Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

getting random popups in chrome


  • This topic is locked This topic is locked
24 replies to this topic

#1 h3llb0y

h3llb0y

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 10 March 2015 - 11:55 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2015

Ran by User (administrator) on USER-PC on 10-03-2015 18:44:03
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Arcai.com) C:\Program Files\netcut\services\aips.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Nero AG) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\MoboRobo\MoboRoboDeviceService.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(上海掌门科技有限公司) C:\Program Files\WiFiMasterKey\WiFiKeyService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows\WER\wermgr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [WSHelperSetup.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [wermgr] => C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [6786560 2015-01-09] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [LiveZilla] => C:\Program Files\LiveZilla\LiveZilla.exe [9253416 2015-02-18] (LiveZilla GmbH)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Sonork] => C:\Program Files\Sonork\sonork.exe [761856 2015-03-02] (GTV Solutions, Incorporated.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1396699109-995874755-1346050902-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3462552 2011-12-20] (Tonec Inc.)
HKU\S-1-5-21-1396699109-995874755-1346050902-1000\...\Run: [WSHelperSetup.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKU\S-1-5-21-1396699109-995874755-1346050902-1000\...\Run: [Mobile Partner] => C:\Program Files\MobileWiFi\MobileWiFi
HKU\S-1-5-21-1396699109-995874755-1346050902-1000\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe [1742928 2015-03-04] (BitTorrent Inc.)
HKU\S-1-5-21-1396699109-995874755-1346050902-1000\...\Run: [PC Suite Tray] => C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-1396699109-995874755-1346050902-1000\...\Run: [icq] => C:\Users\User\AppData\Roaming\ICQM\icq.exe [36705800 2015-03-03] (ICQ)
HKU\S-1-5-21-1396699109-995874755-1346050902-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1396699109-995874755-1346050902-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1396699109-995874755-1346050902-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1396699109-995874755-1346050902-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{277B9A65-E5A1-4D79-97D4-170F15192FF9}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default
FF NetworkProxy: "type", 0
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2011-11-23] (Yahoo! Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin: @qq.com/npAndroidAssistant -> C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: ehtiprobertkatic - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\Extensions\ehtip@robertkatic [2014-11-02]
FF Extension: 9220f99f5b7d4a4d97ca209991796400 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\Extensions\{9220f99f-5b7d-4a4d-97ca-209991796400} [2014-08-30]
FF Extension: 962e0d4d6b894b73aa72df03360da12e - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\Extensions\{962e0d4d-6b89-4b73-aa72-df03360da12e} [2014-12-21]
FF Extension: SQLite Manager - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2015-01-20]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi [2014-02-24]
FF Extension: SourceApp 1.0.1 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\Extensions\{71066d58-1f99-4a2c-b52e-9880d384e03a}.xpi [2014-12-17]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-03-05]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014-04-21]
FF HKU\S-1-5-21-1396699109-995874755-1346050902-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\User\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\User\AppData\Roaming\IDM\idmmzcc5 [2014-09-17]
FF HKU\S-1-5-21-1396699109-995874755-1346050902-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\User\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.alnaddy.com/?afltid=wbpk", "hxxp://www.delta-search.com/?affID=119781&babsrc=HP_ss&mntrId=807738607705C0C5", "https://www.google.jo/?gws_rd=cr", "hxxp://www.google.com/", "hxxp://start.qone8.com/?type=hp&ts=1400767248&from=smt&uid=ST1000VM002-1CT162_S1G0NSFXXXXXS1G0NSFX", "hxxp://www.default-search.net?sid=498&aid=142&itype=n&ver=12386&tm=355&src=hmp", "hxxp://www.default-search.net?sid=498&aid=142&itype=a&ver=12692&tm=355&src=hmp", "hxxp://www.sweet-page.com/?type=hp&ts=1402406744&from=cor&uid=ST1000VM002-1CT162_S1G0NSFXXXXXS1G0NSFX"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2015-03-09]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-27]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-27]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-04]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-04]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2015-03-06]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-04]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-27]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-04]
CHR Extension: (Browser Locker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnnecpmejibghfcebehiepoppfhceppl [2015-03-06]
CHR Extension: (Youtube-to-MP3) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekmfmemcfggilfpgplgjbfaijgchhfc [2015-03-09]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2015-03-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Video Converter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-04]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2014-04-21]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AIPS; C:\Program Files\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [278344 2014-05-20] (Intel Corporation)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 DeviceMonitorService; C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe [87992 2012-09-07] (Nero AG)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-12-30] (Teruten) [File not signed]
R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [430344 2014-05-17] ()
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [276048 2013-10-28] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [277320 2014-05-20] (Intel Corporation)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [180992 2014-07-09] (Intel Corporation)
U2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MoboroboDeviceService; C:\Program Files\MoboRobo\MoboroboDeviceService.exe [113448 2014-12-10] ()
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WiFiKeyService; C:\Program Files\WiFiMasterKey\WiFiKeyService.exe [96592 2014-07-01] (上海掌门科技有限公司)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [X]
S2 MBAMScheduler; "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 QQPMSRV; "C:\Program Files\Tencent\QQPhoneManager\QQPMSRV.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23680 2014-10-09] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [28416 2014-10-09] (LG Electronics Inc.)
S3 awUSB; C:\Windows\System32\DRIVERS\USBDrv.sys [14936 2013-01-25] (Scott)
S3 BRCM; C:\Windows\System32\Drivers\bcmvcp.sys [87176 2012-06-07] ()
S3 BroadcomWModem; C:\Windows\System32\DRIVERS\bcmww.sys [118400 2005-06-02] (Broadcom Corporation) [File not signed]
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2008-11-12] (Mobile Connector)
S3 coolpadusbser; C:\Windows\System32\DRIVERS\CP_USBSER.SYS [201216 2012-05-30] (QUALCOMM Incorporated)
S3 dcdiag; C:\Windows\System32\DRIVERS\dcdiag.sys [69376 2014-12-20] (DriverCoding Technology Co,Ltd.)
S3 dcvcom; C:\Windows\System32\DRIVERS\dcvcom.sys [27224 2014-12-20] (DriverCoding Incorporated)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [368392 2014-05-02] (Intel Corporation)
S3 easyjtag; C:\Windows\System32\DRIVERS\easyjtag_x86.sys [52224 2011-05-06] ()
S3 eGateUSB; C:\Windows\System32\Drivers\eGateUSB.sys [73728 2012-08-09] (Gemalto)
S2 eMMCUSBDEV; C:\Windows\System32\Drivers\GPGeMMC.sys [12287 2013-11-21] (cypress semiconductor) [File not signed]
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [16384 2014-04-11] (Intel Mobile Communications)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-12-30] () [File not signed]
R3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [80752 2014-09-09] (FTDI Ltd.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2014-10-25] (Sony Mobile Communications)
S3 ghsandroid; C:\Windows\System32\Drivers\ghsandroid.sys [32408 2011-12-13] (Google Inc)
S3 ghsdiag; C:\Windows\System32\DRIVERS\ghsdiag.sys [113432 2011-12-13] (ZTE Incorporated)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-17] (AnchorFree Inc.)
S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25728 2009-02-05] (Google Inc)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [101504 2013-11-30] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70784 2013-11-30] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27776 2013-11-30] (Huawei Technologies Co., Ltd.)
S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [195200 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 hw_usbdev; C:\Windows\System32\DRIVERS\hw_usbdev.sys [102272 2011-10-24] (Huawei Technologies Co., Ltd.) [File not signed]
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42592 2013-10-23] (http://libusb-win32.sourceforge.net)
S3 massfilter_brcm; C:\Windows\system32\drivers\massfilter_brcm.sys [17672 2012-06-07] (Handset Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41216 2011-09-23] (Intel Corporation)
R1 MoboroboAssDriver; C:\Windows\System32\drivers\MoboroboAssDriver.sys [13984 2014-10-09] ()
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola)
S3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42752 2013-03-19] (Motorola Inc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl84a47799; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{985D01A1-BD77-457D-9E02-D0DA0B1C916E}\MpKsl84a47799.sys [39464 2015-03-10] (Microsoft Corporation)
S3 MRT_box2; C:\Windows\System32\Drivers\MRT_box2.sys [29292 2004-10-15] (FTDI Ltd.) [File not signed]
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2012-03-26] (Apple Inc.) [File not signed]
R1 netfilter2; C:\Windows\System32\drivers\netfilter2.sys [43800 2014-11-01] (Windows ® Win 7 DDK provider)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
S3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2014-10-27] (Padus, Inc.) [File not signed]
S3 PSMNBUS; C:\Windows\System32\DRIVERS\PSMNBUS.sys [86712 2012-06-20] (DEVGURU Co., LTD.)
S3 PSMNMDM; C:\Windows\System32\DRIVERS\PSMNMDM.sys [169272 2012-06-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PSMNMDMVSP; C:\Windows\System32\DRIVERS\PSMNMDMVSP.sys [169272 2012-06-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PSMNMSMVSP; C:\Windows\System32\DRIVERS\PSMNMSMVSP.sys [169272 2012-06-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [108160 2011-11-09] (TCL Communicate Incorporated)
R3 R5BaseSmc; C:\Windows\System32\DRIVERS\smccard.sys [14592 2007-04-03] (OEM)
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [46096 2013-09-09] (Fuzhou Rockchip Electronics Co,Ltd.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [629760 2010-08-10] (Realtek Semiconductor Corporation                           )
S3 SciCmpst; C:\Windows\System32\DRIVERS\SciCmpst.sys [95744 2009-12-09] (Spreadtrum Communication Inc.) [File not signed]
S3 SciModem; C:\Windows\System32\DRIVERS\SciModem.sys [95616 2009-12-09] (Spreadtrum Communication Inc.) [File not signed]
S3 SciU2S; C:\Windows\System32\DRIVERS\SciU2S.sys [95616 2009-12-09] (Spreadtrum Communication Inc.) [File not signed]
R3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [140800 2014-09-03] (Prolific Technology Inc.)
S3 sprd_acm_modem; C:\Windows\System32\DRIVERS\sprd_acm.sys [67712 2011-08-22] (SpreadTrum) [File not signed]
S3 sprd_enum; C:\Windows\System32\DRIVERS\sprd_enum.sys [84224 2011-08-22] (SpreadTrum) [File not signed]
S3 ssdudfu; C:\Windows\System32\DRIVERS\ssdudfu.sys [80968 2014-04-11] (MCCI)
S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [104448 2014-04-11] (MCCI Corporation)
S3 ssm_mdfl; C:\Windows\System32\DRIVERS\ssm_mdfl.sys [14848 2014-04-11] (MCCI Corporation)
S3 ssm_mdm; C:\Windows\System32\DRIVERS\ssm_mdm.sys [132608 2014-04-11] (MCCI Corporation)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [184192 2014-10-13] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-10-13] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-17] (Anchorfree Inc.)
S3 token; C:\Windows\System32\DRIVERS\eps2kt1.sys [31744 2007-04-03] ()
R0 UBND; C:\Windows\System32\DRIVERS\ubnd.sys [7808 2014-04-23] (UniversalBox) [File not signed]
S3 UBNRedir; C:\Windows\System32\DRIVERS\ubnredir.sys [6784 2015-02-02] (UniversalBox) [File not signed]
S3 UFS2XX; C:\Windows\System32\drivers\UFS2XX.sys [68832 2013-08-19] (FTDI Ltd.)
S3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [29184 2011-07-14] (Microsoft Corporation) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2009-07-14] (Microsoft Corporation)
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv.sys [14936 2013-01-25] (Scott)
S3 wdf_usb; C:\Windows\System32\drivers\usb2ser.sys [56832 2011-05-18] (MediaTek Inc.) [File not signed]
S3 YL_cdc_acm; C:\Windows\System32\DRIVERS\YL_USB_SER.sys [44672 2010-12-12] (VIA Telecom)
S3 zgdcat; C:\Windows\System32\DRIVERS\zgdcat.sys [114456 2011-12-28] (ZTE Incorporated)
S3 zgdcdiag; C:\Windows\System32\DRIVERS\zgdcdiag.sys [114456 2011-12-28] (ZTE Incorporated)
S3 zgdcmdm; C:\Windows\System32\DRIVERS\zgdcmdm.sys [114456 2011-12-28] (ZTE Incorporated)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [113688 2011-12-13] (ZTE Incorporated)
S3 alehando; \??\C:\Users\User\Downloads\odbg110\PLUGINS\alehando.sys [X]
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag2; system32\DRIVERS\lgandnetdiag2.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S1 bfdtujck; \??\C:\Windows\system32\drivers\bfdtujck.sys [X]
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S1 dlebeyds; \??\C:\Windows\system32\drivers\dlebeyds.sys [X]
S1 ezosilgg; \??\C:\Windows\system32\drivers\ezosilgg.sys [X]
S1 fookkvnw; \??\C:\Windows\system32\drivers\fookkvnw.sys [X]
S1 fvnpqqhp; \??\C:\Windows\system32\drivers\fvnpqqhp.sys [X]
S1 hocwucmy; \??\C:\Windows\system32\drivers\hocwucmy.sys [X]
S1 hqeypjep; \??\C:\Windows\system32\drivers\hqeypjep.sys [X]
R3 humble; \??\C:\Users\User\Downloads\odbg110\PLUGINS\humble.sys [X]
S1 jbsfueqg; \??\C:\Windows\system32\drivers\jbsfueqg.sys [X]
S1 lrhmgjai; \??\C:\Windows\system32\drivers\lrhmgjai.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 mila; \??\C:\Users\User\Downloads\odbg110\PLUGINS\mila.sys [X]
S3 mila123; \??\C:\Users\User\Downloads\odbg110\PLUGINS\mila123.sys [X]
S1 morblcqt; \??\C:\Windows\system32\drivers\morblcqt.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S1 obyozrlx; \??\C:\Windows\system32\drivers\obyozrlx.sys [X]
S1 ooctbmat; \??\C:\Windows\system32\drivers\ooctbmat.sys [X]
S1 palmypwn; \??\C:\Windows\system32\drivers\palmypwn.sys [X]
S1 shfixhnh; \??\C:\Windows\system32\drivers\shfixhnh.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 Tq_91Assistant; \??\C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S1 uepeoedu; \??\C:\Windows\system32\drivers\uepeoedu.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
S1 uyrbkwgo; \??\C:\Windows\system32\drivers\uyrbkwgo.sys [X]
S1 vdlbdzzs; \??\C:\Windows\system32\drivers\vdlbdzzs.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S1 whuqhfom; \??\C:\Windows\system32\drivers\whuqhfom.sys [X]
S1 wltvhemc; \??\C:\Windows\system32\drivers\wltvhemc.sys [X]
S1 yrzjrmft; \??\C:\Windows\system32\drivers\yrzjrmft.sys [X]
S3 ZeNiX; \??\C:\Users\User\Desktop\olly_z\plugin\ZeNiX.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-10 18:44 - 2015-03-10 18:44 - 00033048 _____ () C:\Users\User\Desktop\FRST.txt
