RogueKiller V10.11.7.0 [Nov 23 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Server 2008 R2 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : tklassociate [Administrator]
Started from : C:\Users\Administrator\Desktop\RogueKiller.exe
Mode : Scan -- Date : 11/28/2015 19:03:44
¤¤¤ Processes : 6 ¤¤¤
[VT.Unknown] MonBlockIPStatus.exe(1532) -- C:\Program Files (x86)\Huawei\BlockChangeIP\MonBlockIPStatus.exe[-] -> Killed [TermProc]
[VT.Unknown] hwprotector.exe(2148) -- C:\Program Files (x86)\Huawei\BlockChangeIP\hwprotector.exe[-] -> Killed [TermProc]
[VT.Unknown] UVPUpgradeService.exe(2688) -- C:\Program Files (x86)\Xen PV Drivers\bin\UVPUpgradeService.exe[7] -> Killed [TermProc]
[VT.Unknown] uvpmonitor.exe(2776) -- C:\Program Files (x86)\Xen PV Drivers\bin\uvpmonitor.exe[7] -> Killed [TermProc]
[VT.Unknown] UvpVssReq.exe(4532) -- C:\Program Files (x86)\Xen PV Drivers\bin\UvpVssReq.exe[7] -> Killed [TermProc]
[VT.Unknown] BlockChangingIP.exe(4572) -- C:\Program Files (x86)\Huawei\BlockChangeIP\BlockChangingIP.exe[-] -> Killed [TermProc]
¤¤¤ Registry : 14 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-366400160-141739491-217090673-500\Software\Microsoft\Internet Explorer\Main | Start Page : res://iesetup.dll/HardAdmin.htm -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-366400160-141739491-217090673-500\Software\Microsoft\Internet Explorer\Main | Start Page : res://iesetup.dll/HardAdmin.htm -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-366400160-141739491-217090673-500\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : res://iesetup.dll/HardAdmin.htm -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-366400160-141739491-217090673-500\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : res://iesetup.dll/HardAdmin.htm -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-366400160-141739491-217090673-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-366400160-141739491-217090673-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-366400160-141739491-217090673-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-366400160-141739491-217090673-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-366400160-141739491-217090673-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-366400160-141739491-217090673-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-366400160-141739491-217090673-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-366400160-141739491-217090673-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-366400160-141739491-217090673-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-366400160-141739491-217090673-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] [::1] localhost
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 7e85f8364ca71502fce67d9a39d7db80
[BSP] 47b1af060c3a9b9e029e82fcf65622b2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 40858 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 615737496064104192fbdf113479137b
[BSP] a0730d0fbd553e87e91c0f88dd0a9923 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 102398 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
+++++ PhysicalDrive2: +++++
--- User ---
[MBR] 4b8a04408c8b38cfbd60e4b998ea19ff
[BSP] 1a93d564a598275a5ca078896a113ef3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 102397 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
OTL.txt
OTL logfile created on: 28/11/2015 7:15:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Server Enterprise Edition (full installation) Service Pack 1 (Version = 6.1.7601) - Type = NTServer
Internet Explorer (Version = 9.11.9600.18097)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy
7.99 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 10.24% Memory free
15.98 Gb Paging File | 6.85 Gb Available in Paging File | 42.83% Paging File free
Paging file location(s): b:\pagefile.sys 0 0e:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39.90 Gb Total Space | 4.86 Gb Free Space | 12.17% Space Free | Partition Type: NTFS
Drive E: | 100.00 Gb Total Space | 43.77 Gb Free Space | 43.77% Space Free | Partition Type: NTFS
Computer Name: WINDOWS-MI1I12B | User Name: tklassociate | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2015/11/27 19:43:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2015/11/11 11:43:09 | 005,516,008 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/11/11 11:43:06 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/11/11 11:43:04 | 001,313,096 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\bccavsvc.exe
PRC - [2015/11/11 11:43:04 | 000,633,288 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\bcc.exe
PRC - [2015/10/07 13:45:22 | 007,953,944 | ---- | M] (Softland) -- C:\Program Files (x86)\Softland\FBackup 5\bTray.exe
PRC - [2015/10/07 13:42:34 | 004,678,680 | ---- | M] (Softland) -- C:\Program Files (x86)\Softland\FBackup 5\bService.exe
PRC - [2014/04/11 09:26:54 | 000,200,848 | ---- | M] () -- C:\Program Files (x86)\Xen PV Drivers\bin\HwUVPUpgrade.exe
PRC - [2013/12/10 22:10:30 | 000,043,520 | ---- | M] (The PHP Group) -- C:\Program Files (x86)\PHP\v5.3\php-cgi.exe
PRC - [2011/05/26 11:47:10 | 000,270,336 | ---- | M] () -- C:\Program Files (x86)\Huawei\BlockChangeIP\BlockChangingIP.exe
PRC - [2011/03/17 12:53:50 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Huawei\BlockChangeIP\MonBlockIPStatus.exe
PRC - [2011/03/17 12:53:36 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Huawei\BlockChangeIP\hwprotector.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2015/11/11 11:43:09 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/11/11 11:43:09 | 000,985,600 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffmpegsumo.dll
MOD - [2015/11/11 11:43:08 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/11/11 11:43:06 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015/10/07 13:26:30 | 000,437,760 | R--- | M] () -- C:\Program Files (x86)\Softland\FBackup 5\bResourceStrings.bpl
