Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unidentified Infection playing havoc with registry. Missing Docs, Bitcoin, ID.


  • This topic is locked This topic is locked
23 replies to this topic

#1 phunkey

phunkey

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 27 September 2014 - 02:23 AM

Mod edit: 4 posts merged ~~boopme
 
Hi guys. I've posted preliminary logs about this problem on "Am I infected forum" under my username. I'd love to be able to provide a link but copy and paste was first indication to me of a problem. Then files began disappearing, internet access was restricted, use of Control Panel limited, no updates or new installations possible and never a word of warning from Microsoft security, mbam or SpyBot. Most recently my whole .appdata file has disappeared although it does show up on ddos and files appear to come and go and move around a lot so I guess explorer is infected. Installer and update services missing among others.
 
I read on another post that this guy had discovered a virus which starts by compromising Microsoft Essentials before disabling mbam and going to work. It felt similar to my own problem but I've lost that bookmark along with all the others. Some programs just disappeared as has most of my important data. I actually watched Crapcleaner disappear bit by bit and am unable to reinstall it. Same applies to most app, however I did manage to install the Commodo kit, perhaps bcos the hacker knows it's not going to ID cause of infection?
 
For some reason I'm able to contnue using firefox so I guess intruders have an investment to keep me online and may have compromised cpu/gpu power for mining while important info was taken before I even began to really notice the problem.
 
You guys are my best hope of salvaging what I can and your support truly appreciated. Really.
 
Anyway the ddos text & attachment included in next pos and pls let me know any further info you require,
 
eternally grateful,
keith
 
Attached File  attach.txt   7.38KB   1 downloads


I added "attach.txt" to initial post and can't find how to add it to this one so pls refer back. Why no attachments on this post?
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Cybad4d4 at 7:51:06 on 2014-09-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.11741.8139 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
C:\Windows\system32\spool\DRIVERS\x64\3\OKHSLDCS.EXE
C:\ManageEngine\DesktopCentral_Server\bin\wrapper.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\System32\svchost.exe -k LPDService
C:\Program Files\ITknowledge24\Windows Defender Status Manager\wdsmgr.exe
C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe
C:\Windows\System32\TC2Tray.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
C:\ManageEngine\DesktopCentral_Server\bin\DesktopCentral.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files\BUFFALO\BFRD4G\BRDUtilTray.exe
C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe
C:\ManageEngine\DesktopCentral_Server\jre\bin\java.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\TC2Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\SysWOW64\CMD.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Program Files (x86)\DigitalCoin 2.0\DigitalCoin 2.0\digitalcoin-qt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\bin\dcnotificationserver.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\ManageEngine\DesktopCentral_Server\apache\bin\dcserverhttpd.exe
C:\Windows\SysWOW64\cmd.exe
C:\ManageEngine\DesktopCentral_Server\apache\bin\dcrotatelogs.exe
C:\ManageEngine\DesktopCentral_Server\apache\bin\dcserverhttpd.exe
C:\Windows\SysWOW64\cmd.exe
C:\ManageEngine\DesktopCentral_Server\apache\bin\dcrotatelogs.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\Windows\System32\vds.exe
C:\Users\Cybad4d4\AppData\Local\Temp\GUMF08A.tmp\GoogleUpdate.exe
C:\Windows\regedit.exe
C:\Users\Cybad4d4\AppData\Local\Temp\GUMF08A.tmp\1.3.24.15\GoogleCrashHandler.exe
C:\Users\Cybad4d4\AppData\Local\Temp\GUMF08A.tmp\1.3.24.15\GoogleCrashHandler64.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
D:\Program Files (x86)\FirefoxPortable\FirefoxPortable.exe
D:\Program Files (x86)\FirefoxPortable\App\firefox\firefox.exe
C:\Windows\system32\prevhost.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
D:\Program Files (x86)\FirefoxPortable\App\firefox\plugin-container.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxps://privatelee.com/
mStart Page = hxxp://www.google.com
uRun: [Boxcryptor.exe] "D:\Program Files (x86)\Boxcryptor\Boxcryptor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [emsisoft anti-malware] "C:\Program Files\Emsisoft Anti-Malware\a2guard.exe" /d=60
mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [ComodoFSChrome] "\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c
mRun: [BuffaloTools] C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
mRun: [Backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"
dRunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune
StartupFolder: C:\Users\Cybad4d4\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\MONERO~1.LNK - D:\Mining\monero-client-net-v0.39.0-rc.2-x64\MoneroClient.Net.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BUFFAL~1.LNK - C:\Program Files\BUFFALO\BFRD4G\BRDUtil.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Windows\Installer\{EECBD5A5-BCA8-407C-B79D-B60AFCA8C798}\_CEBE82638B7F57EE958919.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MANAGE~1.LNK - C:\ManageEngine\DesktopCentral_Server\bin\DesktopCentral.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OKILPR~1.LNK - C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAMDIS~1.LNK - C:\Program Files\BUFFALO\BFRD4G\BRDUtilTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{EF1FE865-0694-4AFD-98EE-47EEF3765F5A} : DHCPNameServer = 192.168.1.254
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: {AF949550-9094-4807-95EC-D1C317803333} - <orphaned>
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [wdsmgr] C:\Program Files\ITknowledge24\Windows Defender Status Manager\wdsmgr.exe
x64-Run: [tpcexTray] "C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe"
x64-Run: [TC2Tray] "C:\Windows\System32\TC2Tray.exe"
x64-Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator-cbfs4 - {43B99692-7797-4B47-BE83-6B63D99367BE} - C:\Windows\System32\cbfsMntNtf4.dll
x64-STS: Virtual Storage Mount Notification - {43B99692-7797-4B47-BE83-6B63D99367BE} - C:\Windows\System32\cbfsMntNtf4.dll
Hosts: 127.0.0.1    www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 BFRD4G;BUFFALO RAM Disk Driver;C:\Windows\System32\drivers\BFRD4G.sys [2014-8-17 47232]
R0 bftpdskc;BUFFALO TurboPC EX Cache Filter Driver;C:\Windows\System32\drivers\bftpdskc64.sys [2014-7-25 72016]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-9-15 108832]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-9-15 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-9-15 183224]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-9-15 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-9-15 117024]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files\Emsisoft Anti-Malware\a2ddax64.sys [2014-9-25 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files\Emsisoft Anti-Malware\a2dix64.sys [2014-9-25 45208]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files\Emsisoft Anti-Malware\a2util64.sys [2014-9-25 23088]
R1 cbfs4;cbfs4;C:\Windows\System32\drivers\cbfs4.sys [2014-8-22 387776]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2014-4-16 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2014-4-16 738472]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2014-4-16 48360]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2014-9-12 31648]
R2 a2AntiMalware;Emsisoft Protection Service;C:\Program Files\Emsisoft Anti-Malware\a2service.exe [2014-9-25 4754256]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-8-12 239616]
R2 BFBackupUtilityVSSService;Backup Utility VSS Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute [?]
R2 bufssvr;bufssvr;C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [2014-7-25 95608]
R2 DesktopCentralServer;ManageEngine Desktop Central Server;C:\ManageEngine\DesktopCentral_Server\bin\wrapper.exe -s C:\ManageEngine\DesktopCentral_Server\conf\wrapper.conf --> C:\ManageEngine\DesktopCentral_Server\bin\wrapper.exe -s C:\ManageEngine\DesktopCentral_Server\conf\wrapper.conf [?]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files\COMODO\Dragon\dragon_updater.exe [2014-5-21 2135232]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-9-24 127752]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-14 27136]
R2 OpLclSrv;OKI Local Port Manager;C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [2014-7-25 169472]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2013-10-30 1128544]
R2 TC2Service;TurboPC EX FileCopy Service;C:\Windows\System32\TC2Service.exe -Service_Execute --> C:\Windows\System32\TC2Service.exe -Service_Execute [?]
R3 a2acc;a2acc;C:\Program Files\Emsisoft Anti-Malware\a2accx64.sys [2014-9-25 71472]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-29 56960]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-29 79104]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2014-3-19 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2014-3-19 13080]
R3 MEDC Server Component - Notification Server;MEDC Server Component - Notification Server;C:\ManageEngine\DesktopCentral_Server\bin\dcnotificationserver.exe [2013-7-1 230952]
R3 MEDCServerComponent-Apache;MEDC Server Component - Apache;C:\ManageEngine\DesktopCentral_Server\apache\bin\dcserverhttpd.exe [2013-7-1 20549]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-3 413800]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-9-23 60640]
R3 vpnpbus;EldoS PnP Virtual Bus driver;C:\Windows\System32\drivers\vpnpbus.sys [2014-8-22 18624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 tpcexdccs;TurboPC EX DiskCache Control Service;C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [2014-7-25 133608]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
S3 bautpw64;BUFFALO eco manager for HD Filter;C:\Windows\System32\drivers\bautpw64.sys [2014-8-18 16000]
S3 bftpusbx;BUFFALO TurboPC EX USB Filter Driver;C:\Windows\System32\drivers\bftpusbx64.sys [2014-7-25 27016]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-3-25 2264280]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-10 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 125584]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-10 19456]
S3 RTCore64;RTCore64;D:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2014-8-13 13480]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v2.sys [2007-12-26 340992]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2014-4-11 23552]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\System32\drivers\silabser.sys [2014-4-11 79360]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-27 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-10 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-21 1255736]
S4 BFBackupUtilityService;Backup Utility Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute [?]
S4 cleanhlp;cleanhlp;C:\Program Files\Emsisoft Anti-Malware\cleanhlp64.sys [2014-9-25 57024]
S4 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2013-10-7 218112]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-09-26 23:42:12    --------    d-----w-    C:\temp
2014-09-26 10:38:42    --------    d-----w-    C:\ESET
2014-09-26 10:07:22    --------    d-----w-    C:\Windows\ERUNT
2014-09-26 06:21:56    --------    d-----w-    C:\Users\Cybad4d4\AppData\Local\gauthauthenticator-78ef3156e1ca5b74c14beac161614be7
2014-09-25 22:28:46    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Malwarebytes
2014-09-25 22:28:46    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Malwarebytes
2014-09-25 22:28:46    --------    d-----w-    C:\Program Files\Malwarebytes Anti-Malware
2014-09-25 22:28:46    --------    d-----w-    C:\Program Files\Malwarebytes Anti-Malware
2014-09-25 12:27:43    --------    d-----w-    C:\Program Files\Geeks3D
2014-09-25 12:27:43    --------    d-----w-    C:\Program Files\Geeks3D
2014-09-25 11:54:17    --------    d-----w-    C:\FRST
2014-09-25 11:07:07    --------    d--h--w-    C:\VTRoot
2014-09-25 11:06:53    --------    d-----w-    C:\Users\Cybad4d4\AppData\Local\Comodo
2014-09-25 10:45:34    --------    d-----w-    C:\Program Files\Spybot - Search & Destroy 2
2014-09-25 10:45:34    --------    d-----w-    C:\Program Files\Spybot - Search & Destroy 2
2014-09-25 10:43:35    --------    d-----w-    C:\Program Files\COMODO
2014-09-25 10:43:35    --------    d-----w-    C:\Program Files\COMODO
2014-09-25 10:15:48    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\QuickScan
2014-09-25 10:15:48    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\QuickScan
2014-09-25 08:12:35    --------    d-----w-    C:\6b37cbd499a8613fcc2af542
2014-09-25 07:53:29    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Geek Uninstaller
2014-09-25 07:53:29    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Geek Uninstaller
2014-09-24 18:29:41    --------    d-----w-    C:\Program Files\Windows Journal
2014-09-24 18:29:41    --------    d-----w-    C:\Program Files\Windows Journal
2014-09-24 18:29:40    --------    d-----w-    C:\Windows\ShellNew
2014-09-24 12:09:38    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\deleteme
2014-09-24 12:09:38    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\deleteme
2014-09-24 08:23:32    --------    d-----w-    C:\CAT-Logs
2014-09-24 08:16:57    0    ----a-w-    C:\Users\Cybad4d4\AppData\Roaming\w32apiw.dll
2014-09-24 08:16:57    0    ----a-w-    C:\Users\Cybad4d4\AppData\Roaming\w32apiw.dll
2014-09-24 08:16:55    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\nCleaner
2014-09-24 08:16:55    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\nCleaner
2014-09-24 07:51:20    --------    d-----w-    C:\Program Files\HitmanPro
2014-09-24 07:51:20    --------    d-----w-    C:\Program Files\HitmanPro
2014-09-24 07:31:29    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-24 07:31:29    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-09-24 07:31:29    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-09-23 19:21:45    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-23 19:21:45    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-23 19:21:12    --------    d-----w-    C:\Comodo
2014-09-23 18:25:29    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2014-09-23 18:25:29    1060864    ----a-w-    C:\Windows\SysWow64\mfc71.dll
2014-09-23 18:25:28    1700352    ----a-w-    C:\Windows\SysWow64\gdiplus.dll
2014-09-23 17:04:32    --------    d-----w-    C:\BUFFALO
2014-09-23 16:55:40    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-09-23 16:48:49    --------    d-----w-    C:\AdwCleaner
2014-09-23 16:31:47    208896    ----a-w-    C:\Windows\MBR.exe
2014-09-23 16:31:46    98816    ----a-w-    C:\Windows\sed.exe
2014-09-23 15:18:09    4575429414    ----a-w-    C:\Users\Cybad4d4\AppData\Roaming\Armory.7z.tmp
2014-09-23 15:18:09    4575429414    ----a-w-    C:\Users\Cybad4d4\AppData\Roaming\Armory.7z.tmp
2014-09-23 14:58:37    --------    d-----w-    C:\Program Files\Emsisoft Anti-Malware
2014-09-23 14:58:37    --------    d-----w-    C:\Program Files\Emsisoft Anti-Malware
2014-09-23 14:52:24    --------    d-----w-    C:\Users\Cybad4d4\Portables
2014-09-23 14:50:04    --------    d-----w-    C:\Users\Cybad4d4\Repairs
2014-09-23 14:47:02    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Safer Networking
2014-09-23 14:47:02    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Safer Networking
2014-09-23 14:31:05    --------    d-----w-    C:\Program Files\ITknowledge24
2014-09-23 14:31:05    --------    d-----w-    C:\Program Files\ITknowledge24
2014-09-23 10:31:18    60640    ----a-w-    C:\Windows\System32\drivers\usbfilter.sys
2014-09-23 10:28:06    --------    d-----w-    C:\Windows\Program Files (x86)
2014-09-23 10:27:56    --------    d-----w-    C:\Windows\Common Files (x86)
2014-09-22 17:10:51    --------    d-----w-    C:\Users\Cybad4d4\AppData\Local\Adobe
2014-09-21 18:30:04    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\NoirShares
2014-09-21 18:30:04    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\NoirShares
2014-09-21 14:23:57    --------    d-----w-    C:\Miners
2014-09-21 13:46:40    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\TheLastCoin
2014-09-21 13:46:40    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\TheLastCoin
2014-09-21 08:43:47    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\UltraCoin
2014-09-21 08:43:47    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\UltraCoin
2014-09-21 08:08:04    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\CommunityCoin
2014-09-21 08:08:04    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\CommunityCoin
2014-09-21 08:07:01    --------    d-----w-    C:\Wallets
2014-09-21 08:00:34    --------    d-----w-    C:\Program Files\Dogecoin
2014-09-21 08:00:34    --------    d-----w-    C:\Program Files\Dogecoin
2014-09-19 15:48:16    --------    d-sh--w-    C:\found.000
2014-09-17 19:53:56    --------    d-----w-    C:\Windows\rescache
2014-09-15 15:33:33    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Seagate
2014-09-15 15:33:33    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Seagate
2014-09-15 15:12:57    183224    ----a-w-    C:\Windows\System32\drivers\tib_mounter.sys
2014-09-15 15:12:57    1120032    ----a-w-    C:\Windows\System32\drivers\tib.sys
2014-09-15 15:12:55    161568    ----a-w-    C:\Windows\System32\drivers\vididr.sys
2014-09-15 15:12:55    1462560    ----a-w-    C:\Windows\System32\drivers\tdrpman.sys
2014-09-15 15:12:55    117024    ----a-w-    C:\Windows\System32\drivers\vidsflt.sys
2014-09-15 15:12:53    233760    ----a-w-    C:\Windows\System32\drivers\snapman.sys
2014-09-15 15:12:53    108832    ----a-w-    C:\Windows\System32\drivers\fltsrv.sys
2014-09-15 11:22:41    --------    d-----w-    C:\Windows\ehome
2014-09-15 11:05:58    --------    d-----w-    C:\Program Files\ATI
2014-09-15 11:05:58    --------    d-----w-    C:\Program Files\ATI
2014-09-15 11:04:17    --------    d-----w-    C:\AMD
2014-09-14 10:52:55    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Guldencoin
2014-09-14 10:52:55    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Guldencoin
2014-09-13 14:55:31    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Bitcoin
2014-09-13 14:55:31    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Bitcoin
2014-09-13 13:05:09    --------    d-----w-    C:\Program Files\AMD
2014-09-13 13:05:09    --------    d-----w-    C:\Program Files\AMD
2014-09-13 06:52:27    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2014-09-12 10:27:57    31648    ----a-w-    C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
2014-09-11 14:00:44    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Titcoin
2014-09-11 14:00:44    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Titcoin
2014-09-10 14:24:43    --------    d-----w-    C:\Program Files\Axantum
2014-09-10 14:24:43    --------    d-----w-    C:\Program Files\Axantum
2014-09-10 12:00:24    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Kashmircoin
2014-09-10 12:00:24    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Kashmircoin
2014-09-10 07:47:33    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\TrustCoin
2014-09-10 07:47:33    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\TrustCoin
2014-09-10 07:13:17    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Parise Samuele
2014-09-10 07:13:17    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Parise Samuele
2014-09-10 02:00:33    2777088    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2014-09-10 02:00:33    2285056    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 01:54:17    793600    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 01:54:17    1031168    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-09-10 01:54:08    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-09-10 01:54:08    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 01:54:04    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-09-10 01:54:04    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-09-10 01:54:04    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-09-10 01:54:03    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-09-10 01:54:03    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-09-10 01:54:01    578048    ----a-w-    C:\Windows\System32\aepdu.dll
2014-09-10 01:54:01    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-09-09 11:39:49    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Emerald
2014-09-09 11:39:49    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Emerald
2014-09-09 11:12:53    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Anoncoin
2014-09-09 11:12:53    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Anoncoin
2014-09-08 19:47:13    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Worldcoin
2014-09-08 19:47:13    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Worldcoin
2014-09-08 19:45:11    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Ethan
2014-09-08 19:45:11    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Ethan
2014-09-08 11:25:44    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\AsicCoin
2014-09-08 11:25:44    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\AsicCoin
2014-09-06 11:45:10    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\boolb
2014-09-06 11:45:10    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\boolb
2014-09-03 12:03:25    --------    d-----w-    C:\Users\Cybad4d4\AppData\Local\{5CD8A844-582E-4EAA-A01C-A2C06BA74675}
2014-09-03 00:25:48    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\StarCoin
2014-09-03 00:25:48    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\StarCoin
2014-09-02 17:12:39    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\gauthauthenticator-78ef3156e1ca5b74c14beac161614be7
2014-09-02 17:12:39    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\gauthauthenticator-78ef3156e1ca5b74c14beac161614be7
2014-09-01 12:42:09    --------    d-----w-    C:\Users\Cybad4d4\AppData\Local\Jojatekok
2014-09-01 09:52:10    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\bitmonero
2014-09-01 09:52:10    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\bitmonero
2014-08-31 21:36:11    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Infinitecoin
2014-08-31 21:36:11    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\Infinitecoin
2014-08-31 15:09:45    --------    d-----w-    C:\Users\Cybad4d4\AppData\Local\VS Revo Group
2014-08-31 14:10:19    1147392    ----a-w-    C:\Windows\System32\MyDefragScreenSaver_v4.3.1.exe
2014-08-31 14:10:18    485376    ----a-w-    C:\Windows\System32\MyDefragScreenSaver_v4.3.1.scr
2014-08-31 14:05:23    0    ----a-w-    C:\Windows\SysWow64\w32apiw.dll
2014-08-31 06:56:31    --------    d-----w-    C:\Users\Cybad4d4\AppData\Local\Eraser 6
2014-08-30 12:35:13    --------    d-----w-    C:\Users\Cybad4d4\.jbidwatcher
2014-08-30 10:38:32    --------    d-----w-    C:\Users\Cybad4d4\AMD APP SDK
2014-08-28 10:44:43    1795952    ----a-w-    C:\Windows\System32\WdfCoInstaller01011.dll
2014-08-28 10:44:43    1002728    ----a-w-    C:\Windows\System32\WinUSBCoInstaller2.dll
2014-08-28 10:44:43    --------    d-----w-    C:\Users\Cybad4d4\usb_driver
2014-08-28 09:12:41    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\GoldCoin (GLD)
2014-08-28 09:12:41    --------    d-----w-    C:\Users\Cybad4d4\AppData\Roaming\GoldCoin (GLD)
.
==================== Find3M  ====================
.
2014-09-25 08:18:14    30312    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2014-09-16 17:17:26    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-16 17:17:26    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-15 08:06:02    278152    ------w-    C:\Windows\System32\MpSigStub.exe
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-19 19:15:08    1721576    ----a-w-    C:\Windows\System32\WdfCoinstaller01009.dll
2014-08-19 19:15:07    79360    ----a-w-    C:\Windows\System32\drivers\silabser.sys
2014-08-19 19:15:07    23552    ----a-w-    C:\Windows\System32\drivers\silabenm.sys
2014-08-18 22:29:49    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53    5833728    ----a-w-    C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55    4232704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17    2104832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13    2310656    ----a-w-    C:\Windows\System32\wininet.dll
2014-08-18 21:08:54    2014208    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-08-16 17:05:27    25640    ----a-w-    C:\Windows\gdrv.sys
2014-08-15 09:53:49    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-08-12 03:31:54    7892000    ----a-w-    C:\Windows\System32\atiumd6a.dll
2014-08-12 03:31:52    8108312    ----a-w-    C:\Windows\System32\atiumd64.dll
2014-08-12 03:28:48    276192    ----a-w-    C:\Windows\System32\drivers\amdacpksd.sys
2014-08-12 03:24:16    15961088    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2014-08-12 03:10:04    231424    ----a-w-    C:\Windows\System32\clinfo.exe
2014-08-12 03:09:52    1187342    ----a-w-    C:\Windows\System32\amdocl_as64.exe
2014-08-12 03:09:52    1061902    ----a-w-    C:\Windows\System32\amdocl_ld64.exe
2014-08-12 03:09:50    995342    ----a-w-    C:\Windows\SysWow64\amdocl_as32.exe
2014-08-12 03:09:50    798734    ----a-w-    C:\Windows\SysWow64\amdocl_ld32.exe
2014-08-12 03:09:48    98816    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2014-08-12 03:09:40    83456    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2014-08-12 03:09:34    86528    ----a-w-    C:\Windows\System32\OVDecode64.dll
2014-08-12 03:09:30    73216    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2014-08-12 03:09:24    32877056    ----a-w-    C:\Windows\System32\amdocl64.dll
2014-08-12 03:06:20    27843072    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2014-08-12 03:03:26    65024    ----a-w-    C:\Windows\System32\OpenCL.dll
2014-08-12 03:03:22    58880    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2014-08-12 02:51:08    127488    ----a-w-    C:\Windows\System32\mantle64.dll
2014-08-12 02:50:48    113664    ----a-w-    C:\Windows\SysWow64\mantle32.dll
2014-08-12 02:50:26    5225472    ----a-w-    C:\Windows\System32\amdmantle64.dll
2014-08-12 02:44:12    27529216    ----a-w-    C:\Windows\System32\atio6axx.dll
2014-08-12 02:34:14    4180992    ----a-w-    C:\Windows\SysWow64\amdmantle32.dll
2014-08-12 02:24:04    23028224    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2014-08-12 02:20:00    91648    ----a-w-    C:\Windows\System32\mantleaxl64.dll
2014-08-12 02:19:48    85504    ----a-w-    C:\Windows\SysWow64\mantleaxl32.dll
2014-08-12 02:18:48    366592    ----a-w-    C:\Windows\System32\atiapfxx.exe
2014-08-12 02:18:40    62464    ----a-w-    C:\Windows\System32\aticalrt64.dll
2014-08-12 02:18:38    52224    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2014-08-12 02:18:30    55808    ----a-w-    C:\Windows\System32\aticalcl64.dll
2014-08-12 02:18:28    49152    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2014-08-12 02:18:14    15716352    ----a-w-    C:\Windows\System32\aticaldd64.dll
2014-08-12 02:14:58    14302208    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2014-08-12 02:01:34    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2014-08-12 02:01:20    31232    ----a-w-    C:\Windows\System32\atimuixx.dll
2014-08-12 02:01:10    588800    ----a-w-    C:\Windows\System32\atieclxx.exe
2014-08-12 02:00:38    239616    ----a-w-    C:\Windows\System32\atiesrxx.exe
2014-08-12 01:59:34    190976    ----a-w-    C:\Windows\System32\atitmm64.dll
2014-08-12 01:57:56    48128    ----a-w-    C:\Windows\System32\amdmmcl6.dll
2014-08-12 01:57:50    37888    ----a-w-    C:\Windows\SysWow64\amdmmcl.dll
2014-08-12 01:43:28    826368    ----a-w-    C:\Windows\System32\coinst_14.20.dll
2014-08-12 01:34:56    1207296    ----a-w-    C:\Windows\System32\atiadlxx.dll
2014-08-12 01:34:46    898560    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2014-08-12 01:34:32    75264    ----a-w-    C:\Windows\System32\atig6pxx.dll
2014-08-12 01:34:28    69632    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2014-08-12 01:34:28    69632    ----a-w-    C:\Windows\System32\atiglpxx.dll
2014-08-12 01:34:26    146944    ----a-w-    C:\Windows\System32\atig6txx.dll
2014-08-12 01:34:12    133632    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2014-08-12 01:33:58    557056    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2014-08-12 01:32:04    43520    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2014-08-11 22:20:52    51200    ----a-w-    C:\Windows\System32\kdbsdk64.dll
2014-08-11 22:15:56    38912    ----a-w-    C:\Windows\SysWow64\kdbsdk32.dll
2014-07-25 11:55:09    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 01:35:46    875688    ----a-w-    C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 22:47:06    869544    ----a-w-    C:\Windows\System32\msvcr120_clr0400.dll
2014-07-24 11:47:32    431104    ----a-w-    C:\Windows\System32\wrap_oal.dll
2014-07-24 11:47:32    409600    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2014-07-24 11:47:32    136192    ----a-w-    C:\Windows\System32\OpenAL32.dll
2014-07-24 11:47:32    114688    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2014-07-17 17:05:06    269008    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 17:05:06    125584    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-14 02:02:45    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
.
============= FINISH:  7:51:48.03 ===============
 