2015-03-10 18:43 - 2015-03-10 18:44 - 00000000 ____D () C:\FRST
2015-03-10 18:43 - 2015-03-10 18:43 - 01134592 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-03-10 18:04 - 2015-03-10 18:04 - 00000000 ____D () C:\Users\User\Desktop\ImpREC 1.7e
2015-03-10 18:03 - 2015-03-10 18:03 - 00406296 _____ () C:\Users\User\Desktop\ImpREC 1.7e.rar
2015-03-10 17:35 - 2015-03-10 17:35 - 00000000 ____D () C:\Users\User\Desktop\RDG Packer Detector v0.7.3.2014
2015-03-10 17:34 - 2015-03-10 17:34 - 02092369 _____ () C:\Users\User\Desktop\RDG Packer Detector v0.7.3.2014.rar
2015-03-10 17:29 - 2015-03-10 18:05 - 00000000 ____D () C:\AHT
2015-03-10 17:29 - 2015-03-10 17:29 - 00001352 _____ () C:\Users\User\Desktop\HUADongle.lnk
2015-03-10 17:29 - 2015-03-10 17:29 - 00000000 ____D () C:\Windows\SysWow64
2015-03-10 17:29 - 2015-03-10 17:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HUA Dongle
2015-03-10 16:15 - 2015-03-10 16:16 - 08266018 _____ () C:\Users\User\Desktop\InfinityBox_install_PinFinder_v1.28.rar
2015-03-10 15:55 - 2015-03-10 15:58 - 35150973 _____ () C:\Users\User\Desktop\InfinityBox_update_MModule_v4.47.rar
2015-03-10 15:38 - 2015-03-10 15:38 - 00001548 _____ () C:\Users\User\Desktop\InfinityBox BEST.lnk
2015-03-10 15:37 - 2015-03-10 15:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfinityBox
2015-03-10 15:11 - 2015-03-10 15:19 - 77519837 _____ () C:\Users\User\Desktop\InfinityBox_install_BEST_v2.04.rar
2015-03-10 14:28 - 2015-03-10 14:44 - 601603942 _____ () C:\Users\User\Desktop\itab703b jsd-jdf-kyt4.1.220130406.rar
2015-03-10 12:17 - 2015-03-10 13:08 - 00000000 ____D () C:\CWM
2015-03-10 12:11 - 2015-03-10 12:11 - 00000000 ____D () C:\Users\User\Desktop\recuperação de tablet 2014
2015-03-10 12:04 - 2015-03-10 12:11 - 328436782 _____ () C:\Users\User\Desktop\recuperação de tablet 2014.rar
2015-03-10 11:45 - 2015-03-10 11:45 - 00780012 _____ () C:\Users\User\Desktop\RockChip Android Tool.rar
2015-03-10 11:45 - 2015-03-10 11:45 - 00000000 ____D () C:\Users\User\Desktop\RockChip Android Tool
2015-03-09 21:40 - 2015-03-09 21:41 - 07442199 _____ () C:\Users\User\Desktop\philz_touch_6.47.7-n900-halaszk.zip
2015-03-09 21:36 - 2015-03-09 21:37 - 08294400 _____ () C:\Users\User\Downloads\-note3-n900-cwm-recovery-6.0.3.8(0926).tar
2015-03-09 20:00 - 2015-03-09 20:00 - 00000000 ____D () C:\Users\User\Desktop\HUAWEI_Y300_firmware(Y300-0100,Android 4.1,Emotion_UI,V100R001C00B189,General version)
2015-03-09 19:48 - 2015-03-09 20:00 - 585018177 _____ () C:\Users\User\Desktop\HUAWEI_Y300_firmware(Y300-0100,Android 4.1,Emotion_UI,V100R001C00B189,General version).zip
2015-03-09 19:13 - 2015-03-09 19:13 - 00001865 _____ () C:\Users\User\Desktop\Miracle Box Support.URL.lnk
2015-03-09 19:13 - 2015-03-09 19:13 - 00000937 _____ () C:\Users\User\Desktop\miracle_box.lnk
2015-03-09 19:13 - 2015-03-09 19:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mirace Box
2015-03-09 18:21 - 2015-03-09 18:21 - 00022050 _____ () C:\Users\User\Desktop\always_forever.zip
2015-03-09 15:53 - 2015-03-09 15:53 - 00000980 _____ () C:\Users\Public\Desktop\Furious Shell.lnk
2015-03-09 15:53 - 2015-03-09 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Furious Shell by MughalG
2015-03-09 15:53 - 2015-03-09 15:53 - 00000000 ____D () C:\Program Files\Furious Shell
2015-03-09 15:53 - 2010-10-18 10:05 - 01228800 _____ () C:\Windows\msado.dep
2015-03-09 15:53 - 2010-10-18 09:54 - 00001652 _____ () C:\Windows\smodule.txt
2015-03-09 15:53 - 2010-10-18 09:54 - 00000003 _____ () C:\Windows\dbver.txt
2015-03-09 15:53 - 2010-09-01 07:52 - 00003313 _____ () C:\Windows\MEP.txt
2015-03-09 15:53 - 2010-03-22 05:58 - 00626688 _____ () C:\Windows\msadoc.dep
2015-03-09 15:53 - 2003-02-21 05:01 - 00208896 _____ (vbAccelerator) C:\Windows\system32\vbalNCSM6.dll
2015-03-09 15:53 - 2003-01-26 02:41 - 00040960 _____ (vbAccelerator) C:\Windows\system32\SSubTmr6.dll
2015-03-09 13:20 - 2015-03-09 13:20 - 00000000 ____D () C:\Users\User\Desktop\E160KKKJMC3 Android 4.1.2
2015-03-09 12:05 - 2015-03-09 12:05 - 00001283 _____ () C:\Users\Public\Desktop\Free Video Cutter Joiner.lnk
2015-03-09 12:05 - 2015-03-09 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoMedia
2015-03-09 12:05 - 2015-03-09 12:05 - 00000000 ____D () C:\Program Files\DVDVideoMedia
2015-03-09 01:13 - 2015-03-09 12:26 - 00000000 ____D () C:\ProgramData\eMule
2015-03-09 01:13 - 2015-03-09 02:56 - 947337262 ____R () C:\Users\User\Downloads\themida.dll
2015-03-09 01:13 - 2015-03-09 01:13 - 00000000 ____D () C:\Users\User\Downloads\eMule
2015-03-09 00:54 - 2015-03-09 00:54 - 00023459 _____ () C:\Users\User\Downloads\♺ SATYR - Bareback Porn Star Gangbang #2.torrent
2015-03-08 21:19 - 2015-03-08 21:20 - 00000000 ____D () C:\Users\User\Downloads\Lazypressing V4.0 Beta
2015-03-08 21:18 - 2015-03-08 21:18 - 05108109 _____ () C:\Users\User\Downloads\Lazypressing V4.0 Beta.rar
2015-03-08 21:18 - 2015-03-08 21:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\qmacro
2015-03-08 21:18 - 2015-03-08 21:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\mymacro
2015-03-08 19:01 - 2015-03-08 19:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\Yahoo!
2015-03-08 18:59 - 2015-03-08 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2015-03-08 18:57 - 2015-03-08 18:57 - 00691576 _____ (Yahoo! Inc.) C:\Users\User\Downloads\msgr11us.exe
2015-03-08 16:29 - 2015-03-08 16:29 - 00000000 ____D () C:\Users\User\Desktop\E160SKSJMH2 Android 4.1.2
2015-03-08 15:53 - 2015-03-08 15:54 - 07475200 _____ () C:\Users\User\Downloads\Tegrak-Kernel-Build-32-for-SHV-E160S-FA09.recovery.tar
2015-03-08 13:56 - 2015-03-08 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo Android ROOT
2015-03-08 13:55 - 2015-03-08 13:55 - 03496080 _____ () C:\Users\User\Downloads\Phone.apk
2015-03-08 12:02 - 2015-03-07 23:49 - 02019052 ____N () C:\Users\User\00001.vcf
2015-03-08 09:59 - 2015-03-08 09:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\aerix
2015-03-08 02:26 - 2015-03-08 02:26 - 00062215 _____ () C:\Users\User\Desktop\123.html
2015-03-07 21:07 - 2015-03-07 21:07 - 00098116 _____ () C:\Users\User\Downloads\chrome-youtube-downloader-2.6.5.crx
2015-03-07 18:25 - 2015-03-08 18:58 - 01685181 _____ () C:\Users\User\Desktop\DongleManager.rar
2015-03-07 18:21 - 2015-03-07 18:21 - 00000881 _____ () C:\Users\Public\Desktop\NsPro.lnk
2015-03-07 18:21 - 2015-03-07 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NsPro
2015-03-07 18:13 - 2015-03-07 18:13 - 01718679 _____ () C:\Users\User\Desktop\aromafm-2.00b7.zip
2015-03-07 17:26 - 2015-03-07 17:26 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-07 15:33 - 2015-03-07 15:35 - 52019257 _____ () C:\Users\User\Desktop\SPH-L720_MDC_Modem.tar.md5
2015-03-07 15:16 - 2015-03-07 15:16 - 00002757 _____ () C:\Users\Public\Desktop\S4 Flasher.lnk
2015-03-07 15:16 - 2015-03-07 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\s4 unlock
2015-03-07 15:16 - 2015-03-07 15:16 - 00000000 ____D () C:\Program Files\s4 unlocker
2015-03-07 15:15 - 2015-03-07 15:15 - 00000000 ____D () C:\Users\User\Desktop\unlock_
2015-03-07 15:08 - 2015-03-07 15:08 - 00000000 ____D () C:\Users\User\Desktop\CF-Auto-Root-jfltespr-jfltespr-sphl720
2015-03-07 13:49 - 2015-03-07 13:49 - 07096320 _____ () C:\Users\User\Downloads\recovery-clockwork-touch-6.0.1.5-hercules.tar
2015-03-07 13:44 - 2015-03-07 13:48 - 07209040 _____ () C:\Users\User\Downloads\recovery-clockwork-touch-6.0.3.1-hercules.tar
2015-03-07 13:16 - 2014-12-25 17:34 - 661214447 ____N () C:\Users\User\Desktop\المعيوي.mp4
2015-03-07 12:53 - 2015-03-07 12:54 - 05811076 _____ () C:\Users\User\Desktop\x.apk
2015-03-07 12:21 - 2015-03-06 16:53 - 51792330 _____ () C:\Users\User\Desktop\2.mp4
2015-03-07 12:21 - 2015-03-06 16:35 - 761001021 _____ () C:\Users\User\Desktop\1.mp4
2015-03-07 11:52 - 2015-03-07 11:52 - 00000000 ____D () C:\Users\User\Desktop\Martech_box_II_drivers_2005_11_30
2015-03-07 11:52 - 2005-03-23 14:35 - 00081920 _____ (FTDI Ltd) C:\Windows\system32\MRT_box2.dll
2015-03-07 11:52 - 2004-10-15 16:49 - 00029292 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\MRT_box2.sys
2015-03-07 11:52 - 2004-01-21 15:33 - 00140800 _____ () C:\Windows\system32\MRTBOXUN.exe
2015-03-07 11:43 - 2015-03-07 11:43 - 03331691 _____ () C:\Users\User\Desktop\siem_v148.rar
2015-03-07 11:42 - 2015-03-07 11:42 - 00107213 _____ () C:\Windows\MartechCOM Uninstaller.exe
2015-03-07 11:42 - 2015-03-07 11:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MartechCOM
2015-03-07 11:42 - 2015-03-07 11:42 - 00000000 ____D () C:\Program Files\MartechCOM
2015-03-07 11:38 - 2015-03-07 11:39 - 00000000 ____D () C:\Program Files\Martech
2015-03-07 11:38 - 2015-03-07 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Martech
2015-03-07 11:35 - 2015-03-07 11:35 - 00000000 ____D () C:\Users\User\Desktop\8800d_rm-165_v4.20
2015-03-07 10:45 - 2015-03-07 10:45 - 00000000 ____D () C:\Users\User\Desktop\i9500_MT6572_4.2.2_V1
2015-03-07 09:40 - 2015-03-07 09:54 - 382676690 _____ () C:\Users\User\Desktop\GT-I9500_MT6572_tested_Firmware.rar
2015-03-07 09:12 - 2015-03-07 09:12 - 00000990 _____ () C:\Users\User\Desktop\Your Unin-staller!.lnk
2015-03-07 09:12 - 2015-03-07 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
2015-03-07 09:11 - 2015-03-07 09:12 - 00000000 ____D () C:\Program Files\Your Uninstaller! 7
2015-03-06 22:43 - 2015-03-07 07:59 - 00000000 ____D () C:\Users\User\Desktop\VMProtect Ultra Unpacker 1.0 Tutorial
2015-03-06 21:43 - 2015-03-07 07:59 - 00000000 ____D () C:\Users\User\Desktop\ScyllaHide v1.2
2015-03-06 21:42 - 2015-03-06 21:42 - 00650781 _____ () C:\Users\User\Desktop\ScyllaHide v1.2.rar
2015-03-06 19:46 - 2015-03-06 19:46 - 00006862 _____ () C:\Users\User\Desktop\freeformatter-output
2015-03-06 19:44 - 2015-03-06 19:44 - 00039368 _____ () C:\Users\User\Desktop\passes.html
2015-03-06 16:03 - 2015-03-07 18:04 - 00000000 ____D () C:\Users\User\Desktop\pangolin_professinal_edition_3.2.5.1137_15DaysTrial_WinVista
2015-03-06 16:03 - 2015-03-06 16:03 - 00004925 _____ () C:\ProgramData\aqmmpwnp.hgu
2015-03-06 01:44 - 2015-03-06 01:44 - 00000595 _____ () C:\Users\User\Downloads\WinLicense Order.zip
2015-03-06 01:42 - 2015-03-06 01:43 - 00000000 ____D () C:\Users\User\Desktop\WL
2015-03-05 23:44 - 2015-03-07 18:04 - 00000000 ____D () C:\Windows\system32\HavijPro
2015-03-05 23:44 - 2015-03-05 23:44 - 00000000 ____D () C:\Users\User\Desktop\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ]
2015-03-05 23:40 - 2015-03-05 23:41 - 02097152 _____ () C:\Users\User\Desktop\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].part1.rar
2015-03-05 23:37 - 2015-03-05 23:37 - 00000000 ____D () C:\Users\User\Desktop\Havij Pro 1.17 Portable
2015-03-05 23:27 - 2015-03-05 23:27 - 00000000 ____D () C:\Users\User\Desktop\h4v1j_117.Pr0
2015-03-05 21:45 - 2015-03-05 21:45 - 00001038 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2015-03-05 21:37 - 2015-03-07 08:06 - 00000000 ____D () C:\ProgramData\Hotspot Shield
2015-03-05 21:37 - 2015-03-05 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2015-03-05 21:36 - 2015-03-10 13:07 - 00000000 ____D () C:\Program Files\Hotspot Shield
2015-03-05 21:36 - 2015-03-05 21:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\Hotspot Shield
2015-03-05 21:36 - 2014-05-17 04:33 - 00039624 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2015-03-05 17:19 - 2015-03-05 17:19 - 00000000 ____D () C:\Users\User\Desktop\Q88_GSL1688_MC3230_2Cam
2015-03-05 16:57 - 2015-03-05 17:23 - 00000915 _____ () C:\Users\User\Desktop\LiveSuit.exe.lnk
2015-03-05 16:49 - 2015-03-05 16:49 - 00000000 ____D () C:\Users\User\Downloads\MaPan_MX913_DC_Jelly_Bean_4.2_Os_Root_Firmware_J20131101
2015-03-05 16:10 - 2015-03-05 16:11 - 00000000 ____D () C:\Program Files\LenovoUsbDriver
2015-03-05 15:59 - 2015-03-05 15:59 - 00000000 ____D () C:\Users\User\Desktop\lenovo A606
2015-03-05 15:55 - 2015-03-05 16:05 - 363550367 _____ () C:\Users\User\Desktop\Samsung  s4 I9500 Clone Mtk6572.rar
2015-03-05 15:29 - 2015-03-05 15:29 - 00025843 _____ () C:\Users\User\Downloads\ipad2.html
2015-03-05 05:33 - 2015-03-05 05:33 - 00000000 ____D () C:\Users\User\Downloads\CF-Auto-Root-ms013g-ms013gxx-smg7102 (1)
2015-03-05 05:32 - 2015-03-05 05:33 - 20834129 _____ () C:\Users\User\Downloads\CF-Auto-Root-ms013g-ms013gxx-smg7102 (1).zip
2015-03-05 02:35 - 2015-03-05 02:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hex Workshop v5
2015-03-05 02:35 - 2015-03-05 02:35 - 00000000 ____D () C:\Program Files\BreakPoint Software
2015-03-05 02:34 - 2015-03-05 02:34 - 02913656 _____ () C:\Users\User\Downloads\HeXWorkshop.rar
2015-03-05 01:58 - 2015-03-05 01:58 - 00000000 ____D () C:\Users\User\Desktop\Piranha_box_V1.47
2015-03-05 01:39 - 2015-03-09 19:13 - 01195709 _____ () C:\Windows\MIRACLE BOX Uninstaller.exe
2015-03-04 23:06 - 2015-03-04 23:13 - 00000000 ____D () C:\Users\User\Downloads\Windows XP Professional SP3 Nov 2013 + SATA Drivers [ThumperDC]
2015-03-04 22:36 - 2015-03-04 22:36 - 00020984 _____ () C:\Users\User\Downloads\TitanHide v0.011.rar
2015-03-04 22:26 - 2015-03-04 22:26 - 00650781 _____ () C:\Users\User\Downloads\ScyllaHide v1.2.rar
2015-03-04 22:21 - 2015-03-04 22:26 - 00000000 ____D () C:\Users\User\Downloads\VMware.Fusion.Professional.v7.1.0.MacOSX.Incl.Keymaker-CORE
2015-03-04 19:53 - 2015-03-04 19:53 - 00000000 ____D () C:\Users\User\Downloads\SP_Flash_Tool_v3.1224.01
2015-03-04 19:51 - 2015-03-04 19:51 - 00000000 ____D () C:\Users\User\Desktop\MT6572_GTI-9500
2015-03-04 17:56 - 2015-03-04 17:56 - 00000000 ____D () C:\Users\User\Desktop\MT6577 USB VCOM drivers_2
2015-03-04 15:44 - 2015-03-04 15:44 - 00350621 _____ () C:\Users\User\Desktop\MT6577 USB VCOM drivers.rar
2015-03-04 14:36 - 2015-03-04 15:23 - 669948561 _____ () C:\Users\User\Downloads\MaPan_MX913_DC_Jelly_Bean_4.2_Os_Root_Firmware_J20131101.rar
2015-03-04 12:17 - 2015-03-04 12:26 - 00000000 ____D () C:\Users\User\Downloads\VMware-Fusion-7.1.1_coque599
2015-03-04 04:40 - 2015-03-04 04:40 - 00003975 _____ () C:\Users\User\Downloads\youtube2mp3.crx
2015-03-04 04:27 - 2015-03-04 16:50 - 00000000 ____D () C:\Users\User\AppData\Local\Apps\2.0
2015-03-04 04:27 - 2015-03-04 04:28 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2015-03-04 04:26 - 2015-03-04 04:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Trend Micro
2015-03-04 03:29 - 2015-03-04 04:29 - 00000000 ____D () C:\Program Files\ActiveSMART 2.97
2015-03-04 03:29 - 2015-03-04 03:29 - 00000000 ___HD () C:\ProgramData\ActiveSMART
2015-03-03 22:17 - 2015-03-03 22:17 - 00000000 ___HD () C:\TMRescueDisk
2015-03-03 22:02 - 2015-03-04 16:50 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-03-03 22:02 - 2015-03-04 02:50 - 00000000 ____D () C:\Users\User\AppData\Local\Trend Micro
2015-03-03 22:02 - 2015-03-03 22:05 - 00000000 ____D () C:\Program Files\Trend Micro
2015-03-03 22:02 - 2015-03-03 22:02 - 00000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2015-03-03 20:38 - 2015-03-03 20:38 - 00000000 ____D () C:\Program Files\ITSecTeam
2015-03-03 20:37 - 2015-03-04 16:51 - 00000000 ____D () C:\Users\User\Desktop\Havij 1.17 Pro Cracked by mm1991 [ AoRE Team ]
2015-03-03 19:49 - 2015-03-03 19:49 - 00000000 ____D () C:\Users\User\Desktop\LG Flash Tool 2014
2015-03-03 19:31 - 2015-03-03 19:32 - 00000000 ____D () C:\Users\User\Desktop\New folder (3)
2015-03-03 19:28 - 2015-03-03 19:28 - 00000725 _____ () C:\Users\User\Desktop\LGFlashTool.lnk
2015-03-03 19:19 - 2015-03-03 19:27 - 09721391 _____ () C:\Users\User\Downloads\Setup_LGFlashTool_1.5.10.1120.zip
2015-03-03 19:10 - 2015-03-03 19:10 - 00073177 _____ () C:\Users\User\Downloads\LGExtract-0.2.1.7z
2015-03-03 19:09 - 2015-03-07 17:07 - 00000831 _____ () C:\Users\User\Desktop\LGMobile Support Tool.lnk
2015-03-03 18:08 - 2015-03-03 18:08 - 00000000 ____D () C:\Users\User\Desktop\E5_ENO_WK2012_v034
2015-03-03 17:43 - 2015-03-03 17:45 - 04742420 _____ () C:\Users\User\Downloads\sHaRewbb_mirc738.rar
