Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

When I open folders on an external harddrive, the folders open in a ne


  • Please log in to reply

#16
frozenthunder

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
heres the log. It seemed to work in my harddrive (F:). But my thumbdrive (H:) still seems to have the problem. Once the problem acts up on my thumbdrive, my harddrive gets infected right after.

ComboFix 13-10-19.02 - Owner 10/21/2013 15:33:11.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.6338 [GMT 8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Application Data\wmimgmt.exe"
"c:\programdata\wmimgmt.exe"
"c:\recycler\wmimgmt.com"
"d:\recycler\wmimgmt.com"
"f:\recycler\wmimgmt.com"
"H:\AuToRUn.iNf"
"H:\AUTORUN_.INF -- [ FAT32 ]"
"h:\recycler\wmimgmt.com"
.
.
((((((((((((((((((((((((( Files Created from 2013-09-21 to 2013-10-21 )))))))))))))))))))))))))))))))
.
.
2013-10-21 07:37 . 2013-10-21 07:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-21 07:37 . 2013-10-21 07:37 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2013-10-21 07:37 . 2013-10-21 07:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-20 02:33 . 2013-10-20 03:56 -------- d-----w- c:\programdata\Autorun Eater
2013-10-20 02:33 . 2013-10-20 02:33 -------- d-----w- c:\program files (x86)\Autorun Eater
2013-10-19 03:18 . 2013-10-19 03:18 -------- d-----w- c:\programdata\Oracle
2013-10-19 03:18 . 2013-10-19 03:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-10-19 03:18 . 2013-10-07 23:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-19 02:24 . 2013-10-19 02:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-19 02:24 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-19 02:12 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A67ABD64-A703-4D61-AC86-0B39E57A7EAD}\mpengine.dll
2013-10-19 01:50 . 2013-10-19 01:50 -------- d-----w- C:\FRST
2013-10-19 01:44 . 2013-10-19 01:44 -------- d-----w- C:\_OTL
2013-10-15 03:02 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-15 03:02 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-15 03:02 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-15 03:02 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-15 03:02 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-15 03:02 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-15 03:02 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-13 00:20 . 2013-10-13 00:20 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-10-10 14:06 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 14:06 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2013-10-10 14:06 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll
2013-10-10 14:06 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll
2013-10-10 14:06 . 2013-06-06 05:49 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-10-10 14:06 . 2013-06-06 05:49 14336 ----a-w- c:\windows\system32\dciman32.dll
2013-10-10 14:06 . 2013-06-06 05:47 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-10-10 14:06 . 2013-06-06 04:57 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2013-10-10 14:06 . 2013-06-06 04:51 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-10-10 14:06 . 2013-06-06 04:50 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2013-10-10 14:06 . 2013-06-06 03:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-10-10 14:06 . 2013-06-06 03:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-10-10 14:04 . 2013-08-28 01:21 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-10 14:03 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-08 00:49 . 2013-10-19 14:46 -------- d-----w- c:\users\Owner\AppData\Local\CrashDumps
2013-09-29 13:45 . 2013-09-29 13:45 -------- d-----w- c:\programdata\Panda Security
2013-09-29 13:45 . 2013-09-29 13:45 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2013-09-26 18:37 . 2013-09-26 18:37 587040 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-09-24 14:13 . 2013-09-24 14:13 -------- d-----w- c:\users\Owner\AppData\Local\Razer
2013-09-24 14:04 . 2013-08-26 19:05 74456 ----a-w- c:\windows\system32\drivers\RzFilter.sys
2013-09-24 14:04 . 2013-08-26 19:05 128984 ----a-w- c:\windows\system32\drivers\RzDxgk.sys
2013-09-24 14:04 . 2013-09-24 14:04 -------- d-----w- c:\programdata\Razer
2013-09-24 14:04 . 2013-09-24 14:04 -------- d-----w- c:\windows\Razer Core
2013-09-24 14:04 . 2013-09-24 14:04 -------- d-----w- c:\program files (x86)\Razer
2013-09-22 19:20 . 2013-09-17 20:31 46792 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 15:09 . 2013-05-02 13:27 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-09 15:17 . 2012-04-25 22:05 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 15:17 . 2012-03-10 14:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-27 08:57 . 2012-10-11 16:34 15232424 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-09-27 08:57 . 2012-03-10 13:42 18259624 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-09-27 08:57 . 2012-03-10 13:42 1432408 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-09-27 08:57 . 2012-03-10 12:00 3052616 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-27 08:57 . 2012-03-10 12:00 2682816 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-09-27 07:45 . 2012-03-10 12:00 6641440 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-27 07:45 . 2012-03-10 12:00 3483424 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-27 07:44 . 2012-03-10 12:00 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-27 07:44 . 2012-03-10 12:00 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-27 07:44 . 2012-03-10 12:00 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-26 13:32 . 2012-03-10 13:42 3386608 ----a-w- c:\windows\system32\nvcoproc.bin
2013-09-12 08:58 . 2013-09-20 14:03 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll
2013-09-12 08:58 . 2013-09-20 14:03 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll
2013-09-03 06:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 01:48 . 2013-10-10 14:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-24 02:50 . 2013-08-24 02:50 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-08-20 13:33 . 2013-08-29 05:20 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-08-20 13:32 . 2013-08-29 05:20 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-08-20 13:32 . 2013-08-29 05:20 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-08-18 21:02 . 2013-08-29 05:32 1884448 ----a-w- c:\windows\system32\nvdispco6432680.dll
2013-08-18 21:02 . 2013-08-29 05:32 1511712 ----a-w- c:\windows\system32\nvdispgenco6432680.dll
2013-08-05 02:25 . 2013-09-11 16:53 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-11 16:53 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-11 16:53 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-11 16:53 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-11 16:53 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-11 16:53 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-11 16:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-11 16:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-11 16:53 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-11 16:53 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-11 16:53 338432 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-11 16:53 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-11 16:53 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 16:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-26 02:24 . 2013-09-11 16:51 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-07-26 02:24 . 2013-09-11 16:51 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-07-25 09:25 . 2013-08-14 14:47 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 14:47 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2011-08-02 2248704]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2013-08-06 9739056]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Steam"="c:\program files (x86)\steam\Steam.exe" [2013-10-09 1813928]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]
"Razer Comms"="c:\program files (x86)\Razer\Core\RazerCore.exe" [2013-08-26 1091264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Autorun Eater"="c:\program files (x86)\Autorun Eater\oldmcdonald.exe" [2012-02-17 522720]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-10-11 29768376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
JVExec.lnk - c:\program files (x86)\VOX\JamVOX\JVExec.exe [2009-4-15 980280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 JamVOXUSBAudioSrv;CEntrance USB Audio Driver Service for JamVOX;c:\windows\system32\drivers\jamvox.sys;c:\windows\SYSNATIVE\drivers\jamvox.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 JAMVOX_AA;Service for JamVOX Controller driver;c:\windows\system32\DRIVERS\JamDRV.sys;c:\windows\SYSNATIVE\DRIVERS\JamDRV.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 JAMVOX_01;Service for JamVOX Audio driver;c:\windows\system32\DRIVERS\JamWdm.sys;c:\windows\SYSNATIVE\DRIVERS\JamWdm.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-19 15:19 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 15:17]
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-02 12:52]
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-02 12:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JamInit"="InitJam.exe" [2009-04-14 253008]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\
FF - ExtSQL: 2013-09-01 23:36; [email protected]; c:\program files (x86)\Mozilla Firefox\browser\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3533916949-36865485-774322356-1000\¬ ë*W*]
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-21 15:38:23
ComboFix-quarantined-files.txt 2013-10-21 07:38
ComboFix2.txt 2013-10-21 03:22
.
Pre-Run: 22,451,871,744 bytes free
Post-Run: 22,378,741,760 bytes free
.
- - End Of File - - EEFCF4B41E7BA64C0E580D05621CF81F
A36C5E4F47E84449FF07ED3517B43A31
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
OK. Put your thumbdrive in and run OTL again, quickscan. Is there any data that you really need on your thumbdrive?
  • 0

#18
frozenthunder

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Ok here is the log. Nope there's nothing in my thumbdrive that I need.