Thanks,
Keith


 OK. I just managed to install Emmisoft tho I don't know how after so many failed attempts. It's checking every ingoing and outgoing packet and asks me whether I want to grant app privileges. ! I'm starting with a quick scan. No joy with mbam tho and know there's a lot of stuff I want to install that I can't and I reckon it's better not to mess with disc. I've suspended payouts on all bitcoin a/cs until this thing is sorted.

Attached Files


Edited by boopme, 29 September 2014 - 02:11 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:49 AM

Posted 01 October 2014 - 07:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 04 October 2014 - 03:01 AM

Hello Nasdaq,

 

Sorry I haven't got back to you sooner but have not been able to get online from Windows computer and as I was getting so stressed out about malware I decided to stay offline till I heard from you as I kept having urge to try one more thing to fix it. So I left you for a couple of days so I didn't make the problem worse.

 

Immediately I noticed your comments about adwCleaner and that was one of the first programs I tried to use on my own. I remember thinking after I'd pressed the clean button that I stilll wanted some of those files but nothing too important except somr Litecoin files and perhaps some files from other wallets but I do have a backup.

 

It's so  easy to underestimate and misuse these powerful anti-malware tools. What ever infected me disabled malware-bytes before anything else so I used awdCleaner as next port of call as I couldn't install anything more user-friendly. I actually remember watching files disappear after I pressed clean button - some I wanted others I didn't, but only loss was Litecoin related files so I may lose them. MY fault. I should have been more patient & trusting in you guys

 

I'll know next time but don't think I'll be resorting back to windows anyway. I used LInux happily for 10yrs without a single infestation. I switched cos it was easier to set up alt-currency wallets on Windows 7 and within 2mths I get an infestation. It's possible malware compromised my windows security software first as it continued downloading anti-malware updates to the bitter end giving me the impression everything OK but in meantime it had disabled mbab and infected my system.

 

Anyway, I'll check if I still have previous awdCleaner log and follow your instructions to the letter but realise the irreversable nature of my mistake and a valuable lessen learned - leave it to the experts next time! And be patient cos the good guys are out there!

 

So, I'm turning on Windows now and already have both pieces of software. Fortunately, I didn't use combofix. I'll be in touch again later today Nasdaq and thank you so much  for your support.

 

Eternally grateful,

Keith



#4 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 04 October 2014 - 07:48 AM

Hi Nasdaq. Hope you are well and once again thank you for your time and patience. As I said I like a naive fool I ran AdwCleaner before realising how powerful it is. On a number of occasions it would appear though I do have a quarantine folder but may have deleted stuff I needed along the way. I probably had other programs or browser open at the time to make matters worse. So I guess we gotta work with what we got.

So, I'm currently running AwdCleaner again with no browsers or programs running in foreground although I left non-microsoft services alone. Here is output which I cleaned:

 

# AdwCleaner v3.310 - Report created 04/10/2014 at 12:51:53
# Updated 12/09/2014 by Xplode
# Operating System :  Service Pack 1 (64 bits)
# Username : Cybad4d4 - DESKTOP
# Running from : C:\Users\Cybad4d4\Desktop\AdwCleaner\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\prefs.js ]
 
 
-\\ Google Chrome v
 
*************************
 
AdwCleaner[R0].txt - [1116 octets] - [23/09/2014 17:48:56]
AdwCleaner[R1].txt - [933 octets] - [26/09/2014 10:05:14]
AdwCleaner[R2].txt - [1014 octets] - [26/09/2014 10:34:41]
AdwCleaner[R3].txt - [1072 octets] - [26/09/2014 10:48:16]
AdwCleaner[R4].txt - [1204 octets] - [04/10/2014 12:30:31]
AdwCleaner[S0].txt - [1151 octets] - [23/09/2014 17:52:14]
AdwCleaner[S1].txt - [995 octets] - [26/09/2014 10:15:10]
AdwCleaner[S2].txt - [1134 octets] - [26/09/2014 10:51:39]
AdwCleaner[S3].txt - [1149 octets] - [04/10/2014 12:51:53]

 

As you can see this is the eighth time I've run it! What was I thinking? Would you like me to upload any of the previous txts even tho I can't promise I'd closed all other progs etc.

 

Just realised I used JIT as well without knowing wtf I was doing!

 

You ask me to close other security software which I'll try to do by closing down services. Nothing is running overtly but some Commodo, Spybot and Windows services running in the background. While doing so I found a truesight.sys file among my drivers (http://www.bleepingcomputer.com/forums/t/484300/nasty-cwindowssystem32driverstruesightsys-and-something-else-that-is-hiding-icons/page-2) which I deleted in registry but could it be causing the problem? Two other drivers that caught my eye and which I've halted for now were: VID.RTV1 and GigaWaD.

 

Anyway, all non-windows defense services halted incl Windefender which shows up alongside MsMpSvc, NisSv and WMPNetwork in HKLMS\System\Current\Set\Services and a few other bits and pieces and remnants from malware-bytes and others.

 

I'll post output from JIT without commentary in following post!

 

Keith
 


Edited by phunkey, 04 October 2014 - 08:39 AM.


#5 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 04 October 2014 - 08:51 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.1 (09.26.2014:1)
OS: Windows_NT x64
Ran by Cybad4d4 on 04/10/2014 at 14:42:25.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/10/2014 at 14:48:06.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:49 AM

Posted 04 October 2014 - 09:03 AM

I looked at your previous topic and both AdwCleaner and JIT was already executed.

Download and run the ComboFix tool and post the log for my review.

#7 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 04 October 2014 - 11:38 AM

And finally nasdaq, my combofix log:

 

