,028,640 | ---- | C] (Uwe Sieber - www.uwe-sieber.de) -- C:\windows\SysNative\DriveCleanup.exe
[2014.07.11 17:58:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits
[2014.07.11 17:11:20 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_43.dll
[2014.07.11 17:11:20 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_43.dll
[2014.07.11 17:11:20 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_43.dll
[2014.07.11 17:11:20 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_43.dll
[2014.07.11 17:11:20 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_7.dll
[2014.07.11 17:11:20 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_7.dll
[2014.07.11 17:11:20 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_7.dll
[2014.07.11 17:11:20 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_7.dll
[2014.07.11 17:11:20 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_5.dll
[2014.07.11 17:11:20 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_5.dll
[2014.07.11 17:11:18 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_6.dll
[2014.07.11 17:11:18 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_6.dll
[2014.07.11 17:11:18 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_5.dll
[2014.07.11 17:11:18 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_5.dll
[2014.07.11 17:11:18 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_6.dll
[2014.07.11 17:11:18 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_6.dll
[2014.07.11 17:11:18 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_4.dll
[2014.07.11 17:11:18 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_4.dll
[2014.07.11 17:11:18 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_7.dll
[2014.07.11 17:11:18 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_7.dll
[2014.07.11 17:11:17 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_42.dll
[2014.07.11 17:11:17 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_42.dll
[2014.07.11 17:11:17 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_42.dll
[2014.07.11 17:11:17 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_42.dll
[2014.07.11 17:11:17 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_42.dll
[2014.07.11 17:11:17 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_5.dll
[2014.07.11 17:11:17 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_42.dll
[2014.07.11 17:11:17 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_5.dll
[2014.07.11 17:11:16 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_42.dll
[2014.07.11 17:11:16 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_41.dll
[2014.07.11 17:11:16 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_41.dll
[2014.07.11 17:11:16 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_42.dll
[2014.07.11 17:11:16 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_41.dll
[2014.07.11 17:11:16 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_41.dll
[2014.07.11 17:11:15 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_41.dll
[2014.07.11 17:11:15 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_4.dll
[2014.07.11 17:11:15 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_4.dll
[2014.07.11 17:11:15 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_3.dll
[2014.07.11 17:11:15 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_3.dll
[2014.07.11 17:11:15 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_6.dll
[2014.07.11 17:11:14 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_40.dll
[2014.07.11 17:11:14 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_40.dll
[2014.07.11 17:11:14 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_40.dll
[2014.07.11 17:11:14 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_40.dll
[2014.07.11 17:11:14 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_40.dll
[2014.07.11 17:11:14 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_3.dll
[2014.07.11 17:11:14 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_3.dll
[2014.07.11 17:11:14 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_40.dll
[2014.07.11 17:11:14 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_2.dll
[2014.07.11 17:11:14 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_2.dll
[2014.07.11 17:11:13 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_2.dll
[2014.07.11 17:11:13 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll
[2014.07.11 17:11:13 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_3.dll
[2014.07.11 17:11:13 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_3.dll
[2014.07.11 17:11:13 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_1.dll
[2014.07.11 17:11:13 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll
[2014.07.11 17:11:13 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_5.dll
[2014.07.11 17:11:13 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_5.dll
[2014.07.11 17:11:12 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_39.dll
[2014.07.11 17:11:12 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_39.dll
[2014.07.11 17:11:12 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_39.dll
[2014.07.11 17:11:12 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_39.dll
[2014.07.11 17:11:12 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_39.dll
[2014.07.11 17:11:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_39.dll
[2014.07.11 17:11:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_2.dll
[2014.07.11 17:11:12 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_2.dll
[2014.07.11 16:07:02 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2014.07.11 15:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014.07.11 15:21:06 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2014.07.11 14:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014.07.11 12:18:05 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\windows\SysNative\drivers\mcdbus.sys
[2014.07.11 11:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2014.07.11 11:43:48 | 000,016,896 | ---- | C] (ASUS) -- C:\windows\AsTaskSched.dll
[2014.07.11 11:42:19 | 000,028,672 | ---- | C] (ASUSTek Computer Inc.) -- C:\windows\SysWow64\AsIO.dll