OTL logfile created on: 10/22/2013 12:08:58 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.08 Gb Available Physical Memory | 63.64% Memory free
15.96 Gb Paging File | 13.06 Gb Available in Paging File | 81.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488.18 Gb Total Space | 19.93 Gb Free Space | 4.08% Space Free | Partition Type: NTFS
Drive D: | 443.23 Gb Total Space | 53.61 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 121.61 Gb Free Space | 13.06% Space Free | Partition Type: FAT32
Drive G: | 7.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: PRABHU | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\ProgramData\Application Data\wmimgmt.exe
PRC - [2013/10/17 11:32:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/10/15 16:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/10/11 22:11:06 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/11 00:10:18 | 029,768,376 | ---- | M] (Dropbox, Inc.) -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/09 08:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/25 17:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/09/18 06:28:28 | 001,787,688 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
PRC - [2013/09/18 06:28:16 | 000,878,888 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
PRC - [2013/09/18 06:27:50 | 000,556,840 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013/08/28 05:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/08/28 05:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/08/28 05:15:37 | 001,213,216 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
PRC - [2013/08/06 19:00:59 | 009,739,056 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
PRC - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
PRC - [2013/05/31 23:52:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\steam\steam
PRC - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/02/17 18:53:28 | 000,522,720 | ---- | M] (Old McDonald's Farm) -- C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
PRC - [2012/02/17 17:52:52 | 000,425,250 | ---- | M] (Old McDonald's Farm) -- C:\Program Files (x86)\Autorun Eater\billy.exe
PRC - [2011/08/02 15:38:20 | 002,248,704 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
PRC - [2011/07/06 13:15:26 | 002,656,536 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/07/06 13:15:20 | 000,326,424 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/04/15 17:26:36 | 000,980,280 | ---- | M] () -- C:\Program Files (x86)\VOX\JamVOX\JVExec.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/21 22:21:39 | 000,557,056 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\pysqlite2._sqlite.pyd
MOD - [2013/10/21 22:21:39 | 000,128,512 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\_elementtree.pyd
MOD - [2013/10/21 22:21:39 | 000,098,816 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\win32api.pyd
MOD - [2013/10/21 22:21:39 | 000,044,032 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\_socket.pyd
MOD - [2013/10/21 22:21:39 | 000,022,528 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\win32ts.pyd
MOD - [2013/10/21 22:21:38 | 001,175,040 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\wx._core_.pyd
MOD - [2013/10/21 22:21:38 | 000,805,888 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\wx._gdi_.pyd
MOD - [2013/10/21 22:21:38 | 000,735,232 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\wx._misc_.pyd
MOD - [2013/10/21 22:21:38 | 000,504,832 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\windows._cacheinvalidation.pyd
MOD - [2013/10/21 22:21:38 | 000,364,544 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\pythoncom27.dll
MOD - [2013/10/21 22:21:38 | 000,320,512 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\win32com.shell.shell.pyd
MOD - [2013/10/21 22:21:38 | 000,110,080 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\PyWinTypes27.dll
MOD - [2013/10/21 22:21:38 | 000,108,544 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\win32security.pyd
MOD - [2013/10/21 22:21:38 | 000,087,040 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\_ctypes.pyd
MOD - [2013/10/21 22:21:38 | 000,070,656 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\wx._html2.pyd
MOD - [2013/10/21 22:21:38 | 000,026,624 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\_multiprocessing.pyd
MOD - [2013/10/21 22:21:38 | 000,017,408 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\win32profile.pyd
MOD - [2013/10/21 22:21:38 | 000,011,264 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\win32crypt.pyd
MOD - [2013/10/21 22:21:37 | 001,153,024 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\_ssl.pyd
MOD - [2013/10/21 22:21:37 | 000,711,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\_hashlib.pyd
MOD - [2013/10/21 22:21:37 | 000,035,840 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\win32process.pyd
MOD - [2013/10/21 22:21:37 | 000,025,600 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\win32pdh.pyd
MOD - [2013/10/21 22:21:36 | 000,811,008 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\wx._windows_.pyd
MOD - [2013/10/21 22:21:36 | 000,122,368 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\wx._wizard.pyd
MOD - [2013/10/21 22:21:36 | 000,119,808 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\win32file.pyd
MOD - [2013/10/21 22:21:36 | 000,038,912 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\win32inet.pyd
MOD - [2013/10/21 22:21:35 | 001,062,400 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\wx._controls_.pyd
MOD - [2013/10/21 22:21:35 | 000,127,488 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\pyexpat.pyd
MOD - [2013/10/21 22:21:35 | 000,018,432 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\win32event.pyd
MOD - [2013/10/21 22:21:34 | 000,686,080 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\unicodedata.pyd
MOD - [2013/10/21 22:21:34 | 000,010,240 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI30002\select.pyd
MOD - [2013/10/11 00:09:30 | 003,558,400 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/09 10:19:16 | 001,121,704 | ---- | M] () -- C:\Program Files (x86)\steam\bin\chromehtml.dll
MOD - [2013/10/09 08:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/09 08:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/09 08:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/09 08:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/09 08:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/09/18 06:18:58 | 000,902,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
MOD - [2013/09/11 06:20:56 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\steam\bin\libcef.dll
MOD - [2013/08/22 06:18:28 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\steam\SDL2.dll
MOD - [2013/08/07 15:33:54 | 000,027,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\VersionModule.dll
MOD - [2013/08/06 19:01:20 | 000,864,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
MOD - [2013/08/06 19:00:59 | 009,739,056 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
MOD - [2013/07/26 14:18:31 | 000,957,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XLL.dll
MOD - [2013/07/18 22:09:40 | 000,529,200 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll
MOD - [2013/07/15 22:29:36 | 001,545,520 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
MOD - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
MOD - [2013/06/15 07:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avcodec-53.dll
MOD - [2013/06/15 07:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avformat-53.dll
MOD - [2013/06/15 07:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avutil-51.dll
MOD - [2013/04/10 17:23:12 | 000,170,800 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
MOD - [2013/04/10 17:22:55 | 000,155,440 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libmpg123.dll
MOD - [2013/03/14 04:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/03/13 18:05:59 | 000,374,064 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\Http.dll
MOD - [2013/03/07 10:10:42 | 000,106,288 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
MOD - [2013/03/07 10:10:39 | 000,224,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
MOD - [2013/03/07 10:10:22 | 000,487,216 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CxImage.dll
MOD - [2013/02/13 09:42:46 | 005,407,744 | ---- | M] () -- C:\Program Files (x86)\PlayClaw4\playclaw-vcam.dll
MOD - [2013/02/07 17:11:25 | 000,025,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginModule.dll
MOD - [2013/02/07 17:11:24 | 000,087,344 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginKernel.dll
MOD - [2013/02/07 17:11:22 | 000,192,816 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ImageModule.dll
MOD - [2013/02/07 17:11:17 | 000,051,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\FileLoader.dll
MOD - [2013/02/07 17:11:15 | 000,033,584 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\DibModule.dll
MOD - [2013/02/01 13:42:29 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libzmq.dll
MOD - [2013/01/30 16:26:41 | 002,941,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdownloader.dll
MOD - [2013/01/30 16:26:38 | 000,104,752 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CommonLib.dll
MOD - [2013/01/14 19:57:52 | 001,092,912 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
MOD - [2013/01/14 19:57:46 | 000,219,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
MOD - [2012/11/09 17:34:12 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
MOD - [2012/11/08 19:28:10 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
MOD - [2012/11/08 19:27:48 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
MOD - [2012/04/24 09:19:16 | 000,238,592 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
MOD - [2012/04/13 11:12:18 | 000,059,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
MOD - [2012/04/13 11:12:18 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
MOD - [2012/03/08 16:56:40 | 000,510,464 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lame_enc.dll
MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\sqlite3.dll
MOD - [2012/02/22 16:52:16 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/02 15:38:20 | 002,248,704 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/04/15 17:26:36 | 000,980,280 | ---- | M] () -- C:\Program Files (x86)\VOX\JamVOX\JVExec.exe
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBMANAGE.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/28 05:17:13 | 014,997,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/18 09:47:16 | 008,518,008 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2012/04/18 09:47:16 | 000,567,672 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
SRV - [2013/10/15 16:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/09 23:17:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 10:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/18 06:28:16 | 000,878,888 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe -- (hshld)
SRV - [2013/09/18 06:27:50 | 000,556,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/09/18 04:35:24 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2013/08/28 05:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/08/27 03:15:40 | 000,032,960 | ---- | M] (Razer) [Auto | Running] -- C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe -- (RzOvlMon)
SRV - [2013/08/16 17:37:02 | 000,757,144 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/06/26 12:31:08 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/30 05:24:28 | 005,117,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/07/06 13:15:26 | 002,656,536 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/07/06 13:15:20 | 000,326,424 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/18 04:31:12 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/08/27 03:05:21 | 000,128,984 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzDxgk.sys -- (RzDxgk)
DRV:64bit: - [2013/08/27 03:05:21 | 000,074,456 | ---- | M] (Razer USA Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RzFilter.sys -- (RzFilter)
DRV:64bit: - [2013/08/20 21:33:40 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/06/16 20:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/04/25 03:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/29 19:21:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/29 14:04:36 | 000,065,912 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/03/29 14:04:36 | 000,013,688 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/03/29 14:04:32 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/06/10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/28 07:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/28 07:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/28 05:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/28 05:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/15 01:00:00 | 000,062,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\JamDRV.sys -- (JAMVOX_AA)
DRV:64bit: - [2009/04/15 01:00:00 | 000,031,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JamWdm.sys -- (JAMVOX_01)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C 74 DD 0E 46 12 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.24.0.9
FF - prefs.js..extensions.enabledAddons: %7Bf701c26a-479a-4724-b4f1-870db12f063c%7D:1.4.4
FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.8
FF - prefs.js..extensions.enabledAddons: %7BB042753D-F57E-4e8e-A01B-7379A6D4CEFB%7D:1.35
FF - prefs.js..extensions.enabledAddons: afext%40anchorfree.com:3.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.6: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/26 12:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/12 00:43:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/26 12:31:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/12 00:43:03 | 000,000,000 | ---D | M]

[2012/03/10 21:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/10/06 00:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions
[2013/05/02 23:38:11 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012/03/13 21:15:01 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\[email protected]
[2013/01/01 10:25:46 | 000,067,812 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
[2013/07/28 13:20:30 | 000,223,750 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/02/10 00:02:03 | 000,328,332 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013/10/06 00:17:59 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/04/07 11:53:55 | 000,043,307 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}.xpi
[2013/06/26 12:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/26 12:31:05 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/09/01 23:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/26 12:31:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/01 23:31:03 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]
[2012/01/12 16:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = https://www.google.c...q=t&channel=rcs
CHR - default_search_provider: suggest_url = https://www.google.c...q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: Dropdown List of Most Visited Links = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah\0.5_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/10/21 11:18:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [JamInit] C:\Windows\SysNative\InitJam.exe (Korg Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GarenaPlus] C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Razer Comms] C:\Program Files (x86)\Razer\Core\RazerCore.exe (Razer)
O4 - HKCU..\Run: [Steam] C:\program files (x86)\steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKCU..\Run: [wmi32] "C:\ProgramData\Application Data\wmimgmt.exe" File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AE76720-B3CC-4EB0-B3AB-0845216492DE}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32BB1182-7706-4C35-9E35-39C64A3E8B9E}: DhcpNameServer = 202.65.247.32 202.65.244.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A05D824F-D3DF-47F2-B212-86EF81DD0CF3}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/20 10:35:04 | 000,000,000 | -HSD | M] - F:\autorun .inf -- [ FAT32 ]
O32 - AutoRun File - [2013/10/21 15:40:00 | 000,001,770 | RHS- | M] () - F:\AuToRUn.iNf -- [ FAT32 ]
O32 - AutoRun File - [2013/10/20 10:35:04 | 000,000,000 | -HSD | M] - F:\autorun .inf -- [ FAT32 ]
O32 - AutoRun File - [2013/08/23 22:28:53 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2013/09/29 21:20:50 | 000,001,770 | RHS- | M] () - H:\AUTORUN_.INF -- [ FAT32 ]
O32 - AutoRun File - [2013/10/20 21:42:14 | 000,001,770 | RHS- | M] () - H:\AuToRUn.iNf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/22 00:06:01 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013/10/21 15:39:56 | 000,258,048 | ---- | C] (Marvell Inc) -- C:\ProgramData\wmimgmt.exe
[2013/10/21 15:38:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/21 15:38:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/21 11:04:46 | 005,135,479 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/10/20 10:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Autorun Eater
[2013/10/20 10:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autorun Eater
[2013/10/20 10:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autorun Eater
[2013/10/20 10:32:35 | 001,458,415 | ---- | C] (Old McDonald's Farm) -- C:\Users\Owner\Desktop\aesetup2.6.exe
[2013/10/20 10:32:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\geekstogologs
[2013/10/19 11:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/19 11:18:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/19 11:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/19 10:41:43 | 000,358,923 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FSS.exe
[2013/10/19 10:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/19 10:24:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/19 10:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/19 10:13:29 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2013/10/19 09:56:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/19 09:56:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/19 09:56:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/19 09:56:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/19 09:56:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/19 09:50:47 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/19 09:50:19 | 001,954,124 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/10/19 09:44:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/17 11:32:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/10/08 08:49:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashDumps
[2013/09/29 21:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/09/29 21:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2013/09/29 21:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/09/29 21:44:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\usbvaccine
[2013/09/27 14:00:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Maintainability
[2013/09/27 13:10:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\scheduling
[2013/09/24 22:13:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Razer
[2013/09/24 22:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Comms
[2013/09/24 22:04:50 | 000,074,456 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzFilter.sys
[2013/09/24 22:04:49 | 000,128,984 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzDxgk.sys
[2013/09/24 22:04:37 | 000,000,000 | ---D | C] -- C:\Windows\Razer Core
[2013/09/24 22:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2013/09/24 22:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2013/09/23 03:20:15 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/21 23:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/21 23:16:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/21 22:33:41 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/21 22:33:41 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/21 22:21:49 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/21 22:21:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/21 22:20:41 | 2132,406,271 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/21 15:39:56 | 000,258,048 | ---- | M] (Marvell Inc) -- C:\ProgramData\wmimgmt.exe
[2013/10/21 11:18:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/21 11:04:33 | 005,135,479 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/10/21 10:58:35 | 000,224,256 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
[2013/10/20 10:46:58 | 000,421,831 | ---- | M] () -- C:\Users\Owner\Desktop\autorunpic.jpg
[2013/10/20 10:45:07 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/20 10:45:07 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/20 10:45:07 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/20 10:40:43 | 000,048,573 | ---- | M] () -- C:\Users\Owner\Desktop\cmdpromptpic.jpg
[2013/10/20 10:33:04 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2013/10/19 23:20:40 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/19 10:41:53 | 000,358,923 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FSS.exe
[2013/10/19 10:24:41 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/19 10:13:14 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2013/10/19 09:50:16 | 001,954,124 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/10/18 23:11:00 | 000,000,220 | ---- | M] () -- C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
[2013/10/17 11:32:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/10/17 10:16:46 | 001,198,941 | ---- | M] () -- C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
[2013/10/16 08:48:05 | 000,023,287 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/10/15 21:53:31 | 000,454,227 | ---- | M] () -- C:\Users\Owner\Desktop\IMG_15102013_215300.png
[2013/10/15 16:14:31 | 000,000,877 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yuuguu.lnk
[2013/10/12 15:54:57 | 000,370,894 | ---- | M] () -- C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
[2013/10/12 15:38:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2013/10/12 12:43:08 | 000,001,011 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/10/12 12:42:58 | 000,000,979 | ---- | M] () -- C:\Users\Owner\Desktop\Dropbox.lnk
[2013/10/11 06:36:33 | 000,607,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 23:12:21 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 03:14:15 | 003,398,914 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/09/29 21:38:23 | 000,132,597 | ---- | M] () -- C:\Users\Owner\Desktop\Flash_Disinfector.exe
[2013/09/27 17:13:24 | 000,189,099 | ---- | M] () -- C:\Users\Owner\Desktop\Bharath Prabhu CV.pdf
[2013/09/24 22:04:57 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\Razer Comms.lnk
[2013/09/24 22:04:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf
[2013/09/23 21:21:36 | 000,000,056 | ---- | M] () -- C:\Windows\kgt2k.INI
[2013/09/23 03:20:05 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/20 10:46:58 | 000,421,831 | ---- | C] () -- C:\Users\Owner\Desktop\autorunpic.jpg
[2013/10/20 10:40:43 | 000,048,573 | ---- | C] () -- C:\Users\Owner\Desktop\cmdpromptpic.jpg
[2013/10/20 10:33:04 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2013/10/19 10:24:41 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/19 09:56:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/19 09:56:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/19 09:56:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/19 09:56:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/19 09:56:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/17 10:16:48 | 001,198,941 | ---- | C] () -- C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
[2013/10/15 21:53:22 | 000,454,227 | ---- | C] () -- C:\Users\Owner\Desktop\IMG_15102013_215300.png
[2013/10/15 16:14:31 | 000,000,877 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yuuguu.lnk
[2013/10/14 22:36:43 | 000,000,220 | ---- | C] () -- C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
[2013/10/12 15:55:03 | 000,370,894 | ---- | C] () -- C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
[2013/09/29 21:38:17 | 000,132,597 | ---- | C] () -- C:\Users\Owner\Desktop\Flash_Disinfector.exe
[2013/09/27 17:12:32 | 000,189,099 | ---- | C] () -- C:\Users\Owner\Desktop\Bharath Prabhu CV.pdf
[2013/09/24 22:15:42 | 000,224,256 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
[2013/09/24 22:04:57 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\Razer Comms.lnk
[2013/09/24 22:04:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf
[2013/09/23 21:22:22 | 000,000,639 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz.lnk
[2013/09/23 21:22:22 | 000,000,611 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz Uninstall.lnk
[2013/09/23 21:21:36 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2013/08/24 11:49:19 | 000,007,168 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/09 17:42:14 | 000,045,270 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\room_v3.dat
[2013/03/27 21:09:55 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/23 20:49:08 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\tmb1-v32.dll
[2012/09/23 18:55:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/15 11:50:56 | 000,007,597 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/05/29 16:16:39 | 000,001,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/05/29 16:11:56 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/04/24 22:16:19 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/06 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Atari
[2012/03/11 14:49:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2013/10/21 22:19:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2013/08/29 13:16:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2013/10/21 22:23:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2013/07/15 21:20:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GameRanger
[2013/08/04 21:12:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Garena
[2013/10/21 22:25:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GarenaPlus
[2012/04/26 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Guitar Pro 6
[2013/03/09 01:02:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hotspot Shield
[2012/09/18 16:29:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2012/12/24 12:10:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient
[2012/09/23 20:49:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayClaw3
[2013/03/22 14:54:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayClaw4
[2012/08/07 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Subversion
[2012/03/11 00:46:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
[2013/08/18 20:54:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tunngle
[2012/05/23 18:43:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VOX
[2013/01/10 01:30:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\xim