MOD - [2014/04/11 09:26:54 | 000,200,848 | ---- | M] () -- C:\Program Files (x86)\Xen PV Drivers\bin\HwUVPUpgrade.exe
MOD - [2014/03/28 17:35:02 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2014/02/10 12:44:24 | 004,592,128 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
MOD - [2014/02/10 12:44:24 | 000,112,128 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2015/11/11 11:43:06 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2015/11/11 11:43:04 | 001,313,096 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\bccavsvc.exe -- (Avast Business Console Client Antivirus Service)
SRV:[b]64bit:[/b] - [2015/11/11 11:43:04 | 000,633,288 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\bcc.exe -- (aswBcc)
SRV:[b]64bit:[/b] - [2015/10/31 07:12:09 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2015/07/23 08:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2015/04/30 01:53:40 | 000,366,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2015/04/30 01:53:40 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2014/11/21 07:31:30 | 013,035,008 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe -- (MySQL56x64)
SRV:[b]64bit:[/b] - [2014/09/18 17:03:36 | 018,905,600 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe -- (MYSQL57x64)
SRV:[b]64bit:[/b] - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2012/06/01 13:36:12 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:[b]64bit:[/b] - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV:[b]64bit:[/b] - [2010/11/21 11:24:30 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:[b]64bit:[/b] - [2009/07/14 09:41:53 | 000,014,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sacsvr.dll -- (sacsvr)
SRV:[b]64bit:[/b] - [2009/07/14 09:40:52 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FCRegSvc.dll -- (FCRegSvc)
SRV:[b]64bit:[/b] - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2009/07/14 09:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV:[b]64bit:[/b] - [2009/07/14 09:39:31 | 000,091,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rsopprov.exe -- (RSoPProv)
SRV - [2015/10/07 13:42:34 | 004,678,680 | ---- | M] (Softland) [Auto | Running] -- C:\Program Files (x86)\Softland\FBackup 5\bService.exe -- (FBackup5Srv)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/03/25 11:17:10 | 000,028,672 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\TKLA\TopazSetup\TopazService.exe -- (TopazService)
SRV - [2015/03/20 18:21:34 | 000,027,280 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe -- (VisualSVNServer)
SRV - [2015/03/20 18:21:28 | 000,167,056 | ---- | M] (VisualSVN Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\VisualSVN Server\bin\vrepocfgsvc.exe -- (vrepocfgsvc)
SRV - [2015/03/20 18:21:28 | 000,096,912 | ---- | M] (VisualSVN Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\VisualSVN Server\bin\vdfssvc.exe -- (vdfssvc)
SRV - [2014/04/11 09:26:54 | 000,598,160 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Xen PV Drivers\bin\UVPUpgradeService.exe -- (UVPGrade)
SRV - [2014/04/11 09:26:54 | 000,072,336 | ---- | M] (Huawei) [Auto | Stopped] -- C:\Program Files (x86)\Xen PV Drivers\bin\uvpmonitor.exe -- (UVPMonitor)
SRV - [2014/03/21 06:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/14 12:27:26 | 000,398,336 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/03/14 12:27:26 | 000,398,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2011/03/17 12:53:50 | 000,122,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Huawei\BlockChangeIP\MonBlockIPStatus.exe -- (MonBlockIPStatus)
SRV - [2010/11/21 11:24:58 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2015/11/28 18:34:18 | 000,035,064 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:[b]64bit:[/b] - [2015/11/11 11:43:11 | 000,272,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2015/11/11 11:43:11 | 000,137,288 | ---- | M] (Avast Software s.r.o.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:[b]64bit:[/b] - [2015/11/11 11:43:10 | 000,442,264 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2015/11/11 11:43:10 | 000,093,528 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2015/11/11 11:43:10 | 000,089,944 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2015/11/11 11:43:10 | 000,065,736 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2015/11/11 11:43:10 | 000,029,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:[b]64bit:[/b] - [2015/10/05 09:50:18 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:[b]64bit:[/b] - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2015/03/04 19:34:52 | 000,124,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2014/04/11 09:26:54 | 000,092,784 | ---- | M] (James Harper) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xenpci.sys -- (XenPCI)
DRV:[b]64bit:[/b] - [2014/04/11 09:26:54 | 000,042,608 | ---- | M] (James Harper) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xennet.sys -- (XenNet)
DRV:[b]64bit:[/b] - [2014/04/11 09:26:54 | 000,025,200 | ---- | M] (James Harper) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xenvbd.sys -- (XenVbd)
DRV:[b]64bit:[/b] - [2014/04/03 14:00:58 | 000,038,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PerformanceTest\DirectIo64.sys -- (DIRECTIO)
DRV:[b]64bit:[/b] - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/12/02 12:17:41 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:[b]64bit:[/b] - [2011/06/17 20:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151)
DRV:[b]64bit:[/b] - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/21 11:24:30 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 11:24:00 | 000,181,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:[b]64bit:[/b] - [2010/11/21 11:24:00 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 11:24:00 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010/11/21 11:24:00 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 09:45:45 | 000,096,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sacdrv.sys -- (sacdrv)
