[godawgs]

I'm sure that the graininess is a driver. The new OTL log shows some new browser add-ons and/or programs that have been installed:
Wajam
AP Suggestor
Wajam
DigitalSite
OpenIt

Back on the 16th you told me that you would not download anything else until we were done. So I will ask a second time that you not download or install anything that I don't ask for until we are done.


Step-1.

Please go to the Installed programs in the Control Panel and uninstall the following programs if they are in the list:

Wajam
DigitalSite
OpenIt
After the programs have been uninstalled don't forget to reboot the computer.


Step-2.

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2012-10-29 15:15:34 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012-10-29 15:15:34 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
FF - prefs.js..extensions.enabledItems: {7F23E3F4-F72E-4f4f-8761-854C8942708F}:1.2.6
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013-03-11 20:26:26 | 000,037,909 | ---- | M] ()
[2013-09-23 19:49:35 | 000,000,000 | ---D | M] ("AP Suggestor") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
[2013-09-23 19:48:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\0D0S1L2Z1P1B
[2013-09-23 19:47:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2013-09-23 19:47:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Wajam
[2013-09-23 19:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Wajam
[2013-09-23 19:47:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DigitalSite
[2013-09-23 19:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\OpenIt
[2013-09-27 13:49:00 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\DigitalSite.job

:FILES
ipconfig /flushdns /c

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop. To do that:

• Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

Delete a Google Chrome extension:

Open the Chrome browser:

• Click the tools menu icon on the browser toolbar.
• Click Tools.
• Select Extensions. A page like the one shown below will open:
  
  
• Look for any Wajam items. If there is a check mark in the box next to it/them, click the box to uncheck it/them. Then click the trash can icon next to the box.
• A confirmation dialog will appear, click Remove.

Step-4.

AdwCleaner by Xplode

Close all open windows and browsers.

• Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  
  
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
• Click the Report button to get the log.
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-5.

Run RogueKiller

NOTE: If using IE8 or better the Smartscreen Filter will need to be disabled. Directions for disabling the SmartScreen Filter in IE 8, 9 and 10 can be found: here

• Click here to go to the RogueKiller download page.
• Click the Build 32 bits (x86): download button and save the RogueKiller.exe file to the desktop.

• Quit all programs and close all browsers.
• Right click the RogueKiller icon and click Run as Administrator to run the program.
  NOTE: If this is the first time you have used the program you will need to accept the User Agreement.
• Wait until Prescan has finished ...This may take a few minutes, especially if it is the first time you have used the program.
• Click on Scan
  
  
  
• Wait for the end of the scan.
• DO NOT delete anything at this time.
• The report has been created on the desktop.

Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the uninstalls went.
2. Let me know if you were able to find and delete the Wajam extension in the Chrome browser.
3. The OTL fixes log
4. The AdvCleaner.[R2].txt log
5. The Rkreport.txt log

[Advertisements]

i didn't install any of these except the ones you recommended at the end,

i found "wajam"and uninstalled it

Edited by janji, 30 September 2013 - 05:53 AM.

[janji]

i didn't install any of these except the ones you recommended at the end,

i found "wajam"and uninstalled it

Edited by janji, 30 September 2013 - 05:53 AM.

[janji]

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named WajamUpdater.exe was found!
Service SBSDWSCService stopped successfully!
Service SBSDWSCService deleted successfully!
File C:\Program Files\Spybot not found.
Error: No service named WajamUpdater was found to stop!
Service\Driver key WajamUpdater not found.
File C:\Program Files\Wajam\Updater\WajamUpdater.exe not found.
Prefs.js: {7F23E3F4-F72E-4f4f-8761-854C8942708F}:1.2.6 removed from extensions.enabledItems
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}\ not found.
File C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013-03-11 20:26:26 | 000,037,909 | ---- | M] not found.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}\defaults\preferences folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}\defaults folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}\components folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}\chrome\locale\en-US folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}\chrome\locale folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}\chrome\content\modules folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}\chrome\content folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}\chrome folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ not found.
File C:\Program Files\Wajam\IE\priam_bho.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 6 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 6 not found.
C:\Users\User\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages folder moved successfully.
C:\Users\User\AppData\Roaming\0D0S1L2Z1P1B folder moved successfully.
Folder C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\ not found.
Folder C:\Users\User\AppData\Local\Wajam\ not found.
Folder C:\Program Files\Wajam\ not found.
C:\Users\User\AppData\Roaming\DigitalSite\UpdateProc folder moved successfully.
C:\Users\User\AppData\Roaming\DigitalSite folder moved successfully.
C:\Program Files\OpenIt folder moved successfully.
C:\Windows\Tasks\DigitalSite.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\User\Desktop\cmd.bat deleted successfully.
C:\Users\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 35881316 bytes
->Temporary Internet Files folder emptied: 1363680 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5394840 bytes
->Google Chrome cache emptied: 39266268 bytes
->Flash cache emptied: 16833 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108444959 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 77425060 bytes

Total Files Cleaned = 255.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09302013_140027

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[janji]

# AdwCleaner v3.003 - Report created 13/09/2013 at 21:10:36
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Update lucky leap
Service Found : winzipersvc

***** [ Files / Folders ] *****

File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\\invalidprefs.js
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected]
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\foxydeal.sqlite
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\user.js
File Found : C:\Windows\System32\Tasks\DSite
File Found : C:\Windows\System32\Tasks\Plus-HD-2.2-chromeinstaller
File Found : C:\Windows\System32\Tasks\Plus-HD-2.2-codedownloader
File Found : C:\Windows\System32\Tasks\Plus-HD-2.2-enabler
File Found : C:\Windows\System32\Tasks\Plus-HD-2.2-firefoxinstaller
File Found : C:\Windows\System32\Tasks\Plus-HD-2.2-updater
File Found : C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job
File Found : C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
File Found : C:\Windows\Tasks\Plus-HD-2.2-enabler.job
File Found : C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
File Found : C:\Windows\Tasks\Plus-HD-2.2-updater.job
Folder Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
Folder Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\lucky leap
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\Plus-HD-2.2
Folder Found C:\Program Files\WinZipper
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Found C:\ProgramData\Trymedia
Folder Found C:\Users\User\AppData\Local\MyScrapNook_12
Folder Found C:\Users\User\AppData\Local\PutLockerDownloader
Folder Found C:\Users\User\AppData\LocalLow\boost_interprocess
Folder Found C:\Users\User\AppData\LocalLow\Conduit
Folder Found C:\Users\User\AppData\LocalLow\ZoneAlarm_Security
Folder Found C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\ConduitCommon
Folder Found C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\jetpack
Folder Found C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Smartbar
Folder Found C:\Users\User\AppData\Roaming\WinZipper

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9320423AS_5VH3ENV8&ts=1376859099 )
Shortcut Found : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9320423AS_5VH3ENV8&ts=1377200860 )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minefield\Minefield (Safe Mode).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9320423AS_5VH3ENV8&ts=1376859099 )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minefield\Minefield.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9320423AS_5VH3ENV8&ts=1376859099 )
Shortcut Found : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9320423AS_5VH3ENV8&ts=1376859099 )
Shortcut Found : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9320423AS_5VH3ENV8&ts=1376859099 )
Shortcut Found : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Minefield.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9320423AS_5VH3ENV8&ts=1376859099 )
Shortcut Found : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9320423AS_5VH3ENV8&ts=1376859099 )
Shortcut Found : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9320423AS_5VH3ENV8&ts=1376859099 )

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9320423AS_5VH3ENV8&ts=1377200860
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Plus-HD-2.2
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\ZoneAlarm_Security
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\lucky leap
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116BA71C-8187-4F15-9A1F-C9D6289155D1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C3C45C5F-2F1B-4012-A854-F89DC99F2335}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\delta-homesSoftware
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CF84C1E-63F3-4A81-A93C-6C2465BBFDC4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB6CD4B7-8899-41CB-ACF9-C01DD14D5FAC}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pale-moon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pale-moon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_samsung-kies_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_samsung-kies_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\DSite
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-2.2-chromeinstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-2.2-codedownloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-2.2-enabler
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-2.2-firefoxinstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-2.2-updater
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\DSite
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-2.2-chromeinstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-2.2-codedownloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-2.2-enabler
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-2.2-firefoxinstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-2.2-updater
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-chromeinstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-codedownloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-enabler
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-firefoxinstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-updater
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.2
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Plus-HD-2.2
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\ZoneAlarm_Security

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=35a6caa9-48e6-4b5b-bdc2-22fc07770ca3&searchtype=ds&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=35a6caa9-48e6-4b5b-bdc2-22fc07770ca3&searchtype=ds&q={searchTerms}

-\\ Mozilla Firefox v23.0.1 (en-US)

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13506 octets] - [13/09/2013 21:10:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13567 octets] ##########
# AdwCleaner v3.005 - Report created 30/09/2013 at 14:16:41
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\prefs.js ]


-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [14870 octets] - [13/09/2013 21:10:36]
AdwCleaner[R1].txt - [13088 octets] - [14/09/2013 18:05:45]
AdwCleaner[S0].txt - [12478 octets] - [14/09/2013 18:08:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15053 octets] ##########

[janji]

RogueKiller V8.7.0 [Sep 30 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 09/30/2013 14:26:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] DigitalSite : C:\Users\User\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[66] : NtCreateFile @ 0x8345E460 -> HOOKED (C:\Windows\System32\windrvNT.sys @ 0xA4CF836A)
[Address] SSDT[179] : NtOpenFile @ 0x83440D71 -> HOOKED (C:\Windows\System32\windrvNT.sys @ 0xA4CF8CD8)
[Address] SSDT[223] : NtQueryDirectoryFile @ 0x83442F72 -> HOOKED (C:\Windows\System32\windrvNT.sys @ 0xA4CF8842)
[Address] SSDT[234] : NtQueryInformationProcess @ 0x834458A5 -> HOOKED (C:\Windows\System32\windrvNT.sys @ 0xA4CF51E0)
[Address] SSDT[329] : NtSetInformationFile @ 0x83465AE3 -> HOOKED (C:\Windows\System32\windrvNT.sys @ 0xA4CF9142)
[Address] IAT @explorer.exe (GetUserNameExW) : Secur32.dll -> HOOKED (C:\Windows\system32\SSPICLI.DLL @ 0x74DD2AAF)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCVScrollBar@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6BA980EA)
[Inline] EAT @explorer.exe (?s_pClassInfo@Clipper@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x03A9807C)
[Inline] EAT @explorer.exe (?s_pClassInfo@XElement@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6BA980A9)
[Inline] EAT @explorer.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x23040116)
[Inline] EAT @explorer.exe (_pctype) : MSVCR80.dll -> HOOKED (Unknown @ 0x59AD5635)
[Inline] EAT @explorer.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP80.dll -> HOOKED (Unknown @ 0x1FB645A5)
[Inline] EAT @explorer.exe (??_7CFrameworkQueryEx@@6B@) : framedynos.dll -> HOOKED (Unknown @ 0x19D185A6)
[Inline] EAT @explorer.exe (??_7ProviderLog@@6B@) : framedynos.dll -> HOOKED (Unknown @ 0xD3D17C3D)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST9320423AS ATA Device +++++
--- User ---
[MBR] 86f999dcfddf155b670ef1f22e04abdb
[BSP] c78c6c4c4b493e2099c85c7c34e3fa7e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78167 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 160088064 | Size: 227075 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09302013_142607.txt >>

[janji]

there was no wajam extension in google chrome but i found two new ones that i didn't install

1. New Tab by NewHub

2. WebToSave 5.2.1.0

[janji]

done

[godawgs]

Step-1.

Run RogueKiller

Quit all programs and close all browsers.

• Right click the RogueKiller icon and click Run as Administrator to run the program.
• Wait until Prescan has finished ...
• Click the Scan button and wait for the scan to complete.
• Click the Registry tab and make sure everything is unchecked except:
  
  [V2][SUSP PATH] DigitalSite : C:\Users\User\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
  
• Click on the Delete button.
  
  
  
• The report has been created on the desktop.
• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.

Please post:
The RKreport.txt files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Step-2.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner

• Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
• Click the Scan button and wait for the scan to complete.
• When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
• Click the Clean button.
• Everything checked will be deleted.
• When the program has finished cleaning a report appears.
• Once done it will ask to reboot, allow this
  
  
  
• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-3.

OTL Scan

Please re-open on the desktop. To do that:

• Right click the icon and click Run as Administrator.

Make sure all other windows are closed .

• You will see a console like the one below:
  
  
  
• At the top of the console, click the box beside Scan All Users
• Make sure the Output box at the top is set to Standard Output.
• Click the box beside LOP Check and Purity Check
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt. This file is saved in the same location as OTL.
• Please copy the contents of this file and paste it into your reply. To do that:
• On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.

Let's check the Device Manager and see if any devices show a problem.

Step-4.

Open the Device Manager

• Click on the Start Orb. Type the following command in the Start Search box and then hit the Enter key:
  
  devmgmt.msc
  
  The Windows Device Manager should display immediately.
  
  
  
• If there are any Yellow question marks / exclamation points or Red X's let me know what device they are on

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if you found any devices in Device Manager with problems.
2. The RKreport[1]_D_xxxxxxxx_xxxxxx.txt log
3. The RKreport[3]_SC_xxxxxxxx_xxxxxx.txt log
4. The AdwCleaner[S1].txt log
5. The new OTL.txt log

[janji]

RogueKiller V8.7.0 [Sep 30 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 10/03/2013 11:58:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] DigitalSite : C:\Users\User\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[66] : NtCreateFile @ 0x8348D460 -> HOOKED (C:\Windows\System32\windrvNT.sys @ 0xA3AE436A)
[Address] SSDT[179] : NtOpenFile @ 0x8346FD71 -> HOOKED (C:\Windows\System32\windrvNT.sys @ 0xA3AE4CD8)
[Address] SSDT[223] : NtQueryDirectoryFile @ 0x83471F72 -> HOOKED (C:\Windows\System32\windrvNT.sys @ 0xA3AE4842)
[Address] SSDT[234] : NtQueryInformationProcess @ 0x834748A5 -> HOOKED (C:\Windows\System32\windrvNT.sys @ 0xA3AE11E0)
[Address] SSDT[329] : NtSetInformationFile @ 0x83494AE3 -> HOOKED (C:\Windows\System32\windrvNT.sys @ 0xA3AE5142)
[Address] IAT @explorer.exe (GetUserNameExW) : Secur32.dll -> HOOKED (C:\Windows\system32\SSPICLI.DLL @ 0x75BA2AAF)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCBaseCheckRadioButton@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x4C7A9CAB)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCCheckBox@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x4C7A9CAB)
[Inline] EAT @explorer.exe (?s_pClassInfo@Repeater@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6C7A9C92)
[Inline] EAT @explorer.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x23ECE916)
[Inline] EAT @explorer.exe (??_7CFrameworkQueryEx@@6B@) : framedynos.dll -> HOOKED (Unknown @ 0x14F8B1A6)
[Inline] EAT @explorer.exe (??_7ProviderLog@@6B@) : framedynos.dll -> HOOKED (Unknown @ 0xCEF8A83D)
[Inline] EAT @explorer.exe (_pctype) : MSVCR80.dll -> HOOKED (Unknown @ 0x5ACE7635)
[Inline] EAT @explorer.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP80.dll -> HOOKED (Unknown @ 0x20D765A5)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST9320423AS ATA Device +++++
--- User ---
[MBR] 86f999dcfddf155b670ef1f22e04abdb
[BSP] c78c6c4c4b493e2099c85c7c34e3fa7e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78167 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 160088064 | Size: 227075 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_10032013_115850.txt >>
RKreport[0]_S_09302013_142607.txt

[janji]