========== Purity Check ==========



< End of report >
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
Make sure the USB drive is plugged in.


Copy the text in the code box by highlighting and Ctrl + c

:OTL
O32 - AutoRun File - [2013/10/20 10:35:04 | 000,000,000 | -HSD | M] - F:\autorun .inf -- [ FAT32 ]
O32 - AutoRun File - [2013/10/21 15:40:00 | 000,001,770 | RHS- | M] () - F:\AuToRUn.iNf -- [ FAT32 ]
O32 - AutoRun File - [2013/10/20 10:35:04 | 000,000,000 | -HSD | M] - F:\autorun .inf -- [ FAT32 ]
O32 - AutoRun File - [2013/09/29 21:20:50 | 000,001,770 | RHS- | M] () - H:\AUTORUN_.INF -- [ FAT32 ]
O32 - AutoRun File - [2013/10/20 21:42:14 | 000,001,770 | RHS- | M] () - H:\AuToRUn.iNf -- [ FAT32 ]

:files
del c:\AuToRUn.iNf /c
mkdir c:\AuToRUn.iNf /c
del d:\AuToRUn.iNf /c
mkdir d:\AuToRUn.iNf /c
del F:\AuToRUn.iNf /c
mkdir F:\AuToRUn.iNf /c
del h:\AuToRUn.iNf /c
mkdir h:\AuToRUn.iNf /c
del  "C:\ProgramData\Application Data\wmimgmt.exe" /c
mkdir "C:\ProgramData\Application Data\wmimgmt.exe" /c
del  "d:\ProgramData\Application Data\wmimgmt.exe" /c
mkdir "d:\ProgramData\Application Data\wmimgmt.exe" /c
del  "f:\ProgramData\Application Data\wmimgmt.exe" /c
mkdir "f:\ProgramData\Application Data\wmimgmt.exe" /c
del  "h:\ProgramData\Application Data\wmimgmt.exe" /c
mkdir "h:\ProgramData\Application Data\wmimgmt.exe" /c
del c:\programdata\wmimgmt.exe /c
del d:\programdata\wmimgmt.exe /c
del f:\programdata\wmimgmt.exe /c
del h:\programdata\wmimgmt.exe /c
mkdir c:\programdata\wmimgmt.exe /c
mkdir d:\programdata\wmimgmt.exe /c
mkdir f:\programdata\wmimgmt.exe /c
mkdir g:\programdata\wmimgmt.exe /c
del c:\RECyCLER\wmimgmt.com /c
del d:\RECyCLER\wmimgmt.com /c
del f:\RECyCLER\wmimgmt.com /c
del h:\RECyCLER\wmimgmt.com /c
mkdir c:\RECyCLER\wmimgmt.com /c
mkdir d:\RECyCLER\wmimgmt.com /c
mkdir f:\RECyCLER\wmimgmt.com /c
mkdir h:\RECyCLER\wmimgmt.com /c

:Commands
[EMPTYTEMP]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\01162013-some number.log so look there if you don't see it.


Run Combofix again (without the cfscript) and also run FRST again (without the fixlist). The USB drive should be in the whole time.
  • 0

#20
frozenthunder

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Hi Ron, Here are the logs. Comboxfix and FRST downloaded new versions of themselves before running.

All processes killed
========== OTL ==========
File not found.
F:\AuToRUn.iNf moved successfully.
File not found.
H:\AUTORUN_.INF moved successfully.
H:\AuToRUn.iNf moved successfully.
========== FILES ==========
< del c:\AuToRUn.iNf /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir c:\AuToRUn.iNf /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< del d:\AuToRUn.iNf /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir d:\AuToRUn.iNf /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< del F:\AuToRUn.iNf /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir F:\AuToRUn.iNf /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< del h:\AuToRUn.iNf /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir h:\AuToRUn.iNf /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< del "C:\ProgramData\Application Data\wmimgmt.exe" /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir "C:\ProgramData\Application Data\wmimgmt.exe" /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< del "d:\ProgramData\Application Data\wmimgmt.exe" /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir "d:\ProgramData\Application Data\wmimgmt.exe" /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< del "f:\ProgramData\Application Data\wmimgmt.exe" /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir "f:\ProgramData\Application Data\wmimgmt.exe" /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< del "h:\ProgramData\Application Data\wmimgmt.exe" /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir "h:\ProgramData\Application Data\wmimgmt.exe" /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< del c:\programdata\wmimgmt.exe /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< del d:\programdata\wmimgmt.exe /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< del f:\programdata\wmimgmt.exe /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< del h:\programdata\wmimgmt.exe /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir c:\programdata\wmimgmt.exe /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir d:\programdata\wmimgmt.exe /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir f:\programdata\wmimgmt.exe /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir g:\programdata\wmimgmt.exe /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< del c:\RECyCLER\wmimgmt.com /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< del d:\RECyCLER\wmimgmt.com /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< del f:\RECyCLER\wmimgmt.com /c >
f:\RECyCLER\wmimgmt.com
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< del h:\RECyCLER\wmimgmt.com /c >
h:\RECyCLER\wmimgmt.com
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir c:\RECyCLER\wmimgmt.com /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir d:\RECyCLER\wmimgmt.com /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir f:\RECyCLER\wmimgmt.com /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir h:\RECyCLER\wmimgmt.com /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: fbwuser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128 bytes

User: Owner
->Temp folder emptied: 45911829 bytes
->Temporary Internet Files folder emptied: 40838236 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 99585636 bytes
->Google Chrome cache emptied: 298406673 bytes
->Flash cache emptied: 707 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33592300 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36056210 bytes
RecycleBin emptied: 1045994630 bytes

Total Files Cleaned = 1,527.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10222013_090551