DRV:[b]64bit:[/b] - [2009/06/11 04:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:[b]64bit:[/b] - [2009/06/11 04:35:30 | 000,035,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma)
DRV:[b]64bit:[/b] - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2014/12/19 09:34:44 | 000,116,224 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-366400160-141739491-217090673-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/HardAdmin.htm
IE - HKU\S-1-5-21-366400160-141739491-217090673-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-21-366400160-141739491-217090673-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-366400160-141739491-217090673-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
IE - HKU\S-1-5-21-366400160-141739491-217090673-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-366400160-141739491-217090673-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-366400160-141739491-217090673-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
[color=#E56717]========== Chrome ==========[/color]
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
O1 HOSTS File: ([2012/05/16 09:44:01 | 000,000,820 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: [::1] localhost
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TortoiseHgOverlayIconServer] C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [HwUVPUpgrade] C:\Program Files (x86)\Xen PV Drivers\bin\HwUVPUpgrade.exe ()
O4 - HKU\S-1-5-21-366400160-141739491-217090673-500..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-366400160-141739491-217090673-500..\Run: [FBackup 5 Tray Agent] C:\Program Files (x86)\Softland\FBackup 5\bTray.exe (Softland)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\S-1-5-21-366400160-141739491-217090673-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.116.1.78
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F84D73AC-2B71-494F-9A11-135A59A9D226}: DhcpNameServer = 203.116.1.78
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F84D73AC-2B71-494F-9A11-135A59A9D226}: NameServer = 203.116.1.78,203.116.1.94
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2015/11/28 18:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2015/11/27 11:24:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2015/11/23 16:05:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Debug
[2015/11/23 12:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2015/11/23 12:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2015/11/23 12:07:25 | 001,070,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2015/11/23 12:07:25 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2015/11/23 12:07:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2015/11/16 12:48:57 | 000,000,000 | ---D | C] -- C:\FRST
[2015/11/16 11:24:27 | 002,348,544 | ---- | C] (Farbar) -- C:\Users\Administrator\Desktop\FRST64.exe
[2015/11/16 11:14:06 | 004,184,064 | ---- | C] (BrightFort LLC ) -- C:\Users\Administrator\Desktop\spywareblastersetup52.exe
[2015/11/16 10:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2015/11/16 10:42:04 | 002,870,984 | ---- | C] (ESET) -- C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
[2015/11/16 10:32:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2015/11/16 10:21:44 | 004,404,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2015/11/13 17:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2015/11/13 17:44:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\mbar
[2015/11/13 14:26:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2015/11/13 13:21:42 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Administrator\Desktop\junction.exe
[2015/11/11 11:51:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AVAST Software
[2015/11/11 11:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015/11/11 11:43:13 | 000,442,264 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswSP.sys
[2015/11/11 11:43:13 | 000,137,288 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswStm.sys
[2015/11/11 11:43:13 | 000,093,528 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2015/11/11 11:43:13 | 000,089,944 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2015/11/11 11:43:12 | 000,364,472 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\SysNative\aswBoot.exe
[2015/11/11 11:43:08 | 000,043,112 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr
[2015/11/11 11:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015/11/11 11:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2015/11/11 09:58:23 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/11/11 09:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/11/11 09:56:49 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/11/11 09:56:49 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/11/11 09:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/11/11 09:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2015/11/11 07:32:07 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2015/11/11 07:32:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdbinst.exe
[2015/11/11 07:32:07 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe
[2015/11/11 07:32:07 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimeng.dll