RogueKiller V8.7.0 [Sep 30 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 10/03/2013 11:59:24
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] DigitalSite : C:\Users\User\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[66] : NtCreateFile @ 0x8348D460 -> HOOKED (C:\Windows\System32\windrvNT.sys @ 0xA3AE436A)
[Address] SSDT[179] : NtOpenFile @ 0x8346FD71 -> HOOKED (C:\Windows\System32\windrvNT.sys @ 0xA3AE4CD8)
[Address] SSDT[223] : NtQueryDirectoryFile @ 0x83471F72 -> HOOKED (C:\Windows\System32\windrvNT.sys @ 0xA3AE4842)
[Address] SSDT[234] : NtQueryInformationProcess @ 0x834748A5 -> HOOKED (C:\Windows\System32\windrvNT.sys @ 0xA3AE11E0)
[Address] SSDT[329] : NtSetInformationFile @ 0x83494AE3 -> HOOKED (C:\Windows\System32\windrvNT.sys @ 0xA3AE5142)
[Address] IAT @explorer.exe (GetUserNameExW) : Secur32.dll -> HOOKED (C:\Windows\system32\SSPICLI.DLL @ 0x75BA2AAF)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCBaseCheckRadioButton@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x4C7A9CAB)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCCheckBox@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x4C7A9CAB)
[Inline] EAT @explorer.exe (?s_pClassInfo@Repeater@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6C7A9C92)
[Inline] EAT @explorer.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x23ECE916)
[Inline] EAT @explorer.exe (??_7CFrameworkQueryEx@@6B@) : framedynos.dll -> HOOKED (Unknown @ 0x14F8B1A6)
[Inline] EAT @explorer.exe (??_7ProviderLog@@6B@) : framedynos.dll -> HOOKED (Unknown @ 0xCEF8A83D)
[Inline] EAT @explorer.exe (_pctype) : MSVCR80.dll -> HOOKED (Unknown @ 0x5ACE7635)
[Inline] EAT @explorer.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP80.dll -> HOOKED (Unknown @ 0x20D765A5)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST9320423AS ATA Device +++++
--- User ---
[MBR] 86f999dcfddf155b670ef1f22e04abdb
[BSP] c78c6c4c4b493e2099c85c7c34e3fa7e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78167 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 160088064 | Size: 227075 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_10032013_115924.txt >>
RKreport[0]_S_09302013_142607.txt;RKreport[0]_S_10032013_115850.txt

[janji]

# AdwCleaner v3.003 - Report created 14/09/2013 at 18:08:01
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update lucky leap
[#] Service Deleted : winzipersvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\lucky leap
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\WinZipper
Folder Deleted : C:\Users\User\AppData\Local\MyScrapNook_12
Folder Deleted : C:\Users\User\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\User\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\User\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\User\AppData\LocalLow\ZoneAlarm_Security
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\ConduitCommon
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\jetpack
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Smartbar
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected]
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\\invalidprefs.js
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\foxydeal.sqlite
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\user.js
File Deleted : C:\Windows\System32\Tasks\DSite
File Deleted : C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-2.2-chromeinstaller
File Deleted : C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-2.2-codedownloader
File Deleted : C:\Windows\Tasks\Plus-HD-2.2-enabler.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-2.2-enabler
File Deleted : C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-2.2-firefoxinstaller
File Deleted : C:\Windows\Tasks\Plus-HD-2.2-updater.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-2.2-updater

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minefield\Minefield (Safe Mode).lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minefield\Minefield.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Minefield.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E084C4F-D8C9-40BA-BDCC-DC19166A77C7}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E084C4F-D8C9-40BA-BDCC-DC19166A77C7}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-chromeinstaller
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CF0A9E5-48AA-428F-AACA-CA9B2F29B4DA}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9CF0A9E5-48AA-428F-AACA-CA9B2F29B4DA}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-codedownloader
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D283AB59-B8D9-4E54-BC81-AE6986A8CF9A}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D283AB59-B8D9-4E54-BC81-AE6986A8CF9A}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-enabler
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D2B6296-C3FD-4C7C-9D18-7374AFFB106F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D2B6296-C3FD-4C7C-9D18-7374AFFB106F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-firefoxinstaller
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83FD8FCA-ED0F-4319-944A-DF1FE77E9166}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83FD8FCA-ED0F-4319-944A-DF1FE77E9166}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-updater
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C56CEDE-FFFA-4CA0-8331-3FE2F033A281}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2C56CEDE-FFFA-4CA0-8331-3FE2F033A281}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pale-moon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pale-moon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_samsung-kies_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_samsung-kies_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C3C45C5F-2F1B-4012-A854-F89DC99F2335}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116BA71C-8187-4F15-9A1F-C9D6289155D1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CF84C1E-63F3-4A81-A93C-6C2465BBFDC4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB6CD4B7-8899-41CB-ACF9-C01DD14D5FAC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\lucky leap
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\ZoneAlarm_Security
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\delta-homesSoftware
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\ZoneAlarm_Security
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13648 octets] - [13/09/2013 21:10:36]
AdwCleaner[R1].txt - [13088 octets] - [14/09/2013 18:05:45]
AdwCleaner[S0].txt - [12336 octets] - [14/09/2013 18:08:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12397 octets] ##########
# AdwCleaner v3.005 - Report created 03/10/2013 at 12:08:54
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Trymedia
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\prefs.js ]


-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [15134 octets] - [13/09/2013 21:10:36]
AdwCleaner[R1].txt - [14612 octets] - [14/09/2013 18:05:45]
AdwCleaner[S0].txt - [13879 octets] - [14/09/2013 18:08:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13940 octets] ##########

[janji]

OTL logfile created on: 03-Oct-13 12:16:11 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.50 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 70.26% Memory free
6.99 Gb Paging File | 5.95 Gb Available in Paging File | 85.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.34 Gb Total Space | 18.55 Gb Free Space | 24.30% Space Free | Partition Type: NTFS
Drive G: | 221.75 Gb Total Space | 221.32 Gb Free Space | 99.81% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-09-27 13:44:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013-08-30 09:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-08-30 09:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-06-05 19:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-04-23 06:48:20 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013-01-11 07:31:55 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012-07-11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011-12-25 17:31:18 | 007,311,360 | ---- | M] (Fabio Martin) -- C:\Program Files\7 Sticky Notes\7StickyNotes.exe
PRC - [2011-10-14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011-10-14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011-10-14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011-10-03 20:59:48 | 000,180,552 | ---- | M] (Solid Documents, LLC) -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
PRC - [2011-06-05 20:18:33 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-09-20 01:56:14 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010-09-20 01:55:48 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009-02-07 02:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008-11-09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013-04-04 01:09:40 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013-03-13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012-11-14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\User\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012-11-13 22:53:04 | 000,121,472 | ---- | M] () -- C:\Program Files\Razer\Razer Game Booster\GBV3ContextMenu.dll
MOD - [2011-08-16 00:13:26 | 000,802,816 | ---- | M] () -- C:\Windows\System32\EditCtlsU.ocx
MOD - [2010-10-20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2013-09-20 01:20:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-08-30 09:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013-07-13 00:34:05 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-06-21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-03-09 00:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012-11-24 22:49:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012-07-11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011-10-14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011-10-14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011-10-03 20:59:48 | 000,180,552 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe -- (SPDFCreatorReadSpool)
SRV - [2010-09-20 01:55:48 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010-03-16 06:12:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-02-07 02:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008-11-09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2013-08-30 09:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013-08-30 09:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013-08-30 09:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013-08-30 09:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013-08-30 09:48:12 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013-08-30 09:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013-08-30 09:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013-08-30 09:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013-05-22 18:49:34 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2013-04-03 09:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013-04-03 09:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012-11-15 03:36:52 | 000,035,592 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2012-11-13 22:53:00 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2012-10-24 00:39:46 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012-10-24 00:39:46 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012-07-20 12:12:36 | 000,025,088 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012-07-20 12:11:58 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2012-06-20 09:43:02 | 002,957,312 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011-07-22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011-07-12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011-03-07 11:20:08 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2010-11-20 05:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 05:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 05:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 02:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 02:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 02:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-09-22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010-09-20 02:13:18 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010-09-20 02:13:18 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010-09-19 19:20:44 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-09-01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010-07-27 15:27:41 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\windrvNT.sys -- (windrvNT)
DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009-07-14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:3.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:2.9.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.3
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.5.9
FF - prefs.js..extensions.enabledItems: [email protected]:8.0.1497
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.172
FF - prefs.js..extensions.enabledItems:
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-06-29 11:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-06-29 11:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-18 13:46:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-20 02:44:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a1pre\extensions\\Components: C:\Program Files\Minefield\components [2013-09-14 17:23:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a1pre\extensions\\Plugins: C:\Program Files\Minefield\plugins [2013-09-14 17:23:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 24.0.2\extensions\\Components: C:\Program Files\Pale Moon\components [2013-10-02 10:21:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 24.0.2\extensions\\Plugins: C:\Program Files\Pale Moon\plugins [2013-09-14 17:23:06 | 000,000,000 | ---D | M]