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\TMP000000019C35DC417227E86F not found!
File\Folder C:\Windows\temp\TMP0000002FF4E69D18254DED43 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ComboFix 13-10-21.01 - Owner 10/22/2013 9:15.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.6382 [GMT 8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\Temp\_MEI14802\_ctypes.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\_elementtree.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\_hashlib.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\_multiprocessing.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\_socket.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\_ssl.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\msvcp100.dll
c:\users\Owner\AppData\Local\Temp\_MEI14802\msvcr100.dll
c:\users\Owner\AppData\Local\Temp\_MEI14802\pyexpat.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\pysqlite2._sqlite.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\python27.dll
c:\users\Owner\AppData\Local\Temp\_MEI14802\pythoncom27.dll
c:\users\Owner\AppData\Local\Temp\_MEI14802\PyWinTypes27.dll
c:\users\Owner\AppData\Local\Temp\_MEI14802\select.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\unicodedata.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\win32api.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\win32com.shell.shell.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\win32crypt.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\win32event.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\win32file.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\win32inet.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\win32pdh.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\win32process.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\win32profile.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\win32security.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\win32ts.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\windows._cacheinvalidation.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\wx._controls_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\wx._core_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\wx._gdi_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\wx._html2.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\wx._misc_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\wx._windows_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\wx._wizard.pyd
c:\users\Owner\AppData\Local\Temp\_MEI14802\wxbase294u_net_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI14802\wxbase294u_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI14802\wxmsw294u_adv_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI14802\wxmsw294u_core_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI14802\wxmsw294u_html_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI14802\wxmsw294u_webview_vc90.dll
F:\$AVG.exe
F:\$RECYCLE.BIN.exe
F:\1101 project.exe
F:\1102 project.exe
F:\3c946a3a5ee6892a650c43daa4.exe
F:\autorun .inf.exe
F:\Backup D drive.exe
F:\backup Prabhu folder.exe
F:\Bioshock2.exe
F:\CDtools.exe
F:\CE.exe
F:\codecs.exe
F:\ConverterOutput.exe
F:\db37c78e88b1216de9b5cca8.exe
F:\declub posters.exe
F:\desktop folders.exe
F:\economics.exe
F:\English Songs.exe
F:\FOUND.000.exe
F:\FOUND.001.exe
F:\FOUND.002.exe
F:\FOUND.003.exe
F:\FOUND.004.exe
F:\Games.exe
F:\Movies.exe
F:\msdownld.tmp.exe
F:\Music.exe
F:\NUS MATTERS.exe
F:\photos.exe
F:\Photoshop CS5.exe
F:\Photoshop.exe
F:\pics.exe
F:\PSP Games.exe
F:\PSP Updates.exe
F:\school.exe
F:\Sketch PS.exe
F:\Sociology tutorial 2.exe
F:\toshiba.exe
F:\Total Video Converter.exe
F:\TV Shows.exe
F:\TVC.exe
F:\Z.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-09-22 to 2013-10-22 )))))))))))))))))))))))))))))))
.
.
2013-10-22 01:23 . 2013-10-22 01:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-22 01:23 . 2013-10-22 01:23 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2013-10-22 01:23 . 2013-10-22 01:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-22 01:05 . 2013-10-22 01:05 -------- d-----w- c:\programdata\wmimgmt.exe
2013-10-20 02:33 . 2013-10-20 03:56 -------- d-----w- c:\programdata\Autorun Eater
2013-10-20 02:33 . 2013-10-20 02:33 -------- d-----w- c:\program files (x86)\Autorun Eater
2013-10-19 03:18 . 2013-10-19 03:18 -------- d-----w- c:\programdata\Oracle
2013-10-19 03:18 . 2013-10-19 03:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-10-19 03:18 . 2013-10-07 23:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-19 02:24 . 2013-10-19 02:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-19 02:24 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-19 02:12 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A67ABD64-A703-4D61-AC86-0B39E57A7EAD}\mpengine.dll
2013-10-19 01:50 . 2013-10-19 01:50 -------- d-----w- C:\FRST
2013-10-19 01:44 . 2013-10-19 01:44 -------- d-----w- C:\_OTL
2013-10-15 08:54 . 2013-10-15 08:54 589600 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-10-15 03:02 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-15 03:02 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-15 03:02 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-15 03:02 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-15 03:02 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-15 03:02 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-15 03:02 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-13 00:20 . 2013-10-13 00:20 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-10-10 14:06 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 14:06 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2013-10-10 14:06 . 2013-06-06 03:30 368128 ----a-w- c:\windows\system32\atmfd.dll
2013-10-10 14:06 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll
2013-10-10 14:06 . 2013-06-06 05:49 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-10-10 14:06 . 2013-06-06 05:49 14336 ----a-w- c:\windows\system32\dciman32.dll
2013-10-10 14:06 . 2013-06-06 05:47 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-10-10 14:06 . 2013-06-06 04:57 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2013-10-10 14:06 . 2013-06-06 04:51 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-10-10 14:06 . 2013-06-06 04:50 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2013-10-10 14:06 . 2013-06-06 03:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-10-10 14:06 . 2013-06-06 03:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-10-10 14:04 . 2013-08-28 01:21 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-10 14:03 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-08 00:49 . 2013-10-21 13:01 -------- d-----w- c:\users\Owner\AppData\Local\CrashDumps
2013-10-01 23:18 . 2013-09-27 08:57 1884448 ----a-w- c:\windows\system32\nvdispco6433140.dll
2013-10-01 23:18 . 2013-09-27 08:57 1511712 ----a-w- c:\windows\system32\nvdispgenco6433140.dll
2013-09-29 13:45 . 2013-09-29 13:45 -------- d-----w- c:\programdata\Panda Security
2013-09-29 13:45 . 2013-09-29 13:45 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2013-09-24 14:13 . 2013-09-24 14:13 -------- d-----w- c:\users\Owner\AppData\Local\Razer
2013-09-24 14:04 . 2013-08-26 19:05 74456 ----a-w- c:\windows\system32\drivers\RzFilter.sys
2013-09-24 14:04 . 2013-08-26 19:05 128984 ----a-w- c:\windows\system32\drivers\RzDxgk.sys
2013-09-24 14:04 . 2013-09-24 14:04 -------- d-----w- c:\programdata\Razer
2013-09-24 14:04 . 2013-09-24 14:04 -------- d-----w- c:\windows\Razer Core
2013-09-24 14:04 . 2013-09-24 14:04 -------- d-----w- c:\program files (x86)\Razer
2013-09-22 19:20 . 2013-09-17 20:31 46792 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-16 00:48 . 2012-10-11 16:34 15244272 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-10-16 00:48 . 2012-03-10 13:42 18290536 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-10-16 00:48 . 2012-03-10 13:42 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-10-16 00:48 . 2012-03-10 12:00 3067560 ----a-w- c:\windows\system32\nvapi64.dll
2013-10-16 00:48 . 2012-03-10 12:00 2694664 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-10-15 21:47 . 2012-03-10 12:00 6665504 ----a-w- c:\windows\system32\nvcpl.dll
2013-10-15 21:47 . 2012-03-10 12:00 3489568 ----a-w- c:\windows\system32\nvsvc64.dll
2013-10-15 21:47 . 2012-03-10 12:00 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-10-15 21:47 . 2012-03-10 12:00 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-10-15 21:47 . 2012-03-10 12:00 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-10-10 15:09 . 2013-05-02 13:27 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-09 15:17 . 2012-04-25 22:05 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 15:17 . 2012-03-10 14:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 19:14 . 2012-03-10 13:42 3398914 ----a-w- c:\windows\system32\nvcoproc.bin
2013-09-12 08:58 . 2013-09-20 14:03 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll
2013-09-12 08:58 . 2013-09-20 14:03 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll
2013-09-03 06:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 01:48 . 2013-10-10 14:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-24 02:50 . 2013-08-24 02:50 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-08-20 13:33 . 2013-08-29 05:20 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-08-20 13:32 . 2013-08-29 05:20 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-08-20 13:32 . 2013-08-29 05:20 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-08-18 21:02 . 2013-08-29 05:32 1884448 ----a-w- c:\windows\system32\nvdispco6432680.dll
2013-08-18 21:02 . 2013-08-29 05:32 1511712 ----a-w- c:\windows\system32\nvdispgenco6432680.dll
2013-08-05 02:25 . 2013-09-11 16:53 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-11 16:53 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-11 16:53 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-11 16:53 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-11 16:53 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-11 16:53 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-11 16:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-11 16:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-11 16:53 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-11 16:53 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-11 16:53 338432 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-11 16:53 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-11 16:53 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 16:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 16:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 16:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-26 02:24 . 2013-09-11 16:51 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-07-26 02:24 . 2013-09-11 16:51 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-07-25 09:25 . 2013-08-14 14:47 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 14:47 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2011-08-02 2248704]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2013-08-06 9739056]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Steam"="c:\program files (x86)\steam\Steam.exe" [2013-10-09 1813928]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]
"Razer Comms"="c:\program files (x86)\Razer\Core\RazerCore.exe" [2013-08-26 1091264]
"wmi32"="c:\programdata\Application Data\wmimgmt.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Autorun Eater"="c:\program files (x86)\Autorun Eater\oldmcdonald.exe" [2012-02-17 522720]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-10-11 29768376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
JVExec.lnk - c:\program files (x86)\VOX\JamVOX\JVExec.exe [2009-4-15 980280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 JamVOXUSBAudioSrv;CEntrance USB Audio Driver Service for JamVOX;c:\windows\system32\drivers\jamvox.sys;c:\windows\SYSNATIVE\drivers\jamvox.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 JAMVOX_AA;Service for JamVOX Controller driver;c:\windows\system32\DRIVERS\JamDRV.sys;c:\windows\SYSNATIVE\DRIVERS\JamDRV.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 JAMVOX_01;Service for JamVOX Audio driver;c:\windows\system32\DRIVERS\JamWdm.sys;c:\windows\SYSNATIVE\DRIVERS\JamWdm.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-19 15:19 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 15:17]
.
2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-02 12:52]
.
2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-02 12:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 09:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JamInit"="InitJam.exe" [2009-04-14 253008]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\
FF - ExtSQL: 2013-09-01 23:36; [email protected]; c:\program files (x86)\Mozilla Firefox\browser\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3533916949-36865485-774322356-1000\¬ ë*W*]
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\program files (x86)\Garena Plus\ggdllhost.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-10-22 09:29:20 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-22 01:29
ComboFix2.txt 2013-10-21 07:38
ComboFix3.txt 2013-10-21 03:22
.
Pre-Run: 17,971,580,928 bytes free
Post-Run: 17,918,722,048 bytes free
.
- - End Of File - - 0B5DA353DDBCA8D9A51725E7DEAA5FB9
A36C5E4F47E84449FF07ED3517B43A31

