Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser going on extendendunlimited.org at startup


  • This topic is locked This topic is locked
4 replies to this topic

#1 DarkMast3r

DarkMast3r

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 13 September 2014 - 06:32 PM

I think I just caught a malware of some sort. After booting up my PC, my internet browser opens up by itself on a russian page called extendedunlimited.org

 

this is my log generated by the farbar recovery tool, hope you can help me.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by notebook (administrator) on NOTEBOOK-PC on 14-09-2014 01:25:18
Running from C:\Users\notebook\Desktop\frst
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-12] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-557742410-3605878259-239549215-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-13] (SUPERAntiSpyware)
HKU\S-1-5-21-557742410-3605878259-239549215-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-557742410-3605878259-239549215-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-557742410-3605878259-239549215-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-557742410-3605878259-239549215-1001\...\MountPoints2: E - E:\Autorun.exe
HKU\S-1-5-21-557742410-3605878259-239549215-1008\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [246024 2012-12-29] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~3\browserprotect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.dll => "c:\progra~3\browserprotect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.dll" File Not Found
AppInit_DLLs-x32:  c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201728 2012-12-29] (NVIDIA Corporation)
AppInit_DLLs-x32: , c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201728 2012-12-29] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers: KAVOverlayIcon -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: KAVOverlayIcon -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=200.182.190.154:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EC725894-CCFD-4F51-A0F5-44350E2D4C24}: [NameServer] 8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\4w7uoba8.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @coreonline.com/run3d,version=1.0 -> C:\Users\notebook\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\notebook\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF user.js: detected! => C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\4w7uoba8.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\4w7uoba8.default\searchplugins\daemon-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF Extension: Avira Browser Safety - C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\4w7uoba8.default\Extensions\abs@avira.com [2014-09-05]
FF Extension: Battlefield Heroes Updater - C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\4w7uoba8.default\Extensions\battlefieldheroespatcher@ea.com [2012-12-16]
FF Extension: Battlefield Play4Free - C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\4w7uoba8.default\Extensions\battlefieldplay4free@ea.com [2012-05-01]
FF Extension: cacaoweb - C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\4w7uoba8.default\Extensions\cacaoweb@cacaoweb.org [2012-03-01]
FF Extension: Firebug - C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\4w7uoba8.default\Extensions\firebug@software.joehewitt.com.xpi [2014-01-11]
FF Extension: Download YouTube Videos as MP4 - C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\4w7uoba8.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-07-15]
FF Extension: Adblock Plus - C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\4w7uoba8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-01-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-12]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-09-12]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-12]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-09-12]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-09-12]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-09-12]
 