[2010-07-27 15:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013-09-30 14:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions
[2012-08-29 17:35:09 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2013-09-27 01:49:19 | 000,000,000 | ---D | M] (WebToSave) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}
[2013-08-18 22:50:07 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:07 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2012-08-05 10:39:52 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2011-12-13 13:32:18 | 000,000,000 | ---D | M] (My-Translator) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2013-09-13 19:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\staged
[2013-08-18 22:50:08 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-05-31 02:26:30 | 000,138,110 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:07 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-07-05 21:11:50 | 000,363,920 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-14 16:03:39 | 000,230,040 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:07 | 000,226,606 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-16 16:26:03 | 000,032,637 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-14 16:38:16 | 000,702,918 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-06-14 22:21:43 | 000,000,910 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\searchplugins\yahoo.xml
[2013-09-18 13:46:48 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013-02-20 02:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RCDGK3LO.DEFAULT\EXTENSIONS\{7F23E3F4-F72E-4F4F-8761-854C8942708F}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Docs = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: New Tab = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: WebToSave = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd\5.2.1.0_0\
CHR - Extension: avast! Online Security = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013-08-08 15:11:29 | 000,449,839 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15468 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-4165335087-975643669-458432890-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7 Sticky Notes.lnk = C:\Program Files\7 Sticky Notes\7StickyNotes.exe (Fabio Martin)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4165335087-975643669-458432890-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Save the YouTube video as MP3 - C:\Users\User\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34409987-9796-4508-BBF4-9B47970A5F1F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-09-30 14:24:45 | 000,000,000 | ---D | C] -- C:\Windows\snack
[2013-09-30 14:22:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RK_Quarantine
[2013-09-30 14:00:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-09-27 13:44:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013-09-23 19:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013-09-23 19:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013-09-23 19:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013-09-23 18:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[2013-09-23 18:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2013-09-22 20:37:40 | 000,000,000 | R--D | C] -- C:\Users\User\Desktop\Lagu2 Melayu
[2013-09-15 14:33:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\new mp3
[2013-09-14 18:17:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-09-14 17:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2013-09-14 17:32:19 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2013-09-14 17:32:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Innovative Solutions
[2013-09-14 17:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Innovative Solutions
[2013-09-14 12:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Chasys Draw IES
[2013-09-14 12:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\John Paul Chacha's Lab
[2013-09-14 12:29:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FileAdvisor
[2013-09-13 21:10:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013-09-13 19:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter Studio
[2013-09-13 19:51:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Free YouTube to MP3 Converter Studio
[2013-09-13 19:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Free YouTube to MP3 Converter Studio
[2013-09-13 19:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
[2013-09-13 19:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Advisor
[2013-09-13 19:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2013-09-13 19:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter
[2013-09-12 03:09:12 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-09-12 03:09:10 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-09-12 03:09:10 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-09-12 03:09:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-09-12 03:09:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-09-12 03:09:08 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-09-12 03:09:08 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-09-12 03:09:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013-09-12 03:09:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013-09-12 03:09:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-09-11 11:09:35 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013-09-11 11:09:34 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013-09-11 11:09:32 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013-09-11 11:09:31 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013-09-11 11:09:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013-09-11 11:09:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013-09-11 11:09:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-09-11 11:09:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013-09-11 11:09:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-09-11 11:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013-09-11 11:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-09-11 11:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013-09-11 11:09:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013-09-11 11:09:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013-09-11 11:09:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-09-11 11:09:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013-09-11 11:09:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-09-11 11:09:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013-09-11 11:09:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013-09-11 11:09:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013-09-11 11:09:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013-09-11 11:09:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013-09-11 11:09:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013-09-11 11:09:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013-09-11 11:09:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013-09-11 11:09:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013-09-11 11:09:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-09-11 11:09:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013-09-11 11:09:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013-09-11 11:09:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013-09-11 11:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013-09-11 11:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013-09-10 13:31:31 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013-09-10 13:31:31 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013-09-10 13:31:30 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-09-10 13:31:30 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013-09-10 13:31:30 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013-09-10 13:31:30 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013-09-10 13:31:30 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013-09-10 13:31:30 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013-09-10 13:31:30 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013-09-10 13:31:30 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013-09-10 13:31:30 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013-09-10 13:31:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013-09-10 13:31:30 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013-09-10 13:31:30 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013-09-10 13:31:30 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013-09-10 13:31:30 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-09-10 13:31:30 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013-09-10 13:31:30 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013-09-10 13:31:30 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013-09-10 13:31:30 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013-09-10 13:31:30 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013-09-10 13:31:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013-09-10 13:31:30 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013-09-10 13:31:30 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013-09-10 13:31:30 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013-09-10 13:31:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013-09-09 14:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013-09-09 14:34:04 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013-09-05 14:10:09 | 000,000,000 | R--D | C] -- C:\Users\User\Desktop\friends
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-10-03 12:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-10-03 12:18:10 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-10-03 12:18:10 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-10-03 12:10:57 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-10-03 12:10:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-10-03 12:10:19 | 2814,558,208 | -HS- | M] () -- C:\hiberfil.sys
[2013-10-03 11:58:47 | 000,113,432 | ---- | M] () -- C:\Windows\System32\drivers\zghsvousb.sys.dump
[2013-10-03 11:58:46 | 000,113,432 | ---- | M] () -- C:\Windows\System32\drivers\zghsnmea.sys.dump
[2013-10-03 11:58:46 | 000,113,432 | ---- | M] () -- C:\Windows\System32\drivers\zghsmdm.sys.dump
[2013-10-03 11:58:46 | 000,113,432 | ---- | M] () -- C:\Windows\System32\drivers\zghsdiag.sys.dump
[2013-10-03 11:58:46 | 000,113,432 | ---- | M] () -- C:\Windows\System32\drivers\zghsat.sys.dump
[2013-10-03 11:58:45 | 000,155,136 | ---- | M] () -- C:\Windows\System32\drivers\WUDFRd.sys.dump
[2013-10-03 11:58:45 | 000,066,560 | ---- | M] () -- C:\Windows\System32\drivers\WUDFPf.sys.dump
[2013-10-03 11:58:45 | 000,016,384 | ---- | M] () -- C:\Windows\System32\drivers\ws2ifsl.sys.dump
[2013-10-03 11:58:45 | 000,014,912 | ---- | M] () -- C:\Windows\System32\drivers\wmilib.sys.dump
[2013-10-03 11:58:44 | 000,043,392 | ---- | M] () -- C:\Windows\System32\drivers\winhv.sys.dump
[2013-10-03 11:58:44 | 000,035,968 | ---- | M] () -- C:\Windows\System32\drivers\winusb.sys.dump
[2013-10-03 11:58:44 | 000,019,008 | ---- | M] () -- C:\Windows\System32\drivers\wimmount.sys.dump
[2013-10-03 11:58:44 | 000,011,264 | ---- | M] () -- C:\Windows\System32\drivers\wmiacpi.sys.dump
[2013-10-03 11:58:44 | 000,009,728 | ---- | M] () -- C:\Windows\System32\drivers\wfplwf.sys.dump
[2013-10-03 11:58:43 | 000,526,952 | ---- | M] () -- C:\Windows\System32\drivers\Wdf01000.sys.dump
[2013-10-03 11:58:43 | 000,047,720 | ---- | M] () -- C:\Windows\System32\drivers\WdfLdr.sys.dump
[2013-10-03 11:58:43 | 000,035,328 | ---- | M] () -- C:\Windows\System32\drivers\watchdog.sys.dump
[2013-10-03 11:58:43 | 000,019,024 | ---- | M] () -- C:\Windows\System32\drivers\wd.sys.dump
[2013-10-03 11:58:42 | 000,063,488 | ---- | M] () -- C:\Windows\System32\drivers\wanarp.sys.dump
[2013-10-03 11:58:42 | 000,048,128 | ---- | M] () -- C:\Windows\System32\drivers\vwififlt.sys.dump
[2013-10-03 11:58:42 | 000,021,632 | ---- | M] () -- C:\Windows\System32\drivers\wacompen.sys.dump
[2013-10-03 11:58:42 | 000,019,968 | ---- | M] () -- C:\Windows\System32\drivers\vwifibus.sys.dump
[2013-10-03 11:58:42 | 000,014,336 | ---- | M] () -- C:\Windows\System32\drivers\vwifimp.sys.dump
[2013-10-03 11:58:41 | 000,297,040 | ---- | M] () -- C:\Windows\System32\drivers\volmgrx.sys.dump
[2013-10-03 11:58:41 | 000,245,632 | ---- | M] () -- C:\Windows\System32\drivers\volsnap.sys.dump
[2013-10-03 11:58:41 | 000,053,120 | ---- | M] () -- C:\Windows\System32\drivers\volmgr.sys.dump
[2013-10-03 11:58:41 | 000,040,704 | ---- | M] () -- C:\Windows\System32\drivers\vmstorfl.sys.dump
[2013-10-03 11:58:40 | 000,175,360 | ---- | M] () -- C:\Windows\System32\drivers\vmbus.sys.dump
[2013-10-03 11:58:40 | 000,111,616 | ---- | M] () -- C:\Windows\System32\drivers\videoprt.sys.dump
[2013-10-03 11:58:40 | 000,017,920 | ---- | M] () -- C:\Windows\System32\drivers\VMBusHID.sys.dump
[2013-10-03 11:58:40 | 000,005,632 | ---- | M] () -- C:\Windows\System32\drivers\vms3cap.sys.dump
[2013-10-03 11:58:39 | 000,160,128 | ---- | M] () -- C:\Windows\System32\drivers\vhdmp.sys.dump
[2013-10-03 11:58:39 | 000,053,328 | ---- | M] () -- C:\Windows\System32\drivers\VIAAGP.SYS.dump
[2013-10-03 11:58:39 | 000,052,736 | ---- | M] () -- C:\Windows\System32\drivers\viac7.sys.dump
[2013-10-03 11:58:38 | 000,146,432 | ---- | M] () -- C:\Windows\System32\drivers\usbvideo.sys.dump
[2013-10-03 11:58:38 | 000,032,832 | ---- | M] () -- C:\Windows\System32\drivers\vdrvroot.sys.dump
[2013-10-03 11:58:38 | 000,026,112 | ---- | M] () -- C:\Windows\System32\drivers\vgapnp.sys.dump
[2013-10-03 11:58:38 | 000,025,088 | ---- | M] () -- C:\Windows\System32\drivers\vga.sys.dump
[2013-10-03 11:58:38 | 000,024,064 | ---- | M] () -- C:\Windows\System32\drivers\usbuhci.sys.dump
[2013-10-03 11:58:37 | 000,284,672 | ---- | M] () -- C:\Windows\System32\drivers\usbport.sys.dump
[2013-10-03 11:58:37 | 000,076,288 | ---- | M] () -- C:\Windows\System32\drivers\USBSTOR.SYS.dump
[2013-10-03 11:58:37 | 000,026,112 | ---- | M] () -- C:\Windows\System32\drivers\usbrpm.sys.dump
[2013-10-03 11:58:37 | 000,020,480 | ---- | M] () -- C:\Windows\System32\drivers\usbohci.sys.dump