[2015/11/11 07:32:06 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/11/11 07:32:06 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/11/11 07:32:06 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/11/11 07:32:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/11/11 07:32:06 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/11/11 07:32:05 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/11/11 07:32:05 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2015/11/11 07:32:05 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/11/11 07:32:05 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/11/11 07:32:05 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/11/11 07:32:03 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/11/11 07:32:03 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/11/11 07:32:03 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2015/11/11 07:32:03 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/11/11 07:32:02 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/11/11 07:32:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/11/11 07:32:01 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/11/11 07:32:01 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/11/11 07:32:01 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/11/11 07:32:01 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/11/11 07:32:01 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/11/11 07:32:01 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/11/11 07:32:00 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/11/11 07:31:59 | 002,126,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/11/11 07:31:59 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/11/11 07:31:58 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/11/11 07:31:58 | 000,585,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/11/11 07:31:58 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/11/11 07:31:57 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2015/11/11 07:31:57 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/11/11 07:31:56 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/11/11 07:31:56 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/11/11 07:31:54 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/11/11 07:31:54 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/11/11 07:31:53 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/11/11 07:31:53 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/11/11 07:31:53 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/11/11 07:31:52 | 005,990,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/11/11 07:31:52 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2015/11/11 07:31:51 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/11/11 07:31:51 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/11/11 07:31:46 | 003,168,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015/11/11 07:31:46 | 000,696,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015/11/11 07:31:46 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015/11/11 07:31:45 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015/11/11 07:31:45 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015/11/11 07:31:45 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015/11/11 07:31:45 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015/11/11 07:31:45 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015/11/11 07:31:45 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015/11/11 07:31:45 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015/11/11 07:31:45 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015/11/11 07:31:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015/11/11 07:31:45 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015/11/11 07:31:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015/11/11 07:31:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015/11/11 07:31:29 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
[2015/11/11 07:31:29 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InkEd.dll
[2015/11/11 07:31:26 | 005,570,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/11/11 07:31:25 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/11/11 07:31:24 | 003,991,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/11/11 07:31:24 | 003,935,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/11/11 07:31:24 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2015/11/11 07:31:24 | 000,299,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
[2015/11/11 07:31:24 | 000,251,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bcryptprimitives.dll
[2015/11/11 07:31:23 | 001,730,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2015/11/11 07:31:23 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/11/11 07:31:23 | 001,216,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2015/11/11 07:31:23 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2015/11/11 07:31:23 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2015/11/11 07:31:23 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2015/11/11 07:31:23 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2015/11/11 07:31:22 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/11/11 07:31:22 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2015/11/11 07:31:22 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/11/11 07:31:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/11/11 07:31:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2015/11/11 07:31:21 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2015/11/11 07:31:21 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2015/11/11 07:31:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2015/11/11 07:31:21 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/11/11 07:31:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/11/11 07:31:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2015/11/11 07:31:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2015/11/11 07:31:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2015/11/11 07:31:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2015/11/11 07:31:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2015/11/11 07:31:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2015/11/11 07:31:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2015/11/11 07:31:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2015/11/11 