[2014.07.11 11:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2014.07.11 11:27:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2014.07.11 10:59:59 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2014.07.11 10:59:59 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2014.07.11 10:58:56 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2014.07.11 10:53:24 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014.07.11 10:53:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014.07.11 10:53:24 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014.07.11 10:53:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014.07.11 10:53:24 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014.07.11 10:53:24 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.07.11 10:53:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014.07.11 10:53:23 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014.07.11 10:53:22 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014.07.11 10:53:22 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014.07.11 10:53:22 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014.07.11 10:53:22 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014.07.11 10:53:22 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014.07.11 10:53:22 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014.07.11 10:53:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014.07.11 10:53:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014.07.11 10:53:21 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014.07.11 10:53:21 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014.07.11 10:53:21 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014.07.11 10:53:21 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014.07.11 10:53:20 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014.07.11 10:53:20 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014.07.11 10:53:20 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014.07.11 10:53:20 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014.07.11 10:53:20 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014.07.11 10:53:19 | 005,721,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014.07.11 10:53:19 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014.07.11 10:53:19 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014.07.11 10:53:19 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014.07.11 10:53:19 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014.07.11 10:53:19 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014.07.11 10:53:19 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014.07.11 10:53:18 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014.07.11 10:53:18 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014.07.11 10:53:18 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014.07.11 10:52:28 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\osk.exe
[2014.07.11 10:52:28 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\osk.exe
[2014.07.11 10:52:27 | 000,519,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014.07.11 10:52:27 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014.07.11 10:50:39 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014.07.29 22:08:17 | 000,022,064 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.07.29 22:08:17 | 000,022,064 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.07.29 22:03:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jol\Desktop\OTL.exe
[2014.07.29 22:03:30 | 000,854,390 | ---- | M] () -- C:\Users\jol\Desktop\SecurityCheck.exe
[2014.07.29 22:00:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014.07.29 22:00:26 | 2119,864,319 | -HS- | M] () -- C:\hiberfil.sys
[2014.07.29 18:02:15 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\jol\Desktop\dds.com
[2014.07.29 17:27:59 | 000,000,768 | ---- | M] () -- C:\windows\SysNative\drivers\etc\HOSTS
[2014.07.29 17:23:56 | 000,030,312 | ---- | M] () -- C:\windows\SysNative\drivers\TrueSight.sys
[2014.07.29 17:20:30 | 000,128,728 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.07.29 17:20:05 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014.07.28 19:41:45 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014.07.28 18:26:14 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014.07.28 18:26:14 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.07.28 11:22:51 | 000,001,397 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2014.07.28 11:16:00 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\windows\Setup1.exe
[2014.07.28 11:15:59 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\windows\ST6UNST.EXE
[2014.07.27 19:25:13 | 002,093,568 | ---- | M] (Farbar) -- C:\Users\jol\Desktop\FRST64.exe
[2014.07.27 18:26:12 | 000,276,984 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014.07.27 04:27:59 | 000,000,085 | ---- | M] () -- C:\windows\wininit.ini
[2014.07.27 03:42:13 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014.07.27 02:15:25 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014.07.27 02:15:22 | 000,427,360 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2014.07.27 02:15:05 | 001,041,168 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2014.07.27 02:15:05 | 000,307,344 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014.07.27 02:15:05 | 000,224,896 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2014.07.27 02:15:05 | 000,093,568 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014.07.27 02:15:05 | 000,092,008 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2014.07.27 02:15:05 | 000,079,184 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014.07.27 02:15:05 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2014.07.27 02:15:05 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2014.07.27 02:15:05 | 000,029,208 | ---- | M] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2014.07.25 00:07:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2014.07.24 01:11:07 | 000,007,605 | ---- | M] () -- C:\Users\jol\AppData\Local\Resmon.ResmonCfg
[2014.07.24 00:00:30 | 000,825,948 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014.07.24 00:00:30 | 000,680,560 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014.07.24 00:00:30 | 000,130,484 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014.07.23 17:02:41 | 000,000,840 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts_bak_464
[2014.07.22 18:16:27 | 000,786,432 | -HS- | M] () -- C:\Users\jol\NTUSER.bak
[2014.07.22 18:09:18 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014.07.21 06:01:52 | 000,028,960 | ---- | M] (Glarysoft Ltd) -- C:\windows\SysNative\RegBootDefrag.exe
[2014.07.20 13:39:21 | 000,001,407 | ---- | M] () -- C:\Users\jol\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014.07.20 13:38:27 | 000,001,300 | ---- | M] () -- C:\Users\jol\Desktop\Steam.lnk
[2014.07.20 11:46:31 | 000,001,908 | ---- | M] () -- C:\windows\diagwrn.xml
[2014.07.20 11:46:31 | 000,001,908 | ---- | M] () -- C:\windows\diagerr.xml
[2014.07.19 21:31:58 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014.07.19 19:51:54 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.07.19 15:59:13 | 000,000,207 | ---- | M] () -- C:\windows\tweaking.com-regbackup-ASUS100-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014.07.19 15:32:41 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014.07.15 15:26:51 | 000,786,658 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014.07.11 16:13:44 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.old
[2014.07.11 11:43:48 | 000,016,896 | ---- | M] (ASUS) -- C:\windows\AsTaskSched.dll
[2014.07.11 11:29:39 | 000,985,536 | ---- | M] () -- C:\windows\PE_Rom.dll
[2014.07.11 11:29:26 | 001,051,072 | ---- | M] () -- C:\windows\PE_File.dll
[2014.07.11 11:28:02 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\1043_ASUSTeK_CM6630_CM6730_CM6830..alu
[2014.07.11 11:27:29 | 000,001,769 | ---- | M] () -- C:\windows\Language_trs.ini
[2014.06.30 05:09:33 | 000,519,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014.06.30 05:04:49 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
 