2015-03-03 17:37 - 2015-03-03 17:37 - 00027339 _____ () C:\Users\User\Downloads\sHaRewbb_mirc738.rar.html
2015-03-03 16:47 - 2015-03-03 16:47 - 00001216 _____ () C:\Users\User\Desktop\SPT.lnk
2015-03-03 16:37 - 2015-03-03 16:37 - 00207254 _____ () C:\Users\User\Downloads\SSU.apk
2015-03-03 16:31 - 2015-03-03 16:31 - 00743424 _____ () C:\Users\User\Downloads\SM_G900P-SprintEdit.qcn
2015-03-03 16:01 - 2015-03-03 16:01 - 00000197 _____ () C:\Windows\system32\2015-03-03-14-01-06.012-AvastVBoxSVC.exe-5708.log
2015-03-03 15:32 - 2015-03-03 15:32 - 00000197 _____ () C:\Windows\system32\2015-03-03-13-32-18.096-AvastVBoxSVC.exe-5424.log
2015-03-03 13:37 - 2015-03-03 13:37 - 00000384 _____ () C:\Users\User\Downloads\The key to unlocking your HTC Device (6).zip
2015-03-03 04:01 - 2015-03-03 04:01 - 00000197 _____ () C:\Windows\system32\2015-03-03-02-01-04.067-AvastVBoxSVC.exe-4012.log
2015-03-03 03:55 - 2015-03-03 03:55 - 00000197 _____ () C:\Windows\system32\2015-03-03-01-55-34.051-AvastVBoxSVC.exe-2352.log
2015-03-03 03:45 - 2015-03-04 16:51 - 00000000 ____D () C:\Users\User\Desktop\olly_z
2015-03-03 02:59 - 2015-03-03 02:59 - 00001798 _____ () C:\Users\User\Desktop\ICQ.lnk
2015-03-03 02:59 - 2015-03-03 02:59 - 00001656 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2015-03-03 02:59 - 2015-03-03 02:59 - 00000000 ____D () C:\Users\User\voip
2015-03-03 02:59 - 2015-03-03 02:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2015-03-03 02:57 - 2015-03-10 13:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\ICQM
2015-03-03 02:57 - 2015-03-03 03:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\ICQ-Profile
2015-03-03 00:39 - 2015-03-03 00:40 - 00000197 _____ () C:\Windows\system32\2015-03-02-22-39-44.075-AvastVBoxSVC.exe-1976.log
2015-03-02 21:54 - 2015-03-02 21:54 - 14826415 _____ () C:\Users\User\Downloads\Stock Recovery E8 1.09.707.1.zip
2015-03-02 21:35 - 2015-03-02 21:38 - 1500046905 _____ () C:\Users\User\Downloads\TWRP HTC one E8_2014-09-08--10-32-21 KOT49H release-keys.zip
2015-03-02 20:38 - 2015-03-02 20:38 - 00000000 ____D () C:\Users\User\Desktop\Piranha_box_V1.48
2015-03-02 20:30 - 2015-03-02 20:30 - 00000000 ____D () C:\Users\User\Documents\split__150302203012
2015-03-02 20:30 - 2015-03-02 20:30 - 00000000 ____D () C:\RESULT_TEMP
2015-03-02 20:29 - 2015-03-02 20:30 - 06291456 _____ () C:\Users\User\Documents\rec.bin
2015-03-02 18:25 - 2015-03-02 18:25 - 00000384 _____ () C:\Users\User\Downloads\The key to unlocking your HTC Device (5).zip
2015-03-02 17:52 - 2015-03-02 17:53 - 00000000 ____D () C:\Users\User\Desktop\T310XXUBNH2_T310OJVBNH1_XSG
2015-03-02 17:46 - 2015-03-04 16:51 - 00000000 ____D () C:\Users\User\Desktop\Bin_ImpREC_2011-7-16_8.11_ImpREC_1.7e
2015-03-02 17:34 - 2015-03-02 17:40 - 00000000 ____D () C:\Users\User\Desktop\oneSIM
2015-03-02 16:54 - 2015-03-02 16:54 - 00000384 _____ () C:\Users\User\Downloads\The key to unlocking your HTC Device (4).zip
2015-03-02 16:33 - 2015-03-02 16:33 - 14321664 _____ () C:\Users\User\Downloads\philz_touch_6.57.8-m8.img
2015-03-02 16:06 - 2015-03-02 16:06 - 00000384 _____ () C:\Users\User\Downloads\The key to unlocking your HTC Device (3).zip
2015-03-02 15:36 - 2015-03-02 15:36 - 00000197 _____ () C:\Windows\system32\2015-03-02-13-36-29.075-AvastVBoxSVC.exe-5564.log
2015-03-02 15:16 - 2015-03-02 15:17 - 00000384 _____ () C:\Users\User\Downloads\The key to unlocking your HTC Device (2).zip
2015-03-02 15:04 - 2015-03-02 15:16 - 28429695 _____ () C:\Users\User\Downloads\SunShine-latest (1).apk
2015-03-02 15:04 - 2015-03-02 15:04 - 00477387 _____ () C:\Users\User\Downloads\SUInstaller.apk
2015-03-02 14:48 - 2015-03-02 14:53 - 09178455 _____ () C:\Users\User\Downloads\com.talkatone.android-4.0-1502021955-APK4Fun.com.apk
2015-03-02 12:57 - 2015-03-07 09:15 - 00000000 ____D () C:\Program Files\4Team Corporation
2015-03-02 12:57 - 2015-03-02 12:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\4Team
2015-03-02 12:18 - 2015-03-02 12:18 - 00000917 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2015-03-02 12:18 - 2015-03-02 12:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Helios
2015-03-02 12:17 - 2015-03-02 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TextPad
2015-03-02 12:17 - 2015-03-02 12:17 - 00000000 ____D () C:\Program Files\TextPad 7
2015-03-02 12:01 - 2015-03-02 12:05 - 00000000 ____D () C:\Users\User\Desktop\names
2015-03-02 11:21 - 2015-03-02 11:21 - 00001822 _____ () C:\Users\Public\Desktop\Sonork.lnk
2015-03-02 11:21 - 2015-03-02 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTV Solutions, Inc. Messaging System
2015-03-02 11:21 - 2015-03-02 11:21 - 00000000 ____D () C:\Program Files\Sonork
2015-03-02 08:49 - 2015-01-23 05:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-02 08:49 - 2015-01-23 05:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-02 00:50 - 2015-03-09 17:35 - 00000779 _____ () C:\Users\User\Desktop\New Text Document.txt
2015-03-01 23:21 - 2015-03-01 23:21 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2015-03-01 22:48 - 2015-03-01 22:50 - 22553611 _____ () C:\Users\User\Downloads\radio.zip
2015-03-01 22:04 - 2015-03-01 22:04 - 00000384 _____ () C:\Users\User\Downloads\The key to unlocking your HTC Device (1).zip
2015-03-01 21:12 - 2015-03-01 21:12 - 00000000 ____D () C:\Users\User\Desktop\SM-N900_359092050091226_S200012760
2015-03-01 21:02 - 2015-03-01 21:02 - 00000384 _____ () C:\Users\User\Downloads\The key to unlocking your HTC Device.zip
2015-03-01 20:47 - 2015-03-01 20:47 - 00001564 _____ () C:\Users\User\Desktop\InfinityBox Shell.lnk
2015-03-01 20:10 - 2015-03-01 20:11 - 15601920 _____ () C:\Users\User\Downloads\recovery_1.54.401.10.img
2015-03-01 19:33 - 2015-03-01 19:33 - 00001584 _____ () C:\Users\Public\Desktop\InfinityBox CM2MTK.lnk
2015-03-01 18:41 - 2015-03-01 18:41 - 16478208 _____ () C:\Users\User\Downloads\openrecovery-twrp-2.8.4.0-m8.img
2015-03-01 18:39 - 2015-03-01 18:39 - 00004735 _____ () C:\Users\User\Downloads\openrecovery-twrp-2.8.5.0-m8.img
2015-03-01 14:25 - 2015-03-01 14:25 - 01174979 _____ () C:\Windows\unins000.exe
2015-03-01 14:25 - 2015-03-01 14:25 - 00017649 _____ () C:\Windows\unins000.dat
2015-03-01 13:54 - 2015-03-01 13:54 - 00000000 ____D () C:\Users\User\Desktop\One_M8_All-In-One_Kit_v2.0
2015-03-01 12:54 - 2015-03-01 13:37 - 1689665597 _____ (HTC) C:\Users\User\Downloads\RUU_M8_UL_L50_SENSE60_MR_hTC_Asia_WWE_4.19.707.2_Radio_1.25.21331147A1.06G_20.69.4196.01_F_release_414204_signed.exe
2015-03-01 12:10 - 2015-03-01 12:10 - 00000996 _____ () C:\Users\User\Desktop\DC-Unlocker client.lnk
2015-03-01 12:09 - 2015-03-01 12:10 - 03670600 _____ (UAB Digiteka) C:\Users\User\Downloads\dc-unlocker_client-1.00.1168.exe
2015-03-01 11:19 - 2015-01-15 09:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-01 11:19 - 2015-01-15 09:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-01 11:19 - 2015-01-15 09:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-01 11:19 - 2015-01-15 09:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-01 11:19 - 2015-01-15 09:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-01 11:19 - 2015-01-15 09:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-01 11:19 - 2015-01-15 09:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-01 11:19 - 2015-01-15 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-01 11:19 - 2015-01-15 09:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-01 11:19 - 2015-01-15 09:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-01 11:19 - 2015-01-15 09:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-01 11:19 - 2015-01-15 06:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-01 11:19 - 2015-01-14 07:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-01 11:19 - 2015-01-14 07:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-01 11:19 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-03-01 11:18 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-03-01 11:18 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-03-01 11:18 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-03-01 11:18 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-03-01 11:18 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-03-01 11:18 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-03-01 11:18 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-03-01 11:18 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-03-01 11:18 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-03-01 11:18 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-03-01 10:58 - 2015-03-01 10:58 - 00000197 _____ () C:\Windows\system32\2015-03-01-08-58-57.017-AvastVBoxSVC.exe-4032.log
2015-03-01 10:50 - 2015-03-01 10:50 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-03-01 10:50 - 2015-03-01 10:50 - 00000000 ____D () C:\Windows\system32\fr
2015-03-01 10:50 - 2015-03-01 10:50 - 00000000 ____D () C:\Windows\system32\Drivers\fr-FR
2015-03-01 10:50 - 2015-03-01 10:50 - 00000000 ____D () C:\Windows\system32\Drivers\ar-SA
2015-03-01 10:50 - 2015-03-01 10:50 - 00000000 ____D () C:\Windows\system32\ar
2015-03-01 10:50 - 2015-03-01 10:50 - 00000000 ____D () C:\Windows\fr-FR
2015-03-01 10:50 - 2015-03-01 10:50 - 00000000 ____D () C:\Windows\ar-SA
2015-03-01 10:41 - 2015-03-01 10:41 - 02126848 _____ () C:\Users\User\Downloads\adwcleaner_4.111 (1).exe
2015-03-01 04:45 - 2015-01-09 01:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-01 04:27 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-03-01 03:45 - 2012-07-26 05:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-03-01 03:45 - 2012-07-26 05:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-03-01 03:45 - 2012-07-26 05:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-03-01 03:45 - 2012-07-26 05:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-03-01 03:45 - 2012-07-26 05:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-03-01 03:45 - 2012-07-26 04:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-03-01 03:45 - 2012-07-26 04:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-03-01 03:45 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-03-01 03:43 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-03-01 03:43 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-03-01 03:43 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-03-01 03:43 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-03-01 03:42 - 2012-03-01 07:46 - 00019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2015-03-01 03:42 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2015-03-01 03:13 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-01 03:13 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-01 02:41 - 2015-01-14 07:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-01 02:41 - 2015-01-12 04:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-01 02:41 - 2015-01-12 04:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-01 02:41 - 2015-01-12 04:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-01 02:41 - 2015-01-12 04:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-01 02:41 - 2015-01-12 04:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-01 02:41 - 2015-01-12 04:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-01 02:41 - 2015-01-12 04:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-01 02:41 - 2015-01-12 04:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-01 02:41 - 2015-01-12 04:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-01 02:41 - 2015-01-12 03:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-01 02:41 - 2015-01-12 03:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-01 02:41 - 2015-01-12 03:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-01 02:41 - 2015-01-12 03:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-01 02:41 - 2015-01-12 03:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-01 02:41 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-01 02:41 - 2015-01-12 03:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-01 02:41 - 2015-01-12 03:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-01 02:41 - 2015-01-12 03:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-01 02:41 - 2015-01-12 03:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-01 02:41 - 2015-01-12 03:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-01 02:41 - 2015-01-12 03:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-01 02:41 - 2015-01-12 03:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-01 02:41 - 2015-01-12 03:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-01 02:41 - 2015-01-12 03:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-01 02:41 - 2015-01-12 03:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-01 02:41 - 2015-01-12 02:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-01 02:41 - 2015-01-12 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-01 02:38 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-03-01 02:38 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-01 02:38 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-03-01 02:38 - 2014-07-17 03:39 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-01 02:38 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-03-01 02:38 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-03-01 02:38 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-03-01 02:38 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-03-01 02:38 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-03-01 02:38 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-03-01 02:38 - 2012-04-26 06:45 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2015-03-01 02:38 - 2012-04-26 06:41 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2015-03-01 02:31 - 2015-01-10 08:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-01 02:31 - 2015-01-10 08:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-01 02:31 - 2015-01-10 08:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-01 02:31 - 2015-01-10 08:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-01 02:31 - 2015-01-10 08:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-01 02:31 - 2015-01-10 08:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-01 02:31 - 2015-01-10 08:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-01 02:30 - 2014-10-14 03:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-03-01 02:30 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-03-01 02:30 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2015-03-01 02:30 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2015-03-01 02:30 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2015-03-01 02:30 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2015-03-01 02:30 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2015-03-01 02:30 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2015-03-01 02:30 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2015-03-01 02:30 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2015-03-01 02:30 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2015-03-01 02:30 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2015-03-01 02:30 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2015-03-01 02:30 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2015-03-01 02:30 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2015-03-01 02:30 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2015-03-01 02:30 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2015-03-01 02:29 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-03-01 02:27 - 2010-12-23 07:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2015-03-01 02:27 - 2010-12-23 07:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2015-03-01 02:27 - 2010-12-23 07:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2015-03-01 02:26 - 2014-12-12 07:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-01 02:26 - 2014-07-07 03:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-01 02:26 - 