07:31:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2015/11/11 07:31:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2015/11/11 07:31:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2015/11/11 07:31:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2015/11/11 07:31:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2015/11/11 07:31:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2015/11/11 07:31:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2015/11/11 07:31:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/11/11 07:31:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2015/11/11 07:31:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2015/11/11 07:31:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2015/11/11 07:31:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2015/11/11 07:31:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2015/11/11 07:31:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2015/11/11 07:31:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2015/11/11 07:31:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2015/11/11 07:31:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2015/11/11 07:31:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2015/11/11 07:31:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2015/11/11 07:31:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2015/11/11 07:31:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2015/11/11 07:31:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2015/11/11 07:31:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2015/11/11 07:31:18 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/11/11 07:31:18 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/11/11 07:31:18 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/11/11 07:31:18 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/11/11 07:31:18 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/11/11 07:31:18 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/11/11 07:31:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2015/11/11 07:31:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2015/11/11 07:31:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2015/11/11 07:31:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2015/11/11 07:31:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2015/11/11 07:31:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2015/11/11 07:31:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2015/11/11 07:31:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2015/11/11 07:31:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2015/11/11 07:31:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2015/11/05 19:34:06 | 000,404,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2015/11/05 19:34:05 | 002,087,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2015/11/05 19:34:04 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2015/11/05 19:34:04 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2015/11/05 19:34:03 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2015/11/05 19:34:00 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netlogon.dll
[2015/11/05 19:33:58 | 003,242,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2015/11/05 19:33:57 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2015/11/05 19:33:57 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2015/11/05 19:33:57 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msimsg.dll
[2015/11/05 19:33:57 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimsg.dll
[2015/11/05 19:33:54 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cewmdm.dll
[2015/11/05 19:33:54 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cewmdm.dll
[2015/11/05 19:33:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EsdSip.dll
[2015/11/05 19:33:54 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EsdSip.dll
[2015/11/05 19:03:14 | 000,124,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2015/11/05 19:03:14 | 000,103,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2015/11/28 19:18:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-366400160-141739491-217090673-500UA.job
[2015/11/28 18:34:18 | 000,035,064 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2015/11/28 18:23:45 | 000,021,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/11/28 18:23:45 | 000,021,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/11/28 00:18:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-366400160-141739491-217090673-500Core.job
[2015/11/27 19:43:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2015/11/27 19:04:37 | 019,746,888 | ---- | M] () -- C:\Users\Administrator\Desktop\RogueKiller.exe
[2015/11/27 12:20:48 | 000,033,194 | ---- | M] () -- C:\Users\Administrator\Desktop\avast.PNG
[2015/11/27 11:24:56 | 000,937,164 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/11/27 11:24:56 | 000,777,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/11/27 11:24:56 | 000,166,650 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/11/27 11:19:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/11/27 10:37:06 | 002,348,544 | ---- | M] (Farbar) -- C:\Users\Administrator\Desktop\FRST64.exe
[2015/11/23 12:09:19 | 000,041,256 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/11/16 11:13:52 | 004,184,064 | ---- | M] (BrightFort LLC ) -- C:\Users\Administrator\Desktop\spywareblastersetup52.exe
[2015/11/16 11:10:26 | 000,132,597 | ---- | M] () -- C:\Users\Administrator\Desktop\Flash_Disinfector.exe
[2015/11/16 10:41:50 | 002,870,984 | ---- | M] (ESET) -- C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
[2015/11/16 10:21:09 | 004,404,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2015/11/15 12:06:48 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Avast Business Security.lnk