Chrome: 
=======
CHR HomePage: Default -> E2612319FB7BE47166AF81768404BA3FA4DE336874754B00E5BC9A0B6A7372CB
CHR DefaultSearchKeyword: Default -> DBD8F5932BA6C1CAF51A21EC87D393FC81182E912C0679505EB9FEA3346FB40C
CHR DefaultSearchProvider: Default -> 04CD76825B6FCF84D3889C3B04204DBE7C23DB6005558EA247258FD8C6E293F6
CHR DefaultSearchURL: Default -> E9B0066BE545C58021F87E4C083D37D1A7D0461CE4E3F6127E1931B45FFAEE6C
CHR Profile: C:\Users\notebook\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Controllo URL Kaspersky) - C:\Users\notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-09-12]
CHR Extension: (Avira Browser Safety) - C:\Users\notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-14]
CHR Extension: (Safe Money) - C:\Users\notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-09-12]
CHR Extension: (Content Blocker) - C:\Users\notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-09-12]
CHR Extension: (Virtual Keyboard) - C:\Users\notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-09-12]
CHR Extension: (Skype Click to Call) - C:\Users\notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-07]
CHR Extension: (Kaspersky Protection) - C:\Users\notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-09-14]
CHR Extension: (Google Wallet) - C:\Users\notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-14]
CHR Extension: (Anti-Banner) - C:\Users\notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-12]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-12]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-12]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2013-07-12]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-20] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-12] (Kaspersky Lab ZAO)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-05-19] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-05-19] (Creative Labs) [File not signed]
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-05-20] (Creative Technology Ltd) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S4 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8918 2011-07-13] () [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3804120 2011-08-07] (INCA Internet Co., Ltd.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-22] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-21] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-09-12] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-09-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-09-12] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-09-12] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-12] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-12] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-12] (Kaspersky Lab ZAO)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [111696 2013-11-11] ()
S3 RDID1076; C:\Windows\System32\Drivers\rdwm1076.sys [198144 2009-09-18] (Roland Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-14 01:20 - 2014-09-14 01:20 - 00019478 _____ () C:\Windows\PFRO.log
2014-09-14 01:20 - 2014-09-14 01:20 - 00000056 _____ () C:\Windows\setupact.log
2014-09-14 01:20 - 2014-09-14 01:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-14 01:14 - 2014-09-14 01:25 - 00000000 ____D () C:\Users\notebook\Desktop\frst
2014-09-14 01:11 - 2014-09-14 01:13 - 00065531 _____ () C:\Users\notebook\Downloads\Addition.txt
2014-09-14 01:05 - 2014-09-14 01:25 - 00000000 ____D () C:\FRST
2014-09-14 01:05 - 2014-09-14 01:13 - 00075502 _____ () C:\Users\notebook\Downloads\FRST.txt
2014-09-13 21:04 - 2014-09-13 21:14 - 93455823 _____ () C:\Users\notebook\Desktop\Corneria Final.mp4
2014-09-13 20:10 - 2014-09-13 20:21 - 21099525 _____ () C:\Users\notebook\Downloads\Starfox - Corneria Gameplay.mp4
2014-09-13 14:52 - 2014-09-13 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orch Hit Free
2014-09-13 14:52 - 2014-09-13 14:52 - 00000000 ____D () C:\Program Files (x86)\Orch Hit Free
2014-09-13 14:50 - 2014-09-13 14:51 - 10149915 _____ () C:\Users\notebook\Downloads\OrchHitfreepluginVSTIsetup.ZIP
2014-09-13 14:21 - 2014-09-13 14:21 - 00002134 _____ () C:\Users\notebook\Desktop\Hit.mid
2014-09-13 13:45 - 2014-09-13 13:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-09-12 15:56 - 2014-09-12 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0