ComboFix 14-10-04.01 - Cybad4d4 04/10/2014  15:53:42.2.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.11741.9474 [GMT 1:00]
Running from: c:\users\Cybad4d4\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cybad4d4\AppData\Roaming\Armory.7z.tmp
c:\users\Cybad4d4\AppData\Roaming\poclbm
c:\users\Cybad4d4\AppData\Roaming\poclbm\poclbm.ini
c:\users\Cybad4d4\AppData\Roaming\poclbm\poclbm_scrypt.ini
c:\users\Cybad4d4\AppData\Roaming\w32apiw.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\ReadMe.txt
c:\windows\SysWow64\w32apiw.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
D:\Autorun.inf
.
----- File Replicators -----
.
c:\program files (x86)\Git\bin\git.exe
c:\program files (x86)\Git\libexec\git-core\git-add.exe
c:\program files (x86)\Git\libexec\git-core\git-annotate.exe
c:\program files (x86)\Git\libexec\git-core\git-apply.exe
c:\program files (x86)\Git\libexec\git-core\git-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe
c:\program files (x86)\Git\libexec\git-core\git-blame.exe
c:\program files (x86)\Git\libexec\git-core\git-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-bundle.exe
c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe
c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe
c:\program files (x86)\Git\libexec\git-core\git-check-ignore.exe
c:\program files (x86)\Git\libexec\git-core\git-check-mailmap.exe
c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry.exe
c:\program files (x86)\Git\libexec\git-core\git-clean.exe
c:\program files (x86)\Git\libexec\git-core\git-clone.exe
c:\program files (x86)\Git\libexec\git-core\git-column.exe
c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-commit.exe
c:\program files (x86)\Git\libexec\git-core\git-config.exe
c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-credential.exe
c:\program files (x86)\Git\libexec\git-core\git-describe.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-diff.exe
c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch.exe
c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe
c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck.exe
c:\program files (x86)\Git\libexec\git-core\git-gc.exe
c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe
c:\program files (x86)\Git\libexec\git-core\git-grep.exe
c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe
c:\program files (x86)\Git\libexec\git-core\git-help.exe
c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-init-db.exe
c:\program files (x86)\Git\libexec\git-core\git-init.exe
c:\program files (x86)\Git\libexec\git-core\git-log.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe
c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge.exe
c:\program files (x86)\Git\libexec\git-core\git-mktag.exe
c:\program files (x86)\Git\libexec\git-core\git-mktree.exe
c:\program files (x86)\Git\libexec\git-core\git-mv.exe
c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe
c:\program files (x86)\Git\libexec\git-core\git-notes.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe
c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe
c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe
c:\program files (x86)\Git\libexec\git-core\git-prune.exe
c:\program files (x86)\Git\libexec\git-core\git-push.exe
c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-reflog.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe
c:\program files (x86)\Git\libexec\git-core\git-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-repack.exe
c:\program files (x86)\Git\libexec\git-core\git-replace.exe
c:\program files (x86)\Git\libexec\git-core\git-rerere.exe
c:\program files (x86)\Git\libexec\git-core\git-reset.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe
c:\program files (x86)\Git\libexec\git-core\git-revert.exe
c:\program files (x86)\Git\libexec\git-core\git-rm.exe
c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe
c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-show.exe
c:\program files (x86)\Git\libexec\git-core\git-stage.exe
c:\program files (x86)\Git\libexec\git-core\git-status.exe
c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe
c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-update-index.exe
c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe
c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-var.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe
c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe
c:\windows\Installer\{01712CA4-357E-B173-896C-75F612318729}\ARPPRODUCTICON.exe
c:\windows\Installer\{01DEE6F4-E8AD-56B3-23CD-85CE71C08C57}\ARPPRODUCTICON.exe
c:\windows\Installer\{0203374B-2FFF-346D-0CC3-CACA1E85AD2C}\ARPPRODUCTICON.exe
c:\windows\Installer\{031F80EB-1FE5-45EF-9DE2-E2F5AF01259F}\ARPPRODUCTICON.exe
c:\windows\Installer\{0B15A8C3-3B8A-F229-A880-82EA62908425}\ARPPRODUCTICON.exe
c:\windows\Installer\{11074A02-0E73-7CD6-5A95-42B3EF438B7E}\ARPPRODUCTICON.exe
c:\windows\Installer\{13309695-DDAB-4DAA-FE9A-EE3DCCDC8D19}\ARPPRODUCTICON.exe
c:\windows\Installer\{1664D45E-FA92-8C52-92E9-E8ADB04A18ED}\ARPPRODUCTICON.exe
c:\windows\Installer\{1A6752E1-966B-9D1F-F6B7-DDBCA6FC87ED}\ARPPRODUCTICON.exe
c:\windows\Installer\{2058DA53-D5F2-D8D9-7325-39B0E367D1E1}\ARPPRODUCTICON.exe
c:\windows\Installer\{2090B6D0-E025-5A67-9838-8F1D5768E643}\ARPPRODUCTICON.exe
c:\windows\Installer\{253B90F3-7907-FB4B-7A62-6DE51B7A905D}\ARPPRODUCTICON.exe
c:\windows\Installer\{2AD4FF67-43E9-77AD-D90C-584F950E2D12}\ARPPRODUCTICON.exe
c:\windows\Installer\{3A577334-7C90-55BC-1878-F5862FA268B2}\ARPPRODUCTICON.exe
c:\windows\Installer\{3BF289E3-933B-F421-3B59-F6BB0D285B09}\ARPPRODUCTICON.exe
c:\windows\Installer\{3CB6BA0C-6BC5-E543-221A-AA4DEBB6F4B5}\ARPPRODUCTICON.exe
c:\windows\Installer\{3FDC2029-3012-C74C-9036-9E7C942EB0A2}\ARPPRODUCTICON.exe
c:\windows\Installer\{4A449AED-BFFA-A416-99F2-BF2462968370}\ARPPRODUCTICON.exe
c:\windows\Installer\{4A6A8D33-09CD-FD44-4BF0-999E8A6E93C8}\ARPPRODUCTICON.exe
c:\windows\Installer\{5A53DBA6-9B15-450F-EDF3-C01E12E9C61F}\ARPPRODUCTICON.exe
c:\windows\Installer\{5A53DBA6-9B15-450F-EDF3-C01E12E9C61F}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{5A53DBA6-9B15-450F-EDF3-C01E12E9C61F}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{5A53DBA6-9B15-450F-EDF3-C01E12E9C61F}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{5A53DBA6-9B15-450F-EDF3-C01E12E9C61F}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{5F3E61A8-6465-4F78-B6BC-758A8FCDA736}\ARPPRODUCTICON.exe
c:\windows\Installer\{5FC3AA31-66F9-0844-0B77-D51DAD5E1293}\ARPPRODUCTICON.exe
c:\windows\Installer\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{69F64374-D859-E478-3BE7-DF995BB45A72}\ARPPRODUCTICON.exe
c:\windows\Installer\{6EBDE2A2-0CFB-9134-A859-68A0002B3FA6}\ARPPRODUCTICON.exe
c:\windows\Installer\{7BF6AB6F-353B-6F9A-98D7-682429B63197}\ARPPRODUCTICON.exe
c:\windows\Installer\{8181B50E-0E33-DE07-AAB2-E71BBBDBF288}\ARPPRODUCTICON.exe
c:\windows\Installer\{842F265F-32FE-C610-78DA-F5CE882EFA32}\ARPPRODUCTICON.exe
c:\windows\Installer\{85579986-337B-C4C3-E86D-8E39F1D2A4A8}\ARPPRODUCTICON.exe
c:\windows\Installer\{925ADFF9-CFF2-57DC-1D09-664BE1306998}\ARPPRODUCTICON.exe
c:\windows\Installer\{940CFCDC-086A-E320-21DF-8AEB71D6F817}\ARPPRODUCTICON.exe
c:\windows\Installer\{971F06EE-6075-B8CE-115E-D2C74BE124C1}\ARPPRODUCTICON.exe
c:\windows\Installer\{9A838EB7-B0EE-F822-FE93-5B38B04C6E18}\ARPPRODUCTICON.exe
c:\windows\Installer\{9F609522-2B52-5EC4-6E5F-070E5EB47275}\ARPPRODUCTICON.exe
c:\windows\Installer\{9F850990-19CD-8CF4-D772-F84ECAAFEB7A}\ARPPRODUCTICON.exe
c:\windows\Installer\{A3703A3B-FDCF-4349-4B2E-A189A2B90B51}\ARPPRODUCTICON.exe
c:\windows\Installer\{A8EF51A6-F00D-6050-81F3-0AF338B81B04}\ARPPRODUCTICON.exe
c:\windows\Installer\{ABD878B8-E7E3-2BC4-5A95-478133DCFFC3}\ARPPRODUCTICON.exe
c:\windows\Installer\{B9372168-0CCC-3F40-B16F-A7AF1DB67149}\ARPPRODUCTICON.exe
c:\windows\Installer\{C4799AAA-CE52-D2F1-63C8-E6D5106C78E0}\ARPPRODUCTICON.exe
c:\windows\Installer\{CACB117C-8574-E9EA-C605-84673E9A7DDF}\ARPPRODUCTICON.exe
c:\windows\Installer\{CAE09645-C59C-82E4-C676-73B7BD5EC34E}\ARPPRODUCTICON.exe
c:\windows\Installer\{CC6C7F05-AF23-65BD-702D-705EAB723578}\ARPPRODUCTICON.exe
c:\windows\Installer\{D5B7F1A3-2CA6-4C5C-EFB6-4AA5772F5310}\ARPPRODUCTICON.exe
c:\windows\Installer\{DBA6B3EF-A8C0-4EB2-9554-3A7879838580}\ARPPRODUCTICON.exe
c:\windows\Installer\{DD131D15-2FD4-B0B1-6F7F-2312CBE77799}\ARPPRODUCTICON.exe
c:\windows\Installer\{EE0B4480-194D-C725-EDF8-6CE3FC4DDC89}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{EE0B4480-194D-C725-EDF8-6CE3FC4DDC89}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{EE0B4480-194D-C725-EDF8-6CE3FC4DDC89}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{EE0B4480-194D-C725-EDF8-6CE3FC4DDC89}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
c:\windows\Installer\{F4A6308C-55E6-57DF-95BB-AEEF374B469A}\ARPPRODUCTICON.exe
c:\windows\Installer\{F8135163-F185-895A-C4CD-AB316D585030}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-04 to 2014-10-04  )))))))))))))))))))))))))))))))
.
.
2014-10-04 15:01 . 2014-10-04 15:01    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-01 18:02 . 2014-09-09 02:05    11578928    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1AE024F-4CBE-42FB-BB8D-4F4A6E74D8A7}\mpengine.dll
2014-09-30 20:04 . 2014-10-02 17:34    --------    d-----w-    c:\users\Cybad4d4\AppData\Local\ElevatedDiagnostics
2014-09-30 18:34 . 2014-09-30 18:34    --------    d-----w-    c:\windows\CheckSur
2014-09-30 18:32 . 2014-09-15 01:08    11578928    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{59D2CDF2-EFC8-427D-8D87-A89F1F623748}\mpengine.dll
2014-09-30 18:32 . 2014-09-25 02:08    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-30 18:32 . 2014-09-25 01:40    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-09-29 06:34 . 2014-09-29 06:34    --------    d--h--w-    c:\windows\msdownld.tmp
2014-09-29 06:16 . 2014-09-09 02:05    11578928    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-28 14:43 . 2014-09-28 14:43    --------    d-----w-    c:\program files\Wise
2014-09-28 14:35 . 2013-09-20 09:49    21040    ----a-w-    c:\windows\system32\sdnclean64.exe
2014-09-28 11:58 . 2014-09-30 18:19    --------    d-----w-    C:\Security Task Manager
2014-09-28 09:26 . 2014-09-28 09:26    --------    d-----w-    c:\program files\Armory
2014-09-28 09:03 . 2014-09-28 09:06    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\Comodo
2014-09-27 14:37 . 2014-10-04 14:00    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\Spybot - Search & Destroy
2014-09-27 13:26 . 2014-09-27 13:26    --------    d-----w-    C:\Mozilla
2014-09-26 23:42 . 2014-10-04 11:08    --------    d-----w-    C:\temp
2014-09-26 10:38 . 2014-09-26 10:38    --------    d-----w-    C:\ESET
2014-09-26 10:07 . 2014-09-26 10:07    --------    d-----w-    c:\windows\ERUNT
2014-09-26 06:21 . 2014-09-26 06:21    --------    d-----w-    c:\users\Cybad4d4\AppData\Local\gauthauthenticator-78ef3156e1ca5b74c14beac161614be7
2014-09-25 22:28 . 2014-09-30 18:04    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-09-25 22:28 . 2014-09-25 22:28    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\Malwarebytes
2014-09-25 12:27 . 2014-09-25 12:27    --------    d-----w-    c:\program files\Geeks3D
2014-09-25 11:07 . 2014-09-27 14:52    --------    d-----w-    C:\VTRoot
2014-09-25 11:06 . 2014-09-25 11:06    --------    d-----w-    c:\users\Cybad4d4\AppData\Local\Comodo
2014-09-25 10:45 . 2014-09-28 14:40    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2014-09-25 10:44 . 2014-09-25 11:06    --------    d-----w-    c:\programdata\Comodo Downloader
2014-09-25 10:43 . 2014-09-25 10:44    --------    d-s---w-    c:\programdata\Shared Space
2014-09-25 10:43 . 2014-09-28 09:03    --------    d-----w-    c:\programdata\Comodo
2014-09-25 10:43 . 2014-09-25 11:07    --------    d-----w-    c:\program files\COMODO
2014-09-25 10:15 . 2014-09-27 05:50    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\QuickScan
2014-09-25 09:12 . 2014-10-04 14:51    --------    d-----w-    c:\users\Classic .NET AppPool
2014-09-25 07:53 . 2014-09-25 07:58    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\Geek Uninstaller
2014-09-24 20:02 . 2014-09-29 16:44    --------    d-----w-    c:\users\DefaultAppPool
2014-09-24 18:29 . 2014-09-24 18:29    --------    d-----w-    c:\program files\Windows Journal
2014-09-24 18:29 . 2014-09-24 18:29    --------    d-----w-    c:\windows\ShellNew
2014-09-24 12:09 . 2014-09-25 06:35    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\deleteme
2014-09-24 08:16 . 2014-09-24 08:16    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\nCleaner
2014-09-24 07:51 . 2014-09-24 07:51    --------    d-----w-    c:\program files\HitmanPro
2014-09-24 07:31 . 2014-05-12 06:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-09-24 07:31 . 2014-05-12 06:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-09-24 07:31 . 2014-05-12 06:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-23 19:21 . 2014-09-09 22:11    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-23 19:21 . 2014-09-09 21:47    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-09-23 19:21 . 2014-09-23 19:21    --------    d-----w-    C:\Comodo
2014-09-23 18:25 . 2014-09-23 18:25    348160    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2014-09-23 18:25 . 2014-09-23 18:25    1060864    ----a-w-    c:\windows\SysWow64\mfc71.dll
2014-09-23 18:25 . 2014-09-23 18:25    1700352    ----a-w-    c:\windows\SysWow64\gdiplus.dll
2014-09-23 17:04 . 2014-09-23 17:04    --------    d-----w-    C:\BUFFALO
2014-09-23 16:49 . 2014-09-24 07:59    --------    d-----w-    c:\programdata\HitmanPro
2014-09-23 16:48 . 2014-10-04 11:51    --------    d-----w-    C:\AdwCleaner
2014-09-23 15:07 . 2014-09-23 15:07    --------    d-----w-    c:\programdata\RogueKiller
2014-09-23 14:58 . 2014-09-29 09:57    --------    d-----w-    c:\program files\Emsisoft Anti-Malware
2014-09-23 14:52 . 2014-09-23 14:52    --------    d-----w-    c:\users\Cybad4d4\Portables
2014-09-23 14:50 . 2014-10-04 14:48    --------    d-----w-    c:\users\Cybad4d4\Repairs
2014-09-23 14:47 . 2014-09-23 14:47    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\Safer Networking
2014-09-23 14:31 . 2014-09-23 14:31    --------    d-----w-    c:\program files\ITknowledge24
2014-09-23 10:31 . 2014-02-16 16:23    60640    ----a-w-    c:\windows\system32\drivers\usbfilter.sys
2014-09-23 10:28 . 2014-09-25 10:34    --------    d-----w-    c:\windows\Program Files (x86)
2014-09-23 10:27 . 2014-09-23 10:31    --------    d-----w-    c:\windows\Common Files (x86)
2014-09-22 17:10 . 2014-09-28 09:27    --------    d-----w-    c:\users\Cybad4d4\AppData\Local\Adobe
2014-09-21 18:30 . 2014-09-21 18:30    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\NoirShares
2014-09-21 18:29 . 2014-09-21 18:29    --------    d-----w-    c:\program files (x86)\NoirShares-Qt
2014-09-21 13:46 . 2014-09-21 14:03    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\TheLastCoin
2014-09-21 08:43 . 2014-09-21 11:54    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\UltraCoin
2014-09-21 08:08 . 2014-09-21 11:50    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\CommunityCoin
2014-09-21 08:07 . 2014-09-24 13:31    --------    d-----w-    C:\Wallets
2014-09-21 08:00 . 2014-09-21 08:00    --------    d-----w-    c:\program files\Dogecoin
2014-09-20 16:57 . 2014-09-26 20:08    --------    d-----w-    c:\program files (x86)\Litecoin
2014-09-19 15:48 . 2014-09-19 15:48    --------    d-----w-    C:\found.000
2014-09-17 19:53 . 2014-10-01 00:53    --------    d-----w-    c:\windows\rescache
2014-09-16 18:30 . 2014-09-16 18:29    1188440    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92A1A5E9-CE50-4082-8949-A3CF501C6A5E}\gapaengine.dll
2014-09-15 15:33 . 2014-09-15 15:33    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\Seagate
2014-09-15 15:13 . 2014-09-15 15:33    --------    d-----w-    c:\programdata\Seagate
2014-09-15 15:12 . 2014-09-15 15:12    183224    ----a-w-    c:\windows\system32\drivers\tib_mounter.sys
2014-09-15 15:12 . 2014-09-15 15:12    1120032    ----a-w-    c:\windows\system32\drivers\tib.sys
2014-09-15 15:12 . 2014-09-15 15:12    1462560    ----a-w-    c:\windows\system32\drivers\tdrpman.sys
2014-09-15 15:12 . 2014-09-15 15:12    161568    ----a-w-    c:\windows\system32\drivers\vididr.sys
2014-09-15 15:12 . 2014-09-15 15:12    117024    ----a-w-    c:\windows\system32\drivers\vidsflt.sys
2014-09-15 15:12 . 2014-09-15 15:12    233760    ----a-w-    c:\windows\system32\drivers\snapman.sys
2014-09-15 15:12 . 2014-09-15 15:12    108832    ----a-w-    c:\windows\system32\drivers\fltsrv.sys
2014-09-15 15:12 . 2014-09-15 15:12    --------    d-----w-    c:\program files (x86)\Common Files\Acronis
2014-09-15 15:12 . 2014-09-15 15:12    --------    d-----w-    c:\program files (x86)\Common Files\Seagate
2014-09-15 11:22 . 2014-09-15 11:22    --------    d-----w-    c:\windows\ehome
2014-09-15 11:22 . 2014-09-15 11:22    --------    d-----w-    c:\users\Default\AppData\Roaming\Media Center Programs
2014-09-15 11:22 . 2014-09-15 11:22    --------    d-----w-    c:\program files\Windows Sidebar
2014-09-15 11:22 . 2014-09-15 11:22    --------    d-----r-    c:\users\Public\Recorded TV
2014-09-15 11:08 . 2014-09-15 11:08    --------    d-----w-    c:\program files (x86)\AMD AVT
2014-09-15 11:08 . 2014-09-15 11:08    --------    d-----w-    c:\program files (x86)\Common Files\ATI Technologies
2014-09-15 11:06 . 2014-09-15 11:06    --------    d-----w-    c:\program files (x86)\ATI Technologies
2014-09-15 11:05 . 2014-09-25 07:57    --------    d-----w-    c:\program files\ATI
2014-09-15 11:04 . 2014-09-22 08:26    --------    d-----w-    C:\AMD
2014-09-14 10:52 . 2014-09-14 14:58    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\Guldencoin
2014-09-13 14:55 . 2014-09-25 22:54    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\Bitcoin
2014-09-13 13:05 . 2014-09-13 13:05    --------    d-----w-    c:\program files\AMD
2014-09-13 06:52 . 2014-09-13 06:52    --------    d-----w-    c:\programdata\Logitech
2014-09-13 06:52 . 2014-10-04 11:06    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2014-09-13 06:52 . 2014-09-13 06:52    --------    d-----w-    c:\programdata\Logishrd
2014-09-13 06:51 . 2014-09-13 06:52    --------    d-----w-    c:\program files\Common Files\LogiShrd
2014-09-13 06:51 . 2014-09-13 06:52    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\Logitech
2014-09-13 06:51 . 2014-09-13 06:51    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\Logishrd
2014-09-12 10:27 . 2014-09-12 10:27    31648    ----a-w-    c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2014-09-11 19:22 . 2014-09-11 19:22    --------    d-----w-    c:\program files (x86)\Dolby Home Theater v4
2014-09-11 19:06 . 2014-09-25 02:56    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\vlc
2014-09-11 14:00 . 2014-09-11 19:10    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\Titcoin
2014-09-10 14:24 . 2014-09-10 14:24    --------    d-----w-    c:\program files\Axantum
2014-09-10 12:00 . 2014-09-22 08:22    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\Kashmircoin
2014-09-10 11:54 . 2014-09-10 11:54    --------    d-----w-    c:\program files (x86)\Kashmircoin
2014-09-10 07:47 . 2014-09-10 11:59    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\TrustCoin
2014-09-10 07:13 . 2014-09-10 07:13    --------    d-----w-    c:\users\Cybad4d4\AppData\Roaming\Parise Samuele
2014-09-10 07:13 . 2014-09-10 07:13    --------    d-----w-    c:\programdata\Parise Samuele
2014-09-10 06:56 . 2014-09-10 06:56    --------    d-----w-    c:\program files (x86)\HDD Guardian 0.6.1
2014-09-10 02:00 . 2014-06-27 02:08    2777088    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-09-10 02:00 . 2014-06-27 01:45    2285056    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 01:54 . 2014-08-01 11:53    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-09-10 01:54 . 2014-08-01 11:35    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 01:54 . 2014-06-24 03:29    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-09-10 01:54 . 2014-06-24 02:59    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-09-10 01:54 . 2014-07-07 02:06    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-09-10 01:54 . 2014-07-07 02:06    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-09-10 01:54 . 2014-07-07 01:40    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-09-10 01:54 . 2014-07-07 01:40    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-09-10 01:54 . 2014-07-07 01:39    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-09-10 01:54 . 2014-09-05 02:10    578048    ----a-w-    c:\windows\system32\aepdu.dll
2014-09-10 01:54 . 2014-09-05 02:05    424448    ----a-w-    c:\windows\system32\aeinv.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-01 21:35 . 2014-07-22 20:31    163504    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-09-25 08:18 . 2014-08-15 12:43    30312    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-09-16 17:17 . 2013-01-03 16:27    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-16 17:17 . 2013-01-03 16:27    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-15 08:06 . 2010-11-21 03:27    278152    ------w-    c:\windows\system32\MpSigStub.exe
2014-08-29 12:01 . 2012-12-28 14:14    101694776    ----a-w-    c:\windows\system32\MRT.exe
2014-08-28 10:44 . 2014-08-28 10:44    1795952    ----a-w-    c:\windows\system32\WdfCoInstaller01011.dll
2014-08-28 10:44 . 2014-08-28 10:44    1002728    ----a-w-    c:\windows\system32\WinUSBCoInstaller2.dll
2014-08-23 02:07 . 2014-08-27 18:14    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-27 18:14    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-27 18:14    3163648    ----a-w-    c:\windows\system32\win32k.sys
2014-08-20 17:46 . 2013-06-29 08:00    1169712    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-19 19:15 . 2014-04-11 15:56    1721576    ----a-w-    c:\windows\system32\WdfCoinstaller01009.dll
2014-08-19 19:15 . 2014-04-11 15:56    79360    ----a-w-    c:\windows\system32\drivers\silabser.sys
2014-08-19 19:15 . 2014-04-11 15:56    23552    ----a-w-    c:\windows\system32\drivers\silabenm.sys
2014-08-17 16:39 . 2014-08-17 16:39    640000    ----a-r-    c:\users\Cybad4d4\AppData\Roaming\Microsoft\Installer\{20190907-7F38-42A9-B075-7D4F901B6933}\Tomboy.exe
2014-08-16 17:05 . 2012-07-08 15:30    25640    ----a-w-    c:\windows\gdrv.sys
2014-08-15 09:53 . 2014-08-15 09:53    111016    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-08-15 09:53 . 2014-08-15 09:53    319912    ----a-w-    c:\windows\system32\javaws.exe
2014-08-15 09:53 . 2014-08-15 09:53    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-08-15 09:53 . 2014-08-15 09:53    189352    ----a-w-    c:\windows\system32\java.exe
2014-08-14 09:06 . 2013-07-25 08:49    15000576    ----a-w-    c:\program files (x86)\Common Files\lpuninstall.exe
2014-08-12 03:32 . 2014-08-12 03:32    78432    ----a-w-    c:\windows\system32\atimpc64.dll
2014-08-12 03:32 . 2014-08-12 03:32    78432    ----a-w-    c:\windows\system32\amdpcom64.dll
2014-08-12 03:32 . 2014-08-12 03:32    71704    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2014-08-12 03:32 . 2014-08-12 03:32    71704    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2014-08-12 03:32 . 2014-08-12 03:32    126336    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2014-08-12 03:32 . 2011-04-20 00:21    143304    ----a-w-    c:\windows\system32\atiuxp64.dll
2014-08-12 03:32 . 2014-08-12 03:32    117584    ----a-w-    c:\windows\system32\atiu9p64.dll
2014-08-12 03:32 . 2014-04-18 02:42    99520    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2014-08-12 03:32 . 2014-04-18 02:42    1331424    ----a-w-    c:\windows\system32\aticfx64.dll
2014-08-12 03:32 . 2014-04-18 02:42    1110992    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2014-08-12 03:32 . 2014-04-18 02:42    10521632    ----a-w-    c:\windows\system32\atidxx64.dll
2014-08-12 03:32 . 2014-08-12 03:32    9018320    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2014-08-12 03:32 . 2014-08-12 03:32    7102496    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2014-08-12 03:32 . 2014-08-12 03:32    6879016    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2014-08-12 03:31 . 2014-08-12 03:31    7892000    ----a-w-    c:\windows\system32\atiumd6a.dll
2014-08-12 03:31 . 2014-08-12 03:31    8108312    ----a-w-    c:\windows\system32\atiumd64.dll
2014-08-12 03:28 . 2014-08-12 03:28    276192    ----a-w-    c:\windows\system32\drivers\amdacpksd.sys
2014-08-12 03:24 . 2014-08-12 03:24    15961088    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2014-08-12 03:10 . 2014-08-12 03:10    231424    ----a-w-    c:\windows\system32\clinfo.exe
2014-08-12 03:09 . 2014-08-12 03:09    1187342    ----a-w-    c:\windows\system32\amdocl_as64.exe
2014-08-12 03:09 . 2014-08-12 03:09    1061902    ----a-w-    c:\windows\system32\amdocl_ld64.exe
2014-08-12 03:09 . 2014-08-12 03:09    995342    ----a-w-    c:\windows\SysWow64\amdocl_as32.exe
2014-08-12 03:09 . 2014-08-12 03:09    798734    ----a-w-    c:\windows\SysWow64\amdocl_ld32.exe
2014-08-12 03:09 . 2014-08-12 03:09    98816    ----a-w-    c:\windows\system32\OpenVideo64.dll
2014-08-12 03:09 . 2014-08-12 03:09    83456    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2014-08-12 03:09 . 2014-08-12 03:09    86528    ----a-w-    c:\windows\system32\OVDecode64.dll
2014-08-12 03:09 . 2014-08-12 03:09    73216    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2014-08-12 03:09 . 2014-08-12 03:09    32877056    ----a-w-    c:\windows\system32\amdocl64.dll
2014-08-12 03:06 . 2014-08-12 03:06    27843072    ----a-w-    c:\windows\SysWow64\amdocl.dll
2014-08-12 03:03 . 2014-08-12 03:03    65024    ----a-w-    c:\windows\system32\OpenCL.dll
2014-08-12 03:03 . 2014-04-18 02:17    58880    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-08-12 02:51 . 2014-08-12 02:51    127488    ----a-w-    c:\windows\system32\mantle64.dll
2014-08-12 02:50 . 2014-08-12 02:50    113664    ----a-w-    c:\windows\SysWow64\mantle32.dll
2014-08-12 02:50 . 2014-08-12 02:50    5225472    ----a-w-    c:\windows\system32\amdmantle64.dll
2014-08-12 02:44 . 2014-08-12 02:44    27529216    ----a-w-    c:\windows\system32\atio6axx.dll
2014-08-12 02:34 . 2014-08-12 02:34    4180992    ----a-w-    c:\windows\SysWow64\amdmantle32.dll
2014-08-12 02:24 . 2014-08-12 02:24    23028224    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2014-08-12 02:20 . 2014-08-12 02:20    91648    ----a-w-    c:\windows\system32\mantleaxl64.dll
2014-08-12 02:19 . 2014-08-12 02:19    85504    ----a-w-    c:\windows\SysWow64\mantleaxl32.dll
2014-08-12 02:18 . 2014-08-12 02:18    366592    ----a-w-    c:\windows\system32\atiapfxx.exe
2014-08-12 02:18 . 2014-08-12 02:18    62464    ----a-w-    c:\windows\system32\aticalrt64.dll
2014-08-12 02:18 . 2014-08-12 02:18    52224    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2014-08-12 02:18 . 2014-08-12 02:18    55808    ----a-w-    c:\windows\system32\aticalcl64.dll
2014-08-12 02:18 . 2014-08-12 02:18    49152    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2014-08-12 02:18 . 2014-08-12 02:18    15716352    ----a-w-    c:\windows\system32\aticaldd64.dll
2014-08-12 02:14 . 2014-08-12 02:14    14302208    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2014-08-12 02:01 . 2014-08-12 02:01    442368    ----a-w-    c:\windows\system32\atidemgy.dll
2014-08-12 02:01 . 2014-08-12 02:01    31232    ----a-w-    c:\windows\system32\atimuixx.dll
2014-08-12 02:01 . 2014-08-12 02:01    588800    ----a-w-    c:\windows\system32\atieclxx.exe
2014-08-12 02:00 . 2014-08-12 02:00    239616    ----a-w-    c:\windows\system32\atiesrxx.exe
2014-08-12 01:59 . 2014-08-12 01:59    190976    ----a-w-    c:\windows\system32\atitmm64.dll
2014-08-12 01:57 . 2014-08-12 01:57    48128    ----a-w-    c:\windows\system32\amdmmcl6.dll
2014-08-12 01:57 . 2014-08-12 01:57    37888    ----a-w-    c:\windows\SysWow64\amdmmcl.dll
2014-08-12 01:43 . 2014-08-12 01:43    826368    ----a-w-    c:\windows\system32\coinst_14.20.dll
2014-08-12 01:34 . 2014-08-12 01:34    1207296    ----a-w-    c:\windows\system32\atiadlxx.dll
2014-08-12 01:34 . 2014-08-12 01:34    898560    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2014-08-12 01:34 . 2014-08-12 01:34    75264    ----a-w-    c:\windows\system32\atig6pxx.dll
2014-08-12 01:34 . 2014-08-12 01:34    69632    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2014-08-12 01:34 . 2014-08-12 01:34    69632    ----a-w-    c:\windows\system32\atiglpxx.dll
2014-08-12 01:34 . 2014-08-12 01:34    146944    ----a-w-    c:\windows\system32\atig6txx.dll
2014-08-12 01:34 . 2014-08-12 01:34    133632    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2014-08-12 01:33 . 2014-08-12 01:33    557056    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2014-08-12 01:32 . 2014-08-12 01:32    43520    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2014-08-11 22:20 . 2014-08-11 22:20    51200    ----a-w-    c:\windows\system32\kdbsdk64.dll
2014-08-11 22:15 . 2014-08-11 22:15    38912    ----a-w-    c:\windows\SysWow64\kdbsdk32.dll
2014-07-25 11:55 . 2013-07-03 14:08    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 01:35 . 2014-07-25 01:35    875688    ----a-w-    c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 22:47 . 2014-07-24 22:47    869544    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2014-07-24 11:47 . 2013-08-03 11:16    431104    ----a-w-    c:\windows\system32\wrap_oal.dll
2014-07-24 11:47 . 2013-08-03 11:16    136192    ----a-w-    c:\windows\system32\OpenAL32.dll
2014-07-24 11:47 . 2013-08-03 11:16    409600    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2014-07-24 11:47 . 2013-08-03 11:16    114688    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2014-07-23 02:25 . 2014-07-23 02:25    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2014-07-23 02:25 . 2014-07-23 02:25    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2014-07-23 02:25 . 2014-07-23 02:25    235008    ----a-w-    c:\windows\system32\elshyph.dll
2014-07-23 02:25 . 2014-07-23 02:25    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2014-07-23 02:25 . 2014-07-23 02:25    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2014-07-23 02:25 . 2014-07-23 02:25    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[-] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[-] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
[-] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\atapi.sys
[-] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[-] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
.
[-] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys
[-] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys
.
[-] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys
[-] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7601.17514] .. c:\windows\system32\drivers\kbdclass.sys
[-] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7601.17514] .. c:\windows\system32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys
.
[-] 2012-08-22 . 760E38053BF56E501D562B70AD796B88 . 950128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[-] 2012-08-22 . 5E74508FCB5820B29EEAFE24E6035BCF . 950128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[-] 2010-11-21 . 79B47FD40D9A817E932F9D26FAC0A81C . 951680 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[-] 2012-08-22 . 760E38053BF56E501D562B70AD796B88 . 950128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ndis.sys
.
[-] 2014-01-24 . 48B6047F82D5A8D0AEC71593F4ACD79B . 1684416 . . [6.1.7601.22580] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22580_none_04d102ad4ce53e53\ntfs.sys
[-] 2014-01-24 . 1A29A59A4C5BA6F8C85062A613B7E2B2 . 1684928 . . [6.1.7601.18378] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18378_none_045a363833b85029\ntfs.sys
[-] 2011-03-11 . A2F74975097F52A00745F9637451FDD8 . 1659776 . . [6.1.7601.17577] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys
[-] 2011-03-11 . 87B104128D4D3BA3C13098BAEBF38082 . 1659776 . . [6.1.7601.21680] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[-] 2010-11-21 . 05D78AA5CB5F3F5C31160BDB955D0B7C . 1659776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[-] 2014-01-24 . 1A29A59A4C5BA6F8C85062A613B7E2B2 . 1684928 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ntfs.sys
.
[-] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys
[-] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys
.
[-] 2014-04-05 . 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E . 1903552 . . [6.1.7601.18438] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[-] 2014-04-05 . 4F80944B03112F486212DC20BE166079 . 1897408 . . [6.1.7601.22648] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[-] 2013-09-08 . 40AF23633D197905F03AB5628C558C51 . 1903552 . . [6.1.7601.18254] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[-] 2013-09-07 . 75F9106B74585D38C8FF6BB5CAD262D7 . 1896896 . . [6.1.7601.22444] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[-] 2012-10-03 . 37608401DFDB388CAF66917F6B2D6FB0 . 1914248 . . [6.1.7601.17964] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[-] 2012-10-03 . D5707FC2300AA5B04B7BFE86D40C0133 . 1902472 . . [6.1.7601.22124] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[-] 2010-11-21 . 509383E505C973ED7534A06B3D19688D . 1924480 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[-] 2014-04-05 . 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E . 1903552 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys
.
[-] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
[-] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\system32\drivers\tdx.sys
.
[-] 2012-07-04 . 05F5A0D14A2EE1D8255C2AA0E9E8E694 . 136704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17887_none_d6c68344b4d406bf\browser.dll
[-] 2012-07-04 . 156768ABAE1DAF29BA0B0C05C21FEF09 . 136704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_d7783703cdd41e02\browser.dll
[-] 2010-11-21 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae\browser.dll
[-] 2012-07-04 . 05F5A0D14A2EE1D8255C2AA0E9E8E694 . 136704 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll
.
[-] 2014-05-30 . F23812F9F7B130854E4BC0389F7C688C . 31232 . . [6.1.7601.18489] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe
[-] 2014-05-30 . 04F6C08B30C599D301CE8530A6F6A703 . 31232 . . [6.1.7601.22705] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[-] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[-] 2012-08-24 . 77119F1F9B492B260030C34F9BE327FA . 31232 . . [6.1.7601.22099] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a\lsass.exe
[-] 2011-11-17 . 0A10B74FBB437FF9A23F1D5DE4446A83 . 31232 . . [6.1.7601.21861] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[-] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[-] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\system32\lsass.exe
.
[-] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll
[-] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\system32\netman.dll
.
[-] 2010-11-21 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[-] 2010-11-21 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7600.16385] .. c:\windows\system32\qmgr.dll
.
[-] 2010-11-21 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[-] 2010-11-21 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
[-] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
[-] 2012-02-11 . 85DAA09A98C9286D4EA2BA8D0E644377 . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_3433cdb2d8563d50\spoolsv.exe
[-] 2012-02-11 . B9D7A4858CF32A6A15D2763F1DE47E0E . 559616 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682\spoolsv.exe
[-] 2010-11-21 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[-] 2012-02-11 . 85DAA09A98C9286D4EA2BA8D0E644377 . 559104 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe
.
[-] 2014-03-04 . 6CE2AE073BD21C542FC2C707CAE944CC . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[-] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[-] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[-] 2014-05-14 . EAD9E413A6CEB9FD8E2AD9DC0716C061 . 58336 . . [7.6.7600.320] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.320_none_d5f64d30518fd000\wuauclt.exe