[2015/11/15 12:06:48 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/11/15 11:43:21 | 000,270,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/11/13 17:45:55 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/11/13 17:45:37 | 000,109,272 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/11/12 05:24:45 | 000,002,375 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/11/11 12:56:28 | 000,946,726 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/11/11 11:43:11 | 000,272,248 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2015/11/11 11:43:11 | 000,137,288 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswStm.sys
[2015/11/11 11:43:10 | 000,442,264 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswSP.sys
[2015/11/11 11:43:10 | 000,364,472 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\aswBoot.exe
[2015/11/11 11:43:10 | 000,093,528 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2015/11/11 11:43:10 | 000,089,944 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2015/11/11 11:43:10 | 000,065,736 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2015/11/11 11:43:10 | 000,029,168 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2015/11/11 11:43:08 | 000,043,112 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr
[2015/10/31 07:40:38 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/10/31 07:25:55 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/10/31 07:25:15 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/10/31 07:25:08 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2015/10/31 07:24:50 | 000,585,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/10/31 07:24:34 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/10/31 07:16:25 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/10/31 07:13:14 | 000,616,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/10/31 07:12:09 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/10/31 07:12:09 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/10/31 07:11:58 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/10/31 07:11:51 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/10/31 07:11:46 | 005,990,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/10/31 07:04:48 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/10/31 07:01:22 | 000,489,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/10/31 06:53:49 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/10/31 06:49:46 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/10/31 06:49:06 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/10/31 06:46:32 | 000,315,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/10/31 06:46:27 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/10/31 06:45:51 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/10/31 06:45:42 | 000,341,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2015/10/31 06:44:57 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/10/31 06:44:55 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2015/10/31 06:39:27 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/10/31 06:37:31 | 000,480,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/10/31 06:36:25 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/10/31 06:36:24 | 000,663,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/10/31 06:36:06 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/10/31 06:32:13 | 000,720,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/10/31 06:31:26 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/10/31 06:29:57 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/10/31 06:29:52 | 002,126,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/10/31 06:23:51 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/10/31 06:21:10 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/10/31 06:19:51 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/10/31 06:17:41 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2015/10/31 06:09:23 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/10/31 06:09:15 | 002,052,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/10/31 05:53:01 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/10/31 05:46:02 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/10/30 01:50:44 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shimeng.dll
[2015/10/30 01:50:30 | 000,342,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2015/10/30 01:50:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sdbinst.exe
[2015/10/30 01:49:35 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2015/11/28 18:34:18 | 000,035,064 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2015/11/28 18:34:05 | 019,746,888 | ---- | C] () -- C:\Users\Administrator\Desktop\RogueKiller.exe
[2015/11/27 12:20:48 | 000,033,194 | ---- | C] () -- C:\Users\Administrator\Desktop\avast.PNG
[2015/11/16 11:10:44 | 000,132,597 | ---- | C] () -- C:\Users\Administrator\Desktop\Flash_Disinfector.exe
[2015/11/11 11:43:33 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\Avast Business Security.lnk
[2015/11/11 11:43:13 | 000,272,248 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2015/11/11 11:43:13 | 000,065,736 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2015/11/11 11:43:13 | 000,029,168 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2013/12/16 10:35:29 | 000,000,043 | ---- | C] () -- C:\Users\Administrator\mercurial.ini
[2012/06/26 10:27:51 | 000,000,436 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2012/06/19 09:02:46 | 000,007,676 | ---- | C] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg
[2012/04/13 16:50:21 | 000,041,256 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009/07/14 12:58:08 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/07 02:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/07 01:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:24 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
Extra.txt
I did not see a minimized extra.txt nor can I find this log file on the desktop.