2014-09-12 15:56 - 2014-09-12 15:55 - 00001096 _____ () C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2014-09-12 15:55 - 2013-11-12 00:23 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2014-09-12 15:54 - 2011-06-02 14:39 - 00084536 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2014-09-12 15:54 - 2011-06-02 14:39 - 00066616 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2014-09-12 15:53 - 2014-09-14 01:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-12 15:53 - 2014-09-12 15:53 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-09-12 15:53 - 2014-09-12 15:53 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-09-12 15:52 - 2014-09-12 16:37 - 00628288 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-09-12 15:52 - 2014-09-12 16:37 - 00092768 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-09-11 18:53 - 2014-09-11 18:53 - 00022640 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Castlevania 2 - Simons Quest Bloody Tears (Pro).gp5
2014-09-11 18:51 - 2014-09-11 18:51 - 00019522 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Castlevania 2 - Bloody Tears (Pro).gp5
2014-09-11 18:48 - 2014-09-11 18:49 - 00011736 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Phoenix Wright Ace Attorney - Pursuit Cornered (Pro).gp5
2014-09-11 18:43 - 2014-09-11 18:43 - 00063748 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Kirby - Green Greens (Pro).gp5
2014-09-11 18:38 - 2014-09-11 18:38 - 00023825 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Mario Kart 64 Rainbow Road (Power) (1).ptb
2014-09-11 18:36 - 2014-09-11 18:36 - 00010424 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Super Mario Bros 3 - Athletic Theme (Pro).gp5
2014-09-11 18:34 - 2014-09-11 18:34 - 00025080 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Super Mario Galaxy - To The Gateway (Pro).gp5
2014-09-11 18:33 - 2014-09-11 18:33 - 00029318 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Super Mario World 2 Yoshis Island - Yoshis Island (Pro).gp5
2014-09-11 18:31 - 2014-09-11 18:32 - 00038592 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Super Mario World 2 Yoshis Island - The Flower Garden (Pro).gp5
2014-09-11 14:32 - 2014-09-14 01:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 14:32 - 2014-09-11 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-11 14:32 - 2014-09-11 14:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-11 14:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-11 14:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-11 03:02 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:02 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 03:02 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:02 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:02 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:02 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 03:02 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:02 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:02 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:02 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:02 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:02 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:02 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 03:02 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:02 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:02 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:02 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:02 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:02 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:02 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 03:02 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:02 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:02 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 03:02 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:02 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 03:02 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 03:02 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 03:02 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 03:02 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:02 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:02 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 03:02 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 03:02 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:02 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 03:02 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 03:02 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 03:02 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 03:02 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:02 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:02 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:02 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:02 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:02 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 03:02 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 03:02 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 03:02 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:02 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 