[-] 2010-11-21 . 7FBFAA84FE176D9AE932ABC585AB68D5 . 51200 . . [7.5.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe
[-] 2014-05-14 . EAD9E413A6CEB9FD8E2AD9DC0716C061 . 58336 . . [7.6.7600.320] .. c:\windows\system32\wuauclt.exe
.
[-] 2013-07-04 . 9028D1621C43DF8DFBD1C76860412A11 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.18201_none_97c9d703ee91c7f1\comctl32.dll
[-] 2013-07-04 . 9028D1621C43DF8DFBD1C76860412A11 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
[-] 2013-07-04 . 4F3C5CE9EF990E1C62B7E7EBA0EBA1C2 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.22376_none_980cc5cd07e3aa05\comctl32.dll
[-] 2013-07-04 . 4F3C5CE9EF990E1C62B7E7EBA0EBA1C2 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.22376_none_a6ba9bf96e3dcd13\comctl32.dll
[-] 2010-11-21 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\comctl32.dll
[-] 2010-11-21 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
[-] 2010-11-21 . 7FA8FDC2C2A27817FD0F624E78D3B50C . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
[-] 2013-07-04 . 9028D1621C43DF8DFBD1C76860412A11 . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll
.
[-] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll
[-] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\system32\comres.dll
.
[-] 2013-10-05 . 509D31797A4B8A3D6ED78A330B19A919 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[-] 2013-07-09 . 434CCE8E7150CD1324C5FAA088D1D061 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[-] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[-] 2013-05-13 . D8129C49798CBBFB2E4351D4B7B8EF9C . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[-] 2013-05-11 . 8122252F0A4ACFA92FA0C1D50D18493B . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[-] 2013-05-10 . 7FDC4626B01106A8EF328C88C7C0DEE3 . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[-] 2013-05-10 . CA13C4F92BEE66DB48E58AB3223DDF6E . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[-] 2012-06-04 . 7E7D2DACF65D750D466F36BD3D09AE20 . 186880 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[-] 2012-06-02 . 9C01375BE382E834CC26D1B7EAF2C4FE . 184320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[-] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[-] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[-] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[-] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll
.
[-] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll
[-] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll
.
[-] 2014-04-25 . 088CF6AFCD5CDD44E40C0ACDE3C1A5E0 . 801280 . . [1.0626.7601.18454] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.18454_none_0af5261f6f3c76ad\usp10.dll
[-] 2014-04-25 . BB2B03C6B6778A9B2866A049CC600D55 . 801792 . . [1.0626.7601.22666] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.22666_none_0b75f5788860623d\usp10.dll
[-] 2010-11-21 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_0b207e7d6f1bea6f\usp10.dll
[-] 2014-04-25 . 088CF6AFCD5CDD44E40C0ACDE3C1A5E0 . 801280 . . [1.0626.7601.18454] .. c:\windows\system32\usp10.dll
.
[-] 2014-04-12 . 77BBBF70BCE286CD19E1E68F248363FA . 1164800 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_f24130b9862a22c7\kernel32.dll
[-] 2014-03-04 . 52E77DC8E31C89FBB1E968699C8121C5 . 1164800 . . [6.1.7601.22616] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22616_none_f26f71478606ff08\kernel32.dll
[-] 2014-03-04 . D2A513EE880D71BDE7F0257F38B9D019 . 1163264 . . [6.1.7601.18409] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_f1f3a3606cde922b\kernel32.dll
[-] 2013-08-29 . 786D234A90FCAC72633AE6FC52653A49 . 1162240 . . [6.1.7601.22436] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22436_none_f259cda386173c9c\kernel32.dll
[-] 2013-08-02 . C525D51A79B01342344F02E38866CF60 . 1162240 . . [6.1.7601.22411] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22411_none_f26a6c09860b8607\kernel32.dll
[-] 2013-08-02 . D8973E71F1B35CD3F3DEA7C12D49D0F0 . 1161216 . . [6.1.7601.18229] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18229_none_f1ddffbc6ceecfbf\kernel32.dll
[-] 2012-11-30 . B3BEA6420D482356E53B7C728E05C637 . 1163264 . . [6.1.7601.22177] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_f22f888b8636ce42\kernel32.dll
[-] 2012-11-30 . 65C113214F7B05820F6D8A65B1485196 . 1161216 . . [6.1.7601.18015] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_f1e4cab46cea5424\kernel32.dll
[-] 2010-11-21 . 7A6326D96D53048FDEC542DF23D875A0 . 1161216 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[-] 2014-03-04 . D2A513EE880D71BDE7F0257F38B9D019 . 1163264 . . [6.1.7601.18015] .. c:\windows\system32\kernel32.dll
.
[-] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859\linkinfo.dll
[-] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll
.
[-] 2013-06-06 . 796B47A4B82EF1C39F13435B88834C48 . 41472 . . [6.1.7601.18177] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18177_none_07bb20dd7154003d\lpk.dll
[-] 2013-06-06 . 22FC61B8E1EBA296FF416C3678E26DD3 . 41472 . . [6.1.7601.22350] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22350_none_08535d608a67b3eb\lpk.dll
[-] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll
[-] 2013-06-06 . 796B47A4B82EF1C39F13435B88834C48 . 41472 . . [6.1.7601.18177] .. c:\windows\system32\lpk.dll
.
[-] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38\hnetcfg.dll
[-] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\system32\hnetcfg.dll
.
[-] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.17280] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_f5b67f6437213d09\mshtml.dll
[-] 2014-07-25 . ECA387DCD57F683C52171C766CF400F0 . 23645696 . . [11.00.9600.17280] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_f5b0b0ea3726a4ff\mshtml.dll
[-] 2014-07-23 . FEC19C351EF1B2C998A85D1BFD765675 . 23464448 . . [11.00.9600.17207] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_f5addd9c372925b8\mshtml.dll
[-] 2014-03-06 . 37D0FB9E5E8EDA40B66FC3FB3D660261 . 23549440 . . [11.00.9600.17041] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_f5c8074c3714b96c\mshtml.dll
[-] 2010-11-21 . 1C8B787BAA52DEAD1A6FEC1502D652F0 . 8988160 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll
[-] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.17280] .. c:\windows\system32\mshtml.dll
.
[-] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_2f5acf97b59df60f\msvcrt.dll
[-] 2011-12-16 . F9A4C695C86CC32048FE2C987A0BD387 . 634880 . . [7.0.7601.21878] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_2fc7fdc6ced04f08\msvcrt.dll
[-] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll
[-] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\system32\msvcrt.dll
.
[-] 2013-09-08 . 9A9F9F1A77D6A80EE28B57664F00013E . 327168 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
[-] 2013-09-07 . BDDB1FD258B92DEE00F222D3304B5D9C . 327168 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
[-] 2010-11-21 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[-] 2013-09-08 . 9A9F9F1A77D6A80EE28B57664F00013E . 327168 . . [6.1.7600.16385] .. c:\windows\system32\mswsock.dll
.
[-] 2010-11-21 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[-] 2010-11-21 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\system32\netlogon.dll
.
[-] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll
[-] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll
.
[-] 2010-11-21 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
[-] 2010-11-21 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll
.
[-] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll
[-] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll
.
[-] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[-] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe
.
[-] 2010-11-21 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0\tapisrv.dll
[-] 2010-11-21 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7600.16385] .. c:\windows\system32\tapisrv.dll
.
[-] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2010-11-21 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[-] 2010-11-21 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe
.
[-] 2014-08-18 . 39EBB9708453036A74C30C9A294023FF . 2310656 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_e45c6045b6cad3d3\wininet.dll
[-] 2014-07-25 . 8E71A5CB5312B8392D4DA4CA37BB5868 . 2266624 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_e45691cbb6d03bc9\wininet.dll
[-] 2014-07-23 . 2EE102DF0EDD8A1EDD3D1E9B99A91BEC . 2266112 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_e453be7db6d2bc82\wininet.dll
[-] 2014-03-06 . F220BA78AB542C70211D73AE4729B2CD . 2260480 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_e46de82db6be5036\wininet.dll
[-] 2010-11-21 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[-] 2014-08-18 . 39EBB9708453036A74C30C9A294023FF . 2310656 . . [11.00.9600.16428] .. c:\windows\system32\wininet.dll
.
[-] 2010-11-21 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[-] 2010-11-21 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll
.
[-] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll
[-] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll
.
[-] 2010-11-21 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll
[-] 2010-11-21 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll
.
[-] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
[-] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll
.
[-] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[-] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe
.
[-] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[-] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe
.
[-] 2010-11-21 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_2b566299338d2123\shsvcs.dll
[-] 2010-11-21 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\system32\shsvcs.dll
.
[-] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\regsvc.dll
[-] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\system32\regsvc.dll
.
[-] 2010-11-21 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9\schedsvc.dll
[-] 2010-11-21 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\system32\schedsvc.dll
.
[-] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_dbbe6492eae9505c\ssdpsrv.dll
[-] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\system32\ssdpsrv.dll
.
[-] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[-] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
[-] 2014-03-04 . A9D735A8C6010DCE1148D4BC32365C14 . 5553088 . . [6.1.7601.22616] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_cae1eda6e3de88c2\ntoskrnl.exe
[-] 2014-03-04 . 6B47CF5C27865DDF6680E4D834FBE34F . 5550016 . . [6.1.7601.18409] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_ca661fbfcab61be5\ntoskrnl.exe
[-] 2013-08-29 . C842D8DC6E5BCD750FA50E4083CBBBEB . 5552064 . . [6.1.7601.22436] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_cacc4a02e3eec656\ntoskrnl.exe
[-] 2013-08-29 . 5B9A6A310326D9C438F2C19FBBE97C97 . 5549504 . . [6.1.7601.18247] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_ca38dbafcad85ead\ntoskrnl.exe
[-] 2013-08-02 . 5DA80B9D5EB7197AA99006C2DDD14E08 . 5554624 . . [6.1.7601.22411] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_cadce868e3e30fc1\ntoskrnl.exe
[-] 2013-08-02 . 63B563F1FC047AB3E21530DBBE773260 . 5550528 . . [6.1.7601.18229] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_ca507c1bcac65979\ntoskrnl.exe
[-] 2013-03-19 . AC3232ED772403D38D64C18CD5A66FBD . 5550424 . . [6.1.7601.18113] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_ca554865cac3a857\ntoskrnl.exe
[-] 2013-03-19 . 25F87CF0EAF38AD1D412E804AE00CE3B . 5553496 . . [6.1.7601.22280] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_ca9034dee41cbfb3\ntoskrnl.exe
[-] 2012-08-30 . FE905D59663E86BFE51623947B7425FD . 5559664 . . [6.1.7601.17944] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_ca35fee3cadae518\ntoskrnl.exe
[-] 2012-08-30 . A0D1C0E813A7C6E17C029375AC2ACE18 . 5562736 . . [6.1.7601.22103] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_cae9b336e3d92f09\ntoskrnl.exe
[-] 2012-05-04 . 2819BB6417B85D38169A4F151463A815 . 5559664 . . [6.1.7601.17835] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_ca41cd33cad1e557\ntoskrnl.exe
[-] 2012-05-04 . 6A692DB27A943B463E97B749DD34F3DA . 5561200 . . [6.1.7601.21987] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_ca975af6e4164384\ntoskrnl.exe
[-] 2012-03-31 . 03B5C6DBA5A770CEEFD1615E380C6BC3 . 5559664 . . [6.1.7601.17803] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_ca603c63cabb5ed6\ntoskrnl.exe
[-] 2012-03-31 . 708A4C721CEE6B3845B5A54477D873CF . 5561200 . . [6.1.7601.21955] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_cab5ca26e3ffbd03\ntoskrnl.exe
[-] 2012-03-06 . BAA66E360105F79B5948A2FDAF3AA8FE . 5559152 . . [6.1.7601.17790] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_c9fbea53cb071123\ntoskrnl.exe
[-] 2012-03-06 . FCAB208AC0F7263A84EB627B1517E5AC . 5561200 . . [6.1.7601.21936] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_cacc6a48e3ee9e78\ntoskrnl.exe
[-] 2010-11-21 . C6CEC3E6CC9842B73501C70AA64C00FE . 5563776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[-] 2014-03-04 . 6B47CF5C27865DDF6680E4D834FBE34F . 5550016 . . [6.1.7601.18409] .. c:\windows\system32\ntoskrnl.exe
.
[-] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll
[-] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll
.
[-] 2009-07-14 . E424B3EF666B184CEE0B6871AAA8C9F6 . 8192 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_d360c9c235bd1868\msimg32.dll
[-] 2009-07-14 . E424B3EF666B184CEE0B6871AAA8C9F6 . 8192 . . [6.1.7600.16385] .. c:\windows\system32\msimg32.dll
.
[-] 2013-07-04 . 700BD5A6AA5381D1D8ADC4045149DBF6 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.22376_none_3bee2a494f8638cf\comctl32.dll
[-] 2013-07-04 . 700BD5A6AA5381D1D8ADC4045149DBF6 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.22376_none_ee67d2d082b9f619\comctl32.dll
[-] 2013-07-04 . 75F5E1FE8D55CF8E577E0EC5F2290D3F . 530432 . . [5.82] .. c:\windows\SysWOW64\comctl32.dll
[-] 2013-07-04 . 75F5E1FE8D55CF8E577E0EC5F2290D3F . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.18201_none_3bab3b80363456bb\comctl32.dll
[-] 2013-07-04 . 75F5E1FE8D55CF8E577E0EC5F2290D3F . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll
[-] 2010-11-21 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
[-] 2010-11-21 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll
[-] 2010-11-21 . 352B3DC62A0D259A82A052238425C872 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
.
[-] 2013-10-05 . F2D9242C3BBD1C36467FCAE1AE01733F . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[-] 2013-07-09 . 6DB499DEFCC827317C5371164A7CDB27 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[-] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
[-] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[-] 2013-05-13 . 3897DFF247D9ED0006190349DE264E14 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[-] 2013-05-11 . AC04D05309BB2C418D0D80B9FB014642 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[-] 2013-05-10 . E122AA1C9A3CC46FF9DDDE46E5EB0C58 . 142848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[-] 2013-05-10 . 33ADF6E0853AB39EA1723BE82842C1D3 . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[-] 2012-06-02 . 063DD65889D21035311463337BD268E7 . 142336 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[-] 2012-06-02 . 96C0E38905CFD788313BE8E11DAE3F2F . 140288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[-] 2010-11-21 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
.
[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\SysWOW64\es.dll
[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll
.
[-] 2010-11-21 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\SysWOW64\imm32.dll
[-] 2010-11-21 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_c4d0cdd7c56b493e\imm32.dll
.
[-] 2014-04-12 . C8C41EBEE097FEB29FB816854D3AD1E7 . 1114112 . . [6.1.7601.22653] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_fc95db0bba8ae4c2\kernel32.dll
[-] 2014-03-04 . 866696FBE24914047462E34812169954 . 1114112 . . [6.1.7601.22616] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22616_none_fcc41b99ba67c103\kernel32.dll
[-] 2014-03-04 . 76161B9D78A275F8F28DD67436013110 . 1114112 . . [6.1.7601.18015] .. c:\windows\SysWOW64\kernel32.dll
[-] 2014-03-04 . 76161B9D78A275F8F28DD67436013110 . 1114112 . . [6.1.7601.18015] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_fc484db2a13f5426\kernel32.dll
[-] 2013-08-29 . EE751CBD5D0C332FDF3DF7187B612416 . 1114112 . . [6.1.7601.22436] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22436_none_fcae77f5ba77fe97\kernel32.dll
[-] 2013-08-02 . 61579F821AB5FF7FA2966D64D1070BA8 . 1114112 . . [6.1.7601.22411] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22411_none_fcbf165bba6c4802\kernel32.dll
[-] 2013-08-02 . 365A5034093AD9E04F433046C4CDF6AB . 1114112 . . [6.1.7601.18229] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18229_none_fc32aa0ea14f91ba\kernel32.dll
[-] 2012-11-30 . 9CC2571E3646B9A24296AD7ADCC71682 . 1114112 . . [6.1.7601.22177] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_fc8432ddba97903d\kernel32.dll
[-] 2012-11-30 . AC0B6F41882FC6ED186962D770EBF1D2 . 1114112 . . [6.1.7601.18015] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_fc397506a14b161f\kernel32.dll
[-] 2010-11-21 . E80758CF485DB142FCA1EE03A34EAD05 . 837632 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
.
[-] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\SysWOW64\linkinfo.dll
[-] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_9eaece15f365da54\linkinfo.dll
.
[-] 2013-06-06 . 84CA3579EEB69D8E1EE67E4F721BF71C . 25600 . . [6.1.7601.22350] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22350_none_12a807b2bec875e6\lpk.dll
[-] 2013-06-06 . CC23295DA8F7B5C53F93804D2F5D30EB . 25600 . . [6.1.7601.18177] .. c:\windows\SysWOW64\lpk.dll
[-] 2013-06-06 . CC23295DA8F7B5C53F93804D2F5D30EB . 25600 . . [6.1.7601.18177] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18177_none_120fcb2fa5b4c238\lpk.dll
[-] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll
.
[-] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17280] .. c:\windows\SysWOW64\mshtml.dll
[-] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17280] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_000b29b66b81ff04\mshtml.dll
[-] 2014-07-25 . 8453DDF167CE2986AA4AB04BC6824925 . 17524224 . . [11.00.9600.17280] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_00055b3c6b8766fa\mshtml.dll
[-] 2014-07-23 . DFA59840BB1220AFD261FDAE83543959 . 17276416 . . [11.00.9600.17207] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_000287ee6b89e7b3\mshtml.dll
[-] 2014-03-06 . EA85144F35EDE6EE25C484D4242FF2C8 . 17387008 . . [11.00.9600.17041] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_001cb19e6b757b67\mshtml.dll
[-] 2010-11-21 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll
.
[-] 2011-12-16 . 2F740C4B458331357E825E94AFB0953A . 690688 . . [7.0.7601.21878] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll
[-] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\SysWOW64\msvcrt.dll
[-] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll
[-] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll
.
[-] 2013-09-08 . E94C583CDE2348950155F2AF2876F34D . 231424 . . [6.1.7600.16385] .. c:\windows\SysWOW64\mswsock.dll
[-] 2013-09-08 . E94C583CDE2348950155F2AF2876F34D . 231424 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
[-] 2013-09-07 . 6547D445C4B69DC0083B619AC642DF04 . 231424 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[-] 2010-11-21 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
.
[-] 2010-11-21 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] .. c:\windows\SysWOW64\netlogon.dll
[-] 2010-11-21 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
.
[-] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\SysWOW64\powrprof.dll
[-] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll
.
[-] 2010-11-21 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7600.16385] .. c:\windows\SysWOW64\scecli.dll
[-] 2010-11-21 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
.
[-] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\SysWOW64\sfc.dll
[-] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll
.
[-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe
[-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
[-] 2010-11-21 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7600.16385] .. c:\windows\SysWOW64\tapisrv.dll
[-] 2010-11-21 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_e54442c74334b18a\tapisrv.dll
.
[-] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[-] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
[-] 2010-11-21 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] .. c:\windows\SysWOW64\userinit.exe
[-] 2010-11-21 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
[-] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] .. c:\windows\SysWOW64\wininet.dll
[-] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_883dc4c1fe6d629d\wininet.dll
[-] 2014-07-25 . B945BAA81B4805AD6BDDF4D026DCFB47 . 1792512 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_8837f647fe72ca93\wininet.dll
[-] 2014-07-23 . CCC198257901BEEA2FBF8EB1E7678356 . 1791488 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_883522f9fe754b4c\wininet.dll
[-] 2014-03-06 . E4E829EE073E046B0EB19B5FECB19B8C . 1789440 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_884f4ca9fe60df00\wininet.dll
[-] 2010-11-21 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
.
[-] 2010-11-21 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2_32.dll
[-] 2010-11-21 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
.
[-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2help.dll
[-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\ws2help.dll
.
[-] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[-] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[-] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[-] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
.
[-] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 427008 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[-] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 398336 . . [6.1.7600.16385] .. c:\windows\regedit.exe
.
[-] 2010-11-21 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ole32.dll
[-] 2010-11-21 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll
.
[-] 2014-04-25 . A5F833506BF6A1B5D693E1499DEE2444 . 626688 . . [1.0626.7601.18454] .. c:\windows\SysWOW64\usp10.dll
[-] 2014-04-25 . A5F833506BF6A1B5D693E1499DEE2444 . 626688 . . [1.0626.7601.18454] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.18454_none_aed68a9bb6df0577\usp10.dll
[-] 2014-04-25 . 5A7B3405C2AAE5369F6CB42FE248FBB0 . 626688 . . [1.0626.7601.22666] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.22666_none_af5759f4d002f107\usp10.dll
[-] 2010-11-21 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll
.
[-] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ksuser.dll
[-] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll
.
[-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ctfmon.exe
[-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
.
[-] 2010-11-21 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\SysWOW64\shsvcs.dll
[-] 2010-11-21 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_35ab0ceb67ede31e\shsvcs.dll
.
[-] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\msimg32.dll
[-] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_77422e3e7d5fa732\msimg32.dll
.
[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cngaudit.dll
[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
[-] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\SysWOW64\wininit.exe
[-] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
.
[-] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ias.dll
[-] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll
.
[-] 2010-11-21 03:24 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] .. c:\windows\SysWOW64\mfc40u.dll
[-] 2010-11-21 03:24 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
.
[-] 2014-03-04 . FB18FE03DEC1297107946C4D597797C3 . 3974080 . . [6.1.7601.22616] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_6ec352232b81178c\ntkrnlpa.exe
[-] 2014-03-04 . 4D59F470985D08139E42D15842816C47 . 3969984 . . [6.1.7601.18409] .. c:\windows\SysWOW64\ntkrnlpa.exe
[-] 2014-03-04 . 4D59F470985D08139E42D15842816C47 . 3969984 . . [6.1.7601.18409] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_6e47843c1258aaaf\ntkrnlpa.exe
[-] 2013-08-29 . EB6B2FB5EE07337C8B4F3A16CBC18BE3 . 3973568 . . [6.1.7601.22436] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntkrnlpa.exe
[-] 2013-08-29 . 482C8CD985C727C7C78A5E9B320947F0 . 3969472 . . [6.1.7601.18247] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntkrnlpa.exe
[-] 2013-08-02 . 0F3ACFF7F3D87C319F7894EF7155609B . 3973056 . . [6.1.7601.22411] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_6ebe4ce52b859e8b\ntkrnlpa.exe
[-] 2013-08-02 . 1A9E4EE88B31750E5CA207424143F99C . 3968960 . . [6.1.7601.18229] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_6e31e0981268e843\ntkrnlpa.exe
[-] 2013-03-19 . 88355CFE81D381F93C74716DAA803587 . 3968856 . . [6.1.7601.18113] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntkrnlpa.exe
[-] 2013-03-19 . 3DFCBEEE97DF8BBAA749CAACFC9C43E1 . 3972440 . . [6.1.7601.22280] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntkrnlpa.exe
[-] 2012-08-30 . 7E1EC00B7D0D33A67DFC563574EEFF93 . 3968880 . . [6.1.7601.17944] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntkrnlpa.exe
[-] 2012-08-30 . 770FEEA2823E463D68E170D7EA6FAEBA . 3972464 . . [6.1.7601.22103] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntkrnlpa.exe
[-] 2012-05-04 . 4A56DB06360F59130CAED69FA7526F0A . 3968368 . . [6.1.7601.17835] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntkrnlpa.exe
[-] 2012-05-04 . AFF886D9D718D3747E5031816C0DA7D2 . 3971952 . . [6.1.7601.21987] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntkrnlpa.exe
[-] 2012-03-31 . 8F6D5704D7522AAB8B4B82C0D35D9184 . 3968368 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe
[-] 2012-03-31 . 93358348D0B79812CAAA83A1377E4449 . 3971952 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe
[-] 2012-03-06 . 43711ABF8AE553A7B5FFFF61E60C419D . 3968368 . . [6.1.7601.17790] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntkrnlpa.exe
[-] 2012-03-06 . 07B026E7A2C873D09F0073141EE2099E . 3972464 . . [6.1.7601.21936] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntkrnlpa.exe
[-] 2010-11-21 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
.
[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\SysWOW64\upnphost.dll
[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnphost.dll
.
[-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\SysWOW64\dsound.dll
[-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll
.
[-] 2010-11-21 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\SysWOW64\d3d9.dll
[-] 2010-11-21 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll
.
[-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ddraw.dll
[-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
.
[-] 2010-11-21 03:24 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\olepro32.dll
[-] 2010-11-21 03:24 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll
.
[-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\SysWOW64\perfctrs.dll
[-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_97bcd9bcab2b9b3a\perfctrs.dll
.
[-] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\SysWOW64\version.dll
[-] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
.
[-] 2014-03-04 . A3EBCBBE7EFF3F736ADC532A6C73E775 . 3918784 . . [6.1.7601.22616] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_6ec352232b81178c\ntoskrnl.exe
[-] 2014-03-04 . 31FA2485DFC773F1E718A4D19F443FA9 . 3914176 . . [6.1.7601.18409] .. c:\windows\SysWOW64\ntoskrnl.exe
[-] 2014-03-04 . 31FA2485DFC773F1E718A4D19F443FA9 . 3914176 . . [6.1.7601.18409] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_6e47843c1258aaaf\ntoskrnl.exe
[-] 2013-08-29 . 998141EB656327F13B8EEC01BAADC5D4 . 3918272 . . [6.1.7601.22436] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntoskrnl.exe
[-] 2013-08-29 . 813A7F5A2D6D366EB3FFB643B851BCE5 . 3914176 . . [6.1.7601.18247] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntoskrnl.exe
[-] 2013-08-02 . BE61C925CC1A1340840EFF07A5911612 . 3918272 . . [6.1.7601.22411] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_6ebe4ce52b859e8b\ntoskrnl.exe
[-] 2013-08-02 . 5D0325AEF9DE48330908EC2E2DB0359F . 3913664 . . [6.1.7601.18229] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_6e31e0981268e843\ntoskrnl.exe
[-] 2013-03-19 . 2DFAB8C3C394E95D262E1325BDA5DFE4 . 3913560 . . [6.1.7601.18113] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntoskrnl.exe
[-] 2013-03-19 . 80A652978002318C9723D43CFA618816 . 3916632 . . [6.1.7601.22280] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntoskrnl.exe
[-] 2012-08-30 . 948F0B444CB6CC35FE5F9DE52420CB95 . 3914096 . . [6.1.7601.17944] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntoskrnl.exe
[-] 2012-08-30 . 5355A85D26EECFA3A68B1F55B0C59A20 . 3917168 . . [6.1.7601.22103] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntoskrnl.exe
[-] 2012-05-04 . A37A39568C8EC9A17D1B7471445B81A8 . 3916656 . . [6.1.7601.21987] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntoskrnl.exe
[-] 2012-05-04 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntoskrnl.exe
[-] 2012-03-31 . 28F44480E411C3DDF04B63F6560E6EF4 . 3913072 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe
[-] 2012-03-31 . 2E02A17E8965AD671E4987E503AD38B1 . 3916656 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe
[-] 2012-03-06 . 53B4BDEA12A032EEC71E60B6BFF42F37 . 3913072 . . [6.1.7601.17790] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntoskrnl.exe
[-] 2012-03-06 . 57B7DE30C4E65AD19CA13AC3065EE60B . 3916656 . . [6.1.7601.21936] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntoskrnl.exe
[-] 2010-11-21 . 2088D9994332583EDB3C561DE31EA5AD . 3911040 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
.
[-] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\SysWOW64\midimap.dll
[-] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll
.
[-] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\SysWOW64\rasadhlp.dll
[-] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_76239aafb364e805\rasadhlp.dll
.
[-] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\SysWOW64\WSHTCPIP.DLL
[-] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
c:\users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
Monero Client .NET.lnk - d:\mining\monero-client-net-v0.39.0-rc.2-x64\MoneroClient.Net.exe -hidewindow [2014-9-1 302592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 bautpw64;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautpw64.sys;c:\windows\SYSNATIVE\drivers\bautpw64.sys [x]
R3 DesktopCentralServer;ManageEngine Desktop Central Server;c:\manageengine\DesktopCentral_Server\bin\wrapper.exe;c:\manageengine\DesktopCentral_Server\bin\wrapper.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MEDCServerComponent-Apache;MEDC Server Component - Apache;c:\manageengine\DesktopCentral_Server\apache\bin\dcserverhttpd.exe;c:\manageengine\DesktopCentral_Server\apache\bin\dcserverhttpd.exe [x]
R3 MFE_RR;MFE_RR;c:\users\Cybad4d4\AppData\Local\Temp\mfe_rr.sys;c:\users\Cybad4d4\AppData\Local\Temp\mfe_rr.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys;c:\windows\SYSNATIVE\DRIVERS\wg111v2.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 BFBackupUtilityService;Backup Utility Service;c:\program files (x86)\BUFFALO\Backup_Utility\BUService.exe;c:\program files (x86)\BUFFALO\Backup_Utility\BUService.exe [x]
R4 BFBackupUtilityVSSService;Backup Utility VSS Service;c:\program files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe;c:\program files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe [x]
R4 bftpdskc;BUFFALO TurboPC EX Cache Filter Driver;c:\windows\system32\drivers\bftpdskc64.sys;c:\windows\SYSNATIVE\drivers\bftpdskc64.sys [x]
R4 bftpusbx;BUFFALO TurboPC EX USB Filter Driver;c:\windows\system32\drivers\bftpusbx64.sys;c:\windows\SYSNATIVE\drivers\bftpusbx64.sys [x]
R4 bufssvr;bufssvr;c:\program files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe;c:\program files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [x]
R4 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
R4 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
R4 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R4 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe;c:\program files\Comodo\Dragon\dragon_updater.exe [x]
R4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
R4 MEDC Server Component - Notification Server;MEDC Server Component - Notification Server;c:\manageengine\DesktopCentral_Server\bin\dcnotificationserver.exe;c:\manageengine\DesktopCentral_Server\bin\dcnotificationserver.exe [x]
R4 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R4 OpLclSrv;OKI Local Port Manager;c:\program files\Okidata\Common\Extend3\portmgrsrv.exe;c:\program files\Okidata\Common\Extend3\portmgrsrv.exe [x]
R4 PORTMON;PORTMON;d:\repairs\PortMon\PORTMSYS.SYS;d:\repairs\PortMon\PORTMSYS.SYS [x]
R4 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R4 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
R4 TC2Service;TurboPC EX FileCopy Service;c:\windows\system32\TC2Service.exe;c:\windows\SYSNATIVE\TC2Service.exe [x]
R4 tpcexdccs;TurboPC EX DiskCache Control Service;c:\program files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe;c:\program files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [x]
S0 BFRD4G;BUFFALO RAM Disk Driver;c:\windows\system32\DRIVERS\BFRD4G.sys;c:\windows\SYSNATIVE\DRIVERS\BFRD4G.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 cbfs4;cbfs4;c:\windows\system32\drivers\cbfs4.sys;c:\windows\SYSNATIVE\drivers\cbfs4.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 vpnpbus;EldoS PnP Virtual Bus driver;c:\windows\system32\DRIVERS\vpnpbus.sys;c:\windows\SYSNATIVE\DRIVERS\vpnpbus.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
AeLookupSvc
AppMgmt
AudioSrv
BITS
CertPropSvc
FastUserSwitchingCompatibility
gpsvc
helpsvc
Ias
iphlpsvc
Irmon
lanmanserver
LogonHours
msiscsi
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
PCAudit
Rasauto
Rasman
Remoteaccess
schedule
SCPolicySvc
SENS
SessionEnv
Sharedaccess
ShellHWDetection
SRService
Tapisrv
TermService
uploadmgr
winmgmt
WmdmPmSp
Wmi
wuauserv
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\EldosIconOverlay-cbfs4]
@="{25C402B1-B98E-44EF-9446-6A0B64EF8650}"
[HKEY_CLASSES_ROOT\CLSID\{25C402B1-B98E-44EF-9446-6A0B64EF8650}]
2013-11-15 13:44    183080    ----a-w-    c:\windows\System32\cbfsMntNtf4.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 09:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 09:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 09:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 09:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 09:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 09:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{43B99692-7797-4B47-BE83-6B63D99367BE}"= "c:\windows\system32\cbfsMntNtf4.dll" [2013-11-15 183080]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-RunOnce-AOD - c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
Toolbar-Locked - (no file)
AddRemove-Anoncoin - d:\program files (x86)\Anoncoin\uninstall.exe
AddRemove-EarthCoin - d:\program files (x86)\EarthCoin\uninstall.exe
AddRemove-Nautiluscoin Core (64-bit) - d:\program files\Nautiluscoin\uninstall.exe
AddRemove-Vertcoin - c:\program files (x86)\Vertcoin\uninstall.exe
AddRemove-WinDirStat - c:\program files (x86)\WinDirStat\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2014-10-04  16:30:52 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-04 15:30
.
Pre-Run: 785,196,273,664 bytes free
Post-Run: 784,713,003,008 bytes free
.
- - End Of File - - 8FE034F93C78FF894B6406F1843B7A7E
1A5963783E1C322688D1F2AF3F47332A