2014-07-07 03:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-01 02:26 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-01 02:23 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-03-01 02:22 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-03-01 02:22 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-01 02:22 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-01 02:22 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-03-01 02:22 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2015-03-01 02:20 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2015-03-01 02:19 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-03-01 02:19 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2015-03-01 02:19 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2015-03-01 02:16 - 2012-01-04 10:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2015-03-01 02:14 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-03-01 02:14 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-03-01 02:14 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-03-01 02:14 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-03-01 02:14 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-03-01 02:14 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-03-01 02:14 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-03-01 02:14 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-03-01 02:14 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-03-01 02:13 - 2011-05-04 06:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-03-01 02:13 - 2011-05-04 06:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-03-01 02:13 - 2011-05-04 06:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-03-01 02:13 - 2011-05-04 06:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-03-01 02:13 - 2011-05-04 06:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-03-01 02:13 - 2011-05-04 06:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2015-03-01 02:13 - 2011-05-04 06:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-03-01 02:13 - 2011-05-04 06:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-03-01 02:13 - 2011-05-04 06:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2015-03-01 02:13 - 2011-04-29 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-03-01 02:13 - 2011-04-29 04:46 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2015-03-01 02:13 - 2011-04-29 04:46 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-03-01 02:12 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-01 02:12 - 2014-10-03 03:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-01 02:12 - 2014-10-03 03:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-01 02:12 - 2014-10-03 03:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-01 02:12 - 2014-10-03 03:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-01 02:12 - 2014-10-03 03:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-01 02:12 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-03-01 02:12 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-01 02:12 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-03-01 02:12 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-03-01 02:12 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-03-01 02:12 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-03-01 02:12 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-03-01 02:12 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-03-01 02:12 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-03-01 02:12 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-03-01 02:12 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-03-01 02:12 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-03-01 02:12 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-03-01 02:12 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-03-01 02:12 - 2013-08-29 03:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2015-03-01 02:12 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-03-01 02:12 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-03-01 02:12 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-03-01 02:12 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-03-01 02:12 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-03-01 02:12 - 2013-03-19 05:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-03-01 02:12 - 2012-11-29 00:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2015-03-01 02:12 - 2012-11-29 00:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2015-03-01 02:12 - 2012-11-29 00:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-03-01 02:12 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2015-03-01 02:12 - 2012-05-14 06:33 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-01 02:12 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2015-03-01 02:11 - 2015-01-09 03:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-01 02:11 - 2014-12-19 04:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-03-01 02:11 - 2014-12-11 19:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-01 02:11 - 2014-11-26 05:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-03-01 02:11 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-03-01 02:11 - 2014-08-21 08:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-03-01 02:11 - 2014-08-21 08:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-03-01 02:11 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-03-01 02:11 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-03-01 02:11 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-03-01 02:11 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-03-01 02:11 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-03-01 02:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-03-01 02:11 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-03-01 02:11 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-03-01 02:11 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-03-01 02:11 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-03-01 02:11 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-03-01 02:11 - 2013-10-12 04:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-03-01 02:11 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-03-01 02:11 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-03-01 02:11 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-03-01 02:11 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-03-01 02:11 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-03-01 02:11 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-03-01 02:11 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-03-01 02:11 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-03-01 02:11 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-03-01 02:11 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-03-01 02:11 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-01 02:11 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-01 02:11 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-01 02:11 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-01 02:11 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-01 02:11 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-01 02:11 - 2013-02-12 05:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2015-03-01 02:11 - 2013-02-12 05:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-03-01 02:11 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2015-03-01 02:11 - 2012-07-04 21:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys
2015-03-01 02:11 - 2012-05-05 09:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-01 02:11 - 2012-03-17 09:27 - 00056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2015-03-01 02:11 - 2011-10-26 06:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-01 02:11 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2015-03-01 02:11 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2015-03-01 02:11 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2015-03-01 02:11 - 2011-07-09 04:30 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-03-01 02:11 - 2011-06-15 10:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll
2015-03-01 02:11 - 2011-06-15 10:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2015-03-01 02:11 - 2011-06-15 10:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2015-03-01 02:11 - 2011-06-15 10:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2015-03-01 02:11 - 2011-06-15 10:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2015-03-01 02:11 - 2011-05-03 06:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-01 02:11 - 2011-04-27 04:17 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-03-01 02:11 - 2011-04-27 04:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-03-01 02:11 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-01 02:11 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-01 02:11 - 2011-03-03 07:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-03-01 02:11 - 2011-03-03 07:38 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-03-01 02:11 - 2011-03-03 07:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2015-03-01 02:11 - 2011-02-12 07:35 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2015-03-01 02:10 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-03-01 02:10 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-03-01 02:10 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-03-01 02:10 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-03-01 02:10 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-03-01 02:10 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-03-01 02:10 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-03-01 02:10 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-03-01 02:10 - 2013-11-27 03:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-03-01 02:10 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-03-01 02:10 - 2013-10-04 03:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-03-01 02:10 - 2013-10-04 03:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-03-01 02:10 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-03-01 02:10 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2015-03-01 02:10 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2015-03-01 02:10 - 2012-07-04 23:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2015-03-01 02:10 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2015-03-01 02:10 - 2011-05-24 12:44 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2015-03-01 02:04 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-03-01 02:03 - 2015-01-13 04:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-01 02:03 - 2014-12-06 05:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-01 02:03 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-03-01 02:03 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-03-01 02:03 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-03-01 02:03 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-03-01 02:03 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-03-01 02:03 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-03-01 02:03 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-01 02:03 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-03-01 02:03 - 2012-10-03 18:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-03-01 02:03 - 2011-02-23 06:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2015-03-01 02:01 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-03-01 02:01 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-03-01 02:01 - 2012-02-17 06:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2015-03-01 01:58 - 2014-12-19 03:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-01 01:58 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-03-01 01:58 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2015-03-01 01:05 - 2015-03-01 01:05 - 00000197 _____ () C:\Windows\system32\2015-02-28-23-05-36.006-AvastVBoxSVC.exe-5528.log
2015-03-01 00:10 - 2015-03-01 00:11 - 00000000 ____D () C:\Users\User\Downloads\M110s_ArabicByDroidYemen2.3
2015-02-28 23:59 - 2015-03-01 00:09 - 466561489 _____ () C:\Users\User\Downloads\M110s_ArabicByDroidYemen2.3.zip
2015-02-28 23:28 - 2015-02-28 23:28 - 00498770 _____ () C:\Users\User\Downloads\roottools0.xap
2015-02-28 20:48 - 2015-02-28 20:48 - 20834129 _____ () C:\Users\User\Downloads\CF-Auto-Root-ms013g-ms013gxx-smg7102.zip
2015-02-28 18:58 - 2015-02-28 18:58 - 00000197 _____ () C:\Windows\system32\2015-02-28-16-58-50.034-AvastVBoxSVC.exe-3544.log
2015-02-28 18:36 - 2015-02-28 18:36 - 00000197 _____ () C:\Windows\system32\2015-02-28-16-36-40.057-AvastVBoxSVC.exe-5576.log
2015-02-28 18:23 - 2015-02-28 18:23 - 00000197 _____ () C:\Windows\system32\2015-02-28-16-23-02.076-AvastVBoxSVC.exe-5168.log
2015-02-28 17:24 - 2015-02-28 17:24 - 00000247 _____ () C:\Windows\system32\2015-02-28-15-24-20.022-aswFe.exe-5532.log
2015-02-28 17:20 - 2015-02-28 17:24 - 00000247 _____ () C:\Windows\system32\2015-02-28-15-20-04.036-aswFe.exe-5052.log
2015-02-28 17:20 - 2015-02-28 17:20 - 00000197 _____ () C:\Windows\system32\2015-02-28-15-20-00.034-AvastVBoxSVC.exe-6324.log
2015-02-28 17:11 - 2015-02-28 17:11 - 00000000 ____D () C:\Windows\system32\vbox
2015-02-28 16:54 - 2015-03-07 10:01 - 00451308 _____ () C:\Windows\PFRO.log
2015-02-28 16:02 - 2015-02-28 16:02 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-02-28 13:06 - 2015-02-28 13:06 - 00000000 ____D () C:\Users\User\Downloads\A1000F_A412_01_23_130822_ROW_USER (1)
2015-02-28 13:02 - 2015-02-28 13:02 - 400733642 _____ () C:\Users\User\Downloads\A1000F_A412_01_23_130822_ROW_USER (1).rar
2015-02-28 13:00 - 2015-02-28 16:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\Bitcoin
2015-02-28 12:51 - 2015-02-28 12:51 - 14006085 _____ () C:\Users\User\Downloads\a1000f.rar
2015-02-28 12:51 - 2015-02-28 12:51 - 00000000 ____D () C:\Users\User\Downloads\a1000f
2015-02-28 12:49 - 2015-02-28 12:49 - 11690232 _____ (Bitcoin Core project) C:\Users\User\Downloads\bitcoin-0.10.0-win32-setup.exe
2015-02-28 12:01 - 2015-02-28 12:01 - 00000000 ____D () C:\Users\User\Desktop\a2-f761k a mgt f761l-mainbord-v2.0.0-m1190
2015-02-28 11:12 - 2015-03-07 09:18 - 00000000 ____D () C:\Program Files\Lenovo Smart Assistant
2015-02-28 11:12 - 2015-02-28 11:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lenovo
2015-02-28 11:09 - 2015-02-28 11:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\Passware
2015-02-28 11:08 - 2015-02-28 11:08 - 00001079 _____ () C:\Users\User\Desktop\Passware Kit Enterprise 10.0.lnk
2015-02-28 11:08 - 2015-02-28 11:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Passware
2015-02-28 11:08 - 2015-02-28 11:08 - 00000000 ____D () C:\Program Files\Passware
2015-02-28 11:04 - 2015-02-28 11:07 - 00000000 ____D () C:\Users\User\Downloads\Passware Kit Enterprise v10.0 build 1763 Portable
2015-02-28 09:55 - 2015-02-28 09:59 - 00000132 _____ () C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-02-28 09:13 - 2015-02-28 09:13 - 03489764 _____ () C:\Users\User\Downloads\Photoshop All In One KeyGen.zip
2015-02-28 09:10 - 2015-02-28 09:22 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-02-28 09:10 - 2015-02-28 09:10 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
2015-02-28 09:09 - 2015-02-28 09:09 - 00001180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2015-02-28 09:09 - 2015-02-28 09:09 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2015-02-28 09:08 - 2015-02-28 09:08 - 00001437 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2015-02-28 09:08 - 2015-02-28 09:08 - 00001271 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2015-02-28 09:08 - 2015-02-28 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2015-02-28 09:08 - 2015-02-28 09:08 - 00000000 ____D () C:\Program Files\Adobe Media Player