[2013-10-03 11:58:37 | 000,019,968 | ---- | M] () -- C:\Windows\System32\drivers\usbprint.sys.dump
[2013-10-03 11:58:36 | 000,258,560 | ---- | M] () -- C:\Windows\System32\drivers\usbhub.sys.dump
[2013-10-03 11:58:36 | 000,086,016 | ---- | M] () -- C:\Windows\System32\drivers\usbcir.sys.dump
[2013-10-03 11:58:36 | 000,075,776 | ---- | M] () -- C:\Windows\System32\drivers\usbccgp.sys.dump
[2013-10-03 11:58:36 | 000,043,008 | ---- | M] () -- C:\Windows\System32\drivers\usbehci.sys.dump
[2013-10-03 11:58:36 | 000,005,888 | ---- | M] () -- C:\Windows\System32\drivers\usbd.sys.dump
[2013-10-03 11:58:35 | 000,025,856 | ---- | M] () -- C:\Windows\System32\drivers\USBCAMD2.sys.dump
[2013-10-03 11:58:35 | 000,025,856 | ---- | M] () -- C:\Windows\System32\drivers\USBCAMD.sys.dump
[2013-10-03 11:58:35 | 000,015,872 | ---- | M] () -- C:\Windows\System32\drivers\usb8023.sys.dump
[2013-10-03 11:58:35 | 000,008,192 | ---- | M] () -- C:\Windows\System32\drivers\umpass.sys.dump
[2013-10-03 11:58:34 | 000,246,784 | ---- | M] () -- C:\Windows\System32\drivers\udfs.sys.dump
[2013-10-03 11:58:34 | 000,108,544 | ---- | M] () -- C:\Windows\System32\drivers\tunnel.sys.dump
[2013-10-03 11:58:34 | 000,057,424 | ---- | M] () -- C:\Windows\System32\drivers\ULIAGPKX.SYS.dump
[2013-10-03 11:58:34 | 000,055,888 | ---- | M] () -- C:\Windows\System32\drivers\UAGP35.SYS.dump
[2013-10-03 11:58:34 | 000,039,936 | ---- | M] () -- C:\Windows\System32\drivers\umbus.sys.dump
[2013-10-03 11:58:33 | 000,074,752 | ---- | M] () -- C:\Windows\System32\drivers\tdx.sys.dump
[2013-10-03 11:58:33 | 000,053,120 | ---- | M] () -- C:\Windows\System32\drivers\termdd.sys.dump
[2013-10-03 11:58:33 | 000,049,664 | ---- | M] () -- C:\Windows\System32\drivers\TsUsbFlt.sys.dump
[2013-10-03 11:58:33 | 000,031,232 | ---- | M] () -- C:\Windows\System32\drivers\tssecsrv.sys.dump
[2013-10-03 11:58:33 | 000,024,576 | ---- | M] () -- C:\Windows\System32\drivers\tdtcp.sys.dump
[2013-10-03 11:58:32 | 001,293,760 | ---- | M] () -- C:\Windows\System32\drivers\tcpip.sys.dump
[2013-10-03 11:58:32 | 000,035,328 | ---- | M] () -- C:\Windows\System32\drivers\tcpipreg.sys.dump
[2013-10-03 11:58:32 | 000,021,504 | ---- | M] () -- C:\Windows\System32\drivers\tdi.sys.dump
[2013-10-03 11:58:32 | 000,018,432 | ---- | M] () -- C:\Windows\System32\drivers\tdpipe.sys.dump
[2013-10-03 11:58:31 | 000,035,592 | ---- | M] () -- C:\Windows\System32\drivers\taphss6.sys.dump
[2013-10-03 11:58:31 | 000,032,768 | ---- | M] () -- C:\Windows\System32\drivers\taphss.sys.dump
[2013-10-03 11:58:31 | 000,024,576 | ---- | M] () -- C:\Windows\System32\drivers\tape.sys.dump
[2013-10-03 11:58:31 | 000,012,240 | ---- | M] () -- C:\Windows\System32\drivers\swenum.sys.dump
[2013-10-03 11:58:30 | 000,148,864 | ---- | M] () -- C:\Windows\System32\drivers\storport.sys.dump
[2013-10-03 11:58:30 | 000,053,632 | ---- | M] () -- C:\Windows\System32\drivers\stream.sys.dump
[2013-10-03 11:58:30 | 000,028,032 | ---- | M] () -- C:\Windows\System32\drivers\storvsc.sys.dump
[2013-10-03 11:58:29 | 000,310,272 | ---- | M] () -- C:\Windows\System32\drivers\srv2.sys.dump
[2013-10-03 11:58:29 | 000,181,912 | ---- | M] () -- C:\Windows\System32\drivers\ssudmdm.sys.dump
[2013-10-03 11:58:29 | 000,114,688 | ---- | M] () -- C:\Windows\System32\drivers\srvnet.sys.dump
[2013-10-03 11:58:29 | 000,083,864 | ---- | M] () -- C:\Windows\System32\drivers\ssudbus.sys.dump
[2013-10-03 11:58:28 | 000,405,504 | ---- | M] () -- C:\Windows\System32\drivers\spsys.sys.dump
[2013-10-03 11:58:28 | 000,311,808 | ---- | M] () -- C:\Windows\System32\drivers\srv.sys.dump
[2013-10-03 11:58:28 | 000,032,768 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys.dump
[2013-10-03 11:58:28 | 000,017,472 | ---- | M] () -- C:\Windows\System32\drivers\spldr.sys.dump
[2013-10-03 11:58:27 | 000,071,168 | ---- | M] () -- C:\Windows\System32\drivers\smb.sys.dump
[2013-10-03 11:58:27 | 000,017,408 | ---- | M] () -- C:\Windows\System32\drivers\smclib.sys.dump
[2013-10-03 11:58:27 | 000,015,672 | ---- | M] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys.dump
[2013-10-03 11:58:26 | 000,019,968 | ---- | M] () -- C:\Windows\System32\drivers\sermouse.sys.dump
[2013-10-03 11:58:26 | 000,013,824 | ---- | M] () -- C:\Windows\System32\drivers\sfloppy.sys.dump
[2013-10-03 11:58:26 | 000,012,800 | ---- | M] () -- C:\Windows\System32\drivers\sffp_sd.sys.dump
[2013-10-03 11:58:26 | 000,012,288 | ---- | M] () -- C:\Windows\System32\drivers\sffp_mmc.sys.dump
[2013-10-03 11:58:26 | 000,011,264 | ---- | M] () -- C:\Windows\System32\drivers\sffdisk.sys.dump
[2013-10-03 11:58:25 | 000,084,992 | ---- | M] () -- C:\Windows\System32\drivers\sdbus.sys.dump
[2013-10-03 11:58:25 | 000,083,456 | ---- | M] () -- C:\Windows\System32\drivers\serial.sys.dump
[2013-10-03 11:58:25 | 000,017,920 | ---- | M] () -- C:\Windows\System32\drivers\serenum.sys.dump
[2013-10-03 11:58:24 | 000,140,160 | ---- | M] () -- C:\Windows\System32\drivers\scsiport.sys.dump
[2013-10-03 11:58:24 | 000,085,376 | ---- | M] () -- C:\Windows\System32\drivers\sbp2port.sys.dump
[2013-10-03 11:58:24 | 000,026,624 | ---- | M] () -- C:\Windows\System32\drivers\scfilter.sys.dump
[2013-10-03 11:58:23 | 000,117,760 | ---- | M] () -- C:\Windows\System32\drivers\rmcast.sys.dump
[2013-10-03 11:58:23 | 000,060,928 | ---- | M] () -- C:\Windows\System32\drivers\rspndr.sys.dump
[2013-10-03 11:58:23 | 000,033,280 | ---- | M] () -- C:\Windows\System32\drivers\RNDISMP.sys.dump
[2013-10-03 11:58:23 | 000,008,192 | ---- | M] () -- C:\Windows\System32\drivers\rootmdm.sys.dump
[2013-10-03 11:58:22 | 000,183,808 | ---- | M] () -- C:\Windows\System32\drivers\rdpwd.sys.dump
[2013-10-03 11:58:22 | 000,173,440 | ---- | M] () -- C:\Windows\System32\drivers\rdyboost.sys.dump
[2013-10-03 11:58:22 | 000,129,536 | ---- | M] () -- C:\Windows\System32\drivers\rfcomm.sys.dump
[2013-10-03 11:58:22 | 000,014,848 | ---- | M] () -- C:\Windows\System32\drivers\rdpvideominiport.sys.dump
[2013-10-03 11:58:21 | 000,242,688 | ---- | M] () -- C:\Windows\System32\drivers\rdbss.sys.dump
[2013-10-03 11:58:21 | 000,133,632 | ---- | M] () -- C:\Windows\System32\drivers\rdpdr.sys.dump
[2013-10-03 11:58:21 | 000,018,944 | ---- | M] () -- C:\Windows\System32\drivers\rdpbus.sys.dump
[2013-10-03 11:58:21 | 000,007,168 | ---- | M] () -- C:\Windows\System32\drivers\RDPREFMP.sys.dump
[2013-10-03 11:58:21 | 000,006,656 | ---- | M] () -- C:\Windows\System32\drivers\RDPENCDD.sys.dump
[2013-10-03 11:58:21 | 000,006,656 | ---- | M] () -- C:\Windows\System32\drivers\RDPCDD.sys.dump
[2013-10-03 11:58:20 | 000,078,848 | ---- | M] () -- C:\Windows\System32\drivers\rasl2tp.sys.dump
[2013-10-03 11:58:20 | 000,077,824 | ---- | M] () -- C:\Windows\System32\drivers\raspppoe.sys.dump
[2013-10-03 11:58:20 | 000,075,264 | ---- | M] () -- C:\Windows\System32\drivers\rassstp.sys.dump
[2013-10-03 11:58:20 | 000,073,728 | ---- | M] () -- C:\Windows\System32\drivers\raspptp.sys.dump
[2013-10-03 11:58:20 | 000,011,776 | ---- | M] () -- C:\Windows\System32\drivers\rasacd.sys.dump
[2013-10-03 11:58:19 | 000,031,744 | ---- | M] () -- C:\Windows\System32\drivers\qwavedrv.sys.dump
[2013-10-03 11:58:18 | 000,586,752 | ---- | M] () -- C:\Windows\System32\drivers\PEAuth.sys.dump
[2013-10-03 11:58:18 | 000,177,152 | ---- | M] () -- C:\Windows\System32\drivers\portcls.sys.dump
[2013-10-03 11:58:18 | 000,052,224 | ---- | M] () -- C:\Windows\System32\drivers\processr.sys.dump
[2013-10-03 11:58:18 | 000,015,544 | ---- | M] () -- C:\Windows\System32\drivers\psi_mf.sys.dump
[2013-10-03 11:58:17 | 000,180,288 | ---- | M] () -- C:\Windows\System32\drivers\pcmcia.sys.dump
[2013-10-03 11:58:17 | 000,043,088 | ---- | M] () -- C:\Windows\System32\drivers\pcw.sys.dump
[2013-10-03 11:58:17 | 000,042,560 | ---- | M] () -- C:\Windows\System32\drivers\pciidex.sys.dump
[2013-10-03 11:58:17 | 000,012,368 | ---- | M] () -- C:\Windows\System32\drivers\pciide.sys.dump
[2013-10-03 11:58:16 | 000,153,984 | ---- | M] () -- C:\Windows\System32\drivers\pci.sys.dump
[2013-10-03 11:58:16 | 000,104,448 | ---- | M] () -- C:\Windows\System32\drivers\pacer.sys.dump
[2013-10-03 11:58:16 | 000,079,360 | ---- | M] () -- C:\Windows\System32\drivers\parport.sys.dump
[2013-10-03 11:58:16 | 000,062,464 | ---- | M] () -- C:\Windows\System32\drivers\ohci1394.sys.dump
[2013-10-03 11:58:16 | 000,056,176 | ---- | M] () -- C:\Windows\System32\drivers\partmgr.sys.dump
[2013-10-03 11:58:16 | 000,008,704 | ---- | M] () -- C:\Windows\System32\drivers\parvdm.sys.dump
[2013-10-03 11:58:15 | 000,267,264 | ---- | M] () -- C:\Windows\System32\drivers\nwifi.sys.dump
[2013-10-03 11:58:15 | 000,105,024 | ---- | M] () -- C:\Windows\System32\drivers\NV_AGP.SYS.dump
[2013-10-03 11:58:14 | 001,211,752 | ---- | M] () -- C:\Windows\System32\drivers\ntfs.sys.dump
[2013-10-03 11:58:14 | 000,035,328 | ---- | M] () -- C:\Windows\System32\drivers\npfs.sys.dump
[2013-10-03 11:58:14 | 000,016,896 | ---- | M] () -- C:\Windows\System32\drivers\nsiproxy.sys.dump
[2013-10-03 11:58:14 | 000,004,608 | ---- | M] () -- C:\Windows\System32\drivers\null.sys.dump
[2013-10-03 11:58:13 | 000,240,496 | ---- | M] () -- C:\Windows\System32\drivers\netio.sys.dump
[2013-10-03 11:58:13 | 000,187,904 | ---- | M] () -- C:\Windows\System32\drivers\netbt.sys.dump
[2013-10-03 11:58:13 | 000,048,640 | ---- | M] () -- C:\Windows\System32\drivers\ndproxy.sys.dump
[2013-10-03 11:58:13 | 000,036,352 | ---- | M] () -- C:\Windows\System32\drivers\netbios.sys.dump
[2013-10-03 11:58:12 | 000,118,784 | ---- | M] () -- C:\Windows\System32\drivers\ndiswan.sys.dump
[2013-10-03 11:58:12 | 000,046,080 | ---- | M] () -- C:\Windows\System32\drivers\ndisuio.sys.dump
[2013-10-03 11:58:12 | 000,027,136 | ---- | M] () -- C:\Windows\System32\drivers\ndiscap.sys.dump
[2013-10-03 11:58:12 | 000,020,992 | ---- | M] () -- C:\Windows\System32\drivers\ndistapi.sys.dump
[2013-10-03 11:58:11 | 000,712,048 | ---- | M] () -- C:\Windows\System32\drivers\ndis.sys.dump
[2013-10-03 11:58:11 | 000,049,728 | ---- | M] () -- C:\Windows\System32\drivers\mup.sys.dump
[2013-10-03 11:58:11 | 000,028,240 | ---- | M] () -- C:\Windows\System32\drivers\mssmbios.sys.dump
[2013-10-03 11:58:11 | 000,012,288 | ---- | M] () -- C:\Windows\System32\drivers\MTConfig.sys.dump
[2013-10-03 11:58:11 | 000,006,144 | ---- | M] () -- C:\Windows\System32\drivers\mstee.sys.dump
[2013-10-03 11:58:10 | 000,233,344 | ---- | M] () -- C:\Windows\System32\drivers\msiscsi.sys.dump
[2013-10-03 11:58:10 | 000,162,896 | ---- | M] () -- C:\Windows\System32\drivers\msrpc.sys.dump
[2013-10-03 11:58:10 | 000,008,320 | ---- | M] () -- C:\Windows\System32\drivers\mskssrv.sys.dump
[2013-10-03 11:58:10 | 000,005,888 | ---- | M] () -- C:\Windows\System32\drivers\mspclock.sys.dump
[2013-10-03 11:58:10 | 000,005,504 | ---- | M] () -- C:\Windows\System32\drivers\mspqm.sys.dump
[2013-10-03 11:58:09 | 000,116,096 | ---- | M] () -- C:\Windows\System32\drivers\msdsm.sys.dump
[2013-10-03 11:58:09 | 000,028,032 | ---- | M] () -- C:\Windows\System32\drivers\msahci.sys.dump
[2013-10-03 11:58:09 | 000,022,528 | ---- | M] () -- C:\Windows\System32\drivers\msfs.sys.dump
[2013-10-03 11:58:09 | 000,013,888 | ---- | M] () -- C:\Windows\System32\drivers\msisadrv.sys.dump
[2013-10-03 11:58:09 | 000,004,096 | ---- | M] () -- C:\Windows\System32\drivers\mshidkmdf.sys.dump
[2013-10-03 11:58:08 | 000,223,744 | ---- | M] () -- C:\Windows\System32\drivers\mrxsmb10.sys.dump
[2013-10-03 11:58:08 | 000,123,904 | ---- | M] () -- C:\Windows\System32\drivers\mrxsmb.sys.dump
[2013-10-03 11:58:08 | 000,115,712 | ---- | M] () -- C:\Windows\System32\drivers\mrxdav.sys.dump
[2013-10-03 11:58:08 | 000,096,768 | ---- | M] () -- C:\Windows\System32\drivers\mrxsmb20.sys.dump
[2013-10-03 11:58:08 | 000,060,416 | ---- | M] () -- C:\Windows\System32\drivers\mpsdrv.sys.dump
[2013-10-03 11:58:07 | 000,130,432 | ---- | M] () -- C:\Windows\System32\drivers\mpio.sys.dump
[2013-10-03 11:58:07 | 000,078,208 | ---- | M] () -- C:\Windows\System32\drivers\mountmgr.sys.dump
[2013-10-03 11:58:07 | 000,041,552 | ---- | M] () -- C:\Windows\System32\drivers\mouclass.sys.dump
[2013-10-03 11:58:07 | 000,026,112 | ---- | M] () -- C:\Windows\System32\drivers\mouhid.sys.dump
[2013-10-03 11:58:07 | 000,023,552 | ---- | M] () -- C:\Windows\System32\drivers\monitor.sys.dump
[2013-10-03 11:58:06 | 000,034,432 | ---- | M] () -- C:\Windows\System32\drivers\mcvidrv.sys.dump
[2013-10-03 11:58:06 | 000,031,744 | ---- | M] () -- C:\Windows\System32\drivers\modem.sys.dump
[2013-10-03 11:58:06 | 000,018,432 | ---- | M] () -- C:\Windows\System32\drivers\mcd.sys.dump
[2013-10-03 11:58:05 | 000,086,528 | ---- | M] () -- C:\Windows\System32\drivers\luafv.sys.dump
[2013-10-03 11:58:05 | 000,025,088 | ---- | M] () -- C:\Windows\System32\drivers\mcaudrv.sys.dump
[2013-10-03 11:58:05 | 000,022,856 | ---- | M] () -- C:\Windows\System32\drivers\mbam.sys.dump
[2013-10-03 11:58:05 | 000,021,632 | ---- | M] () -- C:\Windows\System32\drivers\ManyCam.sys.dump
[2013-10-03 11:58:05 | 000,015,896 | ---- | M] () -- C:\Windows\System32\drivers\massfilter_hs.sys.dump
[2013-10-03 11:58:04 | 000,048,128 | ---- | M] () -- C:\Windows\System32\drivers\lltdio.sys.dump
[2013-10-03 11:58:03 | 000,190,976 | ---- | M] () -- C:\Windows\System32\drivers\ks.sys.dump
[2013-10-03 11:58:03 | 000,136,560 | ---- | M] () -- C:\Windows\System32\drivers\ksecpkg.sys.dump
[2013-10-03 11:58:03 | 000,067,440 | ---- | M] () -- C:\Windows\System32\drivers\ksecdd.sys.dump
[2013-10-03 11:58:03 | 000,028,160 | ---- | M] () -- C:\Windows\System32\drivers\kbdhid.sys.dump
[2013-10-03 11:58:02 | 000,101,888 | ---- | M] () -- C:\Windows\System32\drivers\ipnat.sys.dump
[2013-10-03 11:58:02 | 000,096,768 | ---- | M] () -- C:\Windows\System32\drivers\irda.sys.dump
[2013-10-03 11:58:02 | 000,046,656 | ---- | M] () -- C:\Windows\System32\drivers\isapnp.sys.dump
[2013-10-03 11:58:02 | 000,042,576 | ---- | M] () -- C:\Windows\System32\drivers\kbdclass.sys.dump
[2013-10-03 11:58:02 | 000,013,824 | ---- | M] () -- C:\Windows\System32\drivers\irenum.sys.dump
[2013-10-03 11:58:01 | 000,065,536 | ---- | M] () -- C:\Windows\System32\drivers\IPMIDrv.sys.dump
[2013-10-03 11:58:01 | 000,058,880 | ---- | M] () -- C:\Windows\System32\drivers\ipfltdrv.sys.dump