03:02 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:02 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 03:02 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 03:02 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 03:02 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:02 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 03:02 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 03:02 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:02 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 02:47 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 02:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 21:01 - 2014-09-10 21:03 - 00000000 ____D () C:\Users\notebook\Desktop\Nuova cartella (2)
2014-09-10 20:58 - 2014-09-10 20:58 - 00137737 _____ () C:\Users\notebook\Downloads\ShadowExplorer-0.9-portable.zip
2014-09-10 20:58 - 2014-09-10 20:58 - 00000000 ____D () C:\Users\notebook\AppData\Roaming\www.shadowexplorer.com
2014-09-10 14:49 - 2014-09-10 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 14:48 - 2014-09-10 14:49 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 14:48 - 2014-09-10 14:49 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 14:48 - 2014-09-10 14:48 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 13:40 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 13:40 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 13:37 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 13:37 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 13:37 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 13:37 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 13:37 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 13:37 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 13:37 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 22:57 - 2014-09-10 20:52 - 00000000 ____D () C:\Users\notebook\Desktop\The Sims 4
2014-09-09 22:56 - 2014-09-10 22:53 - 00000000 ____D () C:\Users\notebook\Desktop\Nuova cartella
2014-09-09 15:19 - 2014-09-09 15:49 - 393300192 ____R () C:\Users\notebook\Downloads\AMG Kick-Ass Brass EXS24.rar
2014-09-08 13:16 - 2014-09-08 13:16 - 00049690 _____ () C:\Users\notebook\Desktop\Misc Computer Games - Star Fox - Corneria (Pro) (1).mid
2014-09-07 23:49 - 2014-09-10 22:54 - 00000000 ____D () C:\Users\notebook\Documents\Electronic Arts
2014-09-07 23:39 - 2014-09-07 23:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-07 23:31 - 2014-09-07 23:39 - 00000000 ____D () C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-07 23:30 - 2014-09-07 23:30 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-07 16:26 - 2014-09-07 16:26 - 00048559 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Star Fox - Corneria (Pro) (1).gp5
2014-09-07 16:22 - 2014-09-07 16:22 - 00000077 _____ () C:\Users\notebook\Documents\torrent.txt
2014-09-07 14:04 - 2014-09-07 21:48 - 00000000 ____D () C:\Users\notebook\Downloads\The SIMS 4 Deluxe Edition [L]
2014-09-07 14:02 - 2014-09-07 14:02 - 00045189 _____ () C:\Users\notebook\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm.torrent
2014-09-06 18:54 - 2014-09-06 18:54 - 00000000 ____D () C:\Users\notebook\Downloads\The Sims 4
2014-09-06 18:53 - 2014-09-06 18:53 - 00030423 _____ () C:\Users\notebook\Downloads\TheSims4 by Abyz.torrent
2014-09-06 18:53 - 2014-09-06 18:53 - 00000000 ____D () C:\Users\notebook\Downloads\The SIMS 4-Deluxe Edition-SKIDROWCRACK
2014-09-05 18:23 - 2014-09-05 18:44 - 115224933 _____ () C:\Users\notebook\Downloads\Donkey Kong Country 2 - Level 16 - Bramble Blast.mp4
2014-09-05 12:45 - 2014-09-05 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-05 12:45 - 2014-09-05 12:45 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-04 16:22 - 2014-09-04 16:22 - 00045189 _____ () C:\Users\notebook\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.l.torrent
2014-09-04 16:16 - 2014-09-04 16:16 - 00042785 _____ () C:\Users\notebook\Downloads\[kickass.to]the.sims.4.pc.full.game.origins.multi17.nosteam.torrent
2014-09-04 16:12 - 2014-09-04 16:12 - 00030423 _____ () C:\Users\notebook\Downloads\The Sims 4-SG.torrent
2014-09-02 01:29 - 2014-09-02 01:29 - 00048559 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Star Fox - Corneria (Pro).gp5
2014-08-30 14:09 - 2014-08-30 14:13 - 54025479 _____ () C:\Users\notebook\Downloads\Street Fighter II (SNES) Guile Gameplay 2_2.mp4
2014-08-30 14:08 - 2014-08-30 14:22 - 22310991 _____ () C:\Users\notebook\Downloads\Super Street Fighter II - The New Challengers (1994) [SNES] Guile Gameplay on 1 Star mode Part 4.mp4
2014-08-29 17:18 - 2014-08-29 17:18 - 00000000 ____D () C:\Users\notebook\AppData\Local\{F6EF604F-88CD-4D34-9CAF-AF20B84254A9}