2015-02-28 09:07 - 2015-02-28 09:07 - 00000927 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2015-02-28 09:07 - 2015-02-28 09:07 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-02-28 09:07 - 2015-02-28 09:07 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-02-28 09:07 - 2015-02-28 09:07 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-02-28 09:02 - 2015-03-04 16:51 - 00000000 ____D () C:\Users\User\Desktop\Adobe CS5
2015-02-28 04:30 - 2015-02-28 04:30 - 00014762 _____ () C:\Users\User\Downloads\[kickass.to]adobe.photoshop.cs6.full.version.english.crack.m.i (14) (1).torrent
2015-02-28 04:29 - 2015-02-28 05:34 - 00000000 ____D () C:\Users\User\Downloads\Adobe Photoshop CS5 Extended
2015-02-28 04:28 - 2015-02-28 04:28 - 00014762 _____ () C:\Users\User\Downloads\[kickass.to]adobe.photoshop.cs6.full.version.english.crack.m.i (14).torrent
2015-02-28 01:15 - 2015-02-28 01:15 - 00000000 ____D () C:\Users\User\Desktop\JP_Xtra
2015-02-28 00:00 - 2015-02-28 00:00 - 00000000 ____D () C:\Users\User\Downloads\Joomla_3.4.0-Stable-Full_Package
2015-02-27 23:59 - 2015-02-27 23:59 - 10516006 _____ () C:\Users\User\Downloads\Joomla_3.4.0-Stable-Full_Package.zip
2015-02-27 23:20 - 2015-02-27 23:20 - 00000953 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashFXP 5.lnk
2015-02-27 23:20 - 2015-02-27 23:20 - 00000941 _____ () C:\Users\User\Desktop\FlashFXP 5.lnk
2015-02-27 23:20 - 2015-02-27 23:20 - 00000000 __HDC () C:\ProgramData\{ABDC0792-695A-46E5-BD83-F75A9BDBA124}
2015-02-27 23:20 - 2015-02-27 23:20 - 00000000 ____D () C:\ProgramData\regid.2000-02.com.flashfxp
2015-02-27 23:20 - 2015-02-27 23:20 - 00000000 ____D () C:\ProgramData\FlashFXP
2015-02-27 23:20 - 2015-02-27 23:20 - 00000000 ____D () C:\Program Files\FlashFXP 5
2015-02-27 22:58 - 2015-02-27 22:58 - 00000949 _____ () C:\Users\User\Desktop\WinDirStat.lnk
2015-02-27 22:58 - 2015-02-27 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-02-27 22:57 - 2015-02-27 22:58 - 00000000 ____D () C:\Program Files\WinDirStat
2015-02-27 22:14 - 2015-02-27 22:14 - 00097606 _____ () C:\ComboFix.txt
2015-02-27 21:35 - 2015-02-27 21:35 - 05611903 ____R (Swearware) C:\Users\User\Downloads\ComboFixh.exe
2015-02-27 14:33 - 2015-02-27 14:34 - 00000000 ____D () C:\Users\User\Desktop\Abuali
2015-02-27 14:16 - 2015-02-27 23:14 - 00000000 ____D () C:\Users\User\Desktop\livezilla
2015-02-27 01:31 - 2015-03-10 13:21 - 00000000 ____D () C:\Users\User\Documents\LiveZilla
2015-02-27 01:30 - 2015-02-27 01:30 - 00000938 _____ () C:\Users\Public\Desktop\LiveZilla Server Admin.lnk
2015-02-27 01:30 - 2015-02-27 01:30 - 00000929 _____ () C:\Users\Public\Desktop\LiveZilla Client.lnk
2015-02-27 01:30 - 2015-02-27 01:30 - 00000000 __HDC () C:\ProgramData\{8C4228AE-7513-4187-9438-C3D3E6D51151}
2015-02-27 01:30 - 2015-02-27 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveZilla
2015-02-27 01:30 - 2015-02-27 01:30 - 00000000 ____D () C:\Program Files\LiveZilla
2015-02-27 01:26 - 2015-02-27 01:26 - 15959808 _____ (LiveZilla GmbH ) C:\Users\User\Downloads\LiveZilla_5.4.0.1_Full.exe
2015-02-26 23:29 - 2015-02-26 23:32 - 00000000 ____D () C:\Users\User\Desktop\N900XXUEBOA6_N900SEREBOA6_SER
2015-02-26 22:30 - 2015-02-26 22:30 - 00012250 _____ () C:\Windows\system32\.crusader
2015-02-26 22:14 - 2015-02-27 22:38 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-26 22:13 - 2015-02-26 22:37 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-26 20:30 - 2015-02-26 20:32 - 00000000 ____D () C:\Users\User\Downloads\N9005XXUENC2_N9005OJVENB2_XSI
2015-02-26 20:27 - 2015-02-26 20:27 - 00000000 ____D () C:\Users\User\Desktop\SM-N900_lolipop
2015-02-26 19:50 - 2015-02-26 19:51 - 1374000901 _____ () C:\Users\User\Downloads\N9005XXUENC2_N9005OJVENB2_XSI.zip
2015-02-26 18:27 - 2014-10-13 07:57 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2015-02-26 18:27 - 2014-10-13 07:57 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudserd.sys
2015-02-26 18:27 - 2014-10-13 07:57 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudobex.sys
2015-02-26 18:27 - 2014-10-13 07:57 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2015-02-26 18:27 - 2014-10-13 07:57 - 00089856 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2015-02-26 17:31 - 2015-02-26 17:31 - 00000000 ____D () C:\Users\User\Desktop\Odin3-v1.85
2015-02-26 15:44 - 2015-02-26 15:44 - 00000000 ____D () C:\Users\User\Desktop\I9000XXJVU_I9000OXAJVU_OXA
2015-02-26 11:45 - 2015-02-26 11:45 - 02126848 _____ () C:\Users\User\Downloads\adwcleaner_4.111.exe
2015-02-25 16:09 - 2012-02-08 19:06 - 00245376 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbnet.sys
2015-02-25 16:09 - 2011-10-24 14:04 - 00195200 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbmdm.sys
2015-02-25 16:09 - 2011-10-24 13:51 - 00102272 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_usbdev.sys
2015-02-25 15:56 - 2015-02-25 15:56 - 00001005 _____ () C:\Users\User\Desktop\Kingo ROOT.lnk
2015-02-25 13:44 - 2015-02-25 13:44 - 00003452 _____ () C:\Users\User\Downloads\ha3g.pit
2015-02-25 12:53 - 2015-02-25 12:53 - 391052012 _____ () C:\Users\User\Downloads\Y600-U20-arabic-v4.2.rar
2015-02-25 12:53 - 2015-02-25 12:53 - 00000000 ____D () C:\Users\User\Downloads\Y600-U20-arabic-v4.2
2015-02-25 12:35 - 2015-02-25 12:35 - 00093726 _____ () C:\Users\User\Downloads\Huawei Tool v2.4.3.rar
2015-02-25 12:12 - 2015-02-25 12:10 - 00125590 ____N () C:\Users\User\Desktop\00001.vcf
2015-02-25 11:43 - 2015-02-25 11:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\13D269C5.sys
2015-02-24 18:32 - 2015-02-28 21:09 - 00000000 ____D () C:\Users\User\Downloads\CF-Auto-Root-ha3g-ha3gxx-smn900
2015-02-24 18:30 - 2015-02-24 18:32 - 20003195 _____ () C:\Users\User\Downloads\CF-Auto-Root-ha3g-ha3gxx-smn900.zip
2015-02-24 17:59 - 2015-02-24 17:59 - 00025662 _____ () C:\Users\User\Downloads\Exported iCloud vCards.vcf
2015-02-24 17:54 - 2015-02-24 17:55 - 17895292 _____ () C:\Users\User\Downloads\com.badoo.mobile-4.0.4-APK4Fun.com.apk
2015-02-24 15:11 - 2014-07-04 12:20 - 00000000 ____D () C:\Users\User\SP_Flash_Tool_windows_exe_v5.1408.00
2015-02-24 14:31 - 2015-02-24 14:31 - 00000000 ____D () C:\OSSClient
2015-02-24 11:55 - 2015-03-02 01:12 - 00001614 _____ () C:\Users\User\Desktop\Samsung.lnk
2015-02-23 15:06 - 2015-02-23 15:07 - 19667563 _____ () C:\Users\User\Downloads\CF-Auto-Root-t03g-t03gxx-gtn7100.zip
2015-02-23 14:48 - 2015-02-23 14:48 - 00001713 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-23 14:48 - 2015-02-23 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-23 14:47 - 2015-02-23 14:48 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-02-22 18:30 - 2012-12-10 15:48 - 00035840 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial.sys
2015-02-22 18:29 - 2015-02-22 18:29 - 00002149 _____ () C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2015-02-22 18:29 - 2015-02-22 18:29 - 00000000 ____D () C:\Program Files\Common Files\XCPCSync.OEM
2015-02-22 17:19 - 2015-02-22 17:19 - 00000000 ____D () C:\Users\User\Desktop\KDZTOOL
2015-02-22 16:57 - 2015-02-22 17:05 - 366160601 _____ () C:\Users\User\Downloads\V20B_00 (1).kdz
2015-02-22 15:15 - 2015-02-22 15:15 - 00000000 ____D () C:\Users\User\Desktop\CF-Auto-Root-ha3g-ha3gxx-smn900
2015-02-22 13:41 - 2015-02-22 13:41 - 00063349 _____ () C:\Users\User\Documents\Untitled.wma
2015-02-22 13:10 - 2015-02-22 13:10 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ghsandroid_01005.Wdf
2015-02-22 13:02 - 2015-02-22 13:02 - 00000222 _____ () C:\Users\User\Downloads\download-firmware (2).htm
2015-02-22 13:01 - 2015-02-22 13:01 - 00000222 _____ () C:\Users\User\Downloads\download-firmware.htm
2015-02-22 13:01 - 2015-02-22 13:01 - 00000222 _____ () C:\Users\User\Downloads\download-firmware (1).htm
2015-02-21 18:09 - 2015-02-21 18:09 - 00000000 ____D () C:\Users\User\Desktop\giefroot_v3
2015-02-21 17:25 - 2015-02-21 17:27 - 02354950 _____ () C:\Users\User\Downloads\com.viper.simunlockhelperfree.downloader.apk
2015-02-21 14:40 - 2015-02-21 14:40 - 00000037 _____ () C:\Users\User\Downloads\Config (1).dat
2015-02-21 13:16 - 2015-02-21 13:16 - 00000000 ____D () C:\Users\User\Desktop\hp
2015-02-21 12:30 - 2015-02-21 12:30 - 00640424 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\User\Downloads\rufus-1.4.12.exe
2015-02-19 18:04 - 2015-02-19 19:54 - 733201739 _____ () C:\Users\User\Downloads\Taken.3.2014.720p.WEB-DL.700MB.Ganool.com.mkv
2015-02-19 17:40 - 2015-02-19 17:40 - 00015458 _____ () C:\Users\User\Downloads\F70267776BBB12DBC54650250F0EFA86CDF23833.torrent
2015-02-19 17:26 - 2015-02-27 23:03 - 00000000 ____D () C:\Users\User\Downloads\Archive-1c0f
2015-02-19 17:26 - 2015-02-19 17:26 - 100219374 _____ () C:\Users\User\Downloads\Archive-1c0f.zip
2015-02-19 15:30 - 2015-02-19 15:31 - 00000000 ____D () C:\Users\User\Desktop\I9200XXUDNE4_I9200SERDNE4_SER
2015-02-19 14:48 - 2015-02-19 14:48 - 00000447 _____ () C:\Users\User\Downloads\Galaxy.Mega.6.3.I9200.XXUDNE4.4.4.2.Russia.zip.txt
2015-02-18 21:17 - 2015-02-18 21:17 - 02066765 _____ () C:\Users\User\Downloads\Root Explorer v3.1.6forA4.apk
2015-02-18 19:06 - 2015-03-08 10:22 - 00000000 ____D () C:\Users\User\Desktop\cdma_workshop_i205704
2015-02-18 19:05 - 2015-02-18 19:05 - 00000000 ____D () C:\Users\User\Downloads\CDMA Workshop, Plimus order # 80679485
2015-02-18 19:04 - 2015-02-18 19:04 - 00000617 _____ () C:\Users\User\Downloads\CDMA Workshop, Plimus order # 80679485.zip
2015-02-18 18:44 - 2015-02-18 18:45 - 06123779 _____ () C:\Users\User\Downloads\com.jrummy.root.browser_quickdownload_309.apk
2015-02-18 18:31 - 2015-02-18 18:31 - 00000000 ____D () C:\Users\User\Desktop\Root_Explorer_v3.3.1_Onhax.net
2015-02-18 18:23 - 2015-02-18 18:23 - 00001975 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2015-02-18 18:23 - 2015-02-18 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2015-02-18 17:53 - 2015-02-18 17:53 - 00000000 ____D () C:\Users\User\Desktop\ungaze_v4b5_pico
2015-02-18 17:52 - 2015-02-18 17:52 - 00000000 ____D () C:\Users\User\Desktop\initd
2015-02-17 16:16 - 2015-02-17 16:16 - 02300141 _____ () C:\Users\User\Downloads\Mounts2SD-3.4.8-unlocked.apk
2015-02-17 13:58 - 2015-02-17 14:01 - 07617179 _____ () C:\Users\User\Downloads\Titanium Backup v6.2.0.3 Pro [PATCHED] Apk by OnHax.apk
2015-02-17 12:18 - 2015-02-17 12:18 - 00001118 _____ () C:\Users\Public\Desktop\MobileWiFi.lnk
2015-02-17 12:18 - 2013-12-10 07:36 - 00316544 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_wwanecm.sys
2015-02-17 12:18 - 2013-12-10 07:34 - 00108032 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_cdcacm.sys
2015-02-17 12:18 - 2013-11-30 11:09 - 00208896 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2015-02-17 12:18 - 2013-11-30 11:08 - 00101504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2015-02-17 12:18 - 2013-11-30 11:08 - 00077824 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2015-02-17 12:18 - 2013-11-30 11:08 - 00070784 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2015-02-17 12:18 - 2013-11-30 11:08 - 00027776 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2015-02-17 12:18 - 2013-11-30 10:59 - 00381952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2015-02-17 12:18 - 2013-11-30 10:54 - 00199296 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2015-02-17 12:18 - 2013-01-25 03:16 - 00095232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2015-02-17 12:18 - 2012-12-22 03:46 - 00011904 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2015-02-17 12:18 - 2010-10-08 10:55 - 00025856 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2015-02-17 12:18 - 2010-09-26 12:09 - 00019200 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2015-02-17 12:17 - 2015-02-17 12:18 - 00000000 ____D () C:\Program Files\MobileWiFi
2015-02-16 21:18 - 2015-02-16 21:19 - 12854718 _____ () C:\Users\User\Downloads\com.hornet.android.apk
2015-02-16 21:18 - 2015-02-16 21:19 - 08461101 _____ () C:\Users\User\Downloads\com.appspot.scruffapp.apk
2015-02-16 18:54 - 2015-02-16 18:55 - 16623104 _____ () C:\Users\User\Downloads\com.facebook.orca-21.0.0.20.13-APK4Fun.com.apk
2015-02-16 18:46 - 2015-02-16 18:49 - 28951856 _____ () C:\Users\User\Downloads\com.facebook.katana-27.0.0.24.15-APK4Fun.com (1).apk
2015-02-16 17:21 - 2015-02-16 17:21 - 00000000 ____D () C:\Users\User\Downloads\tmo gs4 nh7 firmware + root files
2015-02-16 17:12 - 2015-02-16 17:14 - 1575535601 _____ () C:\Users\User\Downloads\tmo gs4 nh7 firmware + root files.rar
2015-02-16 16:55 - 2015-02-16 17:01 - 03244822 _____ () C:\Users\User\Downloads\Link2SD_4.0.1_APKField.apk
2015-02-16 14:35 - 2015-02-16 14:35 - 00118278 _____ () C:\Users\User\Downloads\SD.Maid.Pro.Unlocker.v3.1.0.0.apk
2015-02-16 13:05 - 2015-02-16 13:05 - 00011864 _____ () C:\Users\User\Downloads\captcha.htm
2015-02-15 21:19 - 2015-02-15 21:20 - 19526808 _____ () C:\Users\User\Downloads\WhatsApp_2.apk
2015-02-15 21:10 - 2015-02-15 21:14 - 28951856 _____ () C:\Users\User\Downloads\com.facebook.katana-27.0.0.24.15-APK4Fun.com.apk
2015-02-15 18:07 - 2015-02-15 18:07 - 00001097 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk
2015-02-15 18:07 - 2015-02-15 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.0
2015-02-15 18:07 - 2015-02-15 18:07 - 00000000 ____D () C:\Program Files\MiniTool Partition Wizard Free 9.0
2015-02-15 18:07 - 2015-01-14 11:27 - 02894848 _____ () C:\Windows\system32\pwNative.exe
2015-02-15 18:07 - 2013-09-30 16:26 - 00015688 ____N () C:\Windows\system32\pwdrvio.sys
2015-02-15 18:07 - 2013-09-30 16:26 - 00010320 ____N () C:\Windows\system32\pwdspio.sys
2015-02-15 17:42 - 2015-02-15 17:43 - 04935680 _____ () C:\Users\User\Downloads\recovery_2.img
2015-02-15 17:13 - 2015-02-15 17:17 - 04810752 _____ () C:\Users\User\Downloads\philz_touch_5.15.0-pico.img
2015-02-15 16:16 - 2015-02-15 16:16 - 00104920 _____ () C:\Users\User\Downloads\flash_erase.txt
2015-02-15 15:57 - 2015-02-15 16:04 - 05199872 _____ () C:\Users\User\Downloads\openrecovery-twrp-2.4.4.0-pico_2.img
2015-02-15 15:47 - 2015-02-15 15:47 - 00026644 _____ () C:\Users\User\Downloads\file.html
2015-02-15 14:17 - 2015-02-15 14:18 - 04995072 _____ () C:\Users\User\Downloads\recovery.img
2015-02-15 14:03 - 2015-02-15 14:03 - 01252477 _____ () C:\Users\User\Downloads\recovery.img.crdownload
2015-02-15 13:51 - 2015-02-15 13:51 - 00000000 ____D () C:\Users\User\Downloads\Explorer_All-In-One_Kit_v1.0
2015-02-15 13:42 - 2015-02-15 13:46 - 26032767 _____ () C:\Users\User\Downloads\Explorer_All-In-One_Kit_v1.0.rar
2015-02-15 13:14 - 2015-02-15 13:15 - 00066639 _____ () C:\Users\User\Downloads\WhatsApp.apk
2015-02-14 22:49 - 2015-03-09 15:51 - 00000000 ____D () C:\Program Files\FURIOUS-GOLD
2015-02-14 21:35 - 2015-02-14 22:38 - 1599402628 _____ () C:\Users\User\Downloads\iPhone5,2_8.1.3_12B466_Restore.ipsw
2015-02-14 20:21 - 2015-02-14 20:23 - 400733642 _____ () C:\Users\User\Downloads\A1000F_A412_01_23_130822_ROW_USER.rar
2015-02-14 20:01 - 2015-03-04 16:51 - 00000000 ____D () C:\Users\User\Downloads\MtkDroidTools v2.5.3
2015-02-14 19:07 - 2015-02-14 19:07 - 02444504 _____ () C:\Users\User\Downloads\com.Droidstars.dictionary.englishtoarabic-1.0.9-APK4Fun.com.apk
2015-02-14 18:26 - 2015-03-04 16:51 - 00000000 ____D () C:\Users\User\Desktop\by_koukyjo
2015-02-14 15:16 - 2015-02-14 15:16 - 00000000 ____D () C:\Users\User\Desktop\CF-Auto-Root-k3g-k3gxx-smg900h
2015-02-14 10:44 - 2015-02-14 10:44 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\38886165.sys
2015-02-12 13:14 - 2015-02-12 13:16 - 10289178 _____ () C:\Users\User\Downloads\Machinarium_v2.0.21_www.revdl.com.apk
2015-02-11 20:30 - 2015-02-11 20:32 - 10489856 _____ () C:\Users\User\Downloads\openrecovery-twrp-2.8.0.1-t6spr.img
2015-02-11 17:08 - 2015-02-17 17:18 - 00000000 ____D () C:\Users\User\Desktop\RBSoft
2015-02-11 16:41 - 2015-02-11 16:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\HTC
2015-02-11 16:39 - 2015-02-21 20:03 - 00000000 ____D () C:\Users\User\AppData\Local\HTC MediaHub
2015-02-11 16:39 - 2015-02-11 16:40 - 00000000 ____D () C:\Users\User\Documents\HTC