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2013 01
Ran by Owner (administrator) on PRABHU on 22-10-2013 09:56:46
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Razer) C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(www.BitComet.com) C:\Program Files\BitComet\BitComet.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [JamInit] - C:\Windows\system32\InitJam.exe [253008 2009-04-15] (Korg Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-28] (NVIDIA Corporation)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-15] (Logitech Inc.)
HKCU\...\Run: [TBPanel] - C:\Program Files (x86)\Vtune\TBPanel.exe [2248704 2011-08-02] ()
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKCU\...\Run: [GarenaPlus] - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9739056 2013-08-06] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\program files (x86)\steam\Steam.exe [1813928 2013-10-09] (Valve Corporation)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKCU\...\Run: [Razer Comms] - C:\Program Files (x86)\Razer\Core\RazerCore.exe [1091264 2013-08-27] (Razer)
HKCU\...\Run: [wmi32] - C:\ProgramData\Application Data\wmimgmt.exe [0 ] ()
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Autorun Eater] - C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe [522720 2012-02-17] (Old McDonald's Farm)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6C74DD0E4612CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.6 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: Виявлення пристроїв Logitech - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\[email protected]
FF Extension: BitComet 视频下载器 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\Extensions\{f701c26a-479a-4724-b4f1-870db12f063c}.xpi
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - https://www.google.c...q=t&channel=rcs
CHR DefaultSuggestURL: (Google) - https://www.google.c...q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (BitCometAgent) - C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll (BitComet)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (Dropdown List of Most Visited Links) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah\0.5_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [878888 2013-09-18] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-09-18] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [556840 2013-09-18] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-21] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5117384 2013-04-30] (INCA Internet Co., Ltd.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-28] (NVIDIA Corporation)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-08-27] (Razer)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [757144 2013-08-16] (Tunngle.net GmbH)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-29] (DT Soft Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-09-18] (AnchorFree Inc.)
R3 JAMVOX_01; C:\Windows\System32\DRIVERS\JamWdm.sys [31824 2009-04-15] ()
R1 JAMVOX_AA; C:\Windows\System32\DRIVERS\JamDRV.sys [62544 2009-04-15] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [128984 2013-08-27] (Razer USA Ltd)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74456 2013-08-27] (Razer USA Ltd)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-25] (Anchorfree Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S3 JamVOXUSBAudioSrv; system32\drivers\jamvox.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-22 09:56 - 2013-10-22 09:56 - 01954698 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-10-22 09:55 - 2013-10-22 09:55 - 00038131 _____ C:\Users\Owner\Desktop\comboxfixnew.txt
2013-10-22 09:29 - 2013-10-22 09:29 - 00038131 _____ C:\ComboFix.txt
2013-10-22 09:12 - 2013-10-22 09:12 - 00015224 _____ C:\Users\Owner\Desktop\OTLNEW10222013_090551.txt
2013-10-22 09:05 - 2013-10-22 09:05 - 00000000 ____D C:\ProgramData\wmimgmt.exe
2013-10-22 00:05 - 2013-10-16 08:48 - 30344992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 22933280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 18243632 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 15858664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 12537632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-22 00:05 - 2013-10-16 08:48 - 11415232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 11362672 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 09516872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 09472600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-10-22 00:05 - 2013-10-16 08:48 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-10-21 11:04 - 2013-10-22 09:14 - 05136138 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2013-10-21 11:04 - 2013-10-21 11:04 - 05135479 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix (2).exe
2013-10-21 10:59 - 2013-10-21 10:59 - 05135479 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix (1).exe
2013-10-20 21:47 - 2013-10-22 00:12 - 00123324 _____ C:\Users\Owner\Desktop\OTL.Txt
2013-10-20 10:33 - 2013-10-20 11:56 - 00000000 ____D C:\ProgramData\Autorun Eater
2013-10-20 10:33 - 2013-10-20 10:33 - 00000979 _____ C:\Users\Public\Desktop\Autorun Eater.lnk
2013-10-20 10:33 - 2013-10-20 10:33 - 00000000 ____D C:\Program Files (x86)\Autorun Eater
2013-10-20 10:32 - 2012-02-17 21:04 - 01458415 _____ (Old McDonald's Farm) C:\Users\Owner\Desktop\aesetup2.6.exe
2013-10-19 22:37 - 2013-10-19 22:37 - 00017513 _____ C:\Windows\DirectX.log
2013-10-19 11:19 - 2013-10-19 11:19 - 00000625 _____ C:\Users\Owner\Downloads\fixlist.txt
2013-10-19 11:18 - 2013-10-19 11:18 - 00000000 ____D C:\ProgramData\Oracle
2013-10-19 11:18 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-19 11:18 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-19 11:18 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-19 11:18 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-19 11:17 - 2013-10-19 11:18 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-19 11:16 - 2013-10-19 11:16 - 00915368 _____ (Oracle Corporation) C:\Users\Owner\Downloads\chromeinstall-7u45.exe
2013-10-19 10:41 - 2013-10-19 10:41 - 00358923 _____ (Farbar) C:\Users\Owner\Desktop\FSS.exe
2013-10-19 10:24 - 2013-10-19 10:24 - 00001105 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-19 10:24 - 2013-10-19 10:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-19 10:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-19 10:22 - 2013-10-19 10:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-19 10:13 - 2013-10-19 10:13 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2013-10-19 10:12 - 2013-10-19 10:13 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2013-10-19 10:06 - 2013-10-22 09:25 - 00003126 _____ C:\Windows\PFRO.log
2013-10-19 09:56 - 2013-10-22 09:29 - 00000000 ____D C:\Qoobox
2013-10-19 09:56 - 2013-10-19 10:10 - 00000000 ____D C:\Windows\erdnt
2013-10-19 09:56 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-19 09:56 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-19 09:56 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-19 09:56 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-19 09:56 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-19 09:56 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-19 09:56 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-19 09:56 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-19 09:55 - 2013-10-19 09:55 - 05134711 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2013-10-19 09:50 - 2013-10-19 09:50 - 01954124 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-10-19 09:50 - 2013-10-19 09:50 - 00000000 ____D C:\FRST
2013-10-19 09:44 - 2013-10-19 09:44 - 00000000 ____D C:\_OTL
2013-10-17 22:53 - 2013-10-17 22:53 - 00104885 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.lets.come.together.paloma.and.klara.1080p.mp4.torrent
2013-10-17 22:52 - 2013-10-17 22:52 - 00011271 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.alyona.klara.paloma.strap.on.adventure.torrent
2013-10-17 22:52 - 2013-10-17 22:52 - 00011271 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.alyona.klara.paloma.strap.on.adventure (1).torrent
2013-10-17 22:49 - 2013-10-17 22:49 - 00034444 _____ C:\Users\Owner\Downloads\[kickass.to]younglegalporn.klara.take.me.right.here.torrent
2013-10-17 11:32 - 2013-10-17 11:32 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
2013-10-17 11:32 - 2013-10-17 11:32 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2013-10-17 10:16 - 2013-10-17 10:16 - 01198941 _____ C:\Users\Owner\Downloads\Folder_SLFiles (4).zip
2013-10-17 10:16 - 2013-10-17 10:16 - 01198941 _____ C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
2013-10-15 16:54 - 2013-10-15 16:54 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-15 11:02 - 2013-09-04 20:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-15 11:02 - 2013-09-04 20:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-14 22:36 - 2013-10-18 23:11 - 00000220 _____ C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
2013-10-13 08:20 - 2013-10-13 08:20 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-10-13 08:20 - 2013-10-13 08:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-10-12 15:55 - 2013-10-12 15:54 - 00370894 _____ C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
2013-10-12 15:54 - 2013-10-12 15:54 - 00370894 _____ C:\Users\Owner\Downloads\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
2013-10-10 23:13 - 2013-09-23 07:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 23:13 - 2013-09-23 07:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 23:13 - 2013-09-23 07:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 23:13 - 2013-09-23 06:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 23:13 - 2013-09-23 06:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 23:13 - 2013-09-23 06:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 23:13 - 2013-09-23 06:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 23:13 - 2013-09-23 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 23:13 - 2013-09-21 11:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 23:13 - 2013-09-21 11:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 23:13 - 2013-09-21 10:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 23:13 - 2013-09-21 10:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 22:06 - 2013-07-04 20:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 22:06 - 2013-07-04 19:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 22:06 - 2013-06-06 13:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 22:06 - 2013-06-06 13:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 22:06 - 2013-06-06 13:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 22:06 - 2013-06-06 13:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 22:06 - 2013-06-06 12:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 22:06 - 2013-06-06 12:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 22:06 - 2013-06-06 12:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 22:06 - 2013-06-06 11:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 22:06 - 2013-06-06 11:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 22:06 - 2013-06-06 11:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 22:05 - 2013-09-14 09:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 22:05 - 2013-09-08 10:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 22:05 - 2013-09-08 10:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 22:05 - 2013-09-08 10:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 22:05 - 2013-07-12 18:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 22:05 - 2013-07-12 18:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 22:05 - 2013-07-04 20:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 22:05 - 2013-07-04 20:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 22:05 - 2013-07-04 19:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 22:05 - 2013-07-04 19:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 22:05 - 2013-07-04 18:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 22:05 - 2013-07-03 12:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 22:05 - 2013-07-03 12:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 22:05 - 2013-07-03 12:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 22:05 - 2013-06-26 06:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 22:04 - 2013-08-29 10:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 22:04 - 2013-08-29 10:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 22:04 - 2013-08-29 10:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 22:04 - 2013-08-29 10:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 22:04 - 2013-08-29 10:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 22:04 - 2013-08-29 09:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 22:04 - 2013-08-29 09:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 22:04 - 2013-08-29 09:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 22:04 - 2013-08-29 09:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 22:04 - 2013-08-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 22:04 - 2013-08-29 09:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 22:04 - 2013-08-29 08:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 22:04 - 2013-08-29 08:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 22:04 - 2013-08-29 08:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 22:04 - 2013-08-29 08:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 22:04 - 2013-08-28 09:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 22:04 - 2013-08-01 20:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 22:04 - 2013-07-20 18:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 22:04 - 2013-07-20 18:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 22:03 - 2013-08-28 09:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-08 08:49 - 2013-10-21 21:01 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2013-10-03 11:22 - 2013-10-03 11:22 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012 (2).ppt
2013-10-02 21:44 - 2013-10-02 21:44 - 01439232 _____ C:\Users\Owner\Downloads\PF3302 Lecture 2 LSE 2010.ppt
2013-10-02 21:43 - 2013-10-02 21:43 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012 (1).ppt
2013-10-02 21:41 - 2013-10-02 21:41 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012.ppt
2013-10-02 21:41 - 2013-10-02 21:41 - 06520832 _____ C:\Users\Owner\Downloads\Lecture - CS11 - 2013 updated (1).ppt
2013-10-02 21:40 - 2013-10-02 21:40 - 00474112 _____ C:\Users\Owner\Downloads\Lecture - CS9and10 - 2011 (3).ppt
2013-10-02 21:40 - 2013-10-02 21:40 - 00474112 _____ C:\Users\Owner\Downloads\Lecture - CS9and10 - 2011 (2).ppt
2013-10-02 07:18 - 2013-09-27 16:57 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433140.dll
2013-10-02 07:18 - 2013-09-27 16:57 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433140.dll
2013-10-01 23:27 - 2013-10-01 23:27 - 00065182 _____ C:\Users\Owner\Desktop\Prabhu-IT1004slides.pptx
2013-09-29 22:14 - 2013-10-22 09:25 - 00014152 _____ C:\Windows\setupact.log
2013-09-29 22:14 - 2013-09-29 22:14 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 21:45 - 2013-09-29 21:45 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2013-09-29 21:45 - 2013-09-29 21:45 - 00000000 ____D C:\ProgramData\Panda Security
2013-09-29 21:45 - 2013-09-29 21:45 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-09-29 21:44 - 2013-09-29 21:44 - 00823346 _____ C:\Users\Owner\Downloads\USBVaccine.zip
2013-09-29 21:44 - 2013-09-29 21:44 - 00000000 ____D C:\Users\Owner\Desktop\usbvaccine
2013-09-29 21:38 - 2013-09-29 21:38 - 00132597 _____ C:\Users\Owner\Desktop\Flash_Disinfector.exe
2013-09-29 21:12 - 2013-09-29 21:12 - 00000349 _____ C:\Users\Owner\Downloads\RegisterActxprxyAndIeproxy.zip
2013-09-29 21:03 - 2013-09-29 21:03 - 00000541 _____ C:\Users\Owner\Downloads\Elevated_Command_Prompt.zip
2013-09-29 20:48 - 2013-09-29 20:48 - 00003090 _____ C:\Windows\System32\Tasks\{B64D6685-769D-4AE9-AD29-55343D8256E9}
2013-09-27 23:50 - 2013-09-28 16:38 - 04860346 _____ C:\Users\Owner\Desktop\TP1_V12.pptx
2013-09-27 14:00 - 2013-09-27 14:10 - 00000000 ____D C:\Users\Owner\Desktop\Maintainability
2013-09-27 13:10 - 2013-10-15 23:30 - 00000000 ____D C:\Users\Owner\Desktop\scheduling
2013-09-24 22:15 - 2013-10-22 08:59 - 00224256 _____ C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
2013-09-24 22:13 - 2013-09-24 22:13 - 00000000 ____D C:\Users\Owner\AppData\Local\Razer
2013-09-24 22:04 - 2013-09-24 22:04 - 00001242 _____ C:\Users\Public\Desktop\Razer Comms.lnk
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_RzFilter_01009.Wdf
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\Windows\Razer Core
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\ProgramData\Razer
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\Program Files (x86)\Razer
2013-09-24 22:04 - 2013-08-27 03:05 - 00128984 _____ (Razer USA Ltd) C:\Windows\system32\Drivers\RzDxgk.sys
2013-09-24 22:04 - 2013-08-27 03:05 - 00074456 _____ (Razer USA Ltd) C:\Windows\system32\Drivers\RzFilter.sys
2013-09-24 22:03 - 2013-09-24 22:04 - 39691960 _____ (Razer Inc.) C:\Users\Owner\Downloads\RazerComms1.60.26.exe
2013-09-23 21:22 - 2013-09-23 23:40 - 00000639 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz.lnk
2013-09-23 21:22 - 2013-09-23 23:40 - 00000611 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz Uninstall.lnk
2013-09-23 21:21 - 2013-09-23 21:21 - 00000056 _____ C:\Windows\kgt2k.INI
2013-09-23 03:20 - 2013-09-18 04:31 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2013-09-22 13:01 - 2013-09-22 13:01 - 00038748 _____ C:\Users\Owner\Downloads\[kickass.to]the.queen.of.fighters.hentai.mugen.fullgame.final.version.torrent