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:49 AM

Posted 04 October 2014 - 01:18 PM

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

How is the computer running now?

#9 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 05 October 2014 - 08:32 AM

I just read above post nasdaq and will do what you suggest. I'd alraedy written this so will post it anyway just in case it helps.

So the first thing I had to do re-booting after combofix was run a memory check which went OK. Also my Public profile is the only one that's active tho domain and private are on.
 
As always, when I shut her down another update was installed but they're always security fixes. I want:

Microsoft .NET Framework 4.5.1 for Windows 7 x64-based Systems (KB2858725)
and
Security Update for Microsoft Visual C++ 2010 Redistributable Package (KB2467173)

Anyway, on rebooting this morning Windows proudly declared a new Logitech driver ready for use, but nothing else much has changed.
 
Troubleshooter mentioned possible volume error and to restart computer. Before I did so I ran Network diagnostics: "there might be a problem with the driver for the lan adapter" and "The wired network adapter is experiencing problems - See Windows Help re. more info for fixing driver or hardware issues".
 
I then get a link to microsoft help but can't connect.  
 
Other anomolies/peculiarities? Windows is stopping me from renaming folders. Also my Bitcoin core internet access had changed to public with private ticked but greyed out (as only public running). On running autoruns the operation completed successfully but app was unable to obtain WMI subscriptions.
 
Also, you should know I cloned my C: Drive to a larger drive using Seagate just before this happened. After I'd finished I wiped old disc and disconnected it from computer. For a while I was left with 2 System Reserved files. Only one remains now but it has a drive letter. Is this normal?
 
Anyway, I'll try as you ask and see what happens. But wouldn't blame you a bit if I had to simply wipe the disks esp. after my tinkering. 
 
Thanks nasdaq,
Keith



#10 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 05 October 2014 - 09:11 AM

Here's the txt file first nasdaq:

Here's the txt first, attach to follow:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-10-2014
Ran by Cybad4d4 (administrator) on DESKTOP on 05-10-2014 14:56:06
Running from C:\Users\Cybad4d4\Desktop\Blink\FRST
Loaded Profile: Cybad4d4 (Available profiles: Cybad4d4 & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
(Oki Data Corporation) C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(BUFFALO INC.) C:\Windows\System32\TC2Service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400376 2013-10-30] (Seagate)
HKLM-x32\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4106112464-2830931486-1884966439-1000\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [6480664 2014-09-25] (Piriform Ltd)
HKU\S-1-5-21-4106112464-2830931486-1884966439-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4106112464-2830931486-1884966439-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoogleAuth.lnk
ShortcutTarget: GoogleAuth.lnk -> C:\Windows\Installer\{EECBD5A5-BCA8-407C-B79D-B60AFCA8C798}\_CEBE82638B7F57EE958919.exe ()
Startup: C:\Users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: No Name -> {AF949550-9094-4807-95EC-D1C317803333} ->  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default
FF SelectedSearchEngine: PrivateLee HTTPS
FF Homepage: hxxp://www.bleepingcomputer.com/virus-removal/remove-win-7-antivirus-2014
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Windows\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Cybad4d4\AppData\Local\Temp\GUME08E.tmp\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Cybad4d4\AppData\Local\Temp\GUME08E.tmp\1.3.24.15\npGoogleUpdate3.dll No File
FF Extension: CLEO - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\CLEO@guid.customsoftwareconsult.com [2014-08-23]
FF Extension: Print pages to PDF - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\printPages2Pdf@reinhold.ripper [2014-08-23]
FF Extension: PrivDog - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\PrivDog@AdTrustMedia.com [2014-09-25]
FF Extension: LastPass - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\support@lastpass.com [2014-09-25]
FF Extension: FEBE - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-09-25]
FF Extension: InFormEnter - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920} [2014-08-23]
FF Extension: Bitdefender QuickScan - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-09-25]
FF Extension: MEGA - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\firefox@mega.co.nz.xpi [2014-08-23]
FF Extension: GPU Accelerated Flash Player - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\gpuacceleratedflashplayer@stas.xpi [2014-09-25]
FF Extension: HTTP Nowhere - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\http-nowhere@cwilper.github.com.xpi [2014-09-25]
FF Extension: FlashDisable - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\jid0-bbA9VAawX3LMWDu668aUDrpQVXU@jetpack.xpi [2014-08-23]
FF Extension: Buffer for Firefox - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\jid1-zUyU7TGKwejAyA@jetpack.xpi [2014-08-23]
FF Extension: Nimbus Screen Capture - editable screenshots. - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2014-09-25]
FF Extension: OPIE - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\OPIE@guid.customsoftwareconsult.com.xpi [2014-08-23]
FF Extension: HTTP Header Mangler - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\se.patriarkatet.firefox.extensions.httpheadermangler@jetpack.xpi [2014-08-23]
FF Extension: عارض PDF - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\uriloader@pdf.js.xpi [2014-08-23]
FF Extension: PDF Download - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2014-08-23]
FF Extension: NoScript - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-23]
FF Extension: Adblock Plus - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-23]
FF Extension: Google Privacy - C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2014-09-25]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\FirefoxPortable\App\Firefox\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://my.jolicloud.com/#!/dashboard
CHR StartupUrls: Default -> "hxxp://start.io/", "hxxp://my.jolicloud.com/#!/dashboard", "https://msds.open.ac.uk/signon/SAMSDefault/SAMS001_Default.aspx?URL=hxxp://learn.open.ac.uk/mod/forumng/discuss.php?d=617243", "hxxp://www.jolicloud.com/blog/2011/03/09/welcome-to-the-new-jolicloud/", "hxxp://www.uwgb.edu/malloyk/art_criticism_and_formal_analysi.htm", "https://www.courtauld.ac.uk/index.html", "hxxp://learn.open.ac.uk/mod/oucontent/view.php?id=587386&section=2", "hxxp://www.google.com/", "hxxp://www.google.com/", "hxxp://uk.search.yahoo.com/?type=925777&fr=spigot-yhp-ch", "https://uk.yahoo.com/?fr=hp-avast&type=avastbcl", "https://bitcoin.org/%7Chttps://bitcointalk.org/?topic=1985.0%3ball|hxxp://www.newslobster.com/random/how-to-get-started-using-your-gpu-to-mine-for-bitcoins-on-windows|https://bitcointalk.org/?topic=3878.0|https://bitcointalk.org/?topic=626361|https://accounts.google.com/ServiceLogin?service=mail&continue=https://mail.google.com/mail/"
CHR DefaultSearchKeyword: Default -> startpage.com
CHR DefaultSearchProvider: Default -> Startpage HTTPS - UK
CHR DefaultSearchURL: Default -> https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=english_uk
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Mouse Stroke) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeaoofnhgocdbnbeljkmbjdmhbcokfdb [2014-08-18]
CHR Extension: (RapidShare DownloadHelper) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\afpbkpjjkfakdcakapanjoeijlphieei [2014-08-18]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-08-18]
CHR Extension: (Fogpad) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpccnipkpejnigppmpalammcodfbonj [2014-08-18]
CHR Extension: (Google Docs) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-18]
CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2014-08-18]
CHR Extension: (Google Drive) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-18]
CHR Extension: (Authenticator) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2014-08-18]
CHR Extension: (YouTube) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18]
CHR Extension: (Netcraft Extension) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmejphbfclcpmpohkggcjeibfilpamia [2014-08-18]
CHR Extension: (Minimalist for Everything) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek [2014-08-18]
CHR Extension: (My IP address) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfphbgnmmhjfalloifioeeeokjemobf [2014-08-19]
CHR Extension: (Twitter for Chrome) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdoinklelehcpndgmcddkkdhibpoglnk [2014-08-18]
CHR Extension: (JSONView) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2014-08-18]
CHR Extension: (OneTab) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2014-08-18]
CHR Extension: (SecureAuth OTP) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpfiickajaodicfcmkfgdicnlhaompc [2014-08-18]
CHR Extension: (Adblock for Youtube™) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-08-18]
CHR Extension: (Bitcoin Mining Monitor) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkonhfangjkibemiedpiahgedlffdma [2014-08-18]
CHR Extension: (Google Search) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18]
CHR Extension: (Tampermonkey) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-08-18]
CHR Extension: (EverSearch) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\dphnhpbhoiibhioblbjjhgjopeejjhkm [2014-08-18]
CHR Extension: (Hide Twitter Guff) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebjehgoicideedhhnfjhfaidlpdhofod [2014-08-18]
CHR Extension: (Session Buddy) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-08-18]
CHR Extension: (Clip PDF to Evernote) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimkfmeckpmboaokmmgablhanbmpnmjf [2014-08-18]
CHR Extension: (Gmail Offline) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-08-18]
CHR Extension: (Google Calendar) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-08-18]
CHR Extension: (Box - 10GB of FREE storage) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2014-08-18]
CHR Extension: (Cloudy for Gmail™) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfnjfpcmnoabmbhponbioedjceaddaa [2014-08-18]
CHR Extension: (Lucidpress Layout and Design) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdiljnnpfniifgbaippdemegmlhoohka [2014-08-18]
CHR Extension: (HTML Revealer and Password Revealer) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgeopcldenngppapceagonnenonklpbn [2014-08-18]
CHR Extension: (Weebly Dashboard Extension) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhpeihpgdipchpfmddkfcigllaaiaki [2014-08-18]
CHR Extension: (Hacker Vision) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej [2014-08-18]
CHR Extension: (Authy) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2014-08-18]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-08-18]
CHR Extension: (HTTPS Everywhere) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-08-18]
CHR Extension: (Cryptocurrency exchange rates & calculator) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffnngoochofmgpkbchpdbdjoijaohog [2014-08-18]
CHR Extension: (AdBlock) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-18]
CHR Extension: (Blockchain) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\glaohkkooicollgefkkmndjcbblominl [2014-08-18]
CHR Extension: (Save to Google Drive) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-08-18]
CHR Extension: (LibreOffice Writer on rollApp) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnibcjefjdpoannnhgmhoheglmepgggc [2014-08-18]
CHR Extension: (Send to Evernote) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnilckpgiopfcokcijkhpghppekcoafm [2014-08-18]
CHR Extension: (Easy Access for Evernote) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplhgfadohpfcokacjeaioajkbbjaamp [2014-08-18]
CHR Extension: (Nimbus Notes) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\haafigbapbpbpnmgcknnmilaaaimggpk [2014-08-19]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-08-18]
CHR Extension: (ScriptBlock) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2014-08-18]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-18]
CHR Extension: (CryptoPass) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegbhhpocfhlnjmemkibgibljklhlfco [2014-08-20]
CHR Extension: (CloudConvert) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2014-08-18]
CHR Extension: (CoinURL) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hioofbdebnagjphoejaimfoklbcemnfh [2014-08-18]
CHR Extension: (SuperSorter) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2014-08-18]
CHR Extension: (Bitly | Unleash the power of the link) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2014-08-18]
CHR Extension: (Pixlr Editor) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2014-08-18]
CHR Extension: (Boxcryptor) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmndaodmdjamfepoijpolhjddgfgmme [2014-08-18]
CHR Extension: (Notable PDF - Best Viewer and Annotation Tool) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljojpiodmlhoehoecppliohmplbgeij [2014-08-18]
CHR Extension: (Sync Google Drive™ with Dropbox, Box, ...) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia [2014-08-18]
CHR Extension: (Dropbox) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-08-18]
CHR Extension: (Clearly) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2014-08-18]
CHR Extension: (Mymail-Crypt for Gmail™) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcaobjhdnlpmopmjhijplpjhlplfkhba [2014-08-18]
CHR Extension: (Disconnect) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-08-18]
CHR Extension: (Secure Mail for Gmail (by Streak)) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\jngdnjdobadbdemillgljnnbpomnfokn [2014-08-18]
CHR Extension: (Mailvelope) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2014-08-18]
CHR Extension: (Nimbus Clipper) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiokdhlcmjagacmcgoikapbjmmhfchbi [2014-08-19]
CHR Extension: (Darkcoin Balance) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\klokkomogkjjijjhgloehmhkaogbdioj [2014-08-18]
CHR Extension: (InvisibleHand) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2014-08-18]
CHR Extension: (Google Maps) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-08-18]
CHR Extension: (Vertcoin Mobile Wallet) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmcofaljkkmffchcoajmekdiknndjkc [2014-08-18]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-08-18]
CHR Extension: (Google Mail Checker) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-08-18]
CHR Extension: (Buffer) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjojodpkaeeclkgaidibcbknlhjflhle [2014-08-18]
CHR Extension: (Ghostery Fixer) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaegpmdlhnpldpoadmnnbddbkcdmbhb [2014-08-18]
CHR Extension: (Ghostery) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-08-18]
CHR Extension: (Ubuntu Black Magic Theme) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nclapccfhhhedkpeofpigpbpbnpemghe [2014-08-20]
CHR Extension: (PDF Merge - PDF Files Merger) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndolbcaghkmhjhgggldkgjibdilpbdbm [2014-08-18]
CHR Extension: (Drive) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2014-08-18]
CHR Extension: (OneDrive) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-08-18]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-08-18]
CHR Extension: (MobileMiner) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlgoepnoihecnfophkelbleejipjhlck [2014-08-19]
CHR Extension: (Google Wallet) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2014-08-18]
CHR Extension: (Buffer) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2014-08-18]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-08-18]
CHR Extension: (Adblock Pro) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-08-18]
CHR Extension: (PDFUnlock!) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekfhmblhhfgekoainaoplcaemmfdpmd [2014-08-18]
CHR Extension: (Google Quick Scroll) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2014-08-18]
CHR Extension: (Cloud Save) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\omiekjeapoonbhiemenfoccbdpeagdah [2014-08-18]
CHR Extension: (Torrent Search) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckgomhpialmlahclmldlflmdgggpgcc [2014-08-18]
CHR Extension: (Buffer Status) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\phjogflimgkcjchomcmgaoknnaichekp [2014-08-18]
CHR Extension: (Evernote Web Clipper) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-08-18]
CHR Extension: (Gmail) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18]
CHR Extension: (Secure Shell) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhechapfaindjhompbnflcldabbghjo [2014-08-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BFBackupUtilityService; C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe [320888 2010-08-20] (BUFFALO INC.)
R2 BFBackupUtilityVSSService; C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe [359288 2010-04-28] (BUFFALO INC.)
R2 bufssvr; C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [95608 2010-03-16] (BUFFALO INC.)
S4 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S4 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
S4 DCSLoader; C:\Windows\system32\spool\DRIVERS\x64\3\OKHSLDCS.EXE [20480 2011-11-14] (Oki Data Corporation) [File not signed]
S3 DesktopCentralServer; C:\ManageEngine\DesktopCentral_Server\bin\wrapper.exe [511256 2013-06-29] (Tanuki Software, Ltd.)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-24] (SurfRight B.V.)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-14] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
S3 MEDC Server Component - Notification Server; C:\ManageEngine\DesktopCentral_Server\bin\dcnotificationserver.exe [230952 2013-06-29] ()
S3 MEDCServerComponent-Apache; C:\ManageEngine\DesktopCentral_Server\apache\bin\dcserverhttpd.exe [20549 2013-06-29] (Apache Software Foundation) [File not signed]
R2 OpLclSrv; C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [169472 2011-04-11] (Oki Data Corporation) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation)
R2 TC2Service; C:\Windows\system32\TC2Service.exe [308120 2012-07-18] (BUFFALO INC.)
S2 tpcexdccs; C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [133608 2012-12-24] (BUFFALO INC.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 bautpw64; C:\Windows\System32\drivers\bautpw64.sys [16000 2010-01-20] (BUFFALO INC.)
R0 BFRD4G; C:\Windows\System32\DRIVERS\BFRD4G.sys [47232 2010-03-10] (BUFFALO INC.)
R0 bftpdskc; C:\Windows\System32\drivers\bftpdskc64.sys [72016 2011-07-13] (BUFFALO INC.)
S3 bftpusbx; C:\Windows\System32\drivers\bftpusbx64.sys [27016 2012-12-17] (BUFFALO INC.)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
S4 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
S4 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [31648 2014-09-12] (REALiX™)
S4 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [340992 2007-12-26] (NETGEAR Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-09-15] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-09-15] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-09-15] (Acronis International GmbH)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-11-15] (EldoS Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Cybad4d4\AppData\Local\Temp\mfe_rr.sys [X]
S4 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S4 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S4 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S4 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S4 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S4 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S4 PORTMON; \??\D:\Repairs\PortMon\PORTMSYS.SYS [X]
S4 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-05 14:55 - 2014-10-05 14:56 - 00000000 ____D () C:\FRST
2014-10-05 14:53 - 2014-10-05 14:55 - 00000000 ____D () C:\Users\Cybad4d4\Desktop\Blink
2014-10-05 11:56 - 2014-10-05 14:41 - 00000168 _____ () C:\Windows\setupact.log
2014-10-05 11:56 - 2014-10-05 11:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-05 11:52 - 2014-10-05 11:52 - 00038010 _____ () C:\Users\Cybad4d4\Documents\cc_20141005_115246.reg
2014-10-05 10:43 - 2014-10-04 16:25 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20141005-104351.backup
2014-10-05 09:58 - 2014-10-05 12:32 - 00002494 _____ () C:\Users\Cybad4d4\Desktop\Blink.txt
2014-10-04 18:21 - 2014-10-04 18:21 - 00000000 ____D () C:\Users\Cybad4d4\砰j
2014-10-04 17:54 - 2014-10-04 17:54 - 00000000 ____D () C:\Users\Cybad4d4\㋰I
2014-10-04 17:41 - 2014-10-04 17:41 - 00000000 ____D () C:\Users\Cybad4d4\(null)
2014-10-04 16:30 - 2014-10-04 16:30 - 00113964 _____ () C:\ComboFix.txt
2014-10-04 15:51 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-04 15:51 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-04 15:51 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-04 15:51 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-04 15:51 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-04 15:51 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-04 15:51 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-04 15:51 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-04 15:47 - 2014-10-01 15:09 - 20676804 _____ () C:\Users\Cybad4d4\Downloads\Symform.deb
2014-10-04 15:46 - 2014-10-04 12:07 - 01830680 _____ () C:\Users\Cybad4d4\Downloads\pocket_x64.tar.bz2
2014-10-04 15:46 - 2014-10-01 09:41 - 00393106 _____ () C:\Users\Cybad4d4\Downloads\miniupnp-master.zip
2014-10-04 15:46 - 2014-10-01 09:31 - 09383028 _____ () C:\Users\Cybad4d4\Downloads\dogecoin-1.8.0-linux64.zip
2014-10-04 15:46 - 2014-09-30 18:11 - 01784847 _____ () C:\Users\Cybad4d4\Downloads\Orbitcoin-master.zip
2014-10-04 15:46 - 2014-09-30 18:10 - 07744791 _____ () C:\Users\Cybad4d4\Downloads\orbitcoin-win-1.4.2.2.zip
2014-10-04 15:46 - 2014-09-30 16:24 - 00693910 _____ () C:\Users\Cybad4d4\Downloads\clamtk_5.09-1_all.deb
2014-10-04 15:46 - 2014-09-30 10:53 - 03773106 _____ () C:\Users\Cybad4d4\Downloads\reddcoin-master.zip
2014-10-04 15:46 - 2014-09-30 10:51 - 05694797 _____ () C:\Users\Cybad4d4\Downloads\myriadcoin-master.zip
2014-10-04 15:46 - 2014-09-30 10:51 - 00546874 _____ () C:\Users\Cybad4d4\Downloads\electrum-myr-win-beta3.tar.gz
2014-10-04 15:46 - 2014-09-29 11:49 - 03449948 _____ () C:\Users\Cybad4d4\Downloads\goldcoin-0.7.1.7-linux.tar.xz
2014-10-04 15:45 - 2014-10-02 10:31 - 14773962 _____ () C:\Users\Cybad4d4\Downloads\kashmircoin.exe
2014-10-04 15:44 - 2014-10-04 15:44 - 00000000 ____D () C:\Users\Cybad4d4\Documents\Bleep
2014-10-04 15:44 - 2014-10-04 15:44 - 00000000 ____D () C:\Users\Cybad4d4\Documents\backups
2014-10-04 15:39 - 2014-10-04 15:37 - 05582481 ____R (Swearware) C:\Users\Cybad4d4\Desktop\ComboFix.exe
2014-10-04 14:57 - 2014-10-04 16:30 - 00000000 ____D () C:\Qoobox
2014-10-04 14:48 - 2014-10-04 14:48 - 00000750 _____ () C:\Users\Cybad4d4\Desktop\JRT.txt
2014-10-04 14:40 - 2014-10-04 14:40 - 00000000 ____D () C:\Users\Cybad4d4\Desktop\New folder
2014-09-30 20:01 - 2014-09-30 20:01 - 00019524 _____ () C:\Users\Cybad4d4\Documents\cc_20140930_200105.reg
2014-09-30 19:58 - 2014-09-30 19:58 - 00019010 _____ () C:\Users\Cybad4d4\Documents\startup.txt
2014-09-30 19:34 - 2014-09-30 19:34 - 00000000 ____D () C:\Windows\CheckSur
2014-09-30 19:32 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 19:32 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 19:22 - 2014-09-30 19:22 - 00458055 _____ () C:\Users\Cybad4d4\Desktop\FixDotNet20140930182240034.cab
2014-09-30 19:17 - 2014-09-30 19:49 - 00000417 _____ () C:\Users\Cybad4d4\Desktop\blinkingcomputer.txt
2014-09-29 07:34 - 2014-09-29 07:34 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-28 15:57 - 2014-09-28 15:57 - 01831488 _____ (Microsoft Corporation) C:\Users\Cybad4d4\Downloads\VS2013.3.exe
2014-09-28 15:43 - 2014-09-28 15:43 - 00001021 _____ () C:\Users\Cybad4d4\Desktop\Wise Data Recovery.lnk
2014-09-28 15:43 - 2014-09-28 15:43 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wise Data Recovery
2014-09-28 15:43 - 2014-09-28 15:43 - 00000000 ____D () C:\Program Files\Wise
2014-09-28 15:35 - 2014-09-28 15:35 - 00001214 _____ () C:\Users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-28 15:35 - 2014-09-28 15:35 - 00001184 _____ () C:\Users\Cybad4d4\Desktop\Spybot-S&D Start Center.lnk
2014-09-28 15:35 - 2014-09-28 15:35 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-28 15:35 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-09-28 12:58 - 2014-09-30 19:19 - 00000000 ____D () C:\Security Task Manager
2014-09-28 10:26 - 2014-09-28 10:26 - 00000800 _____ () C:\Users\Cybad4d4\Desktop\Bitcoin Armory.lnk
2014-09-28 10:26 - 2014-09-28 10:26 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armory
2014-09-28 10:26 - 2014-09-28 10:26 - 00000000 ____D () C:\Program Files\Armory
2014-09-28 10:03 - 2014-09-28 10:06 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Comodo
2014-09-28 09:26 - 2014-09-28 09:26 - 00150276 _____ () C:\Users\Cybad4d4\Documents\cc_20140928_092612.reg
2014-09-28 09:22 - 2014-09-28 09:22 - 00000694 _____ () C:\Users\Cybad4d4\Desktop\CCleaner.lnk
2014-09-28 09:22 - 2014-09-28 09:22 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-28 08:16 - 2014-09-28 08:16 - 01005568 _____ (Microsoft Corporation) C:\Users\Cybad4d4\Downloads\dotNetFx45_Full_setup.exe
2014-09-28 08:15 - 2014-09-28 08:16 - 50449456 _____ (Microsoft Corporation) C:\Users\Cybad4d4\Downloads\dotNetFx40_Full_x86_x64.exe
2014-09-28 07:46 - 2014-09-28 07:47 - 70087104 _____ (Microsoft Corporation) C:\Users\Cybad4d4\Downloads\NDP451-KB2858728-x86-x64-AllOS-ENU(1).exe
2014-09-28 07:42 - 2014-09-28 07:42 - 70087104 _____ (Microsoft Corporation) C:\Users\Cybad4d4\Downloads\NDP451-KB2858728-x86-x64-AllOS-ENU.exe
2014-09-27 19:34 - 2014-09-30 19:53 - 00003028 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2014-09-27 15:47 - 2014-09-27 15:41 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140927-154748.backup
2014-09-27 15:37 - 2014-10-04 15:00 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Spybot - Search & Destroy
2014-09-27 15:37 - 2014-09-27 15:37 - 00000000 ____D () C:\Users\Cybad4d4\Documents\ProcAlyzer Dumps
2014-09-27 15:18 - 2014-09-27 17:36 - 00000000 ____D () C:\Users\Cybad4d4\Documents\Kee
2014-09-27 14:26 - 2014-09-27 14:26 - 00000000 ____D () C:\Mozilla
2014-09-27 11:39 - 2014-09-27 11:40 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-09-27 11:39 - 2014-09-27 11:40 - 00001908 _____ () C:\Windows\diagerr.xml
2014-09-27 10:08 - 2014-09-27 10:08 - 00001290 _____ () C:\Users\Cybad4d4\Desktop\dotNETInspectorPortable - Shortcut.lnk
2014-09-27 07:45 - 2014-09-27 07:52 - 00036034 _____ () C:\Users\Cybad4d4\Desktop\dds.txt
2014-09-27 07:44 - 2014-09-27 07:42 - 00688992 ____R (Swearware) C:\Users\Cybad4d4\Desktop\dds.com
2014-09-27 00:42 - 2014-10-05 14:00 - 00000000 ____D () C:\temp
2014-09-26 11:38 - 2014-09-26 11:38 - 00000000 ____D () C:\ESET
2014-09-26 11:07 - 2014-09-26 11:07 - 00000000 ____D () C:\Windows\ERUNT
2014-09-26 09:57 - 2014-09-26 08:13 - 01698546 _____ (Thisisu) C:\Users\Cybad4d4\Desktop\JRT_NEW.exe
2014-09-26 09:28 - 2014-09-26 09:28 - 00002313 _____ () C:\Users\Cybad4d4\Desktop\MiniToolBox - Shortcut.lnk
2014-09-26 07:21 - 2014-09-26 07:21 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Local\gauthauthenticator-78ef3156e1ca5b74c14beac161614be7
2014-09-25 23:28 - 2014-09-30 19:04 - 00000907 _____ () C:\Users\Cybad4d4\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-25 23:28 - 2014-09-30 19:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-25 23:28 - 2014-09-25 23:28 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Malwarebytes
2014-09-25 18:27 - 2014-09-13 19:39 - 01942352 _____ (BitTorrent Inc.) C:\Users\Cybad4d4\Downloads\uTorrent.exe
2014-09-25 18:27 - 2014-09-04 08:31 - 00227912 _____ () C:\Users\Cybad4d4\Downloads\usbit.zip
2014-09-25 18:26 - 2014-09-24 08:29 - 13087456 _____ (Microsoft Corporation) C:\Users\Cybad4d4\Downloads\Silverlight_x64.exe
2014-09-25 18:26 - 2014-09-23 19:18 - 230403208 _____ (COMODO) C:\Users\Cybad4d4\Downloads\cav_installer_3269_65.exe
2014-09-25 18:26 - 2014-09-11 10:38 - 11970856 _____ (Nautiluscoin Core project) C:\Users\Cybad4d4\Downloads\nautiluscoin-1.1.0-win64-setup.exe
2014-09-25 18:26 - 2014-09-04 07:48 - 1028653056 _____ () C:\Users\Cybad4d4\Downloads\ubuntu-14.04.1-desktop-amd64.iso
2014-09-25 18:26 - 2014-09-04 07:45 - 32505856 _____ () C:\Users\Cybad4d4\Downloads\mini.iso
2014-09-25 18:24 - 2014-09-25 18:24 - 00000000 ____D () C:\Users\Cybad4d4\Desktop\mbar
2014-09-25 15:37 - 2014-09-25 15:37 - 00000000 _____ () C:\java8.log.lck
2014-09-25 15:37 - 2014-09-25 15:37 - 00000000 _____ () C:\java8.log
2014-09-25 15:37 - 2014-09-25 15:37 - 00000000 _____ () C:\java7.log.lck
2014-09-25 15:37 - 2014-09-25 15:37 - 00000000 _____ () C:\java7.log
2014-09-25 15:37 - 2014-09-25 15:37 - 00000000 _____ () C:\java6.log.lck
2014-09-25 15:37 - 2014-09-25 15:37 - 00000000 _____ () C:\java6.log
2014-09-25 15:36 - 2014-09-25 15:37 - 00000000 _____ () C:\java5.log.lck
2014-09-25 15:36 - 2014-09-25 15:37 - 00000000 _____ () C:\java4.log.lck
2014-09-25 15:36 - 2014-09-25 15:37 - 00000000 _____ () C:\java3.log.lck
2014-09-25 15:36 - 2014-09-25 15:36 - 00000000 _____ () C:\java5.log
2014-09-25 15:36 - 2014-09-25 15:36 - 00000000 _____ () C:\java4.log
2014-09-25 15:36 - 2014-09-25 15:36 - 00000000 _____ () C:\java3.log
2014-09-25 13:35 - 2014-09-25 13:35 - 00000000 _____ () C:\Users\Cybad4d4\Downloads\setup-x86_64.exe
2014-09-25 13:27 - 2014-09-25 13:27 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geeks3D
2014-09-25 13:27 - 2014-09-25 13:27 - 00000000 ____D () C:\Program Files\Geeks3D
2014-09-25 12:31 - 2014-09-25 12:32 - 00029848 _____ () C:\Users\Cybad4d4\Downloads\Result.txt
2014-09-25 12:28 - 2014-09-25 12:28 - 01373475 _____ () C:\Users\Cybad4d4\Downloads\AdwCleaner.exe
2014-09-25 12:07 - 2014-09-28 15:09 - 00122122 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-09-25 12:07 - 2014-09-27 15:52 - 00000000 ____D () C:\VTRoot
2014-09-25 12:06 - 2014-09-25 12:06 - 00001860 _____ () C:\Users\Cybad4d4\Desktop\Virtual Comodo Dragon.lnk
2014-09-25 12:06 - 2014-09-25 12:06 - 00000921 _____ () C:\Users\Cybad4d4\Desktop\Comodo Dragon.lnk
2014-09-25 12:06 - 2014-09-25 12:06 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Local\Comodo
2014-09-25 11:45 - 2014-09-28 15:40 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-25 11:44 - 2014-10-04 16:02 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-09-25 11:44 - 2014-09-25 12:06 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-09-25 11:44 - 2014-09-25 11:44 - 00001888 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2014-09-25 11:44 - 2014-09-25 11:44 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-09-25 11:44 - 2014-09-25 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2014-09-25 11:43 - 2014-09-28 10:03 - 00000000 ____D () C:\ProgramData\Comodo
2014-09-25 11:43 - 2014-09-25 12:07 - 00000000 ____D () C:\Program Files\COMODO
2014-09-25 11:43 - 2014-09-25 11:44 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-09-25 11:15 - 2014-09-27 06:50 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\QuickScan
2014-09-25 10:12 - 2014-10-04 15:51 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-09-25 10:12 - 2014-09-25 10:12 - 00000020 ___SH () C:\Users\Classic .NET AppPool\ntuser.ini
2014-09-25 10:12 - 2013-01-26 12:53 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\LocalGoogle
2014-09-25 10:12 - 2013-01-26 12:53 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Local\Google
2014-09-25 10:12 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-25 10:12 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-25 10:06 - 2014-09-25 10:13 - 00001115 _____ () C:\Windows\system32\MyDefrag.debuglog
2014-09-25 10:00 - 2014-09-25 10:00 - 00895120 _____ (Google Inc.) C:\Users\Cybad4d4\Downloads\ChromeSetup.exe
2014-09-25 09:09 - 2014-10-05 14:45 - 01978558 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 07:01 - 2014-09-25 07:18 - 1938134854 _____ () C:\Users\Cybad4d4\AppData\Roaming\Litecoin.7z
2014-09-25 07:01 - 2014-09-25 07:01 - 28151212 _____ () C:\Users\Cybad4d4\AppData\Roaming\Kashmircoin.7z
2014-09-25 06:42 - 2014-09-25 09:02 - 3633500120 _____ () C:\Users\Cybad4d4\AppData\Roaming\Armory2.7z
2014-09-25 06:41 - 2014-09-25 06:41 - 00032326 _____ () C:\Users\Cybad4d4\AppData\Roaming\Anoncoin.7z
2014-09-24 21:02 - 2014-09-29 17:44 - 00000000 ____D () C:\Users\DefaultAppPool
2014-09-24 21:02 - 2014-09-24 21:02 - 00000020 ___SH () C:\Users\DefaultAppPool\ntuser.ini