2015-02-11 16:39 - 2015-02-11 16:39 - 00001961 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk
2015-02-11 16:39 - 2015-02-11 16:39 - 00000000 ____D () C:\ProgramData\HTC
2015-02-11 13:17 - 2015-02-11 13:24 - 00000000 ____D () C:\Users\User\Desktop\gt-i9500 fix_imei_null_new
2015-02-10 19:35 - 2015-02-10 19:35 - 02512414 _____ () C:\Users\User\Downloads\com.speedsoftware.rootexplorer_3.3.3_paid-www.apkhere.com.apk
2015-02-10 19:34 - 2015-02-10 19:34 - 01105389 _____ () C:\Users\User\Downloads\HtcOMADM_SPCS.apk
2015-02-10 19:22 - 2015-02-10 19:31 - 37044080 _____ (RSUPPORT ) C:\Users\User\Downloads\mobizen.exe
2015-02-10 18:48 - 2015-02-10 18:48 - 01182190 _____ () C:\Users\User\Downloads\7z938.exe
2015-02-10 18:37 - 2015-02-10 18:49 - 00000000 ____D () C:\Users\User\Desktop\M919UVUFNK2_M919TMBFNK2_TMB
2015-02-10 15:48 - 2015-02-10 15:49 - 10018816 _____ () C:\Users\User\Downloads\twrpspr.img.img
2015-02-10 14:58 - 2015-03-01 14:39 - 00000000 ____D () C:\Users\User\Desktop\Z2-Community_RootKit-v01
2015-02-10 14:35 - 2015-02-10 14:45 - 00000000 ____D () C:\Users\User\Downloads\rootkitXperia_20140719
2015-02-09 19:29 - 2015-02-09 19:29 - 00000000 ____D () C:\Users\User\Downloads\sprint-htc-one-max-twrp-recovery
2015-02-09 18:56 - 2015-03-02 03:26 - 00000000 ____D () C:\ruu_log
2015-02-09 18:03 - 2015-02-09 18:29 - 636480512 _____ () C:\Users\User\Downloads\20140517_a23_a0721 ENET E714J 8G_8089_800X480_flashingCam_8312_323x_d09_20140611_2.img
2015-02-09 17:58 - 2015-02-09 17:59 - 00567943 _____ () C:\Users\User\Downloads\jackpal.androidterm-1.0.65-APK4Fun.com.apk
2015-02-09 17:25 - 2015-02-09 17:29 - 28429670 _____ () C:\Users\User\Downloads\SunShine-latest.apk
2015-02-09 17:22 - 2015-02-09 17:50 - 497096704 _____ () C:\Users\User\Downloads\a23_(et_q8v1.6)_two_logo(android)_os4.2_led_update-TV.img
2015-02-09 17:07 - 2015-02-09 17:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2015-02-09 16:05 - 2015-02-09 16:05 - 10061824 _____ () C:\Users\User\Downloads\philz_touch_6.48.4-m7spr.img
2015-02-09 15:17 - 2015-02-23 18:38 - 00000000 ____D () C:\Users\User\Desktop\SAMSUNG S3 BOOT CARD MAKER
2015-02-09 13:43 - 2015-02-09 13:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2015-02-08 21:24 - 2015-02-08 21:29 - 00000000 ____D () C:\Users\User\Desktop\New folder
2015-02-08 19:40 - 2015-02-17 17:18 - 00000000 ____D () C:\Users\User\Desktop\motochopper
2015-02-08 17:48 - 2015-02-08 17:48 - 00539480 _____ () C:\Users\User\Downloads\RKAndroidTool v1.37.rar
2015-02-08 17:38 - 2013-09-09 13:59 - 00046096 _____ (Fuzhou Rockchip Electronics Co,Ltd.) C:\Windows\system32\Drivers\rockusb.sys
2015-02-08 17:13 - 2015-02-08 17:13 - 00000000 ____D () C:\Users\User\Desktop\HUAWEI_Ascend_G300_firmware(U8815,Android_4.0,V100R001C00B952,Normal,05011CPT)
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-10 18:35 - 2014-09-01 12:07 - 00000830 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 18:34 - 2014-04-21 15:16 - 00000000 ____D () C:\ProgramData\MoboRobo
2015-03-10 18:33 - 2014-04-21 16:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-10 18:23 - 2014-04-21 16:16 - 02169064 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-10 18:14 - 2014-04-21 16:14 - 02002310 _____ () C:\Windows\WindowsUpdate.log
2015-03-10 17:53 - 2014-09-17 11:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\DMCache
2015-03-10 17:41 - 2009-07-14 06:39 - 03955722 _____ () C:\Windows\setupact.log
2015-03-10 17:25 - 2014-12-22 11:25 - 00001869 _____ () C:\Users\Public\Desktop\MoboRobo.lnk
2015-03-10 17:25 - 2014-04-21 15:16 - 00000000 ____D () C:\Program Files\MoboRobo
2015-03-10 17:11 - 2015-01-25 15:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\mIRC
2015-03-10 16:51 - 2009-07-14 06:34 - 00018064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-10 16:51 - 2009-07-14 06:34 - 00018064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-10 16:23 - 2014-11-11 13:14 - 00000000 ___RD () C:\Users\User\Desktop\VolcanoUtility_v2.8.3_Volcano Yellowstone
2015-03-10 14:17 - 2015-01-14 16:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\MyPhoneExplorer
2015-03-10 13:24 - 2014-04-22 11:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2015-03-10 13:10 - 2014-09-01 12:07 - 00000826 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 13:10 - 2014-08-23 11:42 - 00041168 _____ () C:\Windows\error.log
2015-03-10 13:10 - 2014-06-18 18:46 - 00000000 ____D () C:\Temp
2015-03-10 13:10 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-10 13:10 - 2009-07-14 06:33 - 03790328 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 13:08 - 2015-01-22 15:46 - 00000000 ____D () C:\Users\User\Downloads\odbg110
2015-03-10 13:08 - 2014-09-13 10:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-10 13:08 - 2014-08-23 11:42 - 00009045 _____ () C:\Windows\errord.log
2015-03-10 13:08 - 2014-04-21 16:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-03-10 13:08 - 2014-04-21 15:18 - 00000000 ____D () C:\Users\User\.android
2015-03-10 13:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-10 13:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-03-09 19:13 - 2015-01-22 15:28 - 00000000 ____D () C:\Program Files\Miracle Box
2015-03-09 19:13 - 2014-04-21 15:30 - 01239124 _____ () C:\Windows\DPINST.LOG
2015-03-09 18:22 - 2014-04-21 16:38 - 00112688 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-09 18:14 - 2014-04-23 11:27 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-03-09 14:02 - 2014-04-21 16:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2015-03-09 13:14 - 2014-04-21 15:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\PC Suite
2015-03-08 18:59 - 2014-04-21 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-03-08 18:50 - 2014-04-23 20:10 - 00000000 ____D () C:\Program Files\NsPro
2015-03-08 13:56 - 2014-12-07 13:30 - 00001005 _____ () C:\Users\Public\Desktop\Kingo ROOT.lnk
2015-03-08 13:56 - 2014-05-11 17:03 - 00000000 ____D () C:\Program Files\Kingo Android ROOT
2015-03-07 18:04 - 2014-04-22 11:25 - 00000000 ___HD () C:\Program Files\Common Files\SarasSoft
2015-03-07 18:04 - 2014-04-21 16:39 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-07 17:26 - 2014-09-13 10:57 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-07 17:26 - 2014-08-07 18:30 - 00000000 ____D () C:\Program Files\MOZILLA FIREFOX
2015-03-07 17:16 - 2014-11-03 13:51 - 00002411 _____ () C:\Windows\system32\lgAxconfig.ini
2015-03-07 15:15 - 2014-04-21 17:36 - 00000000 ____D () C:\Users\User\AppData\Local\Downloaded Installations
2015-03-07 11:13 - 2014-09-17 11:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\IDM
2015-03-07 10:01 - 2015-01-24 22:35 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-07 09:24 - 2014-04-21 17:43 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-07 09:23 - 2015-01-28 18:44 - 00000000 ____D () C:\Program Files\Uni-Android Tool Beta Test
2015-03-07 09:21 - 2015-01-27 01:11 - 00000000 ____D () C:\Program Files\netcut
2015-03-07 09:20 - 2015-02-02 18:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-07 09:11 - 2014-04-21 17:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\URSoft
2015-03-06 15:42 - 2014-04-22 11:22 - 00001167 _____ () C:\Users\Public\Desktop\UFS_Panel.lnk
2015-03-05 18:55 - 2014-04-21 16:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-03-05 06:07 - 2015-01-25 21:28 - 00000000 ____D () C:\DrFoneCache
2015-03-05 01:39 - 2015-01-22 15:28 - 01197953 _____ () C:\Windows\MIRACLE BOX Uninstaller.exe.bak
2015-03-04 17:20 - 2014-04-21 15:30 - 00000000 ____D () C:\Program Files\DIFX
2015-03-04 16:51 - 2015-02-02 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-04 16:51 - 2015-01-27 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
2015-03-04 16:51 - 2014-09-01 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-04 16:51 - 2014-04-26 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPT
2015-03-04 16:51 - 2014-04-26 12:50 - 00000000 ____D () C:\Program Files\SPT
2015-03-04 16:51 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-04 16:50 - 2015-01-25 15:16 - 00000000 ____D () C:\Program Files\mIRC
2015-03-04 16:50 - 2014-05-24 19:11 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-03-04 16:50 - 2014-04-21 16:47 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-04 16:49 - 2014-04-21 16:46 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2015-03-04 16:48 - 2014-05-26 14:48 - 00000000 ____D () C:\Program Files\Google
2015-03-03 20:03 - 2014-11-03 13:51 - 00000000 ____D () C:\ProgramData\LGMOBILEAX
2015-03-03 19:17 - 2015-02-02 18:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 19:16 - 2014-05-24 20:41 - 00000000 ____D () C:\Program Files\MSXML 4.0
2015-03-03 18:41 - 2014-04-24 20:24 - 00000000 ____D () C:\Program Files\Z3X
2015-03-03 18:27 - 2014-04-26 12:55 - 00000000 ____D () C:\InfinityBox
2015-03-03 18:02 - 2014-04-21 15:30 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2015-03-03 17:02 - 2014-06-24 13:00 - 00000000 ____D () C:\Users\User\AppData\Local\pangu
2015-03-03 15:16 - 2014-04-21 15:08 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-03 13:13 - 2015-01-18 18:57 - 00000000 ____D () C:\Windows\system32\SupportAppPB4G Hotspot
2015-03-03 13:13 - 2015-01-18 18:57 - 00000000 ____D () C:\Program Files\4G Hotspot
2015-03-03 13:09 - 2014-07-16 23:34 - 00000000 ____D () C:\Windows\system32\SupportAppXL
2015-03-03 13:01 - 2014-11-25 16:50 - 00014293 _____ () C:\debug1214.txt
2015-03-03 12:47 - 2014-08-09 15:40 - 00000000 ____D () C:\ProgramData\DatacardService
2015-03-03 05:01 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-03 03:55 - 2009-07-14 09:50 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-03 03:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-03-03 03:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-03-03 03:17 - 2014-09-13 13:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-02 12:59 - 2014-04-21 16:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-02 07:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-01 19:33 - 2014-04-26 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox
2015-03-01 13:46 - 2015-02-07 15:16 - 00000000 __SHD () C:\Users\User\wc
2015-03-01 11:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-03-01 10:58 - 2014-11-09 12:24 - 00000000 ___RD () C:\Users\User\Podcasts
2015-03-01 10:50 - 2009-07-14 06:56 - 00000000 ____D () C:\Windows\system32\winrm
2015-03-01 10:50 - 2009-07-14 06:56 - 00000000 ____D () C:\Windows\system32\WCN
2015-03-01 10:50 - 2009-07-14 06:56 - 00000000 ____D () C:\Windows\system32\slmgr
2015-03-01 10:50 - 2009-07-14 06:56 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2015-03-01 10:50 - 2009-07-14 06:56 - 00000000 ____D () C:\Windows\DigitalLocker
2015-03-01 10:50 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-03-01 10:50 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-03-01 10:50 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-01 10:50 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-01 10:50 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\DVD Maker
2015-03-01 10:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\MUI
2015-03-01 10:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\com
2015-03-01 10:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\IME
2015-03-01 10:43 - 2014-09-21 10:43 - 00000000 ____D () C:\AdwCleaner
2015-03-01 02:00 - 2014-04-21 16:45 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-28 20:49 - 2015-02-01 16:33 - 00000000 ____D () C:\Users\User\Downloads\CF-Auto-Root-ms013g-ms013gxx-smg7102
2015-02-28 19:42 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-28 17:55 - 2015-01-31 14:32 - 00002063 _____ () C:\Users\Public\Desktop\Wondershare MobileTrans.lnk
2015-02-28 09:22 - 2015-01-24 20:37 - 00000000 ____D () C:\Users\User\Downloads\SAE.v1.14.4.x86
2015-02-28 09:09 - 2014-11-17 21:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-28 09:09 - 2014-11-17 21:54 - 00000000 ____D () C:\Program Files\Adobe
2015-02-27 23:07 - 2015-02-07 19:25 - 00000000 ____D () C:\Program Files\Coolmuster
2015-02-27 23:05 - 2015-02-03 20:28 - 00000000 ____D () C:\Users\User\Downloads\S5830BVJLP4_S5830BUVILP2_ZVV
2015-02-27 23:01 - 2014-06-12 13:47 - 00000000 ____D () C:\Windows\Minidump
2015-02-27 22:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Log
2015-02-27 22:41 - 2015-01-27 11:32 - 00000000 ____D () C:\Program Files\Hide My IP 6
2015-02-27 22:14 - 2015-01-24 22:04 - 00000000 ____D () C:\Qoobox
2015-02-27 21:56 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-27 21:52 - 2015-01-24 22:03 - 00000000 ____D () C:\Windows\erdnt
2015-02-27 00:44 - 2015-01-31 13:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\Web Page Maker
2015-02-26 22:30 - 2014-11-10 14:32 - 00000000 ___RD () C:\Users\User\Desktop\New folder (2)
2015-02-26 21:58 - 2015-01-24 14:31 - 05611903 _____ (Swearware) C:\Users\User\Downloads\ComboFix.exe
2015-02-26 20:51 - 2015-01-19 13:50 - 00000000 ____D () C:\Unified_Android_ToolKit
2015-02-26 20:49 - 2015-01-28 18:59 - 00000066 _____ () C:\Windows\data.file
2015-02-26 15:12 - 2014-04-21 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoboRobo
2015-02-25 17:59 - 2014-04-21 16:12 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-02-24 20:37 - 2014-04-21 16:47 - 00000000 ____D () C:\Program Files\USB Disk Security
2015-02-23 15:08 - 2015-01-24 11:47 - 00000000 ____D () C:\Users\User\Downloads\CF-Auto-Root-t03g-t03gxx-gtn7100
2015-02-23 14:48 - 2014-05-22 12:34 - 00000000 ____D () C:\Program Files\iTunes
2015-02-23 14:47 - 2014-05-22 12:34 - 00000000 ____D () C:\Program Files\iPod
2015-02-22 18:30 - 2014-04-21 16:27 - 00002245 _____ () C:\Users\User\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-02-22 18:29 - 2014-04-21 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
2015-02-22 18:29 - 2014-04-21 16:27 - 00000000 ____D () C:\Program Files\Common Files\Research In Motion
2015-02-22 10:55 - 2009-07-14 06:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-21 12:43 - 2015-02-01 18:41 - 00000952 __RSH () C:\ProgramData\ntuser.pol
2015-02-19 15:41 - 2014-08-04 12:59 - 00000000 ____D () C:\Users\User\Documents\SelfMV
2015-02-18 18:23 - 2015-01-13 18:26 - 00000000 ____D () C:\Program Files\MyPhoneExplorer
2015-02-17 17:18 - 2015-01-21 19:50 - 00000000 ____D () C:\Users\User\Downloads\ControlBearRelease_shooter_GB_WIN
2015-02-17 17:18 - 2015-01-21 19:47 - 00000000 ____D () C:\Users\User\Downloads\ControlBearRelease_pyramid_ICS_LINUX_NOHTCDEV
2015-02-17 17:18 - 2015-01-18 19:22 - 00000000 ____D () C:\Users\User\Downloads\DC Unlocker Cracked Version
2015-02-17 17:18 - 2014-09-14 13:13 - 00000000 ____D () C:\Users\User\Downloads\WindowsLoaderv2.1.3
2015-02-17 17:18 - 2014-06-17 06:21 - 00000000 ____D () C:\Users\User\Desktop\ioroot
2015-02-16 18:38 - 2015-02-02 14:47 - 00000000 ____D () C:\Mobile Upgrade S 4.1.3
2015-02-15 13:19 - 2015-02-07 15:16 - 00000000 __SHD () C:\Users\User\AppData\Roaming\wyUpdate AU
2015-02-15 12:34 - 2014-04-23 11:04 - 00000000 ____D () C:\Users\Public\Documents\RootGenius
2015-02-11 16:40 - 2014-05-22 12:34 - 00000000 ____D () C:\Users\User\AppData\Local\Apple Computer
2015-02-11 16:39 - 2014-09-06 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2015-02-11 16:39 - 2014-08-10 16:22 - 00000000 ____D () C:\Program Files\Common Files\Nero
2015-02-11 16:39 - 2014-05-22 12:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apple Computer
2015-02-11 16:38 - 2014-09-06 09:53 - 00000000 ____D () C:\Program Files\HTC
2015-02-10 18:48 - 2015-01-20 15:16 - 00000000 ____D () C:\Program Files\7-Zip
2015-02-10 14:44 - 2012-11-17 05:36 - 00000000 ____D () C:\adb
2015-02-10 14:24 - 2014-12-13 14:11 - 00000000 ____D () C:\Users\User\AppData\Local\Kingosoft
2015-02-09 13:43 - 2014-12-16 13:29 - 00000000 ____D () C:\Program Files\ClockworkMod
2015-02-08 17:08 - 2015-01-25 18:50 - 00003545 _____ () C:\Windows\system32\Drivers\dcdiagtrace.log
 