========== Files Created - No Company Name ==========
 
[2014.07.29 22:03:30 | 000,854,390 | ---- | C] () -- C:\Users\jol\Desktop\SecurityCheck.exe
[2014.07.29 16:31:32 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014.07.29 16:31:32 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014.07.29 16:31:32 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014.07.29 16:31:32 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014.07.29 16:31:32 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2014.07.28 11:22:51 | 000,001,397 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2014.07.27 18:26:05 | 000,276,984 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014.07.27 04:27:55 | 000,000,085 | ---- | C] () -- C:\windows\wininit.ini
[2014.07.27 03:42:13 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014.07.27 02:16:45 | 000,064,720 | ---- | C] () -- C:\windows\SysWow64\drivers\OADriver.sys
[2014.07.27 02:16:45 | 000,062,008 | ---- | C] () -- C:\windows\SysWow64\drivers\oahlp64.sys
[2014.07.27 02:15:25 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014.07.27 02:15:11 | 000,224,896 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2014.07.27 02:15:10 | 000,065,776 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2014.07.27 02:15:09 | 000,029,208 | ---- | C] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2014.07.25 00:07:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2014.07.24 01:11:07 | 000,007,605 | ---- | C] () -- C:\Users\jol\AppData\Local\Resmon.ResmonCfg
[2014.07.20 13:39:21 | 000,001,407 | ---- | C] () -- C:\Users\jol\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014.07.20 13:38:27 | 000,001,300 | ---- | C] () -- C:\Users\jol\Desktop\Steam.lnk
[2014.07.20 13:37:13 | 000,001,413 | ---- | C] () -- C:\Users\jol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014.07.20 13:36:50 | 000,786,432 | -HS- | C] () -- C:\Users\jol\NTUSER.bak
[2014.07.20 13:36:50 | 000,000,290 | ---- | C] () -- C:\Users\jol\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014.07.20 13:36:50 | 000,000,272 | ---- | C] () -- C:\Users\jol\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014.07.20 11:44:32 | 000,001,908 | ---- | C] () -- C:\windows\diagwrn.xml
[2014.07.20 11:44:32 | 000,001,908 | ---- | C] () -- C:\windows\diagerr.xml
[2014.07.19 21:31:58 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014.07.19 21:31:58 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014.07.19 19:51:54 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.07.19 15:59:13 | 000,000,207 | ---- | C] () -- C:\windows\tweaking.com-regbackup-ASUS100-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014.07.19 15:32:41 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014.07.19 15:25:43 | 003,774,821 | ---- | C] () -- C:\windows\SysNative\nvcoproc.bin
[2014.07.19 15:24:26 | 000,026,069 | ---- | C] () -- C:\windows\SysNative\nvinfo.pb
[2014.07.11 15:28:58 | 000,030,312 | ---- | C] () -- C:\windows\SysNative\drivers\TrueSight.sys
[2014.07.11 11:42:19 | 000,013,440 | ---- | C] () -- C:\windows\SysWow64\drivers\AsIO.sys
[2014.07.11 11:42:15 | 000,011,832 | ---- | C] () -- C:\windows\SysWow64\drivers\AsInsHelp64.sys
[2014.07.11 11:42:15 | 000,010,216 | ---- | C] () -- C:\windows\SysWow64\drivers\AsInsHelp32.sys
[2014.07.11 11:28:32 | 001,051,072 | ---- | C] () -- C:\windows\PE_File.dll
[2014.07.11 11:28:28 | 000,985,536 | ---- | C] () -- C:\windows\PE_Rom.dll
[2014.07.11 11:28:02 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\1043_ASUSTeK_CM6630_CM6730_CM6830..alu
[2014.07.11 11:27:43 | 000,014,464 | ---- | C] () -- C:\windows\SysWow64\drivers\AsUpIO.sys
[2014.07.11 11:27:29 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2014.06.21 16:51:55 | 000,786,658 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014.02.20 18:14:02 | 000,179,377 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2014.07.15 15:27:01 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 05:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 05:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010.11.21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014.07.27 02:15:28 | 000,000,000 | ---D | M] -- C:\Users\jol\AppData\Roaming\AVAST Software
[2014.07.23 23:59:21 | 000,000,000 | ---D | M] -- C:\Users\jol\AppData\Roaming\DiskDefrag
[2014.07.27 17:36:26 | 000,000,000 | ---D | M] -- C:\Users\jol\AppData\Roaming\GlarySoft
[2014.07.23 20:04:57 | 000,000,000 | ---D | M] -- C:\Users\jol\AppData\Roaming\IObit
[2014.07.27 02:17:40 | 000,000,000 | ---D | M] -- C:\Users\jol\AppData\Roaming\OnlineArmor
[2014.07.20 18:25:51 | 000,000,000 | ---D | M] -- C:\Users\jol\AppData\Roaming\TeamViewer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:1AAB2E68
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Extras

 

OTL Extras logfile created on: 29.7.2014 22:07:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jol\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 0000040b | Country: Suomi | Language: FIN | Date Format: d.M.yyyy
 
7,97 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 79,61% Memory free
19,91 Gb Paging File | 18,23 Gb Available in Paging File | 91,53% Paging File free
Paging file location(s): c:\pagefile.sys 12234 12234 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 824,56 Gb Free Space | 88,53% Space Free | Partition Type: NTFS
 
Computer Name: ASUS100-PC | User Name: jol | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{74CF7EC3-831E-430F-B87A-C492CE5A3049}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8FA9E775-4FAC-4110-AB7E-E78BBD55334B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unturned\unturned.exe |
"{E20FD899-D64C-46D6-8269-258692760D38}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F28A58DD-C136-4ED7-8FE5-3F1AB408C200}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unturned\unturned.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.23
"CCleaner" = CCleaner
"WinRAR archiver" = WinRAR 5.10 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F03217065FF}" = Java 7 Update 65
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}" = Microsoft Games for Windows - LIVE Redistributable
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E7AA854E-6756-424E-84C2-4E47D5729AFF}" = ASUS Easy Update 2
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Avast" = avast! Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"NTREGOPT_is1" = NTREGOPT 1.1j
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OnlineArmor_is1" = Online Armor 7.0
"SeaTools for Windows" = SeaTools for Windows
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Steam App 12210" = Grand Theft Auto IV
"Steam App 304930" = Unturned
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"TeamViewer 9" = TeamViewer 9
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 29.7.2014 10:01:38 | Computer Name = asus100-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   uotote
 
Error - 29.7.2014 10:04:41 | Computer Name = asus100-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   uotote
 
Error - 29.7.2014 10:28:20 | Computer Name = asus100-PC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 29.7.2014 10:55:55 | Computer Name = asus100-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   uotote
 
Error - 29.7.2014 15:01:14 | Computer Name = asus100-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   uotote
 
 
< End of report >
 



#5 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:06 AM

Posted 29 July 2014 - 03:19 PM

Hello kalapurkki,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 kalapurkki

kalapurkki
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 29 July 2014 - 03:36 PM

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.07.29.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17207
jol :: ASUS100-PC [administrator]

29.7.2014 23:23:41
mbar-log-2014-07-29 (23-23-41).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 287892
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


# AdwCleaner v3.301 - Report created 29/07/2014 at 23:32:56
# Updated 28/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : jol - ASUS100-PC
# Running from : C:\Users\jol\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

*************************

AdwCleaner[R0].txt - [677 octets] - [29/07/2014 16:29:39]
AdwCleaner[R1].txt - [730 octets] - [29/07/2014 23:32:34]
AdwCleaner[S0].txt - [652 octets] - [29/07/2014 23:32:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [711 octets] ##########



#7 kalapurkki

kalapurkki
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 29 July 2014 - 03:37 PM

nothing found



#8 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:06 AM

Posted 30 July 2014 - 03:50 AM

Hello kalapurkki,


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    
    :Commands
    [purity]
    [emptytemp]
    


    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run OTL again.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 kalapurkki

kalapurkki
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 30 July 2014 - 05:40 AM

logs

 

All processes killed
========== OTL ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: jol
->Temp folder emptied: 10939245 bytes
->Temporary Internet Files folder emptied: 242138077 bytes
->Flash cache emptied: 651 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 140 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 241,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07302014_130804

Files\Folders moved on Reboot...
File move failed. C:\Users\jol\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395c8fd8a86e_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\jol\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395c8fd8a86e_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\jol\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\jol\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by jol on ke 30.07.2014 at 13:17:22,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-667036462-3976569472-2436595591-1001\Software\Microsoft\Internet Explorer\Main\\Start Page