[2013-10-03 11:58:01 | 000,053,760 | ---- | M] () -- C:\Windows\System32\drivers\intelppm.sys.dump
[2013-10-03 11:58:01 | 000,015,424 | ---- | M] () -- C:\Windows\System32\drivers\intelide.sys.dump
[2013-10-03 11:58:00 | 000,080,896 | ---- | M] () -- C:\Windows\System32\drivers\i8042prt.sys.dump
[2013-10-03 11:58:00 | 000,014,208 | ---- | M] () -- C:\Windows\System32\drivers\hwpolicy.sys.dump
[2013-10-03 11:57:59 | 000,513,536 | ---- | M] () -- C:\Windows\System32\drivers\http.sys.dump
[2013-10-03 11:57:59 | 000,035,592 | ---- | M] () -- C:\Windows\System32\drivers\hssdrv6.sys.dump
[2013-10-03 11:57:59 | 000,025,728 | ---- | M] () -- C:\Windows\System32\drivers\hidparse.sys.dump
[2013-10-03 11:57:59 | 000,024,064 | ---- | M] () -- C:\Windows\System32\drivers\hidusb.sys.dump
[2013-10-03 11:57:58 | 000,304,128 | ---- | M] () -- C:\Windows\System32\drivers\HdAudio.sys.dump
[2013-10-03 11:57:58 | 000,091,136 | ---- | M] () -- C:\Windows\System32\drivers\hidbth.sys.dump
[2013-10-03 11:57:58 | 000,055,808 | ---- | M] () -- C:\Windows\System32\drivers\hidclass.sys.dump
[2013-10-03 11:57:58 | 000,037,888 | ---- | M] () -- C:\Windows\System32\drivers\hidir.sys.dump
[2013-10-03 11:57:58 | 000,021,504 | ---- | M] () -- C:\Windows\System32\drivers\hidbatt.sys.dump
[2013-10-03 11:57:57 | 000,113,432 | ---- | M] () -- C:\Windows\System32\drivers\ghsnmea.sys.dump
[2013-10-03 11:57:57 | 000,113,432 | ---- | M] () -- C:\Windows\System32\drivers\ghsmdm.sys.dump
[2013-10-03 11:57:56 | 000,187,752 | ---- | M] () -- C:\Windows\System32\drivers\FWPKCLNT.SYS.dump
[2013-10-03 11:57:56 | 000,113,432 | ---- | M] () -- C:\Windows\System32\drivers\ghsdiag.sys.dump
[2013-10-03 11:57:56 | 000,057,936 | ---- | M] () -- C:\Windows\System32\drivers\GAGP30KX.SYS.dump
[2013-10-03 11:57:56 | 000,032,408 | ---- | M] () -- C:\Windows\System32\drivers\ghsandroid.sys.dump
[2013-10-03 11:57:55 | 000,198,208 | ---- | M] () -- C:\Windows\System32\drivers\fltMgr.sys.dump
[2013-10-03 11:57:55 | 000,196,328 | ---- | M] () -- C:\Windows\System32\drivers\fvevol.sys.dump
[2013-10-03 11:57:55 | 000,046,160 | ---- | M] () -- C:\Windows\System32\drivers\fsdepends.sys.dump
[2013-10-03 11:57:55 | 000,019,968 | ---- | M] () -- C:\Windows\System32\drivers\flpydisk.sys.dump
[2013-10-03 11:57:55 | 000,019,824 | ---- | M] () -- C:\Windows\System32\drivers\fs_rec.sys.dump
[2013-10-03 11:57:54 | 000,148,480 | ---- | M] () -- C:\Windows\System32\drivers\fastfat.sys.dump
[2013-10-03 11:57:54 | 000,142,336 | ---- | M] () -- C:\Windows\System32\drivers\exfat.sys.dump
[2013-10-03 11:57:54 | 000,058,448 | ---- | M] () -- C:\Windows\System32\drivers\fileinfo.sys.dump
[2013-10-03 11:57:54 | 000,028,160 | ---- | M] () -- C:\Windows\System32\drivers\filetrace.sys.dump
[2013-10-03 11:57:54 | 000,025,088 | ---- | M] () -- C:\Windows\System32\drivers\fdc.sys.dump
[2013-10-03 11:57:53 | 000,007,168 | ---- | M] () -- C:\Windows\System32\drivers\errdev.sys.dump
[2013-10-03 11:57:52 | 000,728,424 | ---- | M] () -- C:\Windows\System32\drivers\dxgkrnl.sys.dump
[2013-10-03 11:57:52 | 000,218,984 | ---- | M] () -- C:\Windows\System32\drivers\dxgmms1.sys.dump
[2013-10-03 11:57:52 | 000,076,288 | ---- | M] () -- C:\Windows\System32\drivers\dxg.sys.dump
[2013-10-03 11:57:51 | 000,080,896 | ---- | M] () -- C:\Windows\System32\drivers\drmk.sys.dump
[2013-10-03 11:57:51 | 000,055,584 | ---- | M] () -- C:\Windows\System32\drivers\dumpfve.sys.dump
[2013-10-03 11:57:51 | 000,026,704 | ---- | M] () -- C:\Windows\System32\drivers\Dumpata.sys.dump
[2013-10-03 11:57:51 | 000,013,312 | ---- | M] () -- C:\Windows\System32\drivers\dxapi.sys.dump
[2013-10-03 11:57:51 | 000,005,120 | ---- | M] () -- C:\Windows\System32\drivers\drmkaud.sys.dump
[2013-10-03 11:57:50 | 000,131,072 | ---- | M] () -- C:\Windows\System32\drivers\Dot4.sys.dump
[2013-10-03 11:57:50 | 000,057,424 | ---- | M] () -- C:\Windows\System32\drivers\disk.sys.dump
[2013-10-03 11:57:50 | 000,036,864 | ---- | M] () -- C:\Windows\System32\drivers\Dot4usb.sys.dump
[2013-10-03 11:57:50 | 000,027,008 | ---- | M] () -- C:\Windows\System32\drivers\Diskdump.sys.dump
[2013-10-03 11:57:50 | 000,016,384 | ---- | M] () -- C:\Windows\System32\drivers\Dot4Prt.sys.dump
[2013-10-03 11:57:49 | 000,388,096 | ---- | M] () -- C:\Windows\System32\drivers\csc.sys.dump
[2013-10-03 11:57:49 | 000,078,336 | ---- | M] () -- C:\Windows\System32\drivers\dfsc.sys.dump
[2013-10-03 11:57:49 | 000,032,256 | ---- | M] () -- C:\Windows\System32\drivers\discache.sys.dump
[2013-10-03 11:57:49 | 000,022,096 | ---- | M] () -- C:\Windows\System32\drivers\crcdisk.sys.dump
[2013-10-03 11:57:48 | 000,369,856 | ---- | M] () -- C:\Windows\System32\drivers\cng.sys.dump
[2013-10-03 11:57:48 | 000,035,408 | ---- | M] () -- C:\Windows\System32\drivers\crashdmp.sys.dump
[2013-10-03 11:57:48 | 000,031,232 | ---- | M] () -- C:\Windows\System32\drivers\CompositeBus.sys.dump
[2013-10-03 11:57:48 | 000,019,024 | ---- | M] () -- C:\Windows\System32\drivers\compbatt.sys.dump
[2013-10-03 11:57:47 | 000,140,864 | ---- | M] () -- C:\Windows\System32\drivers\Classpnp.sys.dump
[2013-10-03 11:57:47 | 000,108,544 | ---- | M] () -- C:\Windows\System32\drivers\cdrom.sys.dump
[2013-10-03 11:57:47 | 000,037,888 | ---- | M] () -- C:\Windows\System32\drivers\circlass.sys.dump
[2013-10-03 11:57:47 | 000,014,080 | ---- | M] () -- C:\Windows\System32\drivers\CmBatt.sys.dump
[2013-10-03 11:57:46 | 000,393,728 | ---- | M] () -- C:\Windows\System32\drivers\bthport.sys.dump
[2013-10-03 11:57:46 | 000,070,656 | ---- | M] () -- C:\Windows\System32\drivers\cdfs.sys.dump
[2013-10-03 11:57:46 | 000,060,416 | ---- | M] () -- C:\Windows\System32\drivers\BTHUSB.SYS.dump
[2013-10-03 11:57:45 | 000,093,696 | ---- | M] () -- C:\Windows\System32\drivers\bthpan.sys.dump
[2013-10-03 11:57:45 | 000,056,320 | ---- | M] () -- C:\Windows\System32\drivers\bthmodem.sys.dump
[2013-10-03 11:57:45 | 000,034,816 | ---- | M] () -- C:\Windows\System32\drivers\bthenum.sys.dump
[2013-10-03 11:57:44 | 000,078,336 | ---- | M] () -- C:\Windows\System32\drivers\bridge.sys.dump
[2013-10-03 11:57:43 | 000,069,632 | ---- | M] () -- C:\Windows\System32\drivers\bowser.sys.dump
[2013-10-03 11:57:43 | 000,035,328 | ---- | M] () -- C:\Windows\System32\drivers\blbdrive.sys.dump
[2013-10-03 11:57:43 | 000,006,144 | ---- | M] () -- C:\Windows\System32\drivers\beep.sys.dump
[2013-10-03 11:57:42 | 000,056,816 | ---- | M] () -- C:\Windows\System32\drivers\avgntflt.sys.dump
[2013-10-03 11:57:42 | 000,025,168 | ---- | M] () -- C:\Windows\System32\drivers\battc.sys.dump
[2013-10-03 11:57:41 | 005,342,208 | ---- | M] () -- C:\Windows\System32\drivers\atipmdag.sys.dump
[2013-10-03 11:57:40 | 000,221,696 | ---- | M] () -- C:\Windows\System32\drivers\atikmpag.sys.dump
[2013-10-03 11:57:39 | 006,380,544 | ---- | M] () -- C:\Windows\System32\drivers\atikmdag.sys.dump
[2013-10-03 11:57:38 | 002,957,312 | ---- | M] () -- C:\Windows\System32\drivers\athr.sys.dump
[2013-10-03 11:57:38 | 000,133,056 | ---- | M] () -- C:\Windows\System32\drivers\ataport.sys.dump
[2013-10-03 11:57:37 | 000,021,584 | ---- | M] () -- C:\Windows\System32\drivers\atapi.sys.dump
[2013-10-03 11:57:37 | 000,017,920 | ---- | M] () -- C:\Windows\System32\drivers\asyncmac.sys.dump
[2013-10-03 11:57:36 | 000,050,176 | ---- | M] () -- C:\Windows\System32\drivers\appid.sys.dump
[2013-10-03 11:57:36 | 000,032,408 | ---- | M] () -- C:\Windows\System32\drivers\androidusb.sys.dump
[2013-10-03 11:57:35 | 000,055,296 | ---- | M] () -- C:\Windows\System32\drivers\amdk8.sys.dump
[2013-10-03 11:57:35 | 000,052,736 | ---- | M] () -- C:\Windows\System32\drivers\amdppm.sys.dump
[2013-10-03 11:57:35 | 000,014,912 | ---- | M] () -- C:\Windows\System32\drivers\amdide.sys.dump
[2013-10-03 11:57:34 | 001,035,776 | ---- | M] () -- C:\Windows\System32\drivers\AGRSM.sys.dump
[2013-10-03 11:57:34 | 000,338,944 | ---- | M] () -- C:\Windows\System32\drivers\afd.sys.dump
[2013-10-03 11:57:34 | 000,053,312 | ---- | M] () -- C:\Windows\System32\drivers\AGP440.sys.dump
[2013-10-03 11:57:34 | 000,049,152 | ---- | M] () -- C:\Windows\System32\drivers\agilevpn.sys.dump
[2013-10-03 11:57:32 | 000,274,304 | ---- | M] () -- C:\Windows\System32\drivers\acpi.sys.dump
[2013-10-03 11:57:32 | 000,164,864 | ---- | M] () -- C:\Windows\System32\drivers\1394ohci.sys.dump
[2013-10-03 11:57:32 | 000,010,240 | ---- | M] () -- C:\Windows\System32\drivers\acpipmi.sys.dump
[2013-10-03 11:57:31 | 000,054,784 | ---- | M] () -- C:\Windows\System32\drivers\1394bus.sys.dump
[2013-10-02 23:24:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-10-02 16:00:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000UA.job
[2013-10-02 10:51:54 | 000,104,448 | -H-- | M] () -- C:\Users\User\Desktop\photothumb.db
[2013-10-02 02:52:04 | 000,141,377 | ---- | M] () -- C:\Users\User\Desktop\moi.jpg
[2013-10-02 01:00:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000Core.job
[2013-09-30 14:21:37 | 000,948,736 | ---- | M] () -- C:\Users\User\Desktop\RogueKiller.exe
[2013-09-30 14:15:01 | 001,042,066 | ---- | M] () -- C:\Users\User\Desktop\AdwCleaner.exe
[2013-09-30 12:14:23 | 000,000,115 | ---- | M] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2013-09-30 12:14:23 | 000,000,005 | ---- | M] () -- C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
[2013-09-30 11:45:34 | 000,085,522 | ---- | M] () -- C:\Users\User\Desktop\bth_Negativity_zps34d56c79.jpg
[2013-09-28 22:31:59 | 000,047,434 | ---- | M] () -- C:\Users\User\Desktop\8ff3d0265f5b9edc90b9726985e0f1a5.jpg
[2013-09-28 06:50:45 | 000,324,570 | ---- | M] () -- C:\Users\User\Desktop\football_cat_by_omarayman-d5x9lir.png
[2013-09-27 21:56:10 | 000,001,842 | ---- | M] () -- C:\Users\User\Desktop\2013-09-27 woods - Shortcut.lnk
[2013-09-27 13:44:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013-09-27 01:49:21 | 000,049,545 | ---- | M] () -- C:\Users\User\AppData\Local\WebToSave.crx
[2013-09-27 01:49:08 | 000,361,117 | ---- | M] () -- C:\Users\User\AppData\Local\newhb2.crx
[2013-09-24 15:19:27 | 005,180,768 | ---- | M] () -- C:\Users\User\Desktop\Queens Of The Stone Age - No One Knows (Lyrics) (Low).mp4
[2013-09-23 19:53:18 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013-09-23 18:45:03 | 000,002,381 | ---- | M] () -- C:\Users\User\Desktop\Advanced Uninstaller PRO 11.lnk
[2013-09-23 00:22:52 | 009,104,260 | ---- | M] () -- C:\Users\User\Desktop\Patti Smith - You Light Up My Life ( 1978).avi (Low).mp4
[2013-09-22 13:32:41 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013-09-21 16:09:46 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-09-21 16:09:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013-09-21 14:19:13 | 013,768,057 | ---- | M] () -- C:\Users\User\Desktop\WotE,playlist.mp3
[2013-09-21 13:57:06 | 002,162,793 | ---- | M] () -- C:\Users\User\Desktop\Someone Like You - [Walk off the Earth] - Adele Cover - YouTube-02-01.MP3
[2013-09-21 01:22:10 | 000,000,891 | ---- | M] () -- C:\Users\User\AppData\Local\recently-used.xbel
[2013-09-21 00:58:19 | 000,060,556 | ---- | M] () -- C:\Users\User\Desktop\pratchett.jpg
[2013-09-20 14:57:29 | 570,007,558 | ---- | M] () -- C:\Users\User\Desktop\Black Holes And Revelations Full album 1080p hd (Full HD).mp4
[2013-09-20 13:54:02 | 020,126,891 | ---- | M] () -- C:\Users\User\Desktop\Muse - City of Delusion (Official Video) (Low).mp4
[2013-09-20 01:20:07 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-09-20 01:20:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-09-18 13:37:04 | 000,694,710 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013-09-18 13:37:04 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-09-18 13:37:04 | 000,383,076 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2013-09-18 13:37:04 | 000,147,802 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013-09-18 13:37:04 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-09-18 13:37:04 | 000,119,074 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2013-09-17 14:29:19 | 000,012,904 | ---- | M] () -- C:\Users\User\Desktop\001 - Shortcut.lnk
[2013-09-16 23:11:03 | 032,250,939 | ---- | M] () -- C:\Users\User\Desktop\System of a Down - Roulette (HD).mp4
[2013-09-15 15:12:12 | 001,683,060 | ---- | M] () -- C:\Users\User\Desktop\2013-09-08 15.46.10.jpg
[2013-09-15 15:11:58 | 001,557,434 | ---- | M] () -- C:\Users\User\Desktop\2013-09-08 15.47.41.jpg
[2013-09-15 13:02:33 | 000,489,162 | ---- | M] () -- C:\Users\User\Desktop\captains log.jpg
[2013-09-15 00:13:01 | 000,001,013 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2013-09-15 00:13:01 | 000,000,989 | ---- | M] () -- C:\Users\User\Desktop\PhotoScape.lnk
[2013-09-14 18:08:10 | 000,001,134 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013-09-14 18:08:10 | 000,000,989 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Minefield.lnk
[2013-09-14 14:15:54 | 000,001,272 | ---- | M] () -- C:\Users\User\Desktop\Snipping Tool.lnk
[2013-09-14 12:36:13 | 000,001,257 | ---- | M] () -- C:\Users\Public\Desktop\Chasys Draw IES Artist.lnk
[2013-09-14 12:36:08 | 000,270,336 | ---- | M] (John Paul Chacha's Lab) -- C:\Windows\ies_Shell.dll
[2013-09-13 19:52:00 | 000,001,191 | ---- | M] () -- C:\Users\User\Desktop\Free YouTube to MP3 Converter Studio.lnk
[2013-09-13 19:48:19 | 000,001,109 | ---- | M] () -- C:\Users\User\Desktop\Free M4a to MP3 Converter.lnk
[2013-09-13 19:48:19 | 000,001,104 | ---- | M] () -- C:\Users\User\Desktop\My Music Tools.lnk
[2013-09-12 17:40:33 | 002,522,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-09-11 11:30:00 | 504,095,873 | ---- | M] () -- C:\Users\User\Desktop\Ougenweide - Eulenspiegel 1976 (Full Album Listen) (Full HD).mp4