==================== One Month Modified Files and Folders =======

2013-10-22 09:56 - 2013-10-22 09:56 - 01954698 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-10-22 09:56 - 2012-03-11 14:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BitComet
2013-10-22 09:55 - 2013-10-22 09:55 - 00038131 _____ C:\Users\Owner\Desktop\comboxfixnew.txt
2013-10-22 09:33 - 2009-07-14 12:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-22 09:33 - 2009-07-14 12:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-22 09:29 - 2013-10-22 09:29 - 00038131 _____ C:\ComboFix.txt
2013-10-22 09:29 - 2013-10-19 09:56 - 00000000 ____D C:\Qoobox
2013-10-22 09:26 - 2009-07-14 10:34 - 00000215 _____ C:\Windows\system.ini
2013-10-22 09:25 - 2013-10-19 10:06 - 00003126 _____ C:\Windows\PFRO.log
2013-10-22 09:25 - 2013-09-29 22:14 - 00014152 _____ C:\Windows\setupact.log
2013-10-22 09:25 - 2013-05-02 20:52 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-22 09:25 - 2012-12-25 10:40 - 00003496 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Owner
2013-10-22 09:25 - 2012-03-10 20:00 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-22 09:25 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-22 09:24 - 2012-03-10 19:35 - 01778996 _____ C:\Windows\WindowsUpdate.log
2013-10-22 09:17 - 2012-04-26 06:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-22 09:16 - 2013-05-02 20:52 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-22 09:14 - 2013-10-21 11:04 - 05136138 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2013-10-22 09:14 - 2012-10-18 20:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-10-22 09:12 - 2013-10-22 09:12 - 00015224 _____ C:\Users\Owner\Desktop\OTLNEW10222013_090551.txt
2013-10-22 09:12 - 2013-09-21 11:02 - 00000000 ___RD C:\Users\Owner\Google Drive
2013-10-22 09:12 - 2012-04-05 22:33 - 00000000 ___RD C:\Users\Owner\Dropbox
2013-10-22 09:12 - 2012-04-05 22:31 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox
2013-10-22 09:11 - 2013-05-31 23:41 - 00000000 ____D C:\Program Files (x86)\steam
2013-10-22 09:05 - 2013-10-22 09:05 - 00000000 ____D C:\ProgramData\wmimgmt.exe
2013-10-22 09:00 - 2012-12-24 12:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\GarenaPlus
2013-10-22 09:00 - 2012-12-24 12:05 - 00000000 ____D C:\ProgramData\GarenaMessenger
2013-10-22 08:59 - 2013-09-24 22:15 - 00224256 _____ C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
2013-10-22 00:12 - 2013-10-20 21:47 - 00123324 _____ C:\Users\Owner\Desktop\OTL.Txt
2013-10-22 00:07 - 2012-03-10 20:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-22 00:07 - 2012-03-10 20:00 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-21 21:01 - 2013-10-08 08:49 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2013-10-21 21:00 - 2012-03-21 12:26 - 00000000 ____D C:\Users\Owner\AppData\Local\SKIDROW
2013-10-21 20:55 - 2012-09-23 20:49 - 00015404 _____ C:\Users\Owner\Documents\PlayClaw.txt
2013-10-21 19:44 - 2013-06-26 12:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-21 11:04 - 2013-10-21 11:04 - 05135479 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix (2).exe
2013-10-21 10:59 - 2013-10-21 10:59 - 05135479 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix (1).exe
2013-10-20 11:56 - 2013-10-20 10:33 - 00000000 ____D C:\ProgramData\Autorun Eater
2013-10-20 10:45 - 2009-07-14 13:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-20 10:33 - 2013-10-20 10:33 - 00000979 _____ C:\Users\Public\Desktop\Autorun Eater.lnk
2013-10-20 10:33 - 2013-10-20 10:33 - 00000000 ____D C:\Program Files (x86)\Autorun Eater
2013-10-19 23:20 - 2013-05-02 20:53 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-19 22:37 - 2013-10-19 22:37 - 00017513 _____ C:\Windows\DirectX.log
2013-10-19 11:19 - 2013-10-19 11:19 - 00000625 _____ C:\Users\Owner\Downloads\fixlist.txt
2013-10-19 11:18 - 2013-10-19 11:18 - 00000000 ____D C:\ProgramData\Oracle
2013-10-19 11:18 - 2013-10-19 11:17 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-19 11:18 - 2012-03-11 00:45 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-19 11:16 - 2013-10-19 11:16 - 00915368 _____ (Oracle Corporation) C:\Users\Owner\Downloads\chromeinstall-7u45.exe
2013-10-19 10:41 - 2013-10-19 10:41 - 00358923 _____ (Farbar) C:\Users\Owner\Desktop\FSS.exe
2013-10-19 10:24 - 2013-10-19 10:24 - 00001105 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-19 10:24 - 2013-10-19 10:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-19 10:24 - 2013-10-19 10:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-19 10:13 - 2013-10-19 10:13 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2013-10-19 10:13 - 2013-10-19 10:12 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2013-10-19 10:11 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Default
2013-10-19 10:10 - 2013-10-19 09:56 - 00000000 ____D C:\Windows\erdnt
2013-10-19 09:55 - 2013-10-19 09:55 - 05134711 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2013-10-19 09:50 - 2013-10-19 09:50 - 01954124 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2013-10-19 09:50 - 2013-10-19 09:50 - 00000000 ____D C:\FRST
2013-10-19 09:44 - 2013-10-19 09:44 - 00000000 ____D C:\_OTL
2013-10-19 09:44 - 2012-03-10 19:36 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-18 23:11 - 2013-10-14 22:36 - 00000220 _____ C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
2013-10-17 22:53 - 2013-10-17 22:53 - 00104885 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.lets.come.together.paloma.and.klara.1080p.mp4.torrent
2013-10-17 22:52 - 2013-10-17 22:52 - 00011271 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.alyona.klara.paloma.strap.on.adventure.torrent
2013-10-17 22:52 - 2013-10-17 22:52 - 00011271 _____ C:\Users\Owner\Downloads\[kickass.to]wowgirls.alyona.klara.paloma.strap.on.adventure (1).torrent
2013-10-17 22:49 - 2013-10-17 22:49 - 00034444 _____ C:\Users\Owner\Downloads\[kickass.to]younglegalporn.klara.take.me.right.here.torrent
2013-10-17 11:32 - 2013-10-17 11:32 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
2013-10-17 11:32 - 2013-10-17 11:32 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2013-10-17 10:16 - 2013-10-17 10:16 - 01198941 _____ C:\Users\Owner\Downloads\Folder_SLFiles (4).zip
2013-10-17 10:16 - 2013-10-17 10:16 - 01198941 _____ C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
2013-10-16 08:48 - 2013-10-22 00:05 - 30344992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 22933280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 18243632 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 15858664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 12537632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-16 08:48 - 2013-10-22 00:05 - 11415232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 11362672 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 09516872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 09472600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-10-16 08:48 - 2013-10-22 00:05 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-10-16 08:48 - 2012-10-12 00:34 - 15244272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-10-16 08:48 - 2012-03-10 21:42 - 18290536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-10-16 08:48 - 2012-03-10 21:42 - 01435504 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-10-16 08:48 - 2012-03-10 20:00 - 03067560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-10-16 08:48 - 2012-03-10 20:00 - 02694664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-10-16 08:48 - 2012-03-10 20:00 - 00023287 _____ C:\Windows\system32\nvinfo.pb
2013-10-16 05:47 - 2012-03-10 20:00 - 06665504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-10-16 05:47 - 2012-03-10 20:00 - 03489568 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-10-16 05:47 - 2012-03-10 20:00 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-10-16 05:47 - 2012-03-10 20:00 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-10-16 05:47 - 2012-03-10 20:00 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-10-15 23:30 - 2013-09-27 13:10 - 00000000 ____D C:\Users\Owner\Desktop\scheduling
2013-10-15 16:54 - 2013-10-15 16:54 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-14 22:36 - 2012-12-19 21:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-10-13 08:20 - 2013-10-13 08:20 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-10-13 08:20 - 2013-10-13 08:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-10-12 15:54 - 2013-10-12 15:55 - 00370894 _____ C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
2013-10-12 15:54 - 2013-10-12 15:54 - 00370894 _____ C:\Users\Owner\Downloads\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
2013-10-12 15:38 - 2012-09-23 18:55 - 00000000 _____ C:\Windows\SysWOW64\Access.dat
2013-10-12 12:42 - 2012-04-05 22:33 - 00000979 _____ C:\Users\Owner\Desktop\Dropbox.lnk
2013-10-12 12:42 - 2012-04-05 22:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-11 22:11 - 2013-05-02 20:52 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 22:11 - 2013-05-02 20:52 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-11 06:36 - 2012-03-11 11:30 - 00000000 ____D C:\Windows\Panther
2013-10-11 06:36 - 2009-07-14 12:45 - 00607288 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 23:14 - 2012-03-14 20:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 23:12 - 2013-03-27 21:09 - 00773030 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-10 23:12 - 2012-05-18 11:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 23:12 - 2012-05-18 11:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 23:10 - 2013-07-30 00:05 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 23:09 - 2013-05-02 21:27 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 23:17 - 2012-04-26 06:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 23:17 - 2012-04-26 06:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 23:17 - 2012-03-10 22:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 03:14 - 2012-03-10 21:42 - 03398914 _____ C:\Windows\system32\nvcoproc.bin
2013-10-08 15:29 - 2013-09-02 18:21 - 00000000 ____D C:\Users\Owner\Desktop\IT1004
2013-10-08 07:50 - 2013-10-19 11:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 07:46 - 2013-10-19 11:18 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-08 07:46 - 2013-10-19 11:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-08 07:46 - 2013-10-19 11:18 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-03 11:22 - 2013-10-03 11:22 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012 (2).ppt
2013-10-02 21:44 - 2013-10-02 21:44 - 01439232 _____ C:\Users\Owner\Downloads\PF3302 Lecture 2 LSE 2010.ppt
2013-10-02 21:43 - 2013-10-02 21:43 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012 (1).ppt
2013-10-02 21:41 - 2013-10-02 21:41 - 09786880 _____ C:\Users\Owner\Downloads\PF3302 Lecture 1 LSE 2012.ppt
2013-10-02 21:41 - 2013-10-02 21:41 - 06520832 _____ C:\Users\Owner\Downloads\Lecture - CS11 - 2013 updated (1).ppt
2013-10-02 21:40 - 2013-10-02 21:40 - 00474112 _____ C:\Users\Owner\Downloads\Lecture - CS9and10 - 2011 (3).ppt
2013-10-02 21:40 - 2013-10-02 21:40 - 00474112 _____ C:\Users\Owner\Downloads\Lecture - CS9and10 - 2011 (2).ppt
2013-10-01 23:27 - 2013-10-01 23:27 - 00065182 _____ C:\Users\Owner\Desktop\Prabhu-IT1004slides.pptx
2013-10-01 17:46 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-29 22:14 - 2013-09-29 22:14 - 00000000 _____ C:\Windows\setuperr.log
2013-09-29 22:11 - 2012-03-11 14:51 - 00000000 ____D C:\Users\Owner\Documents\CCLEANER
2013-09-29 21:45 - 2013-09-29 21:45 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2013-09-29 21:45 - 2013-09-29 21:45 - 00000000 ____D C:\ProgramData\Panda Security
2013-09-29 21:45 - 2013-09-29 21:45 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-09-29 21:44 - 2013-09-29 21:44 - 00823346 _____ C:\Users\Owner\Downloads\USBVaccine.zip
2013-09-29 21:44 - 2013-09-29 21:44 - 00000000 ____D C:\Users\Owner\Desktop\usbvaccine
2013-09-29 21:38 - 2013-09-29 21:38 - 00132597 _____ C:\Users\Owner\Desktop\Flash_Disinfector.exe
2013-09-29 21:12 - 2013-09-29 21:12 - 00000349 _____ C:\Users\Owner\Downloads\RegisterActxprxyAndIeproxy.zip
2013-09-29 21:03 - 2013-09-29 21:03 - 00000541 _____ C:\Users\Owner\Downloads\Elevated_Command_Prompt.zip
2013-09-29 20:48 - 2013-09-29 20:48 - 00003090 _____ C:\Windows\System32\Tasks\{B64D6685-769D-4AE9-AD29-55343D8256E9}
2013-09-28 16:38 - 2013-09-27 23:50 - 04860346 _____ C:\Users\Owner\Desktop\TP1_V12.pptx
2013-09-28 00:27 - 2012-03-10 22:55 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2013-09-27 16:57 - 2013-10-02 07:18 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433140.dll
2013-09-27 16:57 - 2013-10-02 07:18 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433140.dll
2013-09-27 14:10 - 2013-09-27 14:00 - 00000000 ____D C:\Users\Owner\Desktop\Maintainability
2013-09-24 22:13 - 2013-09-24 22:13 - 00000000 ____D C:\Users\Owner\AppData\Local\Razer
2013-09-24 22:13 - 2012-03-10 21:39 - 00127000 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-24 22:04 - 2013-09-24 22:04 - 00001242 _____ C:\Users\Public\Desktop\Razer Comms.lnk
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_RzFilter_01009.Wdf
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\Windows\Razer Core
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\ProgramData\Razer
2013-09-24 22:04 - 2013-09-24 22:04 - 00000000 ____D C:\Program Files (x86)\Razer
2013-09-24 22:04 - 2013-09-24 22:03 - 39691960 _____ (Razer Inc.) C:\Users\Owner\Downloads\RazerComms1.60.26.exe
2013-09-23 23:40 - 2013-09-23 21:22 - 00000639 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz.lnk
2013-09-23 23:40 - 2013-09-23 21:22 - 00000611 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz Uninstall.lnk
2013-09-23 21:21 - 2013-09-23 21:21 - 00000056 _____ C:\Windows\kgt2k.INI
2013-09-23 21:21 - 2012-03-10 19:36 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2013-09-23 07:28 - 2013-10-10 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 07:28 - 2013-10-10 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 07:27 - 2013-10-10 23:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 06:55 - 2013-10-10 23:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 06:55 - 2013-10-10 23:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 06:55 - 2013-10-10 23:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 06:54 - 2013-10-10 23:13 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 06:54 - 2013-10-10 23:13 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 03:20 - 2013-06-25 23:36 - 00001048 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2013-09-23 03:20 - 2013-03-09 01:02 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-09-22 23:23 - 2013-09-03 22:04 - 00000000 __SHD C:\Users\Public\Documents\Media
2013-09-22 13:01 - 2013-09-22 13:01 - 00038748 _____ C:\Users\Owner\Downloads\[kickass.to]the.queen.of.fighters.hentai.mugen.fullgame.final.version.torrent

Files to move or delete:
====================
C:\ProgramData\wmimgmt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-05-19 10:44

==================== End Of Log ============================
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
Oddly enough the registry entry keeps coming back but I don't think it can do anything because it points to a folder that I had OTL make instead of the malware file.