2014-09-24 21:02 - 2013-01-26 12:53 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\LocalGoogle
2014-09-24 21:02 - 2013-01-26 12:53 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Google
2014-09-24 21:02 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-24 21:02 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-24 20:29 - 2014-09-24 20:29 - 00008120 _____ () C:\Users\Cybad4d4\Documents\cc_20140924_202936.reg
2014-09-24 19:30 - 2014-09-24 19:30 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-09-24 19:29 - 2014-09-24 19:29 - 00000862 _____ () C:\Windows\system32\termcap
2014-09-24 19:29 - 2014-09-24 19:29 - 00000000 ____D () C:\Windows\ShellNew
2014-09-24 19:29 - 2014-09-24 19:29 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-24 19:12 - 2014-09-24 19:12 - 47332427 _____ () C:\Users\Cybad4d4\Documents\Documents.7z
2014-09-24 14:36 - 2014-09-24 14:36 - 00049910 _____ () C:\Users\Cybad4d4\Documents\cc_20140924_143619.reg
2014-09-24 13:50 - 2014-09-24 13:50 - 00100888 _____ () C:\Users\Cybad4d4\Documents\keepass.7z
2014-09-24 13:09 - 2014-09-25 07:35 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\deleteme
2014-09-24 13:01 - 2014-09-24 13:02 - 75136035 _____ () C:\Users\Cybad4d4\AppData\Roaming\Electrum-MYR.7z
2014-09-24 12:54 - 2014-09-24 15:39 - 3633500113 _____ () C:\Users\Cybad4d4\AppData\Roaming\Armory.7z
2014-09-24 12:53 - 2014-09-24 12:55 - 318425967 _____ () C:\Users\Cybad4d4\AppData\Roaming\EarthCoin.7z
2014-09-24 12:51 - 2014-09-24 14:35 - 329140155 _____ () C:\Users\Cybad4d4\AppData\Roaming\Diamond.7z
2014-09-24 12:50 - 2014-09-24 12:50 - 00043149 _____ () C:\Users\Cybad4d4\AppData\Roaming\FedoraCoin.7z
2014-09-24 12:42 - 2014-09-24 12:47 - 481603917 _____ () C:\Users\Cybad4d4\AppData\Roaming\Vertcoin.7z.tmp1
2014-09-24 12:40 - 2014-09-24 12:50 - 822190764 _____ () C:\Users\Cybad4d4\AppData\Roaming\Namecoin.7z
2014-09-24 12:40 - 2014-09-24 12:40 - 00003310 _____ () C:\Users\Cybad4d4\AppData\Roaming\NoirShares.7z
2014-09-24 12:38 - 2014-09-24 12:44 - 358569007 _____ () C:\Users\Cybad4d4\AppData\Roaming\StarCoin.7z
2014-09-24 12:37 - 2014-09-24 12:43 - 481603917 _____ () C:\Users\Cybad4d4\AppData\Roaming\Vertcoin.7z
2014-09-24 12:37 - 2014-09-24 12:37 - 23863604 _____ () C:\Users\Cybad4d4\AppData\Roaming\Titcoin.7z
2014-09-24 12:37 - 2014-09-24 12:37 - 02851962 _____ () C:\Users\Cybad4d4\AppData\Roaming\TheLastCoin.7z
2014-09-24 12:36 - 2014-09-24 12:46 - 930722320 _____ () C:\Users\Cybad4d4\AppData\Roaming\Worldcoin.7z
2014-09-24 12:33 - 2014-09-24 12:34 - 145063485 _____ () C:\Users\Cybad4d4\AppData\Roaming\XCurrency.7z
2014-09-24 12:32 - 2014-09-24 12:43 - 26058886 _____ () C:\Users\Cybad4d4\AppData\Roaming\Distrocoin.7z
2014-09-24 12:29 - 2014-09-24 12:32 - 258718179 _____ () C:\Users\Cybad4d4\AppData\Roaming\UltraCoin.7z
2014-09-24 12:25 - 2014-09-24 12:25 - 00000081 ____N () C:\Users\Cybad4d4\AppData\Roaming\Zetacoin.7z
2014-09-24 12:20 - 2014-09-24 12:20 - 34082711 ____N () C:\Users\Cybad4d4\AppData\Roaming\TrustCoin.7z
2014-09-24 12:19 - 2014-09-24 12:23 - 464346597 ____N () C:\Users\Cybad4d4\AppData\Roaming\quazarcoin.7z
2014-09-24 12:19 - 2014-09-24 12:21 - 102362403 ____N () C:\Users\Cybad4d4\AppData\Roaming\X11Coin.7z
2014-09-24 12:18 - 2014-09-24 12:18 - 06533027 ____N () C:\Users\Cybad4d4\AppData\Roaming\Orbitcoin.7z
2014-09-24 12:07 - 2014-09-24 12:08 - 20414004 ____N () C:\Users\Cybad4d4\AppData\Roaming\Ethan.7z
2014-09-24 12:07 - 2014-09-24 12:07 - 30224625 ____N () C:\Users\Cybad4d4\AppData\Roaming\Fastcoin.7z
2014-09-24 12:06 - 2014-09-24 13:06 - 540786728 _____ () C:\Users\Cybad4d4\AppData\Roaming\DigitalCoin.7z
2014-09-24 12:06 - 2014-09-24 12:09 - 212513016 ____N () C:\Users\Cybad4d4\AppData\Roaming\DarkCoin.7z
2014-09-24 10:08 - 2014-09-24 10:10 - 00000632 __RSH () C:\Users\Cybad4d4\ntuser.pol
2014-09-24 09:16 - 2014-09-24 09:16 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\nCleaner
2014-09-24 08:57 - 2014-09-24 08:57 - 00004046 _____ () C:\Users\Cybad4d4\Documents\HitmanPro_20140924_0857.log
2014-09-24 08:51 - 2014-09-24 08:51 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-09-24 08:51 - 2014-09-24 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-09-24 08:51 - 2014-09-24 08:51 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-24 08:31 - 2014-09-30 19:04 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-24 08:31 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-24 08:31 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-24 08:31 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-23 20:48 - 2014-09-23 20:49 - 00006001 _____ () C:\Users\Cybad4d4\aswMBR.txt
2014-09-23 20:48 - 2014-09-23 20:49 - 00000512 _____ () C:\Users\Cybad4d4\MBR.dat
2014-09-23 20:21 - 2014-09-23 20:21 - 00000000 ____D () C:\Comodo
2014-09-23 20:21 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 20:21 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 19:25 - 2014-09-23 19:25 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-09-23 19:25 - 2014-09-23 19:25 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-09-23 19:25 - 2014-09-23 19:25 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-09-23 19:24 - 2014-09-25 12:06 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Comodo
2014-09-23 18:04 - 2014-09-23 18:04 - 00000000 ____D () C:\BUFFALO
2014-09-23 17:49 - 2014-09-24 08:59 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-23 17:48 - 2014-10-04 12:51 - 00000000 ____D () C:\AdwCleaner
2014-09-23 17:30 - 2014-10-04 16:27 - 00000000 ____D () C:\Windows\erdnt
2014-09-23 16:07 - 2014-09-23 16:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-23 15:58 - 2014-09-29 10:57 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-09-23 15:52 - 2014-09-23 15:52 - 00000000 ____D () C:\Users\Cybad4d4\Portables
2014-09-23 15:50 - 2014-10-04 15:48 - 00000000 ____D () C:\Users\Cybad4d4\Repairs
2014-09-23 15:47 - 2014-09-23 15:47 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Safer Networking
2014-09-23 15:31 - 2014-09-23 15:31 - 00000000 ____D () C:\Program Files\ITknowledge24
2014-09-23 13:53 - 2014-09-24 12:17 - 2161780303 ____N () C:\Users\Cybad4d4\AppData\Roaming\bytecoin.7z
2014-09-23 13:53 - 2014-09-24 12:10 - 316068164 ____N () C:\Users\Cybad4d4\AppData\Roaming\CHNCoin.7z
2014-09-23 13:52 - 2014-09-24 14:30 - 00015497 _____ () C:\Users\Cybad4d4\AppData\Roaming\bitmonero.7z
2014-09-23 13:51 - 2014-09-23 13:51 - 00032372 ____N () C:\Users\Cybad4d4\AppData\Roaming\AsicCoin.7z
2014-09-23 12:09 - 2014-09-23 12:09 - 00009988 _____ () C:\Users\Cybad4d4\Documents\cc_20140923_120920.reg
2014-09-23 11:31 - 2014-02-16 17:23 - 00060640 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2014-09-23 11:27 - 2014-09-23 11:31 - 00000000 ____D () C:\Windows\Common Files (x86)
2014-09-23 11:04 - 2014-09-23 11:04 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-23 08:34 - 2014-09-23 08:34 - 00010008 _____ () C:\Users\Cybad4d4\Documents\cc_20140923_083448.reg
2014-09-23 08:16 - 2014-09-23 08:16 - 17927344 _____ (Adobe Systems Incorporated) C:\Users\Cybad4d4\Downloads\flashplayer15_install_win_pi.exe
2014-09-22 18:10 - 2014-09-28 10:27 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Local\Adobe
2014-09-22 17:48 - 2014-09-22 17:50 - 01055936 _____ (Adobe) C:\Users\Cybad4d4\Downloads\install_flashplayer15x32_mssa_aaa_aih.exe
2014-09-22 07:51 - 2014-09-22 07:51 - 00000021 _____ () C:\Windows\S.dirmngr
2014-09-21 20:48 - 2014-09-21 20:50 - 00000000 ____D () C:\Users\Cybad4d4\Documents\Kashmrcoin
2014-09-21 19:30 - 2014-09-21 19:30 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\NoirShares
2014-09-21 19:29 - 2014-09-21 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoirShares-Qt
2014-09-21 19:29 - 2014-09-21 19:29 - 00000000 ____D () C:\Program Files (x86)\NoirShares-Qt
2014-09-21 14:58 - 2014-09-21 14:59 - 00000000 ____D () C:\Users\Cybad4d4\Documents\TheLastCoin
2014-09-21 14:46 - 2014-09-21 15:03 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\TheLastCoin
2014-09-21 09:43 - 2014-09-21 12:54 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\UltraCoin
2014-09-21 09:08 - 2014-09-21 12:50 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\CommunityCoin
2014-09-21 09:07 - 2014-09-24 14:31 - 00000000 ____D () C:\Wallets
2014-09-21 09:00 - 2014-09-21 09:00 - 00000000 ____D () C:\Program Files\Dogecoin
2014-09-20 17:57 - 2014-09-26 21:08 - 00000000 ____D () C:\Program Files (x86)\Litecoin
2014-09-20 16:49 - 2014-09-20 16:50 - 00000000 ____D () C:\Users\Cybad4d4\Documents\Magicoin
2014-09-20 15:03 - 2014-09-20 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Latium
2014-09-20 15:02 - 2014-09-20 15:02 - 15648645 _____ ( ) C:\Users\Cybad4d4\Downloads\latium-install-0.7.4.0.exe
2014-09-19 16:48 - 2014-09-19 16:48 - 00000000 ____D () C:\found.000
2014-09-18 16:47 - 2014-09-18 16:47 - 00000416 _____ () C:\Users\Cybad4d4\Documents\cc_20140918_164713.reg
2014-09-17 20:53 - 2014-10-01 01:53 - 00000000 ____D () C:\Windows\rescache
2014-09-15 16:33 - 2014-09-15 16:33 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Seagate
2014-09-15 16:13 - 2014-09-15 16:33 - 00000000 ____D () C:\ProgramData\Seagate
2014-09-15 16:12 - 2014-09-15 16:12 - 01462560 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tdrpman.sys
2014-09-15 16:12 - 2014-09-15 16:12 - 01120032 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
2014-09-15 16:12 - 2014-09-15 16:12 - 00233760 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2014-09-15 16:12 - 2014-09-15 16:12 - 00183224 _____ (Acronis) C:\Windows\system32\Drivers\tib_mounter.sys
2014-09-15 16:12 - 2014-09-15 16:12 - 00161568 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\vididr.sys
2014-09-15 16:12 - 2014-09-15 16:12 - 00117024 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\vidsflt.sys
2014-09-15 16:12 - 2014-09-15 16:12 - 00108832 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
2014-09-15 16:12 - 2014-09-15 16:12 - 00000909 _____ () C:\Users\Public\Desktop\Seagate DiscWizard.lnk
2014-09-15 16:12 - 2014-09-15 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-09-15 16:12 - 2014-09-15 16:12 - 00000000 ____D () C:\ProgramData\Acronis
2014-09-15 16:08 - 2014-09-15 16:09 - 262018512 _____ () C:\Users\Cybad4d4\Downloads\DiscWizardSetup-16005840.en.exe
2014-09-15 13:00 - 2014-09-15 13:00 - 00023702 _____ () C:\Users\Cybad4d4\Documents\cc_20140915_130017.reg
2014-09-15 12:23 - 2014-09-15 12:23 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-15 12:23 - 2014-09-15 12:23 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-09-15 12:22 - 2014-09-15 12:22 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-15 12:22 - 2014-09-15 12:22 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-09-15 12:08 - 2014-09-15 12:08 - 00067160 _____ () C:\Windows\SysWOW64\CCCInstall_201409151208448310.log
2014-09-15 12:08 - 2014-09-15 12:08 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-15 12:06 - 2014-09-15 12:06 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-09-15 12:05 - 2014-09-25 08:57 - 00000000 ____D () C:\Program Files\ATI
2014-09-15 12:04 - 2014-09-22 09:26 - 00000000 ____D () C:\AMD
2014-09-15 11:49 - 2014-09-15 11:49 - 00059568 _____ () C:\Windows\SysWOW64\CCCInstall_201409151149305201.log
2014-09-14 11:59 - 2014-09-14 11:59 - 00000000 ____D () C:\Users\Cybad4d4\Documents\Guildencoin
2014-09-14 11:52 - 2014-09-14 15:58 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Guldencoin
2014-09-13 19:59 - 2014-09-13 19:59 - 00000850 _____ () C:\Users\Cybad4d4\Desktop\µTorrent.lnk
2014-09-13 19:59 - 2014-09-13 19:59 - 00000830 _____ () C:\Users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-09-13 15:55 - 2014-10-05 11:18 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Bitcoin
2014-09-13 14:05 - 2014-09-13 14:05 - 00000000 ____D () C:\Program Files\AMD
2014-09-13 08:45 - 2014-09-13 08:45 - 00000000 ____D () C:\Users\Cybad4d4\Documents\Blackcoin
2014-09-13 07:52 - 2014-10-05 09:06 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-09-13 07:52 - 2014-09-13 07:52 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-09-13 07:52 - 2014-09-13 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-09-13 07:52 - 2014-09-13 07:52 - 00000000 ____D () C:\ProgramData\Logitech
2014-09-13 07:52 - 2014-09-13 07:52 - 00000000 ____D () C:\ProgramData\Logishrd
2014-09-13 07:51 - 2014-09-13 07:52 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Logitech
2014-09-13 07:51 - 2014-09-13 07:52 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-09-13 07:51 - 2014-09-13 07:51 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Logishrd
2014-09-12 19:02 - 2014-09-12 19:02 - 00021492 _____ () C:\Users\Cybad4d4\Documents\cc_20140912_190226.reg
2014-09-12 11:27 - 2014-09-12 11:27 - 00031648 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2014-09-11 20:22 - 2014-09-11 20:22 - 00000000 ____D () C:\Program Files (x86)\Dolby Home Theater v4
2014-09-11 20:06 - 2014-09-25 03:56 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\vlc
2014-09-11 20:06 - 2014-09-11 20:06 - 00000784 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-11 20:06 - 2014-09-11 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-11 15:00 - 2014-09-11 20:10 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Titcoin
2014-09-11 10:41 - 2014-09-11 10:41 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Titcoin
2014-09-11 10:39 - 2014-09-11 10:39 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nautiluscoin Core
2014-09-10 15:24 - 2014-09-10 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axantum AxCrypt
2014-09-10 15:24 - 2014-09-10 15:24 - 00000000 ____D () C:\Program Files\Axantum
2014-09-10 13:00 - 2014-09-22 09:22 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Kashmircoin
2014-09-10 12:54 - 2014-09-10 12:54 - 00000000 ____D () C:\Program Files (x86)\Kashmircoin
2014-09-10 12:39 - 2014-09-10 12:39 - 00000000 ____D () C:\Users\Cybad4d4\Documents\Trustoin
2014-09-10 08:47 - 2014-09-10 12:59 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\TrustCoin
2014-09-10 08:13 - 2014-09-10 08:13 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Parise Samuele
2014-09-10 08:13 - 2014-09-10 08:13 - 00000000 ____D () C:\ProgramData\Parise Samuele
2014-09-10 07:56 - 2014-09-10 07:56 - 00001098 _____ () C:\Users\Public\Desktop\HDD Guardian.lnk
2014-09-10 07:56 - 2014-09-10 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Guardian 0.6.1
2014-09-10 07:56 - 2014-09-10 07:56 - 00000000 ____D () C:\Program Files (x86)\HDD Guardian 0.6.1
2014-09-10 03:02 - 2014-08-19 19:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 03:02 - 2014-08-19 18:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 03:02 - 2014-08-19 00:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 03:02 - 2014-08-18 23:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 03:02 - 2014-08-18 23:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 03:02 - 2014-08-18 23:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 03:02 - 2014-08-18 23:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 03:02 - 2014-08-18 23:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 03:02 - 2014-08-18 23:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 03:02 - 2014-08-18 23:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 03:02 - 2014-08-18 23:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 03:02 - 2014-08-18 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 03:02 - 2014-08-18 23:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 03:02 - 2014-08-18 23:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 03:02 - 2014-08-18 23:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 03:02 - 2014-08-18 23:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 03:02 - 2014-08-18 23:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 03:02 - 2014-08-18 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 03:02 - 2014-08-18 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 03:02 - 2014-08-18 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 03:02 - 2014-08-18 22:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 03:02 - 2014-08-18 22:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 03:02 - 2014-08-18 22:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 03:02 - 2014-08-18 22:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 03:02 - 2014-08-18 22:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 03:02 - 2014-08-18 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 03:02 - 2014-08-18 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 03:02 - 2014-08-18 22:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 03:02 - 2014-08-18 22:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 03:02 - 2014-08-18 22:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 03:02 - 2014-08-18 22:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 03:02 - 2014-08-18 22:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 03:02 - 2014-08-18 22:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 03:02 - 2014-08-18 22:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 03:02 - 2014-08-18 22:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 03:02 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 03:02 - 2014-08-18 22:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 03:02 - 2014-08-18 22:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 03:02 - 2014-08-18 22:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 03:02 - 2014-08-18 22:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 03:02 - 2014-08-18 22:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 03:02 - 2014-08-18 22:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 03:02 - 2014-08-18 22:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 03:02 - 2014-08-18 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 03:02 - 2014-08-18 22:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 03:02 - 2014-08-18 22:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 03:02 - 2014-08-18 22:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 03:02 - 2014-08-18 22:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 03:02 - 2014-08-18 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 03:02 - 2014-08-18 22:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 03:02 - 2014-08-18 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 03:02 - 2014-08-18 21:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 03:02 - 2014-08-18 21:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 03:02 - 2014-08-18 21:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 03:02 - 2014-08-18 21:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 03:02 - 2014-08-18 21:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 03:00 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 03:00 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 02:54 - 2014-09-05 03:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 02:54 - 2014-09-05 03:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 02:54 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 02:54 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 02:54 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 02:54 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 02:54 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 02:54 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 02:54 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 02:54 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 02:54 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 12:39 - 2014-09-09 23:01 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Emerald
2014-09-09 12:12 - 2014-09-13 08:44 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Anoncoin
2014-09-09 12:12 - 2014-09-09 12:12 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anoncoin
2014-09-08 20:53 - 2014-09-08 20:53 - 00004696 _____ () C:\Users\Cybad4d4\Documents\cc_20140908_205304.reg
2014-09-08 20:47 - 2014-09-20 17:55 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Worldcoin
2014-09-08 20:45 - 2014-09-21 20:05 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Ethan
2014-09-08 12:25 - 2014-09-11 08:41 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\AsicCoin
2014-09-08 08:56 - 2014-09-09 12:38 - 00000000 ____D () C:\Users\Cybad4d4\Documents\emeraldcoin
2014-09-08 08:56 - 2014-09-08 08:57 - 00000000 ____D () C:\Users\Cybad4d4\Documents\ethancoin
2014-09-07 11:56 - 2014-09-07 11:56 - 00001384 _____ () C:\Users\Cybad4d4\Desktop\Chrome App Launcher.lnk
2014-09-07 11:56 - 2014-09-07 11:56 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-06 16:44 - 2014-09-06 16:45 - 00000000 ____D () C:\Users\Cybad4d4\Documents\MyriadWallet
2014-09-06 15:57 - 2014-09-06 15:57 - 00050008 _____ () C:\Users\Cybad4d4\electrum-myr-history.csv
2014-09-06 15:44 - 2014-09-06 15:44 - 00000000 ____D () C:\Users\Cybad4d4\Documents\Elec_myr
2014-09-06 12:45 - 2014-09-22 13:35 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\boolb
2014-09-06 12:15 - 2014-09-06 12:15 - 00000000 ____D () C:\Users\Cybad4d4\Documents\Boolberry
2014-09-06 12:07 - 2014-09-06 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boolberry
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-05 14:51 - 2013-08-12 16:40 - 00000095 _____ () C:\Users\Cybad4d4\.accessibility.properties
2014-10-05 14:51 - 2012-05-16 11:08 - 00000000 ____D () C:\Users\Cybad4d4
2014-10-05 14:49 - 2009-07-14 06:13 - 00014920 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-05 14:49 - 2009-07-14 05:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-05 14:49 - 2009-07-14 05:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-05 14:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-05 14:00 - 2014-08-19 15:54 - 536870912 ____H () C:\BFRD_000.dat
2014-10-05 13:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-05 13:54 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-05 11:51 - 2014-08-17 10:03 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-05 11:51 - 2014-08-16 14:16 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Local\CrashDumps
2014-10-05 11:51 - 2013-01-26 15:30 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\uTorrent
2014-10-05 11:51 - 2012-09-21 13:12 - 00000000 ____D () C:\Windows\Minidump
2014-10-05 11:50 - 2013-01-03 19:28 - 00002150 _____ () C:\Windows\epplauncher.mif
2014-10-05 11:50 - 2013-01-03 19:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-05 10:11 - 2013-07-07 07:51 - 00000000 ____D () C:\Windows\pss
2014-10-05 09:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-05 00:48 - 2014-08-18 20:05 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Mozilla
2014-10-04 16:30 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-10-04 16:25 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-04 16:03 - 2014-08-15 10:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-04 16:02 - 2013-07-01 10:43 - 00000103 _____ () C:\java2.log
2014-10-04 16:02 - 2013-07-01 10:43 - 00000103 _____ () C:\java1.log
2014-10-04 16:02 - 2013-07-01 10:43 - 00000103 _____ () C:\java0.log
2014-10-04 16:02 - 2009-07-14 03:34 - 80740352 _____ () C:\Windows\system32\config\software.bak
2014-10-04 16:02 - 2009-07-14 03:34 - 38010880 _____ () C:\Windows\system32\config\system.bak
2014-10-04 16:02 - 2009-07-14 03:34 - 05242880 _____ () C:\Windows\system32\config\default.bak
2014-10-04 16:02 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-10-04 16:02 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-10-04 15:03 - 2009-07-14 03:34 - 00000938 ____R () C:\Windows\system32\Drivers\etc\hosts.20141004-152507.backup
2014-10-04 14:24 - 2014-08-15 10:52 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-28 15:53 - 2009-07-14 03:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20141004-150330.backup
2014-09-28 09:57 - 2014-08-19 13:08 - 00000392 _____ () C:\Windows\Tasks\WpsUpdateTask_Cybad4d4.job
2014-09-28 09:57 - 2014-08-19 13:08 - 00000392 _____ () C:\Windows\Tasks\WpsNotifyTask_Cybad4d4.job
2014-09-28 09:34 - 2014-08-19 13:08 - 00003380 _____ () C:\Windows\System32\Tasks\WpsUpdateTask_Cybad4d4
2014-09-28 09:34 - 2014-08-19 13:08 - 00003380 _____ () C:\Windows\System32\Tasks\WpsNotifyTask_Cybad4d4
2014-09-28 09:24 - 2012-05-16 19:56 - 00000000 ____D () C:\Windows\Panther
2014-09-27 19:20 - 2014-08-01 14:23 - 00000600 _____ () C:\Users\Cybad4d4\AppData\Roaming\winscp.rnd
2014-09-27 17:37 - 2013-07-01 12:50 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\KeePass
2014-09-27 15:47 - 2009-07-14 03:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140928-155334.backup
2014-09-26 15:48 - 2014-08-18 11:45 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-26 12:42 - 2014-08-16 10:52 - 00000000 ____D () C:\Users\Cybad4d4\Documents\Backup
2014-09-26 07:21 - 2014-09-02 18:12 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\gauthauthenticator-78ef3156e1ca5b74c14beac161614be7
2014-09-25 23:15 - 2014-08-11 09:43 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Dogecoin
2014-09-25 22:52 - 2014-07-22 22:21 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\MultiMiner
2014-09-25 22:50 - 2014-08-30 13:35 - 00000000 ____D () C:\Users\Cybad4d4\.jbidwatcher
2014-09-25 17:47 - 2013-07-27 18:11 - 00001128 _____ () C:\Windows\system32\.crusader
2014-09-25 15:23 - 2014-08-17 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-25 10:12 - 2011-04-12 09:17 - 00000000 ____D () C:\Windows\system32\0409
2014-09-25 10:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-09-25 10:05 - 2014-08-09 07:16 - 00000000 ____D () C:\inetpub
2014-09-25 10:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-09-25 10:00 - 2014-08-18 11:45 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Local\Google
2014-09-25 09:18 - 2014-08-15 13:43 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-25 07:40 - 2014-08-31 13:31 - 00007611 _____ () C:\Users\Cybad4d4\AppData\Local\Resmon.ResmonCfg
2014-09-25 03:56 - 2014-08-27 10:29 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Electrum-MYR
2014-09-25 03:56 - 2014-08-25 21:22 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Deepnet Explorer
2014-09-25 03:56 - 2014-07-27 20:31 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\1by1
2014-09-24 19:30 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-24 19:29 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-09-24 19:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-24 19:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-24 09:58 - 2013-08-15 07:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-24 08:30 - 2013-08-10 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-23 18:57 - 2014-07-24 10:38 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Process Hacker 2
2014-09-23 17:41 - 2013-07-14 12:08 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-23 16:21 - 2014-07-23 13:33 - 00000000 ____D () C:\Users\Cybad4d4\Documents\Mining
2014-09-23 11:30 - 2014-08-10 03:30 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-22 04:45 - 2014-08-22 12:36 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\CHNCoin
2014-09-21 22:39 - 2014-08-28 10:12 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\GoldCoin (GLD)
2014-09-21 17:10 - 2014-08-13 10:17 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\DigitalCoin
2014-09-21 17:03 - 2014-08-18 10:54 - 00000000 ____D () C:\Users\Cybad4d4\Documents\DigitalCoin
2014-09-21 16:32 - 2014-07-27 15:04 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Litecoin
2014-09-21 16:28 - 2014-07-22 23:10 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Armory
2014-09-21 12:55 - 2014-08-15 14:16 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\EarthCoin
2014-09-21 09:57 - 2014-08-27 18:37 - 00001105 _____ () C:\Users\Cybad4d4\Desktop\MultiMiner.lnk
2014-09-21 09:57 - 2014-08-27 18:37 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MultiMiner
2014-09-21 09:57 - 2014-08-13 18:52 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Local\MultiMiner
2014-09-20 17:55 - 2014-08-31 22:36 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Infinitecoin
2014-09-20 17:55 - 2014-07-22 23:35 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\XCurrency
2014-09-20 17:38 - 2014-08-25 09:27 - 00000000 ____D () C:\Users\Cybad4d4\Documents\OrbitCoin
2014-09-20 16:50 - 2014-08-22 22:47 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Magicoin
2014-09-18 12:13 - 2014-07-23 11:17 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\DarkCoin
2014-09-17 12:20 - 2014-07-23 11:11 - 00000000 ____D () C:\Users\Cybad4d4\Documents\DRKCoin
2014-09-16 18:17 - 2013-01-03 17:27 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-16 18:17 - 2013-01-03 17:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 12:08 - 2014-08-02 19:19 - 00000000 ____D () C:\ProgramData\AMD
2014-09-15 09:06 - 2010-11-21 04:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 14:20 - 2014-08-15 13:59 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Grandcoin
2014-09-13 09:58 - 2014-08-25 18:06 - 00001291 _____ () C:\Users\Cybad4d4\Desktop\Run terminal.lnk
2014-09-13 08:48 - 2014-08-17 17:40 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\BlackCoin
2014-09-13 08:41 - 2014-08-18 17:24 - 00000000 ____D () C:\Users\Cybad4d4\Documents\AnonCoin
2014-09-12 17:15 - 2014-08-01 10:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-12 06:39 - 2014-08-31 15:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-11 20:23 - 2014-08-31 15:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-11 07:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding
2014-09-10 14:58 - 2014-08-13 19:56 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\QtProject
2014-09-10 11:03 - 2014-08-18 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-10 10:06 - 2014-08-18 08:57 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\GCoin
2014-09-10 03:01 - 2013-01-03 19:26 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 03:00 - 2014-07-23 03:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 13:30 - 2014-08-25 08:54 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Orbitcoin
2014-09-09 11:54 - 2014-08-17 16:30 - 00000000 ____D () C:\ProgramData\privazer
2014-09-08 17:39 - 2014-08-25 15:08 - 00000000 ____D () C:\ProgramData\AwesomeMinerService
2014-09-08 11:14 - 2014-07-31 09:18 - 00000000 ____D () C:\Users\Cybad4d4\Documents\Litecoin
2014-09-08 10:38 - 2014-07-25 12:16 - 00000159 ____N () C:\Users\Cybad4d4\AppData\Roaming\Opusbext.dat
2014-09-07 13:41 - 2014-09-03 10:59 - 00000000 ____D () C:\ProgramData\Informer Technologies, Inc
2014-09-07 11:33 - 2014-08-31 16:16 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-09-06 13:42 - 2014-08-28 18:33 - 00000000 ____D () C:\Users\Cybad4d4\Documents\BoobleberryWallet
2014-09-06 09:01 - 2014-08-14 06:55 - 00000000 ____D () C:\Users\Cybad4d4\AppData\Roaming\Diamond
 