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ke 30.07.2014 at 13:29:15,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

TL logfile created on: 30.7.2014 13:32:42 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jol\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 0000040b | Country: Suomi | Language: FIN | Date Format: d.M.yyyy
 
7,97 Gb Total Physical Memory | 6,52 Gb Available Physical Memory | 81,83% Memory free
19,91 Gb Paging File | 18,38 Gb Available in Paging File | 92,32% Paging File free
Paging file location(s): c:\pagefile.sys 12234 12234 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 534,42 Gb Free Space | 57,38% Space Free | Partition Type: NTFS
 
Computer Name: ASUS100-PC | User Name: jol | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\jol\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
PRC - C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Online Armor\oasrv.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Online Armor\OAReg.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Online Armor\oahlp.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Online Armor\oacat.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\aswProperty.dll ()
MOD - C:\Program Files (x86)\Steam\video.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\libavcodec-55.dll ()
MOD - C:\Program Files (x86)\Steam\libavutil-53.dll ()
MOD - C:\Program Files (x86)\Steam\libavformat-55.dll ()
MOD - C:\Program Files (x86)\Steam\libavresample-1.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\libswscale-2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SvcOnlineArmor) -- C:\Program Files (x86)\Online Armor\oasrv.exe (Emsisoft GmbH)
SRV - (OAcat) -- C:\Program Files (x86)\Online Armor\oacat.exe (Emsisoft GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (OAnet) -- C:\Windows\SysNative\drivers\OAnet.sys (Emsisoft)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (huawei_wwanecm) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_ext_ctrl) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (oahlpXX) -- C:\Windows\SysWOW64\drivers\oahlp64.sys ()
DRV - (OAmon) -- C:\Windows\SysWOW64\drivers\OAmon.sys (Emsisoft)
DRV - (OADevice) -- C:\Windows\SysWOW64\drivers\OADriver.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fi.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fi-FI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 1C AA 9E 3B AB CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.07.27 02:15:06 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2014.07.29 17:27:59 | 000,000,768 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 77.223.60.102 77.223.61.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6DC1512-DF3E-4E9F-A9F9-1C3D96EE6DE7}: DhcpNameServer = 77.223.60.102 77.223.61.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6DC1512-DF3E-4E9F-A9F9-1C3D96EE6DE7}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\SysNative\WPDShServiceObj.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.07.30 13:16:05 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\jol\Desktop\JRT.exe
[2014.07.30 13:08:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2014.07.30 02:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2014.07.30 02:08:37 | 000,000,000 | ---D | C] -- C:\Fraps
[2014.07.30 01:55:37 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\BANDISOFT
[2014.07.30 01:55:33 | 000,000,000 | ---D | C] -- C:\Users\jol\Documents\Bandicam
[2014.07.30 01:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2014.07.29 23:23:06 | 000,000,000 | ---D | C] -- C:\Users\jol\Desktop\mbar
[2014.07.29 23:22:17 | 014,349,744 | ---- | C] (Malwarebytes Corp.) -- C:\Users\jol\Desktop\mbar-1.07.0.1012.exe
[2014.07.29 22:03:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jol\Desktop\OTL.exe
[2014.07.29 18:02:15 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\jol\Desktop\dds.com
[2014.07.29 17:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014.07.29 17:30:32 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV
[2014.07.29 17:05:37 | 000,128,728 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.07.29 16:40:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.07.29 16:31:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2014.07.29 16:31:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2014.07.29 16:31:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2014.07.29 16:31:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.07.29 16:29:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.07.29 16:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.07.29 16:28:00 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014.07.29 16:28:00 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014.07.29 16:28:00 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014.07.29 16:28:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014.07.29 16:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.07.28 17:32:44 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\Locktime
[2014.07.28 11:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OGT-Diagnostic Tool
[2014.07.28 11:16:12 | 000,000,000 | ---D | C] -- C:\Analysis
[2014.07.28 11:16:00 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\windows\Setup1.exe
[2014.07.28 11:15:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\ST6UNST.EXE
[2014.07.27 21:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2014.07.27 19:27:10 | 000,000,000 | ---D | C] -- C:\FRST
[2014.07.27 19:25:13 | 002,093,568 | ---- | C] (Farbar) -- C:\Users\jol\Desktop\FRST64.exe
[2014.07.27 19:11:58 | 000,000,000 | ---D | C] -- C:\windows\$regcmp$
[2014.07.27 18:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NT Registry Optimizer
[2014.07.27 18:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NT Registry Optimizer
[2014.07.27 03:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014.07.27 03:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2014.07.27 03:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2014.07.27 02:17:33 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\OnlineArmor
[2014.07.27 02:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor
[2014.07.27 02:16:45 | 000,052,360 | ---- | C] (Emsisoft) -- C:\windows\SysWow64\drivers\OAmon.sys
[2014.07.27 02:16:45 | 000,035,368 | ---- | C] (Emsisoft) -- C:\windows\SysNative\drivers\OAnet.sys
[2014.07.27 02:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
[2014.07.27 02:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Online Armor
[2014.07.27 02:15:28 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\AVAST Software
[2014.07.27 02:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014.07.27 02:15:12 | 000,092,008 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2014.07.27 02:15:11 | 001,041,168 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2014.07.27 02:15:10 | 000,427,360 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2014.07.27 02:15:09 | 000,079,184 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014.07.27 02:15:08 | 000,093,568 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014.07.27 02:15:06 | 000,307,344 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014.07.27 02:15:05 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2014.07.27 02:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014.07.27 02:01:45 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\CrashDumps
[2014.07.26 05:26:27 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\Diagnostics
[2014.07.25 17:09:17 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014.07.25 17:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014.07.25 12:13:16 | 000,000,000 | ---D | C] -- C:\Users\jol\Documents\Rockstar Games
[2014.07.25 12:10:55 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\Rockstar Games
[2014.07.25 12:10:19 | 000,000,000 | RH-D | C] -- C:\Users\jol\AppData\Roaming\SecuROM
[2014.07.25 01:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014.07.25 01:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2014.07.25 01:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2014.07.24 22:38:24 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\SUPERAntiSpyware.com