==================== Files in the root of some directories =======
 
2014-11-27 16:12 - 2014-11-27 16:12 - 0001296 _____ () C:\Program Files\Simlock Remote Clientoperations.log
2014-06-22 20:27 - 2014-06-22 20:27 - 0002528 _____ () C:\Users\User\AppData\Roaming\$_hpcst$.hpc
2015-02-28 09:55 - 2015-02-28 09:59 - 0000132 _____ () C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-04-21 16:35 - 2014-11-05 11:18 - 0000385 _____ () C:\Users\User\AppData\Roaming\Rim.Desktop.Exception.log
2014-04-21 16:27 - 2015-02-22 18:30 - 0002245 _____ () C:\Users\User\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-04-21 16:35 - 2014-11-05 11:18 - 0000385 _____ () C:\Users\User\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-08-18 10:00 - 2014-11-11 16:10 - 0000600 _____ () C:\Users\User\AppData\Roaming\winscp.rnd
2015-01-01 18:04 - 2015-01-01 18:04 - 0000028 _____ () C:\Users\User\AppData\Roaming\粄眚
2014-10-26 13:57 - 2014-10-26 13:57 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-03 22:02 - 2015-03-03 22:02 - 0000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2014-05-22 12:28 - 2014-11-11 16:10 - 0000600 _____ () C:\Users\User\AppData\Local\PUTTY.RND
2014-08-09 17:50 - 2014-08-09 17:50 - 0000001 _____ () C:\Users\User\AppData\Local\RawCopy.1.02.agreement
2014-08-09 17:50 - 2014-08-09 17:50 - 0000023 _____ () C:\Users\User\AppData\Local\RawCopy.opendialog.dir
2014-08-09 17:50 - 2014-08-09 17:50 - 0000001 _____ () C:\Users\User\AppData\Local\RawCopy.opendialog.filterindex
2014-08-09 17:50 - 2014-08-09 17:52 - 0000032 _____ () C:\Users\User\AppData\Local\RawCopy.sourcedisk.filepath
2014-08-09 17:50 - 2014-08-09 17:52 - 0000001 _____ () C:\Users\User\AppData\Local\RawCopy.sourcedisk.index
2015-03-06 16:03 - 2015-03-06 16:03 - 0004925 _____ () C:\ProgramData\aqmmpwnp.hgu
2014-04-21 15:16 - 2012-09-27 16:57 - 0067584 _____ (Genry) C:\ProgramData\ISTask.dll
2014-11-11 11:29 - 2014-12-02 20:42 - 0000019 _____ () C:\ProgramData\NOTICE.ini
 
Files to move or delete:
====================
C:\ProgramData\ISTask.dll
 
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\bassmod.dll
C:\Users\User\AppData\Local\Temp\HitmanPro.exe
C:\Users\User\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\Uninstall.exe
C:\Users\User\AppData\Local\Temp\vcredist_x86_2008.exe
C:\Users\User\AppData\Local\Temp\vcredist_x86_2010.exe
C:\Users\User\AppData\Local\Temp\zlibc.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 10:08
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 10 March 2015 - 01:03 PM

Hello h3llb0y and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
:hello:
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 10 March 2015 - 03:24 PM

Hi h3llb0y,

 

Do you use Yahoo Messenger ?

-----------------------------------------------------------------------------
 

C:\Users\User\Downloads\DC Unlocker Cracked Version
C:\Users\User\Downloads\[kickass.to]adobe.photoshop.cs6.full.version.english.crack.m.i (14).torrent
C:\Users\User\Downloads\[kickass.to]adobe.photoshop.cs6.full.version.english.crack.m.i (14) (1).torrent
C:\Users\User\Desktop\Havij 1.17 Pro Cracked by mm1991 [ AoRE Team ]
C:\Users\User\Desktop\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ]
C:\Users\User\Desktop\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].part1.rar
C:\Users\User\Downloads\VMware.Fusion.Professional.v7.1.0.MacOSX.Incl.Keymaker-CORE

 
Crackıng software warning.

Quote

 

Post by quietman7, on 02 October 2009 - 05:16 AM, said:


A Keygen is a program which is used to illegally bypass copy protection on games and commercial software by generating a random serial number, or "cd key", that matches the software it is intended to be used with.

A Cracking tool is used to copy commercial software illegally by breaking the various copy-protection and registration techniques being used.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Quote
Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

Quote
...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

Quote
...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

Quote
...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware
Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

 

 
Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

µTorrent,

Tencent
-------------------------------------------------------------------------------------------------------------------------------
Step 1:
FRST Script:
Please download this attached txt.gif  fixlist.txt  12.84KB 0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 5:

Please be sure to run our tools with administrator rights.

 

ComboFix run:

 

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 h3llb0y

h3llb0y
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 11 March 2015 - 06:14 AM

Hello,

 

all required logs are attached.

 

 

thanks in advance.

Attached Files



#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 11 March 2015 - 07:41 AM

I see not combofix.log ? Please post ComboFix.txt


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 h3llb0y

h3llb0y
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 11 March 2015 - 08:52 AM

log.txt is combofix log



#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 11 March 2015 - 09:07 AM

ComboFix.log is anormal ! a strange !!

Download ComboFix Save to the Desktop and plese try run.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 h3llb0y

h3llb0y
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 11 March 2015 - 09:32 AM

hello,

 

log attached.

 

 

Attached Files



#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 11 March 2015 - 02:27 PM

Hi h3llb0y,

 

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
c:\windows\MartechCOM Uninstaller.exe
c:\windows\system32\drivers\1378060C.sys

 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

-----------------------------------------------------------

Step 1:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.07.0.1009.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Step 2:

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 h3llb0y

h3llb0y
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 11 March 2015 - 04:02 PM

https://www.virustotal.com/en/file/35dbbb8e63b480151ea5701d9db7c90642fa2391d044db400d3644f3e21bb0c1/analysis/1426104457/

 

https://www.virustotal.com/en/file/65d0ad333c15938c79235762c3b5d6fd1e5284b334b4e3c1acc4c59129962808/analysis/1426104917/

 

logs attached

Attached Files



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 11 March 2015 - 04:49 PM

Hello,
 

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

Please follow the below steps to disable "Teredo" and report whether it helps.

1- Open an elevated "command prompt"

http://www.bleepingcomputer.com/tuto...ommand-prompt/

2- Type the below commands exactly and press "Enter" key.

netsh interface teredo set state disabled

Reboot the system when completed.

-----------------------------------------------------------------------------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

  • Download the latest version of Java Runtime Environment (JRE) 8.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline (32Bit) and save the file.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, and remove all older versions of Java. Specifically

            Java 7 Update 55
            Java 8 Update 31
            Java 6 Update 23

  • Click the Remove or Change/Remove button.
  • Then from your desktop double-click on jre-8u40-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel > Programs > Java (this is using the default Category view - if you are using something different, the Java Icon looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
    • Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
       
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

----------------------------------------------------------------------------------------------------------------------------

 

Run Eset Online Scan

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option "Scan Archives" and Remove found threats is ticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 h3llb0y

h3llb0y
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 12 March 2015 - 05:32 AM