2014-08-29 12:53 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 12:53 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 12:53 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-23 19:19 - 2014-08-23 19:19 - 00001351 _____ () C:\Users\notebook\Documents\AutoHotkey.ahk
2014-08-23 19:18 - 2014-08-23 19:18 - 00001054 _____ () C:\Users\notebook\Desktop\DSIIMouse1.2.ahk
2014-08-23 19:18 - 2014-08-23 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2014-08-23 19:18 - 2014-08-23 19:18 - 00000000 ____D () C:\Program Files\AutoHotkey
2014-08-23 19:16 - 2014-08-23 19:17 - 02703056 _____ () C:\Users\notebook\Downloads\AutoHotkey111504_Install.exe
2014-08-20 12:02 - 2014-09-09 11:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-20 03:13 - 2014-08-20 03:13 - 00391774 _____ () C:\Users\notebook\Downloads\DSfix22-19-2-2.zip
2014-08-15 02:44 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 02:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 02:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 02:44 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 02:44 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 02:44 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 02:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 02:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-14 01:26 - 2011-04-12 20:55 - 00000000 ____D () C:\Users\notebook\AppData\Roaming\Skype
2014-09-14 01:25 - 2014-09-14 01:14 - 00000000 ____D () C:\Users\notebook\Desktop\frst
2014-09-14 01:25 - 2014-09-14 01:05 - 00000000 ____D () C:\FRST
2014-09-14 01:25 - 2014-09-11 14:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 01:24 - 2014-09-12 15:53 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-14 01:22 - 2014-04-07 19:18 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-14 01:20 - 2014-09-14 01:20 - 00019478 _____ () C:\Windows\PFRO.log
2014-09-14 01:20 - 2014-09-14 01:20 - 00000056 _____ () C:\Windows\setupact.log
2014-09-14 01:20 - 2014-09-14 01:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-14 01:20 - 2013-08-06 23:00 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-14 01:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 01:19 - 2012-12-19 02:41 - 02050583 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 01:13 - 2014-09-14 01:11 - 00065531 _____ () C:\Users\notebook\Downloads\Addition.txt
2014-09-14 01:13 - 2014-09-14 01:05 - 00075502 _____ () C:\Users\notebook\Downloads\FRST.txt
2014-09-14 00:59 - 2014-08-02 19:56 - 00000000 ____D () C:\Users\notebook\AppData\Roaming\Adobe
2014-09-14 00:55 - 2013-07-07 14:32 - 00000000 ____D () C:\Users\notebook\AppData\Local\LogMeIn Hamachi
2014-09-14 00:55 - 2011-08-10 00:40 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-14 00:55 - 2011-06-06 13:53 - 00000000 ____D () C:\Users\notebook\AppData\Roaming\uTorrent
2014-09-14 00:53 - 2013-06-07 01:24 - 00000000 ____D () C:\Users\notebook\AppData\Local\CrashDumps
2014-09-14 00:39 - 2013-08-06 23:00 - 00001154 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-14 00:39 - 2012-04-14 15:38 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 00:39 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 00:39 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-13 22:25 - 2011-10-30 12:38 - 00000016 _____ () C:\Windows\SysWOW64\w3data.vss
2014-09-13 22:25 - 2011-10-30 12:38 - 00000016 _____ () C:\Windows\SysWOW64\msvcsv60.dll
2014-09-13 22:25 - 2011-10-30 12:38 - 00000016 _____ () C:\Windows\msocreg32.dat
2014-09-13 22:25 - 2011-10-30 12:38 - 00000016 _____ () C:\Users\notebook\AppData\Roaming\msregsvv.dll
2014-09-13 22:25 - 2011-10-30 01:12 - 00000016 _____ () C:\ProgramData\autobk.inc
2014-09-13 21:14 - 2014-09-13 21:04 - 93455823 _____ () C:\Users\notebook\Desktop\Corneria Final.mp4
2014-09-13 21:00 - 2014-07-16 00:01 - 00000000 ____D () C:\Users\notebook\Desktop\Progetti canale
2014-09-13 20:52 - 2011-08-22 20:01 - 00000000 ____D () C:\Users\notebook\Documents\Vegas Movie Studio HD Platinum 11.0 Projects
2014-09-13 20:21 - 2014-09-13 20:10 - 21099525 _____ () C:\Users\notebook\Downloads\Starfox - Corneria Gameplay.mp4
2014-09-13 14:52 - 2014-09-13 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orch Hit Free
2014-09-13 14:52 - 2014-09-13 14:52 - 00000000 ____D () C:\Program Files (x86)\Orch Hit Free
2014-09-13 14:51 - 2014-09-13 14:50 - 10149915 _____ () C:\Users\notebook\Downloads\OrchHitfreepluginVSTIsetup.ZIP
2014-09-13 14:21 - 2014-09-13 14:21 - 00002134 _____ () C:\Users\notebook\Desktop\Hit.mid