[2014.07.24 20:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014.07.24 00:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft
[2014.07.24 00:03:05 | 000,028,960 | ---- | C] (Glarysoft Ltd) -- C:\windows\SysNative\RegBootDefrag.exe
[2014.07.23 23:59:21 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\DiskDefrag
[2014.07.23 23:59:20 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\GlarySoft
[2014.07.23 23:56:26 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2014.07.23 23:48:55 | 000,000,000 | ---D | C] -- C:\windows\SysNative\catroot2
[2014.07.23 20:12:15 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\Comodo
[2014.07.23 20:05:33 | 000,034,080 | ---- | C] (IObit) -- C:\windows\SysNative\SmartDefragBootTime.exe
[2014.07.23 20:05:24 | 000,128,288 | ---- | C] (IObit) -- C:\windows\SysNative\IObitSmartDefragExtension.dll
[2014.07.23 20:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014.07.23 20:04:57 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\IObit
[2014.07.23 19:59:23 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\VirtualStore
[2014.07.23 13:34:50 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014.07.23 01:35:36 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\Little_Apps
[2014.07.22 22:20:25 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCTL.OCX
[2014.07.22 22:20:25 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSSTDFMT.DLL
[2014.07.22 18:09:24 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\Skype
[2014.07.22 18:09:20 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\Skype
[2014.07.22 15:14:08 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\Programs
[2014.07.20 18:25:51 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\TeamViewer
[2014.07.20 13:40:04 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\WinRAR
[2014.07.20 13:39:55 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\Macromedia
[2014.07.20 13:39:36 | 000,000,000 | -HSD | C] -- C:\Users\jol\AppData\Local\EmieUserList
[2014.07.20 13:39:36 | 000,000,000 | -HSD | C] -- C:\Users\jol\AppData\Local\EmieSiteList
[2014.07.20 13:38:24 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\NVIDIA Corporation
[2014.07.20 13:37:20 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\NVIDIA
[2014.07.20 13:37:13 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\Adobe
[2014.07.20 13:37:10 | 000,000,000 | R--D | C] -- C:\Users\jol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014.07.20 13:37:10 | 000,000,000 | R--D | C] -- C:\Users\jol\Searches
[2014.07.20 13:37:10 | 000,000,000 | R--D | C] -- C:\Users\jol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014.07.20 13:37:10 | 000,000,000 | -H-D | C] -- C:\Users\jol\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014.07.20 13:37:00 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\Identities
[2014.07.20 13:36:57 | 000,000,000 | R--D | C] -- C:\Users\jol\Contacts
[2014.07.20 13:36:51 | 000,000,000 | -HSD | C] -- C:\Users\jol\AppData\Local\Temporary Internet Files
[2014.07.20 13:36:51 | 000,000,000 | -HSD | C] -- C:\Users\jol\AppData\Local\History
[2014.07.20 13:36:51 | 000,000,000 | -HSD | C] -- C:\Users\jol\AppData\Local\Application Data
[2014.07.20 13:36:50 | 000,000,000 | --SD | C] -- C:\Users\jol\AppData\Roaming\Microsoft
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Videos
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Saved Games
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Pictures
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Music
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Links
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Favorites
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Downloads
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Documents
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\Desktop
[2014.07.20 13:36:50 | 000,000,000 | R--D | C] -- C:\Users\jol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Templates
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Start Menu
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\SendTo
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Recent
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\PrintHood
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\NetHood
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Documents\My Videos
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Documents\My Pictures
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Documents\My Music
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\My Documents
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Local Settings
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Cookies
[2014.07.20 13:36:50 | 000,000,000 | -HSD | C] -- C:\Users\jol\Application Data
[2014.07.20 13:36:50 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\temp
[2014.07.20 13:36:50 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Local\Microsoft
[2014.07.20 13:36:50 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData\Roaming\Media Center Programs
[2014.07.20 13:36:50 | 000,000,000 | ---D | C] -- C:\Users\jol\AppData
[2014.07.19 21:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014.07.19 19:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014.07.19 19:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014.07.19 15:42:03 | 001,715,176 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvspbridge64.dll
[2014.07.19 15:42:03 | 001,291,232 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvspbridge.dll
[2014.07.19 15:27:09 | 001,279,480 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvspcap64.dll
[2014.07.19 15:27:09 | 001,122,312 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvspcap.dll
[2014.07.19 15:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2014.07.19 15:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014.07.19 15:26:13 | 000,601,432 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvStreaming.exe
[2014.07.19 15:25:43 | 006,769,096 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcpl.dll
[2014.07.19 15:25:43 | 003,514,144 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvsvc64.dll
[2014.07.19 15:25:43 | 002,560,968 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvsvcr.dll
[2014.07.19 15:25:43 | 000,387,528 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvmctray.dll
[2014.07.19 15:25:43 | 000,062,808 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvshext.dll
[2014.07.19 15:25:28 | 000,061,216 | ---- | C] (Khronos Group) -- C:\windows\SysNative\OpenCL.dll
[2014.07.19 15:25:28 | 000,052,056 | ---- | C] (Khronos Group) -- C:\windows\SysWow64\OpenCL.dll
[2014.07.19 15:24:26 | 031,387,936 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglv64.dll
[2014.07.19 15:24:26 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcompiler.dll
[2014.07.19 15:24:26 | 024,025,376 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglv32.dll
[2014.07.19 15:24:26 | 018,531,568 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvwgf2umx.dll
[2014.07.19 15:24:26 | 017,561,544 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcompiler.dll
[2014.07.19 15:24:26 | 017,480,432 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvd3dumx.dll
[2014.07.19 15:24:26 | 016,003,912 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvwgf2um.dll
[2014.07.19 15:24:26 | 014,434,704 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvd3dum.dll
[2014.07.19 15:24:26 | 011,644,928 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuda.dll
[2014.07.19 15:24:26 | 011,599,072 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvopencl.dll
[2014.07.19 15:24:26 | 009,735,256 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuda.dll
[2014.07.19 15:24:26 | 009,697,640 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvopencl.dll
[2014.07.19 15:24:26 | 003,141,976 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvid.dll
[2014.07.19 15:24:26 | 003,109,248 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvapi64.dll
[2014.07.19 15:24:26 | 002,953,672 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvid.dll
[2014.07.19 15:24:26 | 002,785,568 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvenc.dll
[2014.07.19 15:24:26 | 002,730,208 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvapi.dll