C:\Program Files\Wondershare\MobileTrans\Patch.exe a variant of Win32/HackTool.Patcher.T potentially unsafe application
C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\extensions\0pHNYy@Y.net\content\bg.js.vir JS/Kryptik.ATB trojan
C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\extensions\6@gdnsBQUKTZ.com\content\bg.js.vir JS/Kryptik.ATB trojan
C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\extensions\staged\XG9@zYSx.org\content\bg.js.vir JS/Kryptik.ATL trojan
C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\extensions\Tr@WJ82F.net\content\bg.js.vir JS/Kryptik.ATB trojan
C:\Uni\Uni.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\User\AppData\Local\Installer\Installiwebar_10118\delay.exe a variant of Win32/SpeedBit.C potentially unwanted application
C:\Users\User\AppData\Local\Installer\Installiwebar_20285\ins_postInst.exe a variant of Win32/SpeedBit.C potentially unwanted application
C:\Users\User\AppData\Local\Installer\Installsense_10118\delay.exe a variant of Win32/SpeedBit.C potentially unwanted application
C:\Users\User\AppData\Local\Installer\Installsense_20285\ins_postInst.exe a variant of Win32/SpeedBit.C potentially unwanted application
C:\Users\User\AppData\Local\Temp\Rar$EXa0.734\SPTCARD1957.exe multiple threats
C:\Users\User\AppData\Local\VirtualStore\Windows\System32\HavijPro\ci_2 Win32/HackTool.Crack.BF potentially unsafe application
C:\Users\User\Desktop\Havij Pro 1.17 Portable\Havij Pro 1.17 Portable\Loader.exe Win32/HackTool.Crack.BF potentially unsafe application
C:\Users\User\Desktop\Piranha_box_V1.47\Piranha_box_V1.47\Piranha_Box-V1.48.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\User\Desktop\Piranha_box_V1.47\Piranha_box_V1.47\ADB_ROOT\pwn Android/Exploit.Lotoor.EP trojan
C:\Users\User\Desktop\Piranha_box_V1.48\Piranha_box_V1.48\Piranha_box_V1.48\Piranha_Box-V1.48.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\User\Desktop\RBSoft\S7562_Data\mempodroid Android/Exploit.MempoDroid.A trojan
C:\Users\User\Desktop\VolcanoUtility_v2.8.3_Volcano Yellowstone\dPhone.dll a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\User\Desktop\VolcanoUtility_v2.8.3_Volcano Yellowstone\TJDevice.dll a variant of Win32/Packed.Themida.AAN trojan
C:\Users\User\Desktop\VolcanoUtility_v2.8.3_Volcano Yellowstone\VolcanoTool.exe a variant of Win32/Packed.VMProtect.ABD trojan
C:\Users\User\Desktop\VolcanoUtility_v2.8.3_Volcano Yellowstone\VolcanoUtility.exe a variant of Win32/Packed.VMProtect.ABD trojan
C:\Users\User\Desktop\VolcanoUtility_v2.8.3_Volcano Yellowstone\bin\FlashTool.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\User\Desktop\VolcanoUtility_v2.8.3_Volcano Yellowstone\bin\HTCCALC.exe a variant of Win32/Packed.Themida.AAN trojan
C:\Users\User\Desktop\VolcanoUtility_v2.8.3_Volcano Yellowstone\bin\XESevice.exe a variant of Win32/Packed.Themida.AAN trojan
C:\Users\User\Desktop\VolcanoUtility_v2.8.3_Volcano Yellowstone\bin2\FlashTool.exe a variant of Win32/Packed.Themida.AAN trojan
C:\Users\User\Desktop\VolcanoUtility_v2.8.3_Volcano Yellowstone\bin3\MtkAndroid.exe a variant of Win32/Packed.Themida.AAN trojan
C:\Users\User\Desktop\VolcanoUtility_v2.8.3_Volcano Yellowstone\bin4\android_mtk.exe a variant of Win32/Packed.Themida.AAN trojan
C:\Users\User\Desktop\VolcanoUtility_v2.8.3_Volcano Yellowstone\bin5\CDMA.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\User\Desktop\VolcanoUtility_v2.8.3_Volcano Yellowstone\bin6\FlashTool.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\User\Desktop\VolcanoUtility_v2.8.3_Volcano Yellowstone\bin7\bebe.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\User\Downloads\NsPro v6.7.1.exe multiple threats
C:\Users\User\Downloads\NsPro_v6.7.2.exe multiple threats
C:\Users\User\Downloads\NsPro_v6.7.3.exe multiple threats
C:\Users\User\Downloads\VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe a variant of Android/Spy.Agent.BK trojan
C:\Users\User\Downloads\Lazypressing V4.0 Beta\Lazypressing V4.0 Beta.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\User\Downloads\MtkDroidTools v2.5.3\files\zR Android/Exploit.Lotoor.DH trojan
C:\Users\User\Downloads\Programs\AlcatelMTKPhoneUnlockTool_v1.0.3.4+FiXED.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\User\Downloads\Programs\FGInstall_22012015_2.exe multiple threats
C:\Users\User\Downloads\Programs\freevideocutterjoiner.exe Win32/BundleLoader.A potentially unwanted application
C:\Users\User\Downloads\Programs\HSS-3.42-install-plain-701-plain.exe Win32/Bundled.Toolbar.Ask.L potentially unsafe application
C:\Users\User\Downloads\Programs\HTTPDebuggerPro.exe a variant of Win64/NetFilter.A potentially unsafe application
C:\Users\User\Downloads\Programs\Miracle_Box_v1.99.exe Android/Exploit.PSN.A trojan
C:\Users\User\Downloads\Programs\Miracle_Box_v2.00.exe Android/Exploit.PSN.A trojan
C:\Users\User\Downloads\Programs\Miracle_Box_v2.01.exe Android/Exploit.PSN.A trojan
C:\Users\User\Downloads\Programs\MyPhoneExplorer_Setup_1.8.6.exe Win32/DownWare.L potentially unwanted application
C:\Users\User\Downloads\Programs\MyPhoneExplorer_Setup_1.8.6_2.exe Win32/DownWare.L potentially unwanted application
C:\Users\User\Downloads\Programs\NCKDongle_Android_MTK_Setup_v2.5.4.4.exe Android/Exploit.Lotoor.EP trojan
C:\Users\User\Downloads\Programs\NCKDongle_Setup_v15.8.1.exe Android/Exploit.Lotoor.AK trojan
C:\Users\User\Downloads\Programs\NCKDongle_Setup_v15.8.exe Android/Exploit.Lotoor.AK trojan
C:\Users\User\Downloads\Programs\NCKDongle_V15.4_Setup.exe Android/Exploit.Lotoor.AK trojan
C:\Users\User\Downloads\Programs\NCKDongle_V15.5_Setup.exe Android/Exploit.Lotoor.AK trojan
C:\Users\User\Downloads\Programs\netcut.exe a variant of Win32/NetTool.Netcut.A potentially unsafe application
C:\Users\User\Downloads\Programs\NsPro v6.7.6 small.exe multiple threats
C:\Users\User\Downloads\Programs\Pangu121_downloader_by_Pangu121.exe Win32/Somoto.P potentially unwanted application
C:\Users\User\Downloads\Programs\P_WS.Dr.F.for.A. v4.8.3.143.SD.rar.exe a variant of Win32/Adware.MultiPlug.ED application
C:\Users\User\Downloads\Programs\srs-samsung-free-install.exe Win32/Somoto.Q potentially unwanted application
C:\Users\User\Downloads\Themida + WinLicense 2.x (Ultra Unpacker) v1.0\Themida - Winlicense Ultra Unpacker 1.0 - UnpackMe Set\HWID\Project1 Packed CISC and RISC\Project1_Packed_RISC.exe a variant of Win32/Packed.Themida.AAL trojan
C:\Users\User\Downloads\Themida + WinLicense 2.x (Ultra Unpacker) v1.0\Themida - Winlicense Ultra Unpacker 1.0 - UnpackMe Set\HWID\WLTest - CISC\WLTest.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\User\Downloads\Themida + WinLicense 2.x (Ultra Unpacker) v1.0\Themida - Winlicense Ultra Unpacker 1.0 - UnpackMe Set\XBundlers\PackedALLMacros_CISC_With_XBundler.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\User\Downloads\????\cbsidlm-cbsi188-Moborobo-BP-75647777.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Windows\System32\drivers\netfilter2.sys a variant of Win32/NetFilter.A potentially unsafe application
C:\Windows\System32\HavijPro\Havij_Load.exe Win32/HackTool.Crack.BF potentially unsafe application
D:\Compressed\GPGeMMC_v1.30\GPGeMMC.exe a variant of Win32/Packed.VMProtect.ABD trojan
D:\Compressed\GPGeMMC_v1.30\bin\XESevice.exe a variant of Win32/Packed.Themida.AAN trojan
D:\Compressed\VolcanoUtility_v2.8.7_Volcano Module\dPhone.dll a variant of Win32/Packed.Themida potentially unwanted application
D:\Compressed\VolcanoUtility_v2.8.7_Volcano Module\VolcanoTool.exe a variant of Win32/Packed.VMProtect.ABD trojan
D:\Compressed\VolcanoUtility_v2.8.7_Volcano Module\VolcanoUtility.exe a variant of Win32/Packed.VMProtect.ABD trojan
D:\Old Desktop\???? ???\GPGeMMC_v1.31\GPGeMMC.exe a variant of Win32/Packed.VMProtect.ABD trojan
D:\Old Desktop\???? ???\New folder\New folder\NCKDongle_Android_MTK_Setup_v2.5.4.3.exe Android/Exploit.Lotoor.EP trojan
D:\Old Desktop\???? ???\New folder\New folder\NCKDongle_Setup_v15.7.exe Android/Exploit.Lotoor.AK trojan
D:\Wondershare Dr.Fone for Android 4.8.0.135 Multilingual.tt7z.com\Wondershare Dr.Fone for Android v4.8.0.135 ???\drfone-for-android_full1464.tt7z.com.exe multiple threats
E:\NCKDongle_Android_MTK_Setup_v2.5.2.exe Android/Exploit.Lotoor.EP trojan
E:\NCKDongle_Setup_v15.exe Android/Exploit.Lotoor.AK trojan
E:\lg backup\download\Mobogenie_Setup_2.1.37_60.exe Win32/Mobogenie.B potentially unwanted application
E:\???????\Furious Gold\AlcatelMTKPhoneUnlockTool_v1.0.3.4+FiXED.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\Furious Gold\AMDO_v1.0.0.8739.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\Furious Gold\Maintenance.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\Furious Gold\MTKReader.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\Furious Gold\FG Sam v1.0.1.6  pro\FG Sam v1.0.1.6  pro.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\Furious Gold\HUAWEI_VODAFONE_Q_MODULE_v1.0.0.4797\HUAWEI.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\Furious Gold\LGCC_v1.0.0.202\LGCC.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\Furious Gold\LGKE_v1.0.0.4074\LGKE.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\Furious Gold\LGM3_v1.0.0.1094\LGM3.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\Furious Gold\Maintenance_v1.0.0.956\Maintenance.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\Furious Gold\Maintenance_v1.0.0.958\Maintenance.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\Furious Gold\MTKReader_v1.0.0.457\MTKReader.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\Furious Gold\OTSmart_v1.0.0.199\OTSmart.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\Furious Gold\OTSmart_v1.0.0.468\OTSmart.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\Furious Gold\OTZFlasher_v1.0.0.1382\OTZFlasher.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\Furious Gold\QCOM_SMART_TOOL_v1.0.0.8737+\QCOM_SMART_TOOL_v1.0.0.8737.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\Infinity\SPTCARD1606\activator.exe a variant of Win32/Packed.Themida potentially unwanted application
E:\???????\????? t959v\samsung t959v root+rom+arabic\root\SuperOneClickv2.3.3-ShortFuse\Exploits\psneuter Android/Exploit.Lotoor.AK trojan
C:\Program Files\SPT\SPT.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting - quarantined
C:\Program Files\SPT\SPTCARD1844B.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\SPT\Activator\activator.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\SPT\AdbTools\Root1 Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined
C:\Program Files\SPT\AdbTools\Root2 Android/Exploit.Lotoor.AF trojan cleaned by deleting - quarantined
C:\Program Files\SPT\AdbTools\Spt_I950x_pwn Android/Exploit.Lotoor.EP trojan cleaned by deleting - quarantined
C:\Program Files\SPT\AdbTools\Spt_I950x_pwn.pwn Android/Exploit.Lotoor.EP trojan cleaned by deleting - quarantined
C:\Program Files\SPT\AdbTools\Spt_I950x_su Android/KingRoot.B potentially unsafe application deleted - quarantined
C:\Program Files\SPT\AdbTools\Spt_I950x_su.su Android/KingRoot.B potentially unsafe application deleted - quarantined
C:\Program Files\SPT\AdbTools\zergRush Android/Exploit.Lotoor.AV trojan cleaned by deleting - quarantined
C:\Program Files\SPT\AdbTools\ExynosRootFiles\exynos-abuse Android/Exploit.Lotoor.CX trojan cleaned by deleting - quarantined
C:\Program Files\SPT\ExynosRootFiles\exynos-abuse Android/Exploit.Lotoor.CX trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\App Lid\Interop.IWshRuntimeLibrary.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\App Lid\SuperSocket.ClientEngine.Common.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Apps Hat\1293297481.mxaddon.vir JS/Toolbar.Crossrider.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Apps Hat\Apps Hat-buttonutil.dll.vir a variant of Win32/Toolbar.CrossRider.BD potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Apps Hat\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.AW potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbii32.exe.vir a variant of Win32/SBWatchman.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\HD-V1.9\1293297481.mxaddon.vir JS/Toolbar.Crossrider.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\HD-V1.9\Interop.IWshRuntimeLibrary.dll.vir a variant of Win32/Toolbar.CrossRider.BE potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\HD-V1.9\SuperSocket.ClientEngine.Common.dll.vir a variant of Win32/Toolbar.CrossRider.BE potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\HD-V1.9\SuperSocket.ClientEngine.Core.dll.vir a variant of Win32/Toolbar.CrossRider.BE potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\HD-V1.9\SuperSocket.ClientEngine.Protocol.dll.vir a variant of Win32/Toolbar.CrossRider.BE potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\HD-V1.9\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.AW potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\LiveSupport\LiveSupport.exe.vir Win32/LiveSupport.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\LiveSupport\LiveSupport_deskband_x32.dll.vir Win32/LiveSupport.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\LiveSupport\LiveSupport_deskband_x64.dll.vir Win64/LiveSupport.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\PC Speed Maximizer\PCSpeedMaximizer.exe.vir a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\RCP\RCPUninstall.exe.vir Win32/Systweak.K potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\ShopperPro\manifest.json.vir JS/ShopperPro.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\ShopperPro\SPRemove.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\ShopperPro\FireFox\content\overlay.js.vir JS/ShopperPro.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\ShopperPro\JSDriver\jsdrv.sys.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\ShopperPro\JSDriver\1.37.0.1388\jsdrv.exe.vir a variant of Win32/ShopperPro.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\ShopperPro\JSDriver\1.38.0.1445\jsdrv.sys.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\SourceApp\SourceAppUninstall.exe.vir Win32/BrowseFox.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\SourceApp\bin\9edce1a3558f4c3bbe88.dll.vir a variant of Win32/BrowseFox.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\SourceApp\bin\9edce1a3558f4c3bbe8864.dll.vir a variant of Win64/BrowseFox.CI potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\SourceApp\bin\SourceApp.expext.exe.vir Win32/BrowseFox.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\SourceApp\bin\{9edce1a3-558f-4c3b-be88-be4ba52055de}64.dll.vir a variant of Win64/BrowseFox.CK potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\SourceApp\bin\plugins\SourceApp.BrowserAdapter.dll.vir a variant of MSIL/BrowseFox.L potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\SourceApp\bin\plugins\SourceApp.ExpExt.dll.vir a variant of MSIL/BrowseFox.L potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\SourceApp\bin\plugins\SourceApp.IEUpdate.dll.vir a variant of MSIL/BrowseFox.L potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\SupTab\uninstall.exe.vir Win32/Thinknice.E potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YouTube Accelerator\engine.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YouTube Accelerator\helper.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YouTube Accelerator\ipc.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YouTube Accelerator\lspinst.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YouTube Accelerator\lspinst2.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YouTube Accelerator\Res.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YouTube Accelerator\testlsp.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YouTube Accelerator\unelevate.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YouTube Accelerator\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YouTube Accelerator\xmldb.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YouTube Accelerator\YouTubeAccelerator.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YouTube Accelerator\YouTubeAcceleratorService.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YouTube Accelerator\YTAHUninstall.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YouTube Accelerator\ytalsp.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YTAHelper\SPRemove.exe.vir a variant of Win32/SBWatchman.E potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YTAHelper\JSDriver\jsdrv.exe.vir Win32/ShopperPro.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\YTAHelper\JSDriver\jsdrv.sys.vir a variant of Win32/SBWatchman.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\hobgigjmfbcddenneengeefldfdlejlj\lViwpH8GH.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ikplikknfihhemflmcjpleeogecfhdje\g3a3O.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\knngjimbbnobhdegfojfpjknknkkihgp\eGaD.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir a variant of Win32/Somoto.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\Extensions\0b21f775-d32a-4eac-84c6-c00ac1ae2ec5@gmail.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\Extensions\39ed7c16-185d-4f88-b976-666d4928ba01@fe4550c1-7a4f-4a62-ad1c-45e0afdf81a4.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\Extensions\d9676068985d4d81bb390a@7be93ab3c8e144f694a0509d5.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\Extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\Extensions\UIMGMKB37220652@DPOEER3647180.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\Extensions\warnerroberts@hotmail.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t6o43tk5.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.js.vir JS/ShopperPro.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir a variant of Win32/Systweak.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{9edce1a3-558f-4c3b-be88-be4ba52055de}Gw.sys.vir a variant of Win32/NetFilter.A potentially unsafe application deleted - quarantined
C:\AHT\AHT.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\User\Desktop\Havij 1.17 Pro Cracked by mm1991 [ AoRE Team ]\havij.v1.17.pro-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted - quarantined
C:\FRST\Quarantine\C\Users\User\Desktop\Havij 1.17 Pro Cracked by mm1991 [ AoRE Team ]\Havij 1.17 Pro Cracked by mm1991 [ AoRE Team ]\havij.v1.17.pro-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted - quarantined
C:\FRST\Quarantine\C\Users\User\Desktop\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ]\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ]\Havij v1.16 Pro Portable Cracked by Service Manual [ AoRE Team ].exe Win32/HackTool.Crack.BF potentially unsafe application deleted - quarantined
C:\InfinityBox\Shell\shell.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\NCK Dongle\NCK Dongle Main Module\Data\psneuter Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined
C:\NCK Dongle\NCK Dongle Samsung Module\data\job1 Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined
C:\Program Files\FURIOUS-GOLD\Maintenance.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\FURIOUS-GOLD\PACK1\LGKE.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\FURIOUS-GOLD\PACK10\LGCC.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\FURIOUS-GOLD\PACK11\BLOWER.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\FURIOUS-GOLD\PACK12\FG_Sam_v1.0.3.5_pro.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\FURIOUS-GOLD\PACK2\SPD.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\FURIOUS-GOLD\PACK3\LGM3.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\FURIOUS-GOLD\PACK3\VHGP.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\FURIOUS-GOLD\PACK3\VODAFONE.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\FURIOUS-GOLD\PACK4\BBERRYST.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\FURIOUS-GOLD\PACK5\AMDO.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\FURIOUS-GOLD\PACK6\MTKReader.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\FURIOUS-GOLD\PACK6\MTK_KEYGEN.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\FURIOUS-GOLD\PACK6\OTSmart.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\FURIOUS-GOLD\PACK8\AlcatelMTKPhoneUnlockTool v1.0.3.4.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\FURIOUS-GOLD\PACK9\LGCC.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\Google\Chrome\Application\39.0.2171.95\chrome.dll Win32/Patched.NFQ trojan deleted - quarantined
C:\Program Files\HTTP Debugger\nfapi.dll a variant of Win32/NetFilter.A potentially unsafe application deleted - quarantined
C:\Program Files\HTTP Debugger\ProtocolFilters.dll a variant of Win32/NetFilter.A potentially unsafe application deleted - quarantined
C:\Program Files\Martech\RCDx\martech_rcd_ams.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\NCK Dongle Shell\Installers\NCKDongle_Android_MTK_Module_v2.4.4_Setup.exe Android/Exploit.Lotoor.EP trojan cleaned by deleting - quarantined
C:\Program Files\NCK Dongle Shell\Installers\NCKDongle_Android_MTK_Setup_v2.4.9.exe Android/Exploit.Lotoor.EP trojan cleaned by deleting - quarantined
C:\Program Files\netcut\netcut.exe a variant of Win32/NetTool.Netcut.A potentially unsafe application deleted - quarantined
C:\Program Files\NsPro\ns.bin Android/Exploit.Lotoor.AV trojan cleaned by deleting - quarantined
C:\Program Files\NsPro\ps.bin Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined
C:\Program Files\NsPro\pwn Android/Exploit.Lotoor.EP trojan cleaned by deleting - quarantined
C:\Program Files\SarasSoft\UFS\UFS_SAMs\ADB\Files\psneuter Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined
C:\Program Files\Shuame\3.0.8.142\data\bin\su Android/KingRoot.C potentially unsafe application deleted - quarantined
C:\Program Files\Shuame\3.1.0.145\data\bin\su Android/KingRoot.C potentially unsafe application deleted - quarantined
C:\Program Files\Simlock Remote Client\libexploit.so a variant of Android/Exploit.Towel.A trojan cleaned by deleting - quarantined


#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 12 March 2015 - 09:08 AM

Hi again,

Dr.Web CureIt run:

Ashampoo_Snap_2015.02.19_17h50m22s_001__

  • Please download Dr.Web CureIt! Free  antivirus and save it to your computer. The file size is in excess of 100MB
  • NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
  • Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
  • Shutdown your antivirus to avoid any conflicts while scanning.
  • Once the scans have completed please re-enable your antivirus.
  • If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
  • If needed you can also temporarily disable it from starting with Windows
  • Temporarily turn off any other security add-ons or applications you may also have.
  • Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
  • If it does not have a Digital Signature then do not run it.
  • Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
  • You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
  • Click on the Yes button to start the installer.
  • Click OK to scan your computer in the Enhanced Protection Mode
  • Click on the check box to agree to participate in their software improvement program.
  • Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
  • Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
  • Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
  • Then click on the Start scanning button.
  • If a threat is found you can click on the Action column in the program.
  • Your options will be Cure or Ignore
  • If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
  • Then click on the Neutralize button.
  • Once completed click on the green Open Report link. It will open the report in NOTEPAD
  • Save the report to your desktop. The report will be called Cureit.log
  • Close Dr.Web Cureit!
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.
  • Re-Enable your antivirus and other security programs when all done.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 h3llb0y

h3llb0y
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 12 March 2015 - 01:28 PM

hello,

 

  • cureit.log

    Upload Skipped (This file was too big to upload)

 

uploaded to mediafire : http://www.mediafire.com/view/aw84u8xaw48tmlm/cureit.txt



#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 PM

Posted 12 March 2015 - 04:49 PM

Hi,

 

Looks good. How is PC running now and any issues ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users