2014-09-13 13:45 - 2014-09-13 13:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-09-13 01:28 - 2012-09-20 16:04 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-12 18:16 - 2010-08-30 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2014-09-12 18:16 - 2010-08-30 11:12 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2014-09-12 18:16 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-12 16:37 - 2014-09-12 15:52 - 00628288 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-09-12 16:37 - 2014-09-12 15:52 - 00092768 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-09-12 16:37 - 2013-11-12 00:23 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-09-12 16:37 - 2012-08-02 15:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2014-09-12 15:56 - 2014-09-12 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0
2014-09-12 15:55 - 2014-09-12 15:56 - 00001096 _____ () C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2014-09-12 15:53 - 2014-09-12 15:53 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-09-12 15:53 - 2014-09-12 15:53 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-09-12 14:27 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\addins
2014-09-11 23:27 - 2011-08-08 20:15 - 00000000 ____D () C:\ProgramData\Origin
2014-09-11 22:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 18:53 - 2014-09-11 18:53 - 00022640 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Castlevania 2 - Simons Quest Bloody Tears (Pro).gp5
2014-09-11 18:51 - 2014-09-11 18:51 - 00019522 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Castlevania 2 - Bloody Tears (Pro).gp5
2014-09-11 18:49 - 2014-09-11 18:48 - 00011736 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Phoenix Wright Ace Attorney - Pursuit Cornered (Pro).gp5
2014-09-11 18:43 - 2014-09-11 18:43 - 00063748 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Kirby - Green Greens (Pro).gp5
2014-09-11 18:38 - 2014-09-11 18:38 - 00023825 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Mario Kart 64 Rainbow Road (Power) (1).ptb
2014-09-11 18:36 - 2014-09-11 18:36 - 00010424 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Super Mario Bros 3 - Athletic Theme (Pro).gp5
2014-09-11 18:34 - 2014-09-11 18:34 - 00025080 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Super Mario Galaxy - To The Gateway (Pro).gp5
2014-09-11 18:33 - 2014-09-11 18:33 - 00029318 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Super Mario World 2 Yoshis Island - Yoshis Island (Pro).gp5
2014-09-11 18:32 - 2014-09-11 18:31 - 00038592 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Super Mario World 2 Yoshis Island - The Flower Garden (Pro).gp5
2014-09-11 14:32 - 2014-09-11 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-11 14:32 - 2014-09-11 14:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-11 14:32 - 2012-08-22 18:43 - 00000000 ____D () C:\Users\notebook\AppData\Roaming\Malwarebytes
2014-09-11 14:32 - 2012-08-22 18:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 14:32 - 2012-08-22 18:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-11 03:01 - 2013-12-03 19:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 03:00 - 2011-04-11 16:09 - 01636002 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 03:00 - 2010-12-23 23:00 - 00741636 _____ () C:\Windows\system32\perfh010.dat
2014-09-11 03:00 - 2010-12-23 23:00 - 00147658 _____ () C:\Windows\system32\perfc010.dat
2014-09-11 03:00 - 2009-07-14 07:13 - 01636002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 02:59 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 02:48 - 2011-04-15 17:06 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 22:54 - 2014-09-07 23:49 - 00000000 ____D () C:\Users\notebook\Documents\Electronic Arts
2014-09-10 22:53 - 2014-09-09 22:56 - 00000000 ____D () C:\Users\notebook\Desktop\Nuova cartella
2014-09-10 21:03 - 2014-09-10 21:01 - 00000000 ____D () C:\Users\notebook\Desktop\Nuova cartella (2)
2014-09-10 20:58 - 2014-09-10 20:58 - 00137737 _____ () C:\Users\notebook\Downloads\ShadowExplorer-0.9-portable.zip
2014-09-10 20:58 - 2014-09-10 20:58 - 00000000 ____D () C:\Users\notebook\AppData\Roaming\www.shadowexplorer.com
2014-09-10 20:52 - 2014-09-09 22:57 - 00000000 ____D () C:\Users\notebook\Desktop\The Sims 4
2014-09-10 16:40 - 2012-04-14 15:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 16:40 - 2012-04-14 15:38 - 00003916 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 16:40 - 2011-05-22 14:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 14:49 - 2014-09-10 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 14:49 - 2014-09-10 14:48 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-10 14:49 - 2014-09-10 14:48 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 14:49 - 2014-06-18 13:46 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-10 14:48 - 2014-09-10 14:48 - 00000000 ____D () C:\Program Files\iPod
2014-09-09 16:10 - 2013-11-11 15:45 - 00000000 ____D () C:\Users\Public\Documents\Kontakt Factory Selection Library
2014-09-09 15:49 - 2014-09-09 15:19 - 393300192 ____R () C:\Users\notebook\Downloads\AMG Kick-Ass Brass EXS24.rar