I would right click on H:\ and Format and let it format the drive. That should remove any malware we can't see.

Then run OTL quickscan and post the log.
  • 0

#22
frozenthunder

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Ok I formatted the drive and ran the quickscan. Here's the log.

OTL logfile created on: 10/22/2013 8:27:41 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.71 Gb Available Physical Memory | 71.52% Memory free
15.96 Gb Paging File | 13.15 Gb Available in Paging File | 82.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488.18 Gb Total Space | 20.39 Gb Free Space | 4.18% Space Free | Partition Type: NTFS
Drive D: | 443.23 Gb Total Space | 54.59 Gb Free Space | 12.32% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 121.62 Gb Free Space | 13.06% Space Free | Partition Type: FAT32
Drive G: | 7.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 3.73 Gb Total Space | 3.73 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: PRABHU | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/17 11:32:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/10/15 16:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/10/11 22:11:06 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/11 00:10:18 | 029,768,376 | ---- | M] (Dropbox, Inc.) -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/09 10:19:14 | 000,565,672 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/10/09 10:19:12 | 001,813,928 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\steam\Steam.exe
PRC - [2013/10/09 08:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/25 17:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/09/18 06:28:28 | 001,787,688 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
PRC - [2013/09/18 06:28:16 | 000,878,888 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
PRC - [2013/09/18 06:27:50 | 000,556,840 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013/08/28 05:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/08/28 05:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/08/27 03:15:34 | 001,091,264 | ---- | M] (Razer) -- C:\Program Files (x86)\Razer\Core\RazerCore.exe
PRC - [2013/08/06 19:00:59 | 009,739,056 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
PRC - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
PRC - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/02/17 18:53:28 | 000,522,720 | ---- | M] (Old McDonald's Farm) -- C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
PRC - [2012/02/17 17:52:52 | 000,425,250 | ---- | M] (Old McDonald's Farm) -- C:\Program Files (x86)\Autorun Eater\billy.exe
PRC - [2011/08/02 15:38:20 | 002,248,704 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
PRC - [2011/07/06 13:15:26 | 002,656,536 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/07/06 13:15:20 | 000,326,424 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/04/15 17:26:36 | 000,980,280 | ---- | M] () -- C:\Program Files (x86)\VOX\JamVOX\JVExec.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/22 20:12:01 | 000,557,056 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\pysqlite2._sqlite.pyd
MOD - [2013/10/22 20:12:01 | 000,320,512 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\win32com.shell.shell.pyd
MOD - [2013/10/22 20:12:01 | 000,128,512 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\_elementtree.pyd
MOD - [2013/10/22 20:12:01 | 000,098,816 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\win32api.pyd
MOD - [2013/10/22 20:12:01 | 000,070,656 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\wx._html2.pyd
MOD - [2013/10/22 20:12:01 | 000,044,032 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\_socket.pyd
MOD - [2013/10/22 20:12:01 | 000,026,624 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\_multiprocessing.pyd
MOD - [2013/10/22 20:12:01 | 000,022,528 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\win32ts.pyd
MOD - [2013/10/22 20:12:01 | 000,011,264 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\win32crypt.pyd
MOD - [2013/10/22 20:12:00 | 001,175,040 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\wx._core_.pyd
MOD - [2013/10/22 20:12:00 | 001,153,024 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\_ssl.pyd
MOD - [2013/10/22 20:12:00 | 000,805,888 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\wx._gdi_.pyd
MOD - [2013/10/22 20:12:00 | 000,735,232 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\wx._misc_.pyd
MOD - [2013/10/22 20:12:00 | 000,504,832 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\windows._cacheinvalidation.pyd
MOD - [2013/10/22 20:12:00 | 000,364,544 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\pythoncom27.dll
MOD - [2013/10/22 20:12:00 | 000,110,080 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\PyWinTypes27.dll
MOD - [2013/10/22 20:12:00 | 000,108,544 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\win32security.pyd
MOD - [2013/10/22 20:12:00 | 000,087,040 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\_ctypes.pyd
MOD - [2013/10/22 20:12:00 | 000,035,840 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\win32process.pyd
MOD - [2013/10/22 20:12:00 | 000,025,600 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\win32pdh.pyd
MOD - [2013/10/22 20:12:00 | 000,017,408 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\win32profile.pyd
MOD - [2013/10/22 20:11:59 | 001,062,400 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\wx._controls_.pyd
MOD - [2013/10/22 20:11:59 | 000,811,008 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\wx._windows_.pyd
MOD - [2013/10/22 20:11:59 | 000,711,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\_hashlib.pyd
MOD - [2013/10/22 20:11:59 | 000,686,080 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\unicodedata.pyd
MOD - [2013/10/22 20:11:59 | 000,127,488 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\pyexpat.pyd
MOD - [2013/10/22 20:11:59 | 000,122,368 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\wx._wizard.pyd
MOD - [2013/10/22 20:11:59 | 000,119,808 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\win32file.pyd
MOD - [2013/10/22 20:11:59 | 000,038,912 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\win32inet.pyd
MOD - [2013/10/22 20:11:59 | 000,018,432 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\win32event.pyd
MOD - [2013/10/22 20:11:56 | 000,010,240 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI43082\select.pyd
MOD - [2013/10/11 00:09:30 | 003,558,400 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/10 23:11:56 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll
MOD - [2013/10/10 23:11:48 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
MOD - [2013/10/10 23:11:47 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\de9e77138e17f0188104c9ec32d375da\System.Data.ni.dll
MOD - [2013/10/10 23:11:45 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/10 23:11:45 | 000,693,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\7dd3be81af8b03416ad0109af26997b9\System.ComponentModel.Composition.ni.dll
MOD - [2013/10/10 23:11:44 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/10 23:11:42 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
MOD - [2013/10/10 23:11:41 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 10:19:16 | 001,121,704 | ---- | M] () -- C:\Program Files (x86)\steam\bin\chromehtml.dll
MOD - [2013/10/09 08:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/09 08:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/09 08:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/09 08:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/09 08:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/09/18 06:18:58 | 000,902,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
MOD - [2013/09/11 06:20:56 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\steam\bin\libcef.dll
MOD - [2013/08/29 13:21:34 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
MOD - [2013/08/29 13:21:24 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\b1560845b641faac0ca607b2dce8389a\Microsoft.VisualC.ni.dll
MOD - [2013/08/29 13:21:23 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/08/29 13:21:23 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/29 13:21:22 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/29 13:21:22 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/22 06:18:28 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\steam\SDL2.dll
MOD - [2013/08/15 03:04:27 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/15 03:04:26 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/15 03:04:25 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/07 15:33:54 | 000,027,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\VersionModule.dll
MOD - [2013/08/06 19:01:20 | 000,864,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
MOD - [2013/08/06 19:00:59 | 009,739,056 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
MOD - [2013/07/26 14:18:31 | 000,957,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XLL.dll
MOD - [2013/07/18 22:09:40 | 000,529,200 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll
MOD - [2013/07/15 22:29:36 | 001,545,520 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
MOD - [2013/07/11 23:44:22 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/11 23:44:22 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dll
MOD - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
MOD - [2013/06/15 07:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avcodec-53.dll
MOD - [2013/06/15 07:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avformat-53.dll
MOD - [2013/06/15 07:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avutil-51.dll
MOD - [2013/04/10 17:23:12 | 000,170,800 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
MOD - [2013/04/10 17:22:55 | 000,155,440 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libmpg123.dll
MOD - [2013/03/14 04:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/03/13 18:05:59 | 000,374,064 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\Http.dll
MOD - [2013/03/07 10:10:42 | 000,106,288 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
MOD - [2013/03/07 10:10:39 | 000,224,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
MOD - [2013/03/07 10:10:22 | 000,487,216 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CxImage.dll
MOD - [2013/02/13 09:42:46 | 005,407,744 | ---- | M] () -- C:\Program Files (x86)\PlayClaw4\playclaw-vcam.dll
MOD - [2013/02/07 17:11:25 | 000,025,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginModule.dll
MOD - [2013/02/07 17:11:24 | 000,087,344 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginKernel.dll
MOD - [2013/02/07 17:11:22 | 000,192,816 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ImageModule.dll
MOD - [2013/02/07 17:11:17 | 000,051,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\FileLoader.dll
MOD - [2013/02/07 17:11:15 | 000,033,584 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\DibModule.dll
MOD - [2013/02/01 13:42:29 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libzmq.dll
MOD - [2013/01/30 16:26:41 | 002,941,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdownloader.dll
MOD - [2013/01/30 16:26:38 | 000,104,752 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CommonLib.dll
MOD - [2013/01/14 19:57:52 | 001,092,912 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
MOD - [2013/01/14 19:57:46 | 000,219,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
MOD - [2012/11/09 17:34:12 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
MOD - [2012/11/08 19:28:10 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
MOD - [2012/11/08 19:27:48 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
MOD - [2012/04/24 09:19:16 | 000,238,592 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
MOD - [2012/04/13 11:12:18 | 000,059,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
MOD - [2012/04/13 11:12:18 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
MOD - [2012/03/23 18:15:58 | 000,988,160 | ---- | M] () -- C:\Program Files (x86)\Razer\Core\Plugins\ChatApplet\libssh2.dll
MOD - [2012/03/08 16:56:40 | 000,510,464 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
MOD - [2012/03/02 16:23:26 | 000,577,621 | ---- | M] () -- C:\Program Files (x86)\Razer\Core\Plugins\ChatApplet\sqlite3.dll
MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lame_enc.dll
MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\sqlite3.dll
MOD - [2012/02/22 16:52:16 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/02 15:38:20 | 002,248,704 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/04/15 17:26:36 | 000,980,280 | ---- | M] () -- C:\Program Files (x86)\VOX\JamVOX\JVExec.exe
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBMANAGE.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/28 05:17:13 | 014,997,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/18 09:47:16 | 008,518,008 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2012/04/18 09:47:16 | 000,567,672 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
SRV - [2013/10/15 16:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/09 23:17:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 10:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/18 06:28:16 | 000,878,888 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe -- (hshld)
SRV - [2013/09/18 06:27:50 | 000,556,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/09/18 04:35:24 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/08/28 05:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/08/27 03:15:40 | 000,032,960 | ---- | M] (Razer) [Auto | Running] -- C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe -- (RzOvlMon)
SRV - [2013/08/16 17:37:02 | 000,757,144 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/06/26 12:31:08 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/30 05:24:28 | 005,117,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/07/06 13:15:26 | 002,656,536 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/07/06 13:15:20 | 000,326,424 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/18 04:31:12 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/08/27 03:05:21 | 000,128,984 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzDxgk.sys -- (RzDxgk)
DRV:64bit: - [2013/08/27 03:05:21 | 000,074,456 | ---- | M] (Razer USA Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RzFilter.sys -- (RzFilter)
DRV:64bit: - [2013/08/20 21:33:40 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/06/16 20:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/04/25 03:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/29 19:21:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/29 14:04:36 | 000,065,912 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/03/29 14:04:36 | 000,013,688 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/03/29 14:04:32 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/06/10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/28 07:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/28 07:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/28 05:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/28 05:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/15 01:00:00 | 000,062,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\JamDRV.sys -- (JAMVOX_AA)
DRV:64bit: - [2009/04/15 01:00:00 | 000,031,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JamWdm.sys -- (JAMVOX_01)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C 74 DD 0E 46 12 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.24.0.9
FF - prefs.js..extensions.enabledAddons: %7Bf701c26a-479a-4724-b4f1-870db12f063c%7D:1.4.4
FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.8
FF - prefs.js..extensions.enabledAddons: %7BB042753D-F57E-4e8e-A01B-7379A6D4CEFB%7D:1.35
FF - prefs.js..extensions.enabledAddons: afext%40anchorfree.com:3.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.6: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/26 12:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/12 00:43:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/26 12:31:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/12 00:43:03 | 000,000,000 | ---D | M]