[2014.07.19 15:24:26 | 002,412,376 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvenc.dll
[2014.07.19 15:24:26 | 001,889,112 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispco6433788.dll
[2014.07.19 15:24:26 | 001,541,576 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispgenco6433788.dll
[2014.07.19 15:24:26 | 001,515,296 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvhdagenco6420103.dll
[2014.07.19 15:24:26 | 000,952,952 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvumdshimx.dll
[2014.07.19 15:24:26 | 000,895,776 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\NvIFR64.dll
[2014.07.19 15:24:26 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\NvFBC64.dll
[2014.07.19 15:24:26 | 000,867,784 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\NvIFR.dll
[2014.07.19 15:24:26 | 000,861,128 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\NvFBC.dll
[2014.07.19 15:24:26 | 000,837,056 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvumdshim.dll
[2014.07.19 15:24:26 | 000,354,016 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglshim64.dll
[2014.07.19 15:24:26 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglshim32.dll
[2014.07.19 15:24:26 | 000,197,408 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\drivers\nvhda64v.sys
[2014.07.19 15:24:26 | 000,166,568 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvinitx.dll
[2014.07.19 15:24:26 | 000,146,480 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvinit.dll
[2014.07.19 15:24:26 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvhdap64.dll
[2014.07.19 15:23:01 | 000,040,392 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\drivers\nvvad64v.sys
[2014.07.19 15:22:58 | 000,037,320 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvaudcap64v.dll
[2014.07.19 15:22:58 | 000,034,760 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvaudcap32v.dll
[2014.07.15 14:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014.07.11 18:28:53 | 000,028,640 | ---- | C] (Uwe Sieber - www.uwe-sieber.de) -- C:\windows\SysNative\DriveCleanup.exe
[2014.07.11 17:58:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits
[2014.07.11 17:11:20 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_43.dll
[2014.07.11 17:11:20 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_43.dll
[2014.07.11 17:11:20 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_43.dll
[2014.07.11 17:11:20 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_43.dll
[2014.07.11 17:11:20 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_7.dll
[2014.07.11 17:11:20 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_7.dll
[2014.07.11 17:11:20 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_7.dll
[2014.07.11 17:11:20 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_7.dll
[2014.07.11 17:11:20 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_5.dll
[2014.07.11 17:11:20 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_5.dll
[2014.07.11 17:11:18 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_6.dll
[2014.07.11 17:11:18 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_6.dll
[2014.07.11 17:11:18 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_5.dll
[2014.07.11 17:11:18 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_5.dll
[2014.07.11 17:11:18 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_6.dll
[2014.07.11 17:11:18 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_6.dll
[2014.07.11 17:11:18 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_4.dll
[2014.07.11 17:11:18 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_4.dll
[2014.07.11 17:11:18 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_7.dll
[2014.07.11 17:11:18 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_7.dll
[2014.07.11 17:11:17 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_42.dll
[2014.07.11 17:11:17 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_42.dll
[2014.07.11 17:11:17 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_42.dll
[2014.07.11 17:11:17 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_42.dll
[2014.07.11 17:11:17 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_42.dll
[2014.07.11 17:11:17 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_5.dll
[2014.07.11 17:11:17 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_42.dll
[2014.07.11 17:11:17 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_5.dll
[2014.07.11 17:11:16 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_42.dll
[2014.07.11 17:11:16 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_41.dll
[2014.07.11 17:11:16 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_41.dll
[2014.07.11 17:11:16 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_42.dll
[2014.07.11 17:11:16 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_41.dll
[2014.07.11 17:11:16 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_41.dll
[2014.07.11 17:11:15 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_41.dll
[2014.07.11 17:11:15 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_4.dll
[2014.07.11 17:11:15 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_4.dll
[2014.07.11 17:11:15 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_3.dll
[2014.07.11 17:11:15 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_3.dll
[2014.07.11 17:11:15 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_6.dll
[2014.07.11 17:11:14 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_40.dll
[2014.07.11 17:11:14 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_40.dll
[2014.07.11 17:11:14 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_40.dll
[2014.07.11 17:11:14 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_40.dll
[2014.07.11 17:11:14 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_40.dll
[2014.07.11 17:11:14 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_3.dll
[2014.07.11 17:11:14 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_3.dll
[2014.07.11 17:11:14 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_40.dll
[2014.07.11 17:11:14 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_2.dll
[2014.07.11 17:11:14 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_2.dll
[2014.07.11 17:11:13 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_2.dll
[2014.07.11 17:11:13 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll
[2014.07.11 17:11:13 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_3.dll
[2014.07.11 17:11:13 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_3.dll
[2014.07.11 17:11:13 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_1.dll
[2014.07.11 17:11:13 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll
[2014.07.11 17:11:13 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_5.dll
[2014.07.11 17:11:13 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_5.dll
[2014.07.11 17:11:12 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_39.dll
[2014.07.11 17:11:12 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_39.dll
[2014.07.11 17:11:12 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_39.dll
[2014.07.11 17:11:12 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_39.dll
[2014.07.11 17:11:12 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_39.dll
[2014.07.11 17:11:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_39.dll
[2014.07.11 17:11:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_2.dll
[2014.07.11 17:11:12 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_2.dll
[2014.07.11 16:07:02 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2014.07.11 15:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014.07.11 15:21:06 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2014.07.11 14:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014.07.11 12:18:05 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\windows\SysNative\drivers\mcdbus.sys
[2014.07.11 11:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2014.07.11 11:43:48 | 000,016,896 | ---- | C] (ASUS) -- C:\windows\AsTaskSched.dll
[2014.07.11 11:42:19 | 000,028,672 | ---- | C] (ASUSTek Computer Inc.) -- C:\windows\SysWow64\AsIO.dll