2014-09-09 13:02 - 2011-04-13 18:49 - 00000000 ____D () C:\Users\notebook\AppData\Local\Spectrasonics
2014-09-09 11:56 - 2014-08-20 12:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 11:55 - 2014-02-19 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 11:55 - 2013-03-16 14:25 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-08 13:16 - 2014-09-08 13:16 - 00049690 _____ () C:\Users\notebook\Desktop\Misc Computer Games - Star Fox - Corneria (Pro) (1).mid
2014-09-07 23:39 - 2014-09-07 23:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-07 23:39 - 2014-09-07 23:31 - 00000000 ____D () C:\Program Files (x86)\The SIMS 4 Deluxe Edition
2014-09-07 23:30 - 2014-09-07 23:30 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-07 21:48 - 2014-09-07 14:04 - 00000000 ____D () C:\Users\notebook\Downloads\The SIMS 4 Deluxe Edition [L]
2014-09-07 16:26 - 2014-09-07 16:26 - 00048559 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Star Fox - Corneria (Pro) (1).gp5
2014-09-07 16:22 - 2014-09-07 16:22 - 00000077 _____ () C:\Users\notebook\Documents\torrent.txt
2014-09-07 14:02 - 2014-09-07 14:02 - 00045189 _____ () C:\Users\notebook\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm.torrent
2014-09-06 18:54 - 2014-09-06 18:54 - 00000000 ____D () C:\Users\notebook\Downloads\The Sims 4
2014-09-06 18:53 - 2014-09-06 18:53 - 00030423 _____ () C:\Users\notebook\Downloads\TheSims4 by Abyz.torrent
2014-09-06 18:53 - 2014-09-06 18:53 - 00000000 ____D () C:\Users\notebook\Downloads\The SIMS 4-Deluxe Edition-SKIDROWCRACK
2014-09-06 14:29 - 2013-08-04 14:29 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-05 18:44 - 2014-09-05 18:23 - 115224933 _____ () C:\Users\notebook\Downloads\Donkey Kong Country 2 - Level 16 - Bramble Blast.mp4
2014-09-05 18:12 - 2014-08-10 00:38 - 00000000 ____D () C:\Users\notebook\Desktop\Game & Sound mp3
2014-09-05 12:45 - 2014-09-05 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-05 12:45 - 2014-09-05 12:45 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-04 16:22 - 2014-09-04 16:22 - 00045189 _____ () C:\Users\notebook\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.l.torrent
2014-09-04 16:16 - 2014-09-04 16:16 - 00042785 _____ () C:\Users\notebook\Downloads\[kickass.to]the.sims.4.pc.full.game.origins.multi17.nosteam.torrent
2014-09-04 16:12 - 2014-09-04 16:12 - 00030423 _____ () C:\Users\notebook\Downloads\The Sims 4-SG.torrent
2014-09-02 13:38 - 2011-04-16 00:42 - 00000000 ____D () C:\Users\notebook\Files
2014-09-02 01:29 - 2014-09-02 01:29 - 00048559 _____ () C:\Users\notebook\Downloads\Misc Computer Games - Star Fox - Corneria (Pro).gp5
2014-08-30 14:22 - 2014-08-30 14:08 - 22310991 _____ () C:\Users\notebook\Downloads\Super Street Fighter II - The New Challengers (1994) [SNES] Guile Gameplay on 1 Star mode Part 4.mp4
2014-08-30 14:13 - 2014-08-30 14:09 - 54025479 _____ () C:\Users\notebook\Downloads\Street Fighter II (SNES) Guile Gameplay 2_2.mp4
2014-08-30 12:50 - 2009-07-14 06:45 - 05147528 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 17:18 - 2014-08-29 17:18 - 00000000 ____D () C:\Users\notebook\AppData\Local\{F6EF604F-88CD-4D34-9CAF-AF20B84254A9}
2014-08-29 17:18 - 2011-04-15 16:55 - 00000000 ____D () C:\Users\notebook\AppData\Local\Windows Live
2014-08-26 23:25 - 2011-12-15 17:39 - 00000132 _____ () C:\Users\notebook\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-08-25 01:02 - 2011-04-13 16:57 - 00000000 ____D () C:\Users\notebook\AppData\Roaming\DAEMON Tools Lite
2014-08-23 19:19 - 2014-08-23 19:19 - 00001351 _____ () C:\Users\notebook\Documents\AutoHotkey.ahk
2014-08-23 19:18 - 2014-08-23 19:18 - 00001054 _____ () C:\Users\notebook\Desktop\DSIIMouse1.2.ahk
2014-08-23 19:18 - 2014-08-23 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2014-08-23 19:18 - 2014-08-23 19:18 - 00000000 ____D () C:\Program Files\AutoHotkey
2014-08-23 19:18 - 2009-07-14 09:45 - 00000000 ____D () C:\Windows\ShellNew
2014-08-23 19:17 - 2014-08-23 19:16 - 02703056 _____ () C:\Users\notebook\Downloads\AutoHotkey111504_Install.exe
2014-08-23 04:07 - 2014-08-29 12:53 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-29 12:53 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-29 12:53 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 12:02 - 2013-03-16 14:25 - 00000000 ____D () C:\ProgramData\Avira
2014-08-20 03:13 - 2014-08-20 03:13 - 00391774 _____ () C:\Users\notebook\Downloads\DSfix22-19-2-2.zip