[2013-09-10 13:31:31 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013-09-10 13:31:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013-09-10 13:31:30 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-09-10 13:31:30 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013-09-10 13:31:30 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013-09-10 13:31:30 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013-09-10 13:31:30 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013-09-10 13:31:30 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013-09-10 13:31:30 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013-09-10 13:31:30 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013-09-10 13:31:30 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013-09-10 13:31:30 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013-09-10 13:31:30 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013-09-10 13:31:30 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013-09-10 13:31:30 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013-09-10 13:31:30 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-09-10 13:31:30 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013-09-10 13:31:30 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013-09-10 13:31:30 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013-09-10 13:31:30 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013-09-10 13:31:30 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013-09-10 13:31:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013-09-10 13:31:30 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013-09-10 13:31:30 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013-09-10 13:31:30 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013-09-10 13:31:30 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013-09-10 13:31:30 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013-09-09 23:55:25 | 000,105,409 | ---- | M] () -- C:\Users\User\Desktop\vaccination scare.jpg
[2013-09-08 21:35:21 | 000,037,478 | ---- | M] () -- C:\Users\User\Desktop\pope quiz.jpg
[2013-09-08 15:46:43 | 002,165,186 | ---- | M] () -- C:\Users\User\Desktop\2013-09-08 15.46.43.jpg
[2013-09-08 01:02:58 | 000,149,563 | ---- | M] () -- C:\Users\User\Desktop\religion like internet explorer.png
[2013-09-06 08:46:20 | 000,035,505 | ---- | M] () -- C:\Users\User\Desktop\house-on-religion-600x450.jpg
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-10-02 02:52:04 | 000,141,377 | ---- | C] () -- C:\Users\User\Desktop\moi.jpg
[2013-09-30 14:26:03 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\zghsvousb.sys.dump
[2013-09-30 14:26:03 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\zghsnmea.sys.dump
[2013-09-30 14:26:03 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\zghsmdm.sys.dump
[2013-09-30 14:26:02 | 000,155,136 | ---- | C] () -- C:\Windows\System32\drivers\WUDFRd.sys.dump
[2013-09-30 14:26:02 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\zghsdiag.sys.dump
[2013-09-30 14:26:02 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\zghsat.sys.dump
[2013-09-30 14:26:02 | 000,066,560 | ---- | C] () -- C:\Windows\System32\drivers\WUDFPf.sys.dump
[2013-09-30 14:26:01 | 000,043,392 | ---- | C] () -- C:\Windows\System32\drivers\winhv.sys.dump
[2013-09-30 14:26:01 | 000,035,968 | ---- | C] () -- C:\Windows\System32\drivers\winusb.sys.dump
[2013-09-30 14:26:01 | 000,016,384 | ---- | C] () -- C:\Windows\System32\drivers\ws2ifsl.sys.dump
[2013-09-30 14:26:01 | 000,014,912 | ---- | C] () -- C:\Windows\System32\drivers\wmilib.sys.dump
[2013-09-30 14:26:01 | 000,011,264 | ---- | C] () -- C:\Windows\System32\drivers\wmiacpi.sys.dump
[2013-09-30 14:26:00 | 000,526,952 | ---- | C] () -- C:\Windows\System32\drivers\Wdf01000.sys.dump
[2013-09-30 14:26:00 | 000,047,720 | ---- | C] () -- C:\Windows\System32\drivers\WdfLdr.sys.dump
[2013-09-30 14:26:00 | 000,019,008 | ---- | C] () -- C:\Windows\System32\drivers\wimmount.sys.dump
[2013-09-30 14:26:00 | 000,009,728 | ---- | C] () -- C:\Windows\System32\drivers\wfplwf.sys.dump
[2013-09-30 14:25:59 | 000,063,488 | ---- | C] () -- C:\Windows\System32\drivers\wanarp.sys.dump
[2013-09-30 14:25:59 | 000,048,128 | ---- | C] () -- C:\Windows\System32\drivers\vwififlt.sys.dump
[2013-09-30 14:25:59 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\watchdog.sys.dump
[2013-09-30 14:25:59 | 000,021,632 | ---- | C] () -- C:\Windows\System32\drivers\wacompen.sys.dump
[2013-09-30 14:25:59 | 000,019,024 | ---- | C] () -- C:\Windows\System32\drivers\wd.sys.dump
[2013-09-30 14:25:59 | 000,014,336 | ---- | C] () -- C:\Windows\System32\drivers\vwifimp.sys.dump
[2013-09-30 14:25:58 | 000,245,632 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys.dump
[2013-09-30 14:25:58 | 000,141,904 | ---- | C] () -- C:\Windows\System32\drivers\vsmraid.sys.dump
[2013-09-30 14:25:58 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\vwifibus.sys.dump
[2013-09-30 14:25:57 | 000,297,040 | ---- | C] () -- C:\Windows\System32\drivers\volmgrx.sys.dump
[2013-09-30 14:25:57 | 000,053,120 | ---- | C] () -- C:\Windows\System32\drivers\volmgr.sys.dump
[2013-09-30 14:25:57 | 000,040,704 | ---- | C] () -- C:\Windows\System32\drivers\vmstorfl.sys.dump
[2013-09-30 14:25:57 | 000,017,920 | ---- | C] () -- C:\Windows\System32\drivers\VMBusHID.sys.dump
[2013-09-30 14:25:57 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\vms3cap.sys.dump
[2013-09-30 14:25:56 | 000,175,360 | ---- | C] () -- C:\Windows\System32\drivers\vmbus.sys.dump
[2013-09-30 14:25:56 | 000,111,616 | ---- | C] () -- C:\Windows\System32\drivers\videoprt.sys.dump
[2013-09-30 14:25:56 | 000,053,328 | ---- | C] () -- C:\Windows\System32\drivers\VIAAGP.SYS.dump
[2013-09-30 14:25:56 | 000,052,736 | ---- | C] () -- C:\Windows\System32\drivers\viac7.sys.dump
[2013-09-30 14:25:56 | 000,016,976 | ---- | C] () -- C:\Windows\System32\drivers\viaide.sys.dump
[2013-09-30 14:25:55 | 000,160,128 | ---- | C] () -- C:\Windows\System32\drivers\vhdmp.sys.dump
[2013-09-30 14:25:55 | 000,032,832 | ---- | C] () -- C:\Windows\System32\drivers\vdrvroot.sys.dump
[2013-09-30 14:25:55 | 000,026,112 | ---- | C] () -- C:\Windows\System32\drivers\vgapnp.sys.dump
[2013-09-30 14:25:55 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\vga.sys.dump
[2013-09-30 14:25:54 | 000,146,432 | ---- | C] () -- C:\Windows\System32\drivers\usbvideo.sys.dump
[2013-09-30 14:25:54 | 000,076,288 | ---- | C] () -- C:\Windows\System32\drivers\USBSTOR.SYS.dump
[2013-09-30 14:25:54 | 000,026,112 | ---- | C] () -- C:\Windows\System32\drivers\usbrpm.sys.dump
[2013-09-30 14:25:54 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\usbuhci.sys.dump
[2013-09-30 14:25:54 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\usbprint.sys.dump
[2013-09-30 14:25:53 | 000,284,672 | ---- | C] () -- C:\Windows\System32\drivers\usbport.sys.dump
[2013-09-30 14:25:53 | 000,258,560 | ---- | C] () -- C:\Windows\System32\drivers\usbhub.sys.dump
[2013-09-30 14:25:53 | 000,043,008 | ---- | C] () -- C:\Windows\System32\drivers\usbehci.sys.dump
[2013-09-30 14:25:53 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\usbohci.sys.dump
[2013-09-30 14:25:53 | 000,005,888 | ---- | C] () -- C:\Windows\System32\drivers\usbd.sys.dump
[2013-09-30 14:25:52 | 000,086,016 | ---- | C] () -- C:\Windows\System32\drivers\usbcir.sys.dump
[2013-09-30 14:25:52 | 000,075,776 | ---- | C] () -- C:\Windows\System32\drivers\usbccgp.sys.dump
[2013-09-30 14:25:52 | 000,043,520 | ---- | C] () -- C:\Windows\System32\drivers\usbaapl.sys.dump
[2013-09-30 14:25:52 | 000,025,856 | ---- | C] () -- C:\Windows\System32\drivers\USBCAMD2.sys.dump
[2013-09-30 14:25:52 | 000,025,856 | ---- | C] () -- C:\Windows\System32\drivers\USBCAMD.sys.dump
[2013-09-30 14:25:52 | 000,015,872 | ---- | C] () -- C:\Windows\System32\drivers\usb8023.sys.dump
[2013-09-30 14:25:51 | 000,246,784 | ---- | C] () -- C:\Windows\System32\drivers\udfs.sys.dump
[2013-09-30 14:25:51 | 000,057,424 | ---- | C] () -- C:\Windows\System32\drivers\ULIAGPKX.SYS.dump
[2013-09-30 14:25:51 | 000,055,888 | ---- | C] () -- C:\Windows\System32\drivers\UAGP35.SYS.dump
[2013-09-30 14:25:51 | 000,039,936 | ---- | C] () -- C:\Windows\System32\drivers\umbus.sys.dump
[2013-09-30 14:25:51 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\umpass.sys.dump
[2013-09-30 14:25:50 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\tunnel.sys.dump
[2013-09-30 14:25:50 | 000,049,664 | ---- | C] () -- C:\Windows\System32\drivers\TsUsbFlt.sys.dump
[2013-09-30 14:25:50 | 000,031,232 | ---- | C] () -- C:\Windows\System32\drivers\tssecsrv.sys.dump
[2013-09-30 14:25:49 | 000,074,752 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys.dump
[2013-09-30 14:25:49 | 000,053,120 | ---- | C] () -- C:\Windows\System32\drivers\termdd.sys.dump
[2013-09-30 14:25:49 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\tdtcp.sys.dump
[2013-09-30 14:25:49 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\tdi.sys.dump
[2013-09-30 14:25:49 | 000,018,432 | ---- | C] () -- C:\Windows\System32\drivers\tdpipe.sys.dump
[2013-09-30 14:25:48 | 001,293,760 | ---- | C] () -- C:\Windows\System32\drivers\tcpip.sys.dump
[2013-09-30 14:25:48 | 000,035,592 | ---- | C] () -- C:\Windows\System32\drivers\taphss6.sys.dump
[2013-09-30 14:25:48 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\tcpipreg.sys.dump
[2013-09-30 14:25:48 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\taphss.sys.dump
[2013-09-30 14:25:47 | 000,299,312 | ---- | C] () -- C:\Windows\System32\drivers\SynTP.sys.dump
[2013-09-30 14:25:47 | 000,053,632 | ---- | C] () -- C:\Windows\System32\drivers\stream.sys.dump
[2013-09-30 14:25:47 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\storvsc.sys.dump
[2013-09-30 14:25:47 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\tape.sys.dump
[2013-09-30 14:25:47 | 000,012,240 | ---- | C] () -- C:\Windows\System32\drivers\swenum.sys.dump
[2013-09-30 14:25:46 | 000,181,912 | ---- | C] () -- C:\Windows\System32\drivers\ssudmdm.sys.dump
[2013-09-30 14:25:46 | 000,148,864 | ---- | C] () -- C:\Windows\System32\drivers\storport.sys.dump
[2013-09-30 14:25:46 | 000,083,864 | ---- | C] () -- C:\Windows\System32\drivers\ssudbus.sys.dump
[2013-09-30 14:25:46 | 000,021,072 | ---- | C] () -- C:\Windows\System32\drivers\stexstor.sys.dump
[2013-09-30 14:25:45 | 000,311,808 | ---- | C] () -- C:\Windows\System32\drivers\srv.sys.dump
[2013-09-30 14:25:45 | 000,310,272 | ---- | C] () -- C:\Windows\System32\drivers\srv2.sys.dump
[2013-09-30 14:25:45 | 000,114,688 | ---- | C] () -- C:\Windows\System32\drivers\srvnet.sys.dump
[2013-09-30 14:25:45 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys.dump
[2013-09-30 14:25:44 | 000,405,504 | ---- | C] () -- C:\Windows\System32\drivers\spsys.sys.dump
[2013-09-30 14:25:44 | 000,071,168 | ---- | C] () -- C:\Windows\System32\drivers\smb.sys.dump
[2013-09-30 14:25:44 | 000,017,472 | ---- | C] () -- C:\Windows\System32\drivers\spldr.sys.dump
[2013-09-30 14:25:44 | 000,017,408 | ---- | C] () -- C:\Windows\System32\drivers\smclib.sys.dump
[2013-09-30 14:25:44 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys.dump
[2013-09-30 14:25:43 | 000,077,888 | ---- | C] () -- C:\Windows\System32\drivers\sisraid4.sys.dump
[2013-09-30 14:25:43 | 000,052,304 | ---- | C] () -- C:\Windows\System32\drivers\SISAGP.SYS.dump
[2013-09-30 14:25:43 | 000,040,016 | ---- | C] () -- C:\Windows\System32\drivers\sisraid2.sys.dump
[2013-09-30 14:25:43 | 000,013,824 | ---- | C] () -- C:\Windows\System32\drivers\sfloppy.sys.dump
[2013-09-30 14:25:43 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\sffp_sd.sys.dump
[2013-09-30 14:25:43 | 000,012,288 | ---- | C] () -- C:\Windows\System32\drivers\sffp_mmc.sys.dump
[2013-09-30 14:25:42 | 000,083,456 | ---- | C] () -- C:\Windows\System32\drivers\serial.sys.dump
[2013-09-30 14:25:42 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\secdrv.sys.dump
[2013-09-30 14:25:42 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\sermouse.sys.dump
[2013-09-30 14:25:42 | 000,017,920 | ---- | C] () -- C:\Windows\System32\drivers\serenum.sys.dump
[2013-09-30 14:25:42 | 000,011,264 | ---- | C] () -- C:\Windows\System32\drivers\sffdisk.sys.dump
[2013-09-30 14:25:41 | 000,140,160 | ---- | C] () -- C:\Windows\System32\drivers\scsiport.sys.dump
[2013-09-30 14:25:41 | 000,085,376 | ---- | C] () -- C:\Windows\System32\drivers\sbp2port.sys.dump
[2013-09-30 14:25:41 | 000,084,992 | ---- | C] () -- C:\Windows\System32\drivers\sdbus.sys.dump
[2013-09-30 14:25:41 | 000,026,624 | ---- | C] () -- C:\Windows\System32\drivers\scfilter.sys.dump
[2013-09-30 14:25:40 | 000,394,856 | ---- | C] () -- C:\Windows\System32\drivers\Rt86win7.sys.dump
[2013-09-30 14:25:40 | 000,117,760 | ---- | C] () -- C:\Windows\System32\drivers\rmcast.sys.dump
[2013-09-30 14:25:40 | 000,060,928 | ---- | C] () -- C:\Windows\System32\drivers\rspndr.sys.dump
[2013-09-30 14:25:40 | 000,033,280 | ---- | C] () -- C:\Windows\System32\drivers\RNDISMP.sys.dump
[2013-09-30 14:25:40 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\rootmdm.sys.dump
[2013-09-30 14:25:39 | 000,183,808 | ---- | C] () -- C:\Windows\System32\drivers\rdpwd.sys.dump
[2013-09-30 14:25:39 | 000,173,440 | ---- | C] () -- C:\Windows\System32\drivers\rdyboost.sys.dump
[2013-09-30 14:25:39 | 000,129,536 | ---- | C] () -- C:\Windows\System32\drivers\rfcomm.sys.dump
[2013-09-30 14:25:39 | 000,027,136 | ---- | C] () -- C:\Windows\System32\drivers\RimSerial.sys.dump
[2013-09-30 14:25:38 | 000,133,632 | ---- | C] () -- C:\Windows\System32\drivers\rdpdr.sys.dump
[2013-09-30 14:25:38 | 000,018,944 | ---- | C] () -- C:\Windows\System32\drivers\rdpbus.sys.dump
[2013-09-30 14:25:38 | 000,014,848 | ---- | C] () -- C:\Windows\System32\drivers\rdpvideominiport.sys.dump
[2013-09-30 14:25:38 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\RDPREFMP.sys.dump
[2013-09-30 14:25:38 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\RDPENCDD.sys.dump
[2013-09-30 14:25:38 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\RDPCDD.sys.dump
[2013-09-30 14:25:37 | 000,242,688 | ---- | C] () -- C:\Windows\System32\drivers\rdbss.sys.dump
[2013-09-30 14:25:37 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\raspppoe.sys.dump
[2013-09-30 14:25:37 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\rassstp.sys.dump
[2013-09-30 14:25:37 | 000,073,728 | ---- | C] () -- C:\Windows\System32\drivers\raspptp.sys.dump
[2013-09-30 14:25:36 | 001,383,488 | ---- | C] () -- C:\Windows\System32\drivers\ql2300.sys.dump
[2013-09-30 14:25:36 | 000,106,064 | ---- | C] () -- C:\Windows\System32\drivers\ql40xx.sys.dump
[2013-09-30 14:25:36 | 000,078,848 | ---- | C] () -- C:\Windows\System32\drivers\rasl2tp.sys.dump
[2013-09-30 14:25:36 | 000,031,744 | ---- | C] () -- C:\Windows\System32\drivers\qwavedrv.sys.dump
[2013-09-30 14:25:36 | 000,011,776 | ---- | C] () -- C:\Windows\System32\drivers\rasacd.sys.dump