[2014.07.11 11:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2014.07.11 11:27:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2014.07.11 10:59:59 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2014.07.11 10:59:59 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2014.07.11 10:58:56 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2014.07.11 10:53:24 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014.07.11 10:53:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014.07.11 10:53:24 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014.07.11 10:53:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014.07.11 10:53:24 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014.07.11 10:53:24 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.07.11 10:53:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014.07.11 10:53:23 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014.07.11 10:53:22 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014.07.11 10:53:22 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014.07.11 10:53:22 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014.07.11 10:53:22 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014.07.11 10:53:22 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014.07.11 10:53:22 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014.07.11 10:53:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014.07.11 10:53:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014.07.11 10:53:21 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014.07.11 10:53:21 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014.07.11 10:53:21 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014.07.11 10:53:21 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014.07.11 10:53:20 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014.07.11 10:53:20 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014.07.11 10:53:20 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014.07.11 10:53:20 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014.07.11 10:53:20 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014.07.11 10:53:19 | 005,721,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014.07.11 10:53:19 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014.07.11 10:53:19 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014.07.11 10:53:19 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014.07.11 10:53:19 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014.07.11 10:53:19 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014.07.11 10:53:19 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014.07.11 10:53:18 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014.07.11 10:53:18 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014.07.11 10:53:18 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014.07.11 10:52:28 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\osk.exe
[2014.07.11 10:52:28 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\osk.exe
[2014.07.11 10:52:27 | 000,519,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014.07.11 10:52:27 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014.07.11 10:50:39 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014.07.30 13:30:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014.07.30 13:30:33 | 2119,864,319 | -HS- | M] () -- C:\hiberfil.sys
[2014.07.30 13:16:47 | 000,022,064 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.07.30 13:16:47 | 000,022,064 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.07.30 13:16:05 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\jol\Desktop\JRT.exe
[2014.07.30 02:08:38 | 000,000,562 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk
[2014.07.29 23:23:36 | 000,128,728 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.07.29 23:23:09 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014.07.29 23:22:55 | 001,365,551 | ---- | M] () -- C:\Users\jol\Desktop\AdwCleaner.exe
[2014.07.29 23:22:29 | 014,349,744 | ---- | M] (Malwarebytes Corp.) -- C:\Users\jol\Desktop\mbar-1.07.0.1012.exe
[2014.07.29 22:03:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jol\Desktop\OTL.exe
[2014.07.29 22:03:30 | 000,854,390 | ---- | M] () -- C:\Users\jol\Desktop\SecurityCheck.exe
[2014.07.29 18:02:15 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\jol\Desktop\dds.com
[2014.07.29 17:27:59 | 000,000,768 | ---- | M] () -- C:\windows\SysNative\drivers\etc\HOSTS
[2014.07.29 17:23:56 | 000,030,312 | ---- | M] () -- C:\windows\SysNative\drivers\TrueSight.sys
[2014.07.28 19:41:45 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014.07.28 18:26:14 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014.07.28 18:26:14 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.07.28 11:22:51 | 000,001,397 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2014.07.28 11:16:00 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\windows\Setup1.exe
[2014.07.28 11:15:59 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\windows\ST6UNST.EXE
[2014.07.27 19:25:13 | 002,093,568 | ---- | M] (Farbar) -- C:\Users\jol\Desktop\FRST64.exe
[2014.07.27 18:26:12 | 000,276,984 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014.07.27 04:27:59 | 000,000,085 | ---- | M] () -- C:\windows\wininit.ini
[2014.07.27 03:42:13 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014.07.27 02:15:25 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014.07.27 02:15:22 | 000,427,360 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2014.07.27 02:15:05 | 001,041,168 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2014.07.27 02:15:05 | 000,307,344 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014.07.27 02:15:05 | 000,224,896 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2014.07.27 02:15:05 | 000,093,568 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014.07.27 02:15:05 | 000,092,008 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2014.07.27 02:15:05 | 000,079,184 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014.07.27 02:15:05 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2014.07.27 02:15:05 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2014.07.27 02:15:05 | 000,029,208 | ---- | M] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2014.07.25 00:07:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2014.07.24 01:11:07 | 000,007,605 | ---- | M] () -- C:\Users\jol\AppData\Local\Resmon.ResmonCfg
[2014.07.24 00:00:30 | 000,825,948 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014.07.24 00:00:30 | 000,680,560 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014.07.24 00:00:30 | 000,130,484 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014.07.23 17:02:41 | 000,000,840 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts_bak_464
[2014.07.22 18:16:27 | 000,786,432 | -HS- | M] () -- C:\Users\jol\NTUSER.bak
[2014.07.22 18:09:18 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014.07.21 06:01:52 | 000,028,960 | ---- | M] (Glarysoft Ltd) -- C:\windows\SysNative\RegBootDefrag.exe
[2014.07.20 13:39:21 | 000,001,407 | ---- | M] () -- C:\Users\jol\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014.07.20 13:38:27 | 000,001,300 | ---- | M] () -- C:\Users\jol\Desktop\Steam.lnk
[2014.07.20 11:46:31 | 000,001,908 | ---- | M] () -- C:\windows\diagwrn.xml
[2014.07.20 11:46:31 | 000,001,908 | ---- | M] () -- C:\windows\diagerr.xml
[2014.07.19 21:31:58 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014.07.19 19:51:54 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.07.19 15:59:13 | 000,000,207 | ---- | M] () -- C:\windows\tweaking.com-regbackup-ASUS100-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014.07.19 15:32:41 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014.07.15 15:26:51 | 000,786,658 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014.07.11 16:13:44 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.old
[2014.07.11 11:43:48 | 000,016,896 | ---- | M] (ASUS) -- C:\windows\AsTaskSched.dll
[2014.07.11 11:29:39 | 000,985,536 | ---- | M] () -- C:\windows\PE_Rom.dll
[2014.07.11 11:29:26 | 001,051,072 | ---- | M] () -- C:\windows\PE_File.dll
[2014.07.11 11:28:02 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\1043_ASUSTeK_CM6630_CM6730_CM6830..alu
[2014.07.11 11:27:29 | 000,001,769 | ---- | M] () -- C:\windows\Language_trs.ini
 