Files to move or delete:
====================
C:\Users\Cybad4d4\MBR.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 23:15
 
==================== End Of Log ============================



#11 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 05 October 2014 - 09:12 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-10-2014
Ran by Cybad4d4 at 2014-10-05 14:57:09
Running from C:\Users\Cybad4d4\Desktop\Blink\FRST
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: COMODO Antivirus (Disabled - Out of date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: COMODO Antivirus (Disabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Disabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.33870 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActivePerl 5.16.3 Build 1604 (64-bit) (HKLM\...\{A7915697-1675-433D-AD07-759E8550582F}) (Version: 5.16.1604 - ActiveState)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD Accelerated Video Transcoding (Version: 13.30.100.40811 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK 2.9 (HKLM\...\{B192EDAC-25C7-408D-99A0-A23455F50E27}) (Version: 2.9.233.167 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
AxCrypt 1.7.3156.0 (HKLM\...\{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}) (Version: 1.7.3156.0 - Axantum Software AB)
Bitcoin Armory (HKLM-x32\...\Bitcoin Armory) (Version: 0.92.2.0 - Armory Technologies Inc.)
Bitcoin Core (64-bit) (HKCU\...\Bitcoin Core (64-bit)) (Version: 0.9.2 - Bitcoin Core project)
BitMinter Client (HKCU\...\BitMinter Client) (Version:  - BitMinter.com)
Buffalo RAMDISK Utility (HKLM\...\Buffalo BFRD4G) (Version:  - )
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0811.2303.39561 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0811.2303.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0811.2302.39561 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0811.2303.39561 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
COMODO Internet Security (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
ConEmu 140723.x64 (HKLM\...\{BE4AFA91-F4EC-4EE5-B93E-3421392320D9}) (Version: 11.140.7230 - ConEmu-Maximus5)
Dogecoin Core (64-bit) (HKCU\...\Dogecoin Core (64-bit)) (Version: 1.8.0 - Dogecoin project)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fastcoin (HKCU\...\Fastcoin) (Version: 8.5.3 - Fastcoin project)
FedoraCoin (HKCU\...\FedoraCoin) (Version: 0.6.0.0 - FedoraCoin project)
GAuth Authenticator (HKCU\...\gauthauthenticator-78ef3156e1ca5b74c14beac161614be7) (Version: 0.8.2 - Gerard Braad)
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Gigaset QuickSync (HKLM\...\{b49e8cfb-f094-4467-925a-97c23972cb50}) (Version: 8.3.0868.3 - Gigaset Communications GmbH)
GoldCoin (GLD) (HKCU\...\GoldCoin (GLD)) (Version: 00.07.01.07 - GoldCoin (GLD))
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Litecoin (HKCU\...\Litecoin) (Version: 0.8.7.2 - Litecoin project)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 (HKLM\...\{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
MultiMiner version 3.5.1 (HKCU\...\{A59A265F-E97D-4A84-8E78-E8C59EB861CE}_is1) (Version: 3.5.1 - Nate Woolls)
Orbitcoin 1.0.0 (HKCU\...\Orbitcoin 1.0.0) (Version:  - )
Qt (HKCU\...\Qt) (Version: 1.0.1 - Digia Plc)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Titcoin (HKCU\...\Titcoin) (Version: 1.0.0 - Titcoin project)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/27/2014 2.10.00) (HKLM\...\A360E2EA788FFC586113AFE1F2AABF01EBE7A248) (Version: 01/27/2014 2.10.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/27/2014 2.10.00) (HKLM\...\42F5D8399C4B7EB9005D88E9045ABB1A715CD59A) (Version: 01/27/2014 2.10.00 - FTDI)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (03/19/2014 6.7.0.0) (HKLM\...\B97004A400E30DCF940971EFA7A0C13C6B0A4B66) (Version: 03/19/2014 6.7.0.0 - Silicon Laboratories)
Wise Data Recovery 3.44 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.44 - WiseCleaner.com, Inc.)
Worldcoin (HKCU\...\Worldcoin) (Version: 0.8.6.2 - Worldcoin project)
WPS Office (9.1.0.4746) (HKCU\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4106112464-2830931486-1884966439-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
 
==================== Restore Points  =========================
 
02-10-2014 01:04:54 Windows Update
03-10-2014 01:03:37 Windows Update
04-10-2014 11:07:57 Windows Update
05-10-2014 02:00:10 Windows Update
05-10-2014 02:22:10 Windows Update
05-10-2014 08:48:59 Windows Update
05-10-2014 10:53:31 Removed Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
05-10-2014 11:33:09 Windows Update
05-10-2014 13:00:12 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2014-10-05 10:43 - 00449906 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1256C30F-7C7E-411F-8D0B-4F561DE49DA9} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {432942A3-1DA0-4F52-8F32-13ED06418FF2} - System32\Tasks\WpsNotifyTask_Cybad4d4 => D:\Program Files (x86)\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe [2014-08-19] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {6DC740C1-BF0F-465B-B4CF-0DA6367FC917} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {75B8E9D1-ADE9-4FDC-88BE-4D894EC89DDA} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-09-25] (Piriform Ltd)
Task: {76413287-F2CB-432A-8123-BCEEE6B57B1F} - System32\Tasks\MSIAfterburner => D:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2014-08-13] ()
Task: {76FB7BAD-AF59-4750-8C2D-6DFF324650BD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {8E401657-AF56-4E2D-B216-5D960DDC705E} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {A5576CA3-E643-4FE1-A74A-13CAB897041B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {A6D9056D-69EF-4899-8734-0BD6E8784AAE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {BF1D2679-DFA8-4AA5-88BF-4A598884FA73} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C6D712F4-C041-4C58-8672-CA08BBBB7B59} - System32\Tasks\WpsUpdateTask_Cybad4d4 => D:\Program Files (x86)\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe [2014-08-19] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {CC03C4B3-3B8E-4C80-B837-D21A76CF377D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {F7BD43B6-FE41-4322-9282-E767D9E98C98} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-16] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\WpsNotifyTask_Cybad4d4.job => D:\Program Files (x86)\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe
Task: C:\Windows\Tasks\WpsUpdateTask_Cybad4d4.job => D:\Program Files (x86)\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-08-23 14:22 - 2014-08-15 18:33 - 00736962 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll
2014-09-28 15:35 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-28 15:35 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-28 15:35 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-28 15:35 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-28 15:35 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Buffalo RAMDISK Utility.lnk => C:\Windows\pss\Buffalo RAMDISK Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass FF RunOnce.lnk => C:\Windows\pss\Install LastPass FF RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ManageEngine Desktop Central.lnk => C:\Windows\pss\ManageEngine Desktop Central.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OKI LPR Utility.lnk => C:\Windows\pss\OKI LPR Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RAMDISK System Tray Utility.lnk => C:\Windows\pss\RAMDISK System Tray Utility.lnk.CommonStartup
MSCONFIG\startupreg: Backup Utility TaskTray Tool => "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"
MSCONFIG\startupreg: BuffaloTools => C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
MSCONFIG\startupreg: CCleaner Monitoring => "D:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: COMODO Internet Security => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
MSCONFIG\startupreg: ComodoFSChrome => "\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TC2Tray => "C:\Windows\system32\TC2Tray.exe"
MSCONFIG\startupreg: tpcexTray => "C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe"
MSCONFIG\startupreg: Uninstall C: => 
MSCONFIG\startupreg: wdsmgr => C:\Program Files\ITknowledge24\Windows Defender Status Manager\wdsmgr.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4106112464-2830931486-1884966439-500 - Administrator - Disabled)
Cybad4d4 (S-1-5-21-4106112464-2830931486-1884966439-1000 - Administrator - Enabled) => C:\Users\Cybad4d4
Guest (S-1-5-21-4106112464-2830931486-1884966439-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4106112464-2830931486-1884966439-1005 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/05/2014 02:52:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcee4.exe, version: 7.2.7000.7, time stamp: 0x4de6773b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xpcee4.exe0
Faulting application path: pcee4.exe1
Faulting module path: pcee4.exe2
Report Id: pcee4.exe3
 
Error: (10/05/2014 02:42:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2014 01:59:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcee4.exe, version: 7.2.7000.7, time stamp: 0x4de6773b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xpcee4.exe0
Faulting application path: pcee4.exe1
Faulting module path: pcee4.exe2
Report Id: pcee4.exe3
 
Error: (10/05/2014 01:55:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2014 11:57:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcee4.exe, version: 7.2.7000.7, time stamp: 0x4de6773b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xpcee4.exe0
Faulting application path: pcee4.exe1
Faulting module path: pcee4.exe2
Report Id: pcee4.exe3
 
Error: (10/05/2014 11:57:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2014 11:53:49 AM) (Source: MsiInstaller) (EventID: 11719) (User: DESKTOP)
Description: Product: Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
 
Error: (10/05/2014 11:53:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 
Details:
AddWin32ServiceFiles: Unable to back up image of service Microsoft Network Inspection since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.
 
Error: (10/05/2014 11:53:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 
Details:
AddWin32ServiceFiles: Unable to back up image of service Microsoft Antimalware Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.
 
Error: (10/05/2014 11:53:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 
Details:
AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdatem) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (10/05/2014 02:42:26 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004
 
Error: (10/05/2014 02:42:26 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004
 
Error: (10/05/2014 02:42:26 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004
 
Error: (10/05/2014 02:42:26 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004
 
Error: (10/05/2014 02:42:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/05/2014 02:42:17 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The TurboPC EX DiskCache Control Service service terminated with service-specific error %%1.
 
Error: (10/05/2014 02:42:17 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
 
Error: (10/05/2014 02:00:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2010 Redistributable Package (KB2467173).
 
Error: (10/05/2014 01:59:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}
 
Error: (10/05/2014 01:55:11 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004
 
 
Microsoft Office Sessions:
=========================
Error: (10/05/2014 02:52:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcee4.exe7.2.7000.74de6773bKERNELBASE.dll6.1.7601.184095315a05ae0434f4d000000000000940d
 
Error: (10/05/2014 02:42:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2014 01:59:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcee4.exe7.2.7000.74de6773bKERNELBASE.dll6.1.7601.184095315a05ae0434f4d000000000000940d
 
Error: (10/05/2014 01:55:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2014 11:57:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcee4.exe7.2.7000.74de6773bKERNELBASE.dll6.1.7601.184095315a05ae0434f4d000000000000940d
 
Error: (10/05/2014 11:57:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2014 11:53:49 AM) (Source: MsiInstaller) (EventID: 11719) (User: DESKTOP)
Description: Product: Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (10/05/2014 11:53:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service Microsoft Network Inspection since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
 
Error: (10/05/2014 11:53:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service Microsoft Antimalware Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
 
Error: (10/05/2014 11:53:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdatem) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-04 16:00:55.825
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-04 16:00:55.778
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-07 07:35:50.474
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Repairs\PortMon\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-07 07:35:50.424
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Repairs\PortMon\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-06 14:30:57.755
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Repairs\PortMon\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-06 14:30:57.711
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Repairs\PortMon\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-06 14:30:42.278
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Repairs\PortMon\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-06 14:30:42.234
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Repairs\PortMon\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-06 14:30:37.599
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Repairs\PortMon\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-06 14:30:37.554
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Repairs\PortMon\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X6 1100T Processor
Percentage of memory in use: 13%
Total physical RAM: 11741.24 MB
Available physical RAM: 10127.42 MB
Total Pagefile: 23480.66 MB
Available Pagefile: 21801.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:731.13 GB) NTFS
Drive d: (Mining) (Fixed) (Total:321.76 GB) (Free:82.92 GB) NTFS
Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (Back up) (Fixed) (Total:368.01 GB) (Free:32.32 GB) NTFS
Drive i: (Spare) (Fixed) (Total:97.66 GB) (Free:30.88 GB) NTFS
Drive k: (BFRD-DRIVE) (Fixed) (Total:0.5 GB) (Free:0.3 GB) FAT32
Drive o: (Rescatux) (Removable) (Total:3.73 GB) (Free:1.12 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 50703914)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: 42276929)
Partition 1: (Not Active) - (Size=289.2 GB) - (Type=83)
Partition 2: (Not Active) - (Size=321.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=84.1 GB) - (Type=OF Extended)
 
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 00059EE7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Size: 74.5 GB) (Disk ID: 54070FF2)
 
========================================================
Disk: 4 (Size: 3.7 GB) (Disk ID: 5DF77DA3)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)
 
==================== End Of Log ============================



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:49 AM

Posted 05 October 2014 - 10:34 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BHO: No Name -> {AF949550-9094-4807-95EC-D1C317803333} ->  No File
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Cybad4d4\AppData\Local\Temp\GUME08E.tmp\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Cybad4d4\AppData\Local\Temp\GUME08E.tmp\1.3.24.15\npGoogleUpdate3.dll No File
CHR DefaultSearchKeyword: Default -> startpage.com
CHR DefaultSearchProvider: Default -> Startpage HTTPS - UK
CHR DefaultSearchURL: Default -> https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=english_uk
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Extension: (Ghostery) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-08-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Cybad4d4\AppData\Local\Temp\mfe_rr.sys [X]
S4 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S4 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S4 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S4 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S4 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S4 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S4 PORTMON; \??\D:\Repairs\PortMon\PORTMSYS.SYS [X]
S4 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Uncheck the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
====

How is the computer running now?

#13 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 06 October 2014 - 01:46 AM

Hey nasdaq.

 

Fixitlist deleted a number of orphans and other files that had alraedy caught my eye aspotentially malicious.

 

Sorry I never made clear which tools I'd already used but wasn't sure I'd used them correctly. Anyway, here's fixlog and once again thank u thank u, thank u for your selfless support.
 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-10-2014
Ran by Cybad4d4 at 2014-10-06 06:46:32 Run:1
Running from C:\Users\Cybad4d4\Desktop\FRST
Loaded Profile: Cybad4d4 (Available profiles: Cybad4d4 & Classic .NET AppPool & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BHO: No Name -> {AF949550-9094-4807-95EC-D1C317803333} ->  No File
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Cybad4d4\AppData\Local\Temp\GUME08E.tmp\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Cybad4d4\AppData\Local\Temp\GUME08E.tmp\1.3.24.15\npGoogleUpdate3.dll No File
CHR DefaultSearchKeyword: Default -> startpage.com
CHR DefaultSearchProvider: Default -> Startpage HTTPS - UK
CHR DefaultSearchURL: Default -> https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=english_uk
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Extension: (Ghostery) - C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-08-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Cybad4d4\AppData\Local\Temp\mfe_rr.sys [X]
S4 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S4 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S4 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S4 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S4 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S4 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S4 PORTMON; \??\D:\Repairs\PortMon\PORTMSYS.SYS [X]
S4 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
End
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}" => Key deleted successfully.
"HKCR\CLSID\{AF949550-9094-4807-95EC-D1C317803333}" => Key not found.
"HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Users\Cybad4d4\AppData\Local\Temp\GUME08E.tmp\1.3.24.15\npGoogleUpdate3.dll not found.
"HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Users\Cybad4d4\AppData\Local\Temp\GUME08E.tmp\1.3.24.15\npGoogleUpdate3.dll not found.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> Startpage HTTPS - UK ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\Cybad4d4\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
catchme => Service deleted successfully.
MFE_RR => Service deleted successfully.
MREMP50 => Service deleted successfully.
MREMP50a64 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
MRESP50 => Service deleted successfully.
MRESP50a64 => Service deleted successfully.
PORTMON => Service deleted successfully.
SDHookDriver => Service deleted successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
 
==== End of Fixlog ====



#14 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 06 October 2014 - 03:26 AM

Hi nasdaq. I followed your instructions to the letter and adwcleaner found only the one same reference to C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\prefs.js. Anyway here goes>

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

# AdwCleaner v3.310 - Report created 06/10/2014 at 08:52:50
# Updated 12/09/2014 by Xplode
# Operating System :  Service Pack 1 (64 bits)
# Username : Cybad4d4 - DESKTOP
# Running from : C:\Users\Cybad4d4\Desktop\AdwCleaner's _finset_hour\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Cybad4d4\AppData\Roaming\Mozilla\Firefox\Profiles\9dk5hpsw.default\prefs.js ]
 
 
*************************
 
AdwCleaner[R0].txt - [1116 octets] - [23/09/2014 17:48:56]
AdwCleaner[R1].txt - [933 octets] - [26/09/2014 10:05:14]
AdwCleaner[R2].txt - [1014 octets] - [26/09/2014 10:34:41]
AdwCleaner[R3].txt - [1072 octets] - [26/09/2014 10:48:16]
AdwCleaner[R4].txt - [1204 octets] - [04/10/2014 12:30:31]
AdwCleaner[R5].txt - [1339 octets] - [06/10/2014 08:41:28]
AdwCleaner[S0].txt - [1151 octets] - [23/09/2014 17:52:14]
AdwCleaner[S1].txt - [995 octets] - [26/09/2014 10:15:10]
AdwCleaner[S2].txt - [1134 octets] - [26/09/2014 10:51:39]
AdwCleaner[S3].txt - [1289 octets] - [04/10/2014 12:51:53]
AdwCleaner[S4].txt - [1261 octets] - [06/10/2014 08:52:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1321 octets] ##########



#15 phunkey

phunkey
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 AM

Posted 06 October 2014 - 03:35 AM

Just a quick note:

 

On powering off computer I'm was again instructed to wait while an update downloads. This happens everytime I use it now. Why might I be getting so many? Could they berelated  to changes I;m making? Are they all supposed malisciuos protection files or something else?

 

JUst a thought nasdaq. I'll leave the rest up to you,  k






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users