[2013-09-30 14:25:35 | 000,586,752 | ---- | C] () -- C:\Windows\System32\drivers\PEAuth.sys.dump
[2013-09-30 14:25:35 | 000,177,152 | ---- | C] () -- C:\Windows\System32\drivers\portcls.sys.dump
[2013-09-30 14:25:35 | 000,052,224 | ---- | C] () -- C:\Windows\System32\drivers\processr.sys.dump
[2013-09-30 14:25:35 | 000,015,544 | ---- | C] () -- C:\Windows\System32\drivers\psi_mf.sys.dump
[2013-09-30 14:25:34 | 000,180,288 | ---- | C] () -- C:\Windows\System32\drivers\pcmcia.sys.dump
[2013-09-30 14:25:34 | 000,043,088 | ---- | C] () -- C:\Windows\System32\drivers\pcw.sys.dump
[2013-09-30 14:25:34 | 000,042,560 | ---- | C] () -- C:\Windows\System32\drivers\pciidex.sys.dump
[2013-09-30 14:25:34 | 000,012,368 | ---- | C] () -- C:\Windows\System32\drivers\pciide.sys.dump
[2013-09-30 14:25:33 | 000,153,984 | ---- | C] () -- C:\Windows\System32\drivers\pci.sys.dump
[2013-09-30 14:25:33 | 000,104,448 | ---- | C] () -- C:\Windows\System32\drivers\pacer.sys.dump
[2013-09-30 14:25:33 | 000,079,360 | ---- | C] () -- C:\Windows\System32\drivers\parport.sys.dump
[2013-09-30 14:25:33 | 000,056,176 | ---- | C] () -- C:\Windows\System32\drivers\partmgr.sys.dump
[2013-09-30 14:25:33 | 000,008,704 | ---- | C] () -- C:\Windows\System32\drivers\parvdm.sys.dump
[2013-09-30 14:25:32 | 000,267,264 | ---- | C] () -- C:\Windows\System32\drivers\nwifi.sys.dump
[2013-09-30 14:25:32 | 000,143,744 | ---- | C] () -- C:\Windows\System32\drivers\nvstor.sys.dump
[2013-09-30 14:25:32 | 000,105,024 | ---- | C] () -- C:\Windows\System32\drivers\NV_AGP.SYS.dump
[2013-09-30 14:25:32 | 000,062,464 | ---- | C] () -- C:\Windows\System32\drivers\ohci1394.sys.dump
[2013-09-30 14:25:31 | 001,211,752 | ---- | C] () -- C:\Windows\System32\drivers\ntfs.sys.dump
[2013-09-30 14:25:31 | 000,117,120 | ---- | C] () -- C:\Windows\System32\drivers\nvraid.sys.dump
[2013-09-30 14:25:31 | 000,016,896 | ---- | C] () -- C:\Windows\System32\drivers\nsiproxy.sys.dump
[2013-09-30 14:25:31 | 000,004,608 | ---- | C] () -- C:\Windows\System32\drivers\null.sys.dump
[2013-09-30 14:25:30 | 000,240,496 | ---- | C] () -- C:\Windows\System32\drivers\netio.sys.dump
[2013-09-30 14:25:30 | 000,187,904 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys.dump
[2013-09-30 14:25:30 | 000,044,624 | ---- | C] () -- C:\Windows\System32\drivers\nfrd960.sys.dump
[2013-09-30 14:25:30 | 000,036,352 | ---- | C] () -- C:\Windows\System32\drivers\netbios.sys.dump
[2013-09-30 14:25:30 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\npfs.sys.dump
[2013-09-30 14:25:29 | 000,118,784 | ---- | C] () -- C:\Windows\System32\drivers\ndiswan.sys.dump
[2013-09-30 14:25:29 | 000,048,640 | ---- | C] () -- C:\Windows\System32\drivers\ndproxy.sys.dump
[2013-09-30 14:25:29 | 000,046,080 | ---- | C] () -- C:\Windows\System32\drivers\ndisuio.sys.dump
[2013-09-30 14:25:29 | 000,020,992 | ---- | C] () -- C:\Windows\System32\drivers\ndistapi.sys.dump
[2013-09-30 14:25:28 | 000,712,048 | ---- | C] () -- C:\Windows\System32\drivers\ndis.sys.dump
[2013-09-30 14:25:28 | 000,049,728 | ---- | C] () -- C:\Windows\System32\drivers\mup.sys.dump
[2013-09-30 14:25:28 | 000,028,240 | ---- | C] () -- C:\Windows\System32\drivers\mssmbios.sys.dump
[2013-09-30 14:25:28 | 000,027,136 | ---- | C] () -- C:\Windows\System32\drivers\ndiscap.sys.dump
[2013-09-30 14:25:28 | 000,012,288 | ---- | C] () -- C:\Windows\System32\drivers\MTConfig.sys.dump
[2013-09-30 14:25:28 | 000,006,144 | ---- | C] () -- C:\Windows\System32\drivers\mstee.sys.dump
[2013-09-30 14:25:27 | 000,162,896 | ---- | C] () -- C:\Windows\System32\drivers\msrpc.sys.dump
[2013-09-30 14:25:27 | 000,005,888 | ---- | C] () -- C:\Windows\System32\drivers\mspclock.sys.dump
[2013-09-30 14:25:27 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\mspqm.sys.dump
[2013-09-30 14:25:26 | 000,233,344 | ---- | C] () -- C:\Windows\System32\drivers\msiscsi.sys.dump
[2013-09-30 14:25:26 | 000,022,528 | ---- | C] () -- C:\Windows\System32\drivers\msfs.sys.dump
[2013-09-30 14:25:26 | 000,013,888 | ---- | C] () -- C:\Windows\System32\drivers\msisadrv.sys.dump
[2013-09-30 14:25:26 | 000,008,320 | ---- | C] () -- C:\Windows\System32\drivers\mskssrv.sys.dump
[2013-09-30 14:25:26 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\mshidkmdf.sys.dump
[2013-09-30 14:25:25 | 000,223,744 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb10.sys.dump
[2013-09-30 14:25:25 | 000,123,904 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb.sys.dump
[2013-09-30 14:25:25 | 000,116,096 | ---- | C] () -- C:\Windows\System32\drivers\msdsm.sys.dump
[2013-09-30 14:25:25 | 000,096,768 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb20.sys.dump
[2013-09-30 14:25:25 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\msahci.sys.dump
[2013-09-30 14:25:24 | 000,130,432 | ---- | C] () -- C:\Windows\System32\drivers\mpio.sys.dump
[2013-09-30 14:25:24 | 000,115,712 | ---- | C] () -- C:\Windows\System32\drivers\mrxdav.sys.dump
[2013-09-30 14:25:24 | 000,078,208 | ---- | C] () -- C:\Windows\System32\drivers\mountmgr.sys.dump
[2013-09-30 14:25:24 | 000,060,416 | ---- | C] () -- C:\Windows\System32\drivers\mpsdrv.sys.dump
[2013-09-30 14:25:23 | 000,041,552 | ---- | C] () -- C:\Windows\System32\drivers\mouclass.sys.dump
[2013-09-30 14:25:23 | 000,031,744 | ---- | C] () -- C:\Windows\System32\drivers\modem.sys.dump
[2013-09-30 14:25:23 | 000,026,112 | ---- | C] () -- C:\Windows\System32\drivers\mouhid.sys.dump
[2013-09-30 14:25:23 | 000,023,552 | ---- | C] () -- C:\Windows\System32\drivers\monitor.sys.dump
[2013-09-30 14:25:22 | 000,235,584 | ---- | C] () -- C:\Windows\System32\drivers\MegaSR.sys.dump
[2013-09-30 14:25:22 | 000,034,432 | ---- | C] () -- C:\Windows\System32\drivers\mcvidrv.sys.dump
[2013-09-30 14:25:22 | 000,030,800 | ---- | C] () -- C:\Windows\System32\drivers\megasas.sys.dump
[2013-09-30 14:25:22 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\mcaudrv.sys.dump
[2013-09-30 14:25:22 | 000,018,432 | ---- | C] () -- C:\Windows\System32\drivers\mcd.sys.dump
[2013-09-30 14:25:21 | 000,086,528 | ---- | C] () -- C:\Windows\System32\drivers\luafv.sys.dump
[2013-09-30 14:25:21 | 000,022,856 | ---- | C] () -- C:\Windows\System32\drivers\mbam.sys.dump
[2013-09-30 14:25:21 | 000,021,632 | ---- | C] () -- C:\Windows\System32\drivers\ManyCam.sys.dump
[2013-09-30 14:25:21 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\massfilter_hs.sys.dump
[2013-09-30 14:25:20 | 000,096,848 | ---- | C] () -- C:\Windows\System32\drivers\lsi_scsi.sys.dump
[2013-09-30 14:25:20 | 000,095,824 | ---- | C] () -- C:\Windows\System32\drivers\lsi_fc.sys.dump
[2013-09-30 14:25:20 | 000,089,168 | ---- | C] () -- C:\Windows\System32\drivers\lsi_sas.sys.dump
[2013-09-30 14:25:20 | 000,054,864 | ---- | C] () -- C:\Windows\System32\drivers\lsi_sas2.sys.dump
[2013-09-30 14:25:20 | 000,048,128 | ---- | C] () -- C:\Windows\System32\drivers\lltdio.sys.dump
[2013-09-30 14:25:19 | 000,190,976 | ---- | C] () -- C:\Windows\System32\drivers\ks.sys.dump
[2013-09-30 14:25:19 | 000,136,560 | ---- | C] () -- C:\Windows\System32\drivers\ksecpkg.sys.dump
[2013-09-30 14:25:19 | 000,067,440 | ---- | C] () -- C:\Windows\System32\drivers\ksecdd.sys.dump
[2013-09-30 14:25:19 | 000,042,576 | ---- | C] () -- C:\Windows\System32\drivers\kbdclass.sys.dump
[2013-09-30 14:25:19 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\kbdhid.sys.dump
[2013-09-30 14:25:18 | 000,101,888 | ---- | C] () -- C:\Windows\System32\drivers\ipnat.sys.dump
[2013-09-30 14:25:18 | 000,096,768 | ---- | C] () -- C:\Windows\System32\drivers\irda.sys.dump
[2013-09-30 14:25:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\drivers\IPMIDrv.sys.dump
[2013-09-30 14:25:18 | 000,046,656 | ---- | C] () -- C:\Windows\System32\drivers\isapnp.sys.dump
[2013-09-30 14:25:18 | 000,013,824 | ---- | C] () -- C:\Windows\System32\drivers\irenum.sys.dump
[2013-09-30 14:25:17 | 000,332,160 | ---- | C] () -- C:\Windows\System32\drivers\iaStorV.sys.dump
[2013-09-30 14:25:17 | 000,058,880 | ---- | C] () -- C:\Windows\System32\drivers\ipfltdrv.sys.dump
[2013-09-30 14:25:17 | 000,053,760 | ---- | C] () -- C:\Windows\System32\drivers\intelppm.sys.dump
[2013-09-30 14:25:17 | 000,041,040 | ---- | C] () -- C:\Windows\System32\drivers\iirsp.sys.dump
[2013-09-30 14:25:17 | 000,015,424 | ---- | C] () -- C:\Windows\System32\drivers\intelide.sys.dump
[2013-09-30 14:25:16 | 000,513,536 | ---- | C] () -- C:\Windows\System32\drivers\http.sys.dump
[2013-09-30 14:25:16 | 000,080,896 | ---- | C] () -- C:\Windows\System32\drivers\i8042prt.sys.dump
[2013-09-30 14:25:16 | 000,014,208 | ---- | C] () -- C:\Windows\System32\drivers\hwpolicy.sys.dump
[2013-09-30 14:25:15 | 000,067,152 | ---- | C] () -- C:\Windows\System32\drivers\HpSAMD.sys.dump
[2013-09-30 14:25:15 | 000,037,888 | ---- | C] () -- C:\Windows\System32\drivers\hidir.sys.dump
[2013-09-30 14:25:15 | 000,035,592 | ---- | C] () -- C:\Windows\System32\drivers\hssdrv6.sys.dump
[2013-09-30 14:25:15 | 000,025,728 | ---- | C] () -- C:\Windows\System32\drivers\hidparse.sys.dump
[2013-09-30 14:25:15 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\hidusb.sys.dump
[2013-09-30 14:25:14 | 000,304,128 | ---- | C] () -- C:\Windows\System32\drivers\HdAudio.sys.dump
[2013-09-30 14:25:14 | 000,091,136 | ---- | C] () -- C:\Windows\System32\drivers\hidbth.sys.dump
[2013-09-30 14:25:14 | 000,055,808 | ---- | C] () -- C:\Windows\System32\drivers\hidclass.sys.dump
[2013-09-30 14:25:14 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\hidbatt.sys.dump
[2013-09-30 14:25:13 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\ghsnmea.sys.dump
[2013-09-30 14:25:13 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\hdaudbus.sys.dump
[2013-09-30 14:25:13 | 000,026,624 | ---- | C] () -- C:\Windows\System32\drivers\hcw85cir.sys.dump
[2013-09-30 14:25:12 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\ghsmdm.sys.dump
[2013-09-30 14:25:12 | 000,113,432 | ---- | C] () -- C:\Windows\System32\drivers\ghsdiag.sys.dump
[2013-09-30 14:25:12 | 000,057,936 | ---- | C] () -- C:\Windows\System32\drivers\GAGP30KX.SYS.dump
[2013-09-30 14:25:12 | 000,032,408 | ---- | C] () -- C:\Windows\System32\drivers\ghsandroid.sys.dump
[2013-09-30 14:25:12 | 000,026,600 | ---- | C] () -- C:\Windows\System32\drivers\GEARAspiWDM.sys.dump
[2013-09-30 14:25:11 | 000,196,328 | ---- | C] () -- C:\Windows\System32\drivers\fvevol.sys.dump
[2013-09-30 14:25:11 | 000,187,752 | ---- | C] () -- C:\Windows\System32\drivers\FWPKCLNT.SYS.dump
[2013-09-30 14:25:11 | 000,046,160 | ---- | C] () -- C:\Windows\System32\drivers\fsdepends.sys.dump
[2013-09-30 14:25:11 | 000,019,824 | ---- | C] () -- C:\Windows\System32\drivers\fs_rec.sys.dump
[2013-09-30 14:25:10 | 000,198,208 | ---- | C] () -- C:\Windows\System32\drivers\fltMgr.sys.dump
[2013-09-30 14:25:10 | 000,058,448 | ---- | C] () -- C:\Windows\System32\drivers\fileinfo.sys.dump
[2013-09-30 14:25:10 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\filetrace.sys.dump
[2013-09-30 14:25:10 | 000,025,088 | ---- | C] () -- C:\Windows\System32\drivers\fdc.sys.dump
[2013-09-30 14:25:10 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\flpydisk.sys.dump
[2013-09-30 14:25:09 | 003,100,160 | ---- | C] () -- C:\Windows\System32\drivers\evbdx.sys.dump
[2013-09-30 14:25:09 | 000,148,480 | ---- | C] () -- C:\Windows\System32\drivers\fastfat.sys.dump
[2013-09-30 14:25:09 | 000,142,336 | ---- | C] () -- C:\Windows\System32\drivers\exfat.sys.dump
[2013-09-30 14:25:08 | 000,453,712 | ---- | C] () -- C:\Windows\System32\drivers\elxstor.sys.dump
[2013-09-30 14:25:08 | 000,218,984 | ---- | C] () -- C:\Windows\System32\drivers\dxgmms1.sys.dump
[2013-09-30 14:25:08 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\errdev.sys.dump
[2013-09-30 14:25:07 | 000,728,424 | ---- | C] () -- C:\Windows\System32\drivers\dxgkrnl.sys.dump
[2013-09-30 14:25:07 | 000,076,288 | ---- | C] () -- C:\Windows\System32\drivers\dxg.sys.dump
[2013-09-30 14:25:07 | 000,055,584 | ---- | C] () -- C:\Windows\System32\drivers\dumpfve.sys.dump
[2013-09-30 14:25:07 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\dxapi.sys.dump
[2013-09-30 14:25:06 | 000,080,896 | ---- | C] () -- C:\Windows\System32\drivers\drmk.sys.dump
[2013-09-30 14:25:06 | 000,036,864 | ---- | C] () -- C:\Windows\System32\drivers\Dot4usb.sys.dump
[2013-09-30 14:25:06 | 000,026,704 | ---- | C] () -- C:\Windows\System32\drivers\Dumpata.sys.dump
[2013-09-30 14:25:06 | 000,016,384 | ---- | C] () -- C:\Windows\System32\drivers\Dot4Prt.sys.dump
[2013-09-30 14:25:06 | 000,005,120 | ---- | C] () -- C:\Windows\System32\drivers\drmkaud.sys.dump
[2013-09-30 14:25:05 | 000,131,072 | ---- | C] () -- C:\Windows\System32\drivers\Dot4.sys.dump
[2013-09-30 14:25:05 | 000,070,720 | ---- | C] () -- C:\Windows\System32\drivers\djsvs.sys.dump
[2013-09-30 14:25:05 | 000,057,424 | ---- | C] () -- C:\Windows\System32\drivers\disk.sys.dump
[2013-09-30 14:25:05 | 000,032,256 | ---- | C] () -- C:\Windows\System32\drivers\discache.sys.dump
[2013-09-30 14:25:05 | 000,027,008 | ---- | C] () -- C:\Windows\System32\drivers\Diskdump.sys.dump
[2013-09-30 14:25:04 | 000,388,096 | ---- | C] () -- C:\Windows\System32\drivers\csc.sys.dump
[2013-09-30 14:25:04 | 000,078,336 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys.dump
[2013-09-30 14:25:04 | 000,022,096 | ---- | C] () -- C:\Windows\System32\drivers\crcdisk.sys.dump
[2013-09-30 14:25:03 | 000,369,856 | ---- | C] () -- C:\Windows\System32\drivers\cng.sys.dump
[2013-09-30 14:25:03 | 000,035,408 | ---- | C] () -- C:\Windows\System32\drivers\crashdmp.sys.dump
[2013-09-30 14:25:03 | 000,031,232 | ---- | C] () -- C:\Windows\System32\drivers\CompositeBus.sys.dump
[2013-09-30 14:25:03 | 000,019,024 | ---- | C] () -- C:\Windows\System32\drivers\compbatt.sys.dump
[2013-09-30 14:25:02 | 000,140,864 | ---- | C] () -- C:\Windows\System32\drivers\Classpnp.sys.dump
[2013-09-30 14:25:02 | 000,037,888 | ---- | C] () -- C:\Windows\System32\drivers\circlass.sys.dump
[2013-09-30 14:25:02 | 000,015,952 | ---- | C] () -- C:\Windows\System32\drivers\cmdide.sys.dump
[2013-09-30 14:25:02 | 000,014,080 | ---- | C] () -- C:\Windows\System32\drivers\CmBatt.sys.dump
[2013-09-30 14:25:01 | 000,430,080 | ---- | C] () -- C:\Windows\System32\drivers\bxvbdx.sys.dump