========== Files Created - No Company Name ==========
 
[2014.07.30 02:08:38 | 000,000,562 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
[2014.07.29 23:22:55 | 001,365,551 | ---- | C] () -- C:\Users\jol\Desktop\AdwCleaner.exe
[2014.07.29 22:03:30 | 000,854,390 | ---- | C] () -- C:\Users\jol\Desktop\SecurityCheck.exe
[2014.07.29 16:31:32 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014.07.29 16:31:32 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014.07.29 16:31:32 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014.07.29 16:31:32 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014.07.29 16:31:32 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2014.07.28 11:22:51 | 000,001,397 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2014.07.27 18:26:05 | 000,276,984 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014.07.27 04:27:55 | 000,000,085 | ---- | C] () -- C:\windows\wininit.ini
[2014.07.27 03:42:13 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014.07.27 02:16:45 | 000,064,720 | ---- | C] () -- C:\windows\SysWow64\drivers\OADriver.sys
[2014.07.27 02:16:45 | 000,062,008 | ---- | C] () -- C:\windows\SysWow64\drivers\oahlp64.sys
[2014.07.27 02:15:25 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014.07.27 02:15:11 | 000,224,896 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2014.07.27 02:15:10 | 000,065,776 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2014.07.27 02:15:09 | 000,029,208 | ---- | C] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2014.07.25 00:07:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2014.07.24 01:11:07 | 000,007,605 | ---- | C] () -- C:\Users\jol\AppData\Local\Resmon.ResmonCfg
[2014.07.20 13:39:21 | 000,001,407 | ---- | C] () -- C:\Users\jol\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014.07.20 13:38:27 | 000,001,300 | ---- | C] () -- C:\Users\jol\Desktop\Steam.lnk
[2014.07.20 13:37:13 | 000,001,413 | ---- | C] () -- C:\Users\jol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014.07.20 13:36:50 | 000,786,432 | -HS- | C] () -- C:\Users\jol\NTUSER.bak
[2014.07.20 13:36:50 | 000,000,290 | ---- | C] () -- C:\Users\jol\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014.07.20 13:36:50 | 000,000,272 | ---- | C] () -- C:\Users\jol\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014.07.20 11:44:32 | 000,001,908 | ---- | C] () -- C:\windows\diagwrn.xml
[2014.07.20 11:44:32 | 000,001,908 | ---- | C] () -- C:\windows\diagerr.xml
[2014.07.19 21:31:58 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014.07.19 21:31:58 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014.07.19 19:51:54 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.07.19 15:59:13 | 000,000,207 | ---- | C] () -- C:\windows\tweaking.com-regbackup-ASUS100-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014.07.19 15:32:41 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2014.07.19 15:25:43 | 003,774,821 | ---- | C] () -- C:\windows\SysNative\nvcoproc.bin
[2014.07.19 15:24:26 | 000,026,069 | ---- | C] () -- C:\windows\SysNative\nvinfo.pb
[2014.07.11 15:28:58 | 000,030,312 | ---- | C] () -- C:\windows\SysNative\drivers\TrueSight.sys
[2014.07.11 11:42:19 | 000,013,440 | ---- | C] () -- C:\windows\SysWow64\drivers\AsIO.sys
[2014.07.11 11:42:15 | 000,011,832 | ---- | C] () -- C:\windows\SysWow64\drivers\AsInsHelp64.sys
[2014.07.11 11:42:15 | 000,010,216 | ---- | C] () -- C:\windows\SysWow64\drivers\AsInsHelp32.sys
[2014.07.11 11:28:32 | 001,051,072 | ---- | C] () -- C:\windows\PE_File.dll
[2014.07.11 11:28:28 | 000,985,536 | ---- | C] () -- C:\windows\PE_Rom.dll
[2014.07.11 11:28:02 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\1043_ASUSTeK_CM6630_CM6730_CM6830..alu
[2014.07.11 11:27:43 | 000,014,464 | ---- | C] () -- C:\windows\SysWow64\drivers\AsUpIO.sys
[2014.07.11 11:27:29 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2014.06.21 16:51:55 | 000,786,658 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014.02.20 18:14:02 | 000,179,377 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2013.08.05 09:15:08 | 000,066,104 | ---- | C] () -- C:\windows\SysWow64\bdmpegv.dll
[2013.08.05 09:15:06 | 000,023,080 | ---- | C] () -- C:\windows\SysWow64\bdmjpeg.dll
 
========== ZeroAccess Check ==========
 
[2014.07.15 15:27:01 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 05:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 05:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010.11.21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014.07.27 02:15:28 | 000,000,000 | ---D | M] -- C:\Users\jol\AppData\Roaming\AVAST Software
[2014.07.30 01:55:37 | 000,000,000 | ---D | M] -- C:\Users\jol\AppData\Roaming\BANDISOFT
[2014.07.23 23:59:21 | 000,000,000 | ---D | M] -- C:\Users\jol\AppData\Roaming\DiskDefrag
[2014.07.27 17:36:26 | 000,000,000 | ---D | M] -- C:\Users\jol\AppData\Roaming\GlarySoft
[2014.07.23 20:04:57 | 000,000,000 | ---D | M] -- C:\Users\jol\AppData\Roaming\IObit
[2014.07.27 02:17:40 | 000,000,000 | ---D | M] -- C:\Users\jol\AppData\Roaming\OnlineArmor
[2014.07.20 18:25:51 | 000,000,000 | ---D | M] -- C:\Users\jol\AppData\Roaming\TeamViewer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:1AAB2E68
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >



#10 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:06 AM

Posted 30 July 2014 - 05:54 AM

Hello kalapurkki,


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 kalapurkki

kalapurkki
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 30 July 2014 - 07:02 AM

Eset and Malwarebytes nothing found



#12 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:06 AM

Posted 30 July 2014 - 08:06 AM


How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 kalapurkki

kalapurkki
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 30 July 2014 - 08:22 AM

Its still kinda slow

#14 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:06 AM

Posted 30 July 2014 - 10:34 AM

Hello kalapurkki,

the OTL log shows that you installed Combofix yesterday.
Did you run it?
If yes, please post the log.
 

***


Please download Farbar Service Scanner and run it on the computer with the issue.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

***


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. DSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 kalapurkki

kalapurkki
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 01 August 2014 - 11:32 AM

Im now very busy and i cant come to pc now. Can i reply then when im at home?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users