2014-08-19 20:05 - 2014-09-11 03:02 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 03:02 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-11 03:02 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 03:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 03:02 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 03:02 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 03:02 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 03:02 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 03:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 03:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 03:02 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-11 03:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 03:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-11 03:02 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 03:02 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 03:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 03:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 03:02 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 03:02 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 03:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 03:02 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 03:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 03:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 03:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 03:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 03:02 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 03:02 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 03:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 03:02 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 03:02 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 03:02 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 03:02 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 03:02 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-11 03:02 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-11 03:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 03:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 03:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 03:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 03:02 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 03:02 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-11 03:02 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-11 03:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 03:02 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 03:02 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 03:02 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 03:02 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 03:02 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-11 03:02 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-11 03:02 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 04:06 - 2013-07-15 18:35 - 00000000 ____D () C:\Users\notebook\AppData\Roaming\Spotify
2014-08-17 03:53 - 2013-07-15 18:36 - 00000000 ____D () C:\Users\notebook\AppData\Local\Spotify
2014-08-15 11:35 - 2014-08-06 16:10 - 00000000 ____D () C:\Users\notebook\AppData\Local\Adobe
2014-08-15 11:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\ProgramData\ism_0_llatsni.pad
 
 
Some content of TEMP:
====================
C:\Users\notebook\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 18:09
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 14 September 2014 - 05:49 AM

Hi,

this should do it:


Please download this attached Attached File  fixlist.txt   416bytes   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 DarkMast3r

DarkMast3r
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 14 September 2014 - 06:36 AM

It seems to have worked, thanks so much. One question: Has this removed all of the bad files or just stopped the pop up at startup?

 

This is the log. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by notebook at 2014-09-14 13:23:29 Run:2
Running from C:\Users\notebook\Desktop\frst
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-557742410-3605878259-239549215-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
AppInit_DLLs-x32: c:\progra~3\browserprotect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.dll => "c:\progra~3\browserprotect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.dll" File Not Found
C:\ProgramData\ism_0_llatsni.pad
EmptyTemp:
*****************
 
HKU\S-1-5-21-557742410-3605878259-239549215-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
"c:\progra~3\browserprotect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.dll" => Value Data removed successfully.
C:\ProgramData\ism_0_llatsni.pad => Moved successfully.
EmptyTemp: => Removed 43.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 14 September 2014 - 06:51 AM

There were no bad files associated with this. It was a registry value only and that is removed.

My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!

#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 19 September 2014 - 03:32 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users