[2013-09-30 14:25:01 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\cdrom.sys.dump
[2013-09-30 14:25:01 | 000,070,656 | ---- | C] () -- C:\Windows\System32\drivers\cdfs.sys.dump
[2013-09-30 14:25:00 | 000,393,728 | ---- | C] () -- C:\Windows\System32\drivers\bthport.sys.dump
[2013-09-30 14:25:00 | 000,093,696 | ---- | C] () -- C:\Windows\System32\drivers\bthpan.sys.dump
[2013-09-30 14:25:00 | 000,060,416 | ---- | C] () -- C:\Windows\System32\drivers\BTHUSB.SYS.dump
[2013-09-30 14:24:59 | 000,062,336 | ---- | C] () -- C:\Windows\System32\drivers\BrSerWdm.sys.dump
[2013-09-30 14:24:59 | 000,056,320 | ---- | C] () -- C:\Windows\System32\drivers\bthmodem.sys.dump
[2013-09-30 14:24:59 | 000,034,816 | ---- | C] () -- C:\Windows\System32\drivers\bthenum.sys.dump
[2013-09-30 14:24:59 | 000,012,160 | ---- | C] () -- C:\Windows\System32\drivers\BrUsbMdm.sys.dump
[2013-09-30 14:24:59 | 000,011,904 | ---- | C] () -- C:\Windows\System32\drivers\BrUsbSer.sys.dump
[2013-09-30 14:24:58 | 000,272,128 | ---- | C] () -- C:\Windows\System32\drivers\BrSerId.sys.dump
[2013-09-30 14:24:58 | 000,078,336 | ---- | C] () -- C:\Windows\System32\drivers\bridge.sys.dump
[2013-09-30 14:24:58 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\bowser.sys.dump
[2013-09-30 14:24:58 | 000,013,568 | ---- | C] () -- C:\Windows\System32\drivers\BrFiltLo.sys.dump
[2013-09-30 14:24:58 | 000,005,248 | ---- | C] () -- C:\Windows\System32\drivers\BrFiltUp.sys.dump
[2013-09-30 14:24:57 | 001,131,008 | ---- | C] () -- C:\Windows\System32\drivers\BCMWL6.SYS.dump
[2013-09-30 14:24:57 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\blbdrive.sys.dump
[2013-09-30 14:24:57 | 000,006,144 | ---- | C] () -- C:\Windows\System32\drivers\beep.sys.dump
[2013-09-30 14:24:56 | 000,229,888 | ---- | C] () -- C:\Windows\System32\drivers\b57nd60x.sys.dump
[2013-09-30 14:24:56 | 000,056,816 | ---- | C] () -- C:\Windows\System32\drivers\avgntflt.sys.dump
[2013-09-30 14:24:56 | 000,025,168 | ---- | C] () -- C:\Windows\System32\drivers\battc.sys.dump
[2013-09-30 14:24:55 | 005,342,208 | ---- | C] () -- C:\Windows\System32\drivers\atipmdag.sys.dump
[2013-09-30 14:24:54 | 000,221,696 | ---- | C] () -- C:\Windows\System32\drivers\atikmpag.sys.dump
[2013-09-30 14:24:53 | 006,380,544 | ---- | C] () -- C:\Windows\System32\drivers\atikmdag.sys.dump
[2013-09-30 14:24:52 | 002,957,312 | ---- | C] () -- C:\Windows\System32\drivers\athr.sys.dump
[2013-09-30 14:24:52 | 000,133,056 | ---- | C] () -- C:\Windows\System32\drivers\ataport.sys.dump
[2013-09-30 14:24:51 | 000,086,608 | ---- | C] () -- C:\Windows\System32\drivers\arcsas.sys.dump
[2013-09-30 14:24:51 | 000,076,368 | ---- | C] () -- C:\Windows\System32\drivers\arc.sys.dump
[2013-09-30 14:24:51 | 000,050,176 | ---- | C] () -- C:\Windows\System32\drivers\appid.sys.dump
[2013-09-30 14:24:51 | 000,021,584 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys.dump
[2013-09-30 14:24:51 | 000,017,920 | ---- | C] () -- C:\Windows\System32\drivers\asyncmac.sys.dump
[2013-09-30 14:24:50 | 000,159,312 | ---- | C] () -- C:\Windows\System32\drivers\amdsbs.sys.dump
[2013-09-30 14:24:50 | 000,080,256 | ---- | C] () -- C:\Windows\System32\drivers\amdsata.sys.dump
[2013-09-30 14:24:50 | 000,032,408 | ---- | C] () -- C:\Windows\System32\drivers\androidusb.sys.dump
[2013-09-30 14:24:50 | 000,022,400 | ---- | C] () -- C:\Windows\System32\drivers\amdxata.sys.dump
[2013-09-30 14:24:49 | 000,055,296 | ---- | C] () -- C:\Windows\System32\drivers\amdk8.sys.dump
[2013-09-30 14:24:49 | 000,053,312 | ---- | C] () -- C:\Windows\System32\drivers\AMDAGP.SYS.dump
[2013-09-30 14:24:49 | 000,052,736 | ---- | C] () -- C:\Windows\System32\drivers\amdppm.sys.dump
[2013-09-30 14:24:49 | 000,014,912 | ---- | C] () -- C:\Windows\System32\drivers\amdide.sys.dump
[2013-09-30 14:24:48 | 001,035,776 | ---- | C] () -- C:\Windows\System32\drivers\AGRSM.sys.dump
[2013-09-30 14:24:48 | 000,053,312 | ---- | C] () -- C:\Windows\System32\drivers\AGP440.sys.dump
[2013-09-30 14:24:48 | 000,049,152 | ---- | C] () -- C:\Windows\System32\drivers\agilevpn.sys.dump
[2013-09-30 14:24:48 | 000,014,400 | ---- | C] () -- C:\Windows\System32\drivers\aliide.sys.dump
[2013-09-30 14:24:47 | 000,338,944 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys.dump
[2013-09-30 14:24:47 | 000,297,552 | ---- | C] () -- C:\Windows\System32\drivers\adpahci.sys.dump
[2013-09-30 14:24:47 | 000,146,512 | ---- | C] () -- C:\Windows\System32\drivers\adpu320.sys.dump
[2013-09-30 14:24:46 | 000,422,976 | ---- | C] () -- C:\Windows\System32\drivers\adp94xx.sys.dump
[2013-09-30 14:24:46 | 000,274,304 | ---- | C] () -- C:\Windows\System32\drivers\acpi.sys.dump
[2013-09-30 14:24:46 | 000,164,864 | ---- | C] () -- C:\Windows\System32\drivers\1394ohci.sys.dump
[2013-09-30 14:24:46 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\acpipmi.sys.dump
[2013-09-30 14:24:45 | 000,054,784 | ---- | C] () -- C:\Windows\System32\drivers\1394bus.sys.dump
[2013-09-30 14:21:38 | 000,948,736 | ---- | C] () -- C:\Users\User\Desktop\RogueKiller.exe
[2013-09-30 14:14:59 | 001,042,066 | ---- | C] () -- C:\Users\User\Desktop\AdwCleaner.exe
[2013-09-30 11:43:47 | 000,085,522 | ---- | C] () -- C:\Users\User\Desktop\bth_Negativity_zps34d56c79.jpg
[2013-09-28 22:31:59 | 000,047,434 | ---- | C] () -- C:\Users\User\Desktop\8ff3d0265f5b9edc90b9726985e0f1a5.jpg
[2013-09-28 06:50:45 | 000,324,570 | ---- | C] () -- C:\Users\User\Desktop\football_cat_by_omarayman-d5x9lir.png
[2013-09-27 21:56:10 | 000,001,842 | ---- | C] () -- C:\Users\User\Desktop\2013-09-27 woods - Shortcut.lnk
[2013-09-27 01:49:21 | 000,049,545 | ---- | C] () -- C:\Users\User\AppData\Local\WebToSave.crx
[2013-09-27 01:49:08 | 000,361,117 | ---- | C] () -- C:\Users\User\AppData\Local\newhb2.crx
[2013-09-24 15:19:20 | 005,180,768 | ---- | C] () -- C:\Users\User\Desktop\Queens Of The Stone Age - No One Knows (Lyrics) (Low).mp4
[2013-09-23 19:53:18 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013-09-23 18:45:03 | 000,002,381 | ---- | C] () -- C:\Users\User\Desktop\Advanced Uninstaller PRO 11.lnk
[2013-09-23 18:45:03 | 000,002,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
[2013-09-23 18:45:00 | 000,042,496 | ---- | C] () -- C:\Windows\System32\AdvUninstCPL.cpl
[2013-09-23 00:22:41 | 009,104,260 | ---- | C] () -- C:\Users\User\Desktop\Patti Smith - You Light Up My Life ( 1978).avi (Low).mp4
[2013-09-21 14:19:08 | 013,768,057 | ---- | C] () -- C:\Users\User\Desktop\WotE,playlist.mp3
[2013-09-21 13:57:04 | 002,162,793 | ---- | C] () -- C:\Users\User\Desktop\Someone Like You - [Walk off the Earth] - Adele Cover - YouTube-02-01.MP3
[2013-09-21 01:22:10 | 000,000,891 | ---- | C] () -- C:\Users\User\AppData\Local\recently-used.xbel
[2013-09-21 00:58:18 | 000,060,556 | ---- | C] () -- C:\Users\User\Desktop\pratchett.jpg
[2013-09-20 13:53:09 | 020,126,891 | ---- | C] () -- C:\Users\User\Desktop\Muse - City of Delusion (Official Video) (Low).mp4
[2013-09-20 13:52:03 | 570,007,558 | ---- | C] () -- C:\Users\User\Desktop\Black Holes And Revelations Full album 1080p hd (Full HD).mp4
[2013-09-18 13:46:53 | 000,177,864 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013-09-18 13:46:52 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013-09-17 14:29:19 | 000,012,904 | ---- | C] () -- C:\Users\User\Desktop\001 - Shortcut.lnk
[2013-09-16 23:10:36 | 032,250,939 | ---- | C] () -- C:\Users\User\Desktop\System of a Down - Roulette (HD).mp4
[2013-09-14 14:15:54 | 000,001,272 | ---- | C] () -- C:\Users\User\Desktop\Snipping Tool.lnk
[2013-09-14 12:36:13 | 000,001,257 | ---- | C] () -- C:\Users\Public\Desktop\Chasys Draw IES Artist.lnk
[2013-09-13 19:52:00 | 000,001,191 | ---- | C] () -- C:\Users\User\Desktop\Free YouTube to MP3 Converter Studio.lnk
[2013-09-13 19:48:19 | 000,001,109 | ---- | C] () -- C:\Users\User\Desktop\Free M4a to MP3 Converter.lnk
[2013-09-13 19:48:19 | 000,001,104 | ---- | C] () -- C:\Users\User\Desktop\My Music Tools.lnk
[2013-09-11 11:22:55 | 504,095,873 | ---- | C] () -- C:\Users\User\Desktop\Ougenweide - Eulenspiegel 1976 (Full Album Listen) (Full HD).mp4
[2013-09-10 13:45:36 | 000,001,413 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013-09-10 13:31:30 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013-09-09 23:55:25 | 000,105,409 | ---- | C] () -- C:\Users\User\Desktop\vaccination scare.jpg
[2013-09-08 21:35:20 | 000,037,478 | ---- | C] () -- C:\Users\User\Desktop\pope quiz.jpg
[2013-09-08 17:31:53 | 002,165,186 | ---- | C] () -- C:\Users\User\Desktop\2013-09-08 15.46.43.jpg
[2013-09-08 17:31:46 | 001,683,060 | ---- | C] () -- C:\Users\User\Desktop\2013-09-08 15.46.10.jpg
[2013-09-08 17:31:45 | 001,557,434 | ---- | C] () -- C:\Users\User\Desktop\2013-09-08 15.47.41.jpg
[2013-09-08 01:02:57 | 000,149,563 | ---- | C] () -- C:\Users\User\Desktop\religion like internet explorer.png
[2013-09-07 21:45:34 | 000,104,448 | -H-- | C] () -- C:\Users\User\Desktop\photothumb.db
[2013-09-06 08:46:19 | 000,035,505 | ---- | C] () -- C:\Users\User\Desktop\house-on-religion-600x450.jpg
[2013-09-05 14:14:04 | 000,194,560 | -H-- | C] () -- C:\Users\User\Documents\photothumb.db
[2013-08-31 10:01:58 | 000,000,042 | ---- | C] () -- C:\Users\User\AppData\Roaming\mbam.context.scan
[2013-08-22 15:45:22 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2013-08-22 15:45:21 | 000,694,710 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2013-08-22 15:45:21 | 000,147,802 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2013-08-22 15:45:21 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2013-08-22 00:29:16 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2013-08-18 23:52:21 | 000,000,115 | ---- | C] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2013-08-18 23:52:21 | 000,000,005 | ---- | C] () -- C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
[2013-02-05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013-02-05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013-02-05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013-02-05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013-02-05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012-11-24 00:32:04 | 000,001,866 | ---- | C] () -- C:\Windows\wininit.ini
[2012-11-01 21:39:21 | 000,000,043 | ---- | C] () -- C:\Users\User\jagex_cl_runescape_LIVE.dat
[2012-11-01 21:39:21 | 000,000,024 | ---- | C] () -- C:\Users\User\random.dat
[2012-07-16 21:40:29 | 000,027,520 | ---- | C] () -- C:\Users\User\AppData\Local\dt.dat
[2011-12-14 21:36:20 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011-11-21 20:59:17 | 000,027,976 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
[2011-11-21 20:59:17 | 000,019,272 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
[2011-11-18 19:13:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-11-18 19:13:36 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010-12-16 19:20:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-12-16 04:44:17 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012-12-16 04:44:17 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013-10-03 12:11:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\7 Sticky Notes
[2010-10-22 03:35:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Autodesk
[2011-11-09 07:39:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BITS
[2011-10-30 21:32:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CheckPoint
[2013-10-03 12:11:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
[2013-10-01 19:52:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileAdvisor
[2010-07-27 15:38:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGet
[2010-07-27 15:38:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGetBHO
[2013-09-22 19:24:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Free YouTube to MP3 Converter Studio
[2012-11-29 17:02:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\go
[2012-08-12 19:28:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ManyCam
[2012-07-29 19:04:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Moonchild Productions
[2012-04-09 01:24:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nitro PDF
[2013-07-05 21:19:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera Software
[2013-06-29 11:02:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PhotoScape
[2011-11-09 02:03:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QFX Software
[2010-11-15 09:50:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sammsoft
[2013-04-11 16:11:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2013-03-21 17:40:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SecondLife
[2011-11-21 21:02:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SolidDocuments
[2013-10-01 23:08:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
[2011-12-16 06:24:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UpdateTemp1308534806

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 464 bytes -> C:\Users\User\Desktop\2013-09-08 15.47.41.jpg:com.dropbox.attributes
@Alternate Data Stream - 464 bytes -> C:\Users\User\Desktop\2013-09-08 15.46.43.jpg:com.dropbox.attributes
@Alternate Data Stream - 463 bytes -> C:\Users\User\Desktop\2013-09-08 15.46.10.jpg:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\User\Desktop\poppy pic.jpg:com.dropbox.attributes
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

[janji]

1.

If there are any Yellow question marks / exclamation points or Red X's let me know what device they are on

there were no "Yellow question marks / exclamation points or Red X's"

2.on the otl interface was no option for "include 64 bits scan"

3. two days ago on facebook my ex boyfriends ex girlfriend and me became friends,when we then pm'd my computer just suddenly stalled and i had to switch it off,the next day his ex hinted at something similar in one of her posts.

[janji]

done

[godawgs]

Hello,

You posted the AdwCleaner logs from Sept. 14, 2013

# AdwCleaner v3.003 - Report created 14/09/2013 at 18:08:01
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Clean

and March 10, 2013

# AdwCleaner v3.005 - Report created 03/10/2013 at 12:08:54
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Clean

Please post the AdwCleaner log from Sept. 30, 2013