[2012/03/10 21:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/10/06 00:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions
[2013/05/02 23:38:11 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012/03/13 21:15:01 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\[email protected]
[2013/01/01 10:25:46 | 000,067,812 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
[2013/07/28 13:20:30 | 000,223,750 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/02/10 00:02:03 | 000,328,332 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013/10/06 00:17:59 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/04/07 11:53:55 | 000,043,307 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}.xpi
[2013/06/26 12:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/26 12:31:05 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/09/01 23:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/26 12:31:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/01 23:31:03 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]
[2012/01/12 16:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = https://www.google.c...q=t&channel=rcs
CHR - default_search_provider: suggest_url = https://www.google.c...q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: Dropdown List of Most Visited Links = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah\0.5_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/10/22 09:25:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [JamInit] C:\Windows\SysNative\InitJam.exe (Korg Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GarenaPlus] C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Razer Comms] C:\Program Files (x86)\Razer\Core\RazerCore.exe (Razer)
O4 - HKCU..\Run: [Steam] C:\program files (x86)\steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKCU..\Run: [wmi32] "C:\ProgramData\Application Data\wmimgmt.exe" File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AE76720-B3CC-4EB0-B3AB-0845216492DE}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32BB1182-7706-4C35-9E35-39C64A3E8B9E}: DhcpNameServer = 202.65.247.32 202.65.244.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A05D824F-D3DF-47F2-B212-86EF81DD0CF3}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/22 09:05:52 | 000,000,000 | ---D | M] - C:\AuToRUn.iNf -- [ NTFS ]
O32 - AutoRun File - [2013/10/22 09:05:53 | 000,000,000 | ---D | M] - D:\AuToRUn.iNf -- [ NTFS ]
O32 - AutoRun File - [2013/10/20 10:35:04 | 000,000,000 | ---D | M] - F:\autorun .inf -- [ FAT32 ]
O32 - AutoRun File - [2013/10/22 09:05:54 | 000,000,000 | ---D | M] - F:\AuToRUn.iNf -- [ FAT32 ]
O32 - AutoRun File - [2013/08/23 22:28:53 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/22 09:56:32 | 001,954,698 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/10/22 09:26:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/22 09:23:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/22 09:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\wmimgmt.exe
[2013/10/22 09:05:52 | 000,000,000 | ---D | C] -- C:\AuToRUn.iNf
[2013/10/21 11:04:46 | 005,136,138 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/10/20 10:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Autorun Eater
[2013/10/20 10:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autorun Eater
[2013/10/20 10:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autorun Eater
[2013/10/20 10:32:35 | 001,458,415 | ---- | C] (Old McDonald's Farm) -- C:\Users\Owner\Desktop\aesetup2.6.exe
[2013/10/20 10:32:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\geekstogologs
[2013/10/19 11:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/19 11:18:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/19 11:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/19 10:41:43 | 000,358,923 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FSS.exe
[2013/10/19 10:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/19 10:24:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/19 10:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/19 10:13:29 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2013/10/19 09:56:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/19 09:56:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/19 09:56:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/19 09:56:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/19 09:56:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/19 09:50:47 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/19 09:44:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/17 11:32:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/10/08 08:49:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashDumps
[2013/09/29 21:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/09/29 21:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2013/09/29 21:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/09/29 21:44:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\usbvaccine
[2013/09/27 14:00:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Maintainability
[2013/09/27 13:10:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\scheduling
[2013/09/24 22:13:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Razer
[2013/09/24 22:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Comms
[2013/09/24 22:04:50 | 000,074,456 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzFilter.sys
[2013/09/24 22:04:49 | 000,128,984 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzDxgk.sys
[2013/09/24 22:04:37 | 000,000,000 | ---D | C] -- C:\Windows\Razer Core
[2013/09/24 22:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2013/09/24 22:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2013/09/23 03:20:15 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys

========== Files - Modified Within 30 Days ==========

[2013/10/22 20:18:44 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/22 20:18:44 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/22 20:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/22 20:16:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/22 20:13:08 | 000,224,256 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
[2013/10/22 20:11:03 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/22 20:10:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/22 20:10:42 | 2132,406,271 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/22 09:56:22 | 001,954,698 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/10/22 09:25:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/22 09:14:12 | 005,136,138 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/10/20 10:46:58 | 000,421,831 | ---- | M] () -- C:\Users\Owner\Desktop\autorunpic.jpg
[2013/10/20 10:45:07 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/20 10:45:07 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/20 10:45:07 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/20 10:40:43 | 000,048,573 | ---- | M] () -- C:\Users\Owner\Desktop\cmdpromptpic.jpg
[2013/10/20 10:33:04 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2013/10/19 23:20:40 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/19 10:41:53 | 000,358,923 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FSS.exe
[2013/10/19 10:24:41 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/19 10:13:14 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2013/10/18 23:11:00 | 000,000,220 | ---- | M] () -- C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
[2013/10/17 11:32:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/10/17 10:16:46 | 001,198,941 | ---- | M] () -- C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
[2013/10/16 08:48:05 | 000,023,287 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/10/15 21:53:31 | 000,454,227 | ---- | M] () -- C:\Users\Owner\Desktop\IMG_15102013_215300.png
[2013/10/15 16:14:31 | 000,000,877 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yuuguu.lnk
[2013/10/12 15:54:57 | 000,370,894 | ---- | M] () -- C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
[2013/10/12 15:38:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2013/10/12 12:43:08 | 000,001,011 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/10/12 12:42:58 | 000,000,979 | ---- | M] () -- C:\Users\Owner\Desktop\Dropbox.lnk
[2013/10/11 06:36:33 | 000,607,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 23:12:21 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 03:14:15 | 003,398,914 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/09/29 21:38:23 | 000,132,597 | ---- | M] () -- C:\Users\Owner\Desktop\Flash_Disinfector.exe
[2013/09/27 17:13:24 | 000,189,099 | ---- | M] () -- C:\Users\Owner\Desktop\Bharath Prabhu CV.pdf
[2013/09/24 22:04:57 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\Razer Comms.lnk
[2013/09/24 22:04:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf
[2013/09/23 21:21:36 | 000,000,056 | ---- | M] () -- C:\Windows\kgt2k.INI
[2013/09/23 03:20:05 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk

========== Files Created - No Company Name ==========

[2013/10/20 10:46:58 | 000,421,831 | ---- | C] () -- C:\Users\Owner\Desktop\autorunpic.jpg
[2013/10/20 10:40:43 | 000,048,573 | ---- | C] () -- C:\Users\Owner\Desktop\cmdpromptpic.jpg
[2013/10/20 10:33:04 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2013/10/19 10:24:41 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/19 09:56:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/19 09:56:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/19 09:56:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/19 09:56:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/19 09:56:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/17 10:16:48 | 001,198,941 | ---- | C] () -- C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
[2013/10/15 21:53:22 | 000,454,227 | ---- | C] () -- C:\Users\Owner\Desktop\IMG_15102013_215300.png
[2013/10/15 16:14:31 | 000,000,877 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yuuguu.lnk
[2013/10/14 22:36:43 | 000,000,220 | ---- | C] () -- C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
[2013/10/12 15:55:03 | 000,370,894 | ---- | C] () -- C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
[2013/09/29 21:38:17 | 000,132,597 | ---- | C] () -- C:\Users\Owner\Desktop\Flash_Disinfector.exe
[2013/09/27 17:12:32 | 000,189,099 | ---- | C] () -- C:\Users\Owner\Desktop\Bharath Prabhu CV.pdf
[2013/09/24 22:15:42 | 000,224,256 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
[2013/09/24 22:04:57 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\Razer Comms.lnk
[2013/09/24 22:04:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf
[2013/09/23 21:22:22 | 000,000,639 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz.lnk
[2013/09/23 21:22:22 | 000,000,611 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d Girlz Uninstall.lnk
[2013/09/23 21:21:36 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2013/08/24 11:49:19 | 000,007,168 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/09 17:42:14 | 000,045,270 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\room_v3.dat
[2013/03/27 21:09:55 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/23 20:49:08 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\tmb1-v32.dll
[2012/09/23 18:55:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/15 11:50:56 | 000,007,597 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/05/29 16:16:39 | 000,001,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/05/29 16:11:56 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/04/24 22:16:19 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/06 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Atari
[2012/03/11 14:49:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2013/10/22 10:03:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2013/08/29 13:16:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2013/10/22 20:12:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2013/07/15 21:20:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GameRanger
[2013/08/04 21:12:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Garena
[2013/10/22 20:15:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GarenaPlus
[2012/04/26 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Guitar Pro 6
[2013/03/09 01:02:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hotspot Shield
[2012/09/18 16:29:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2012/12/24 12:10:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient
[2012/09/23 20:49:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayClaw3
[2013/03/22 14:54:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayClaw4
[2012/08/07 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Subversion
[2012/03/11 00:46:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
[2013/08/18 20:54:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tunngle
[2012/05/23 18:43:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VOX
[2013/01/10 01:30:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\xim

========== Purity Check ==========



< End of report >
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
Make sure the USB is still in h:

Copy the text in the code box by highlighting and Ctrl + c

:OTL
O4 - HKCU..\Run: [wmi32] "C:\ProgramData\Application Data\wmimgmt.exe" File not found
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)

:files
mkdir h:\Autorun.inf /c
mkdir h:\desktop.ini /c

:Commands
[EMPTYTEMP]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\10222013-some number.log so look there if you don't see it.

This will remove one entry I missed and also try to remove the run entry that keeps coming back. I'm also having it create 2 folders on the USB drive to keep it from getting reinfected.

Run OTL Quickscan again and post the log. Let's also try:

autoruns from
http://live.sysinter...om/autoruns.exe

Download Save and Run the program by right clicking and Run As Admin. File, Save, to your desktop, autoruns.arn, OK

Either zip up the file if you have the ability (7-zip works nicely) or just rename it from autoruns.arn to autoruns.txt then ATTACH it. Do not copy and paste.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

You really need an anti-virus (You can uninstall it later if you think it interferes with gaming or something but we need something to make sure the malware is gone). Get the free version of Avast:
http://www.avast.com/index
Click on Download then choose the free version. Uncheck the Chrome download and the Google toolbar that they want to foist on you.


Download, Save, and right click and Run As Administrator.

Once it has installed and updated then let's let it run a boot-time scan. I usually let this run while I sleep since it takes so long and you can't use the PC while it is running:

First mute the speakers so it won't wake you up when Windows loads.

Click on the Orange ball. Click on Scans. Change Quickscan to Boot-time Scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Check both boxes. Then change When a threat is found ... to: Move to Chest. OK. Now click on Start. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Maintenance then Scan Logs. Click on the Boot-time scan log and then View Results. IF it found anything then open the saved Report and copy and paste the text into a reply so I can see it.
  • 0

#24
frozenthunder

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Attached File  AutoRuns.rar   72.88KB   34 downloads
Hi Ron,

I couldnt find the AVAST log but when i check the scan history, it says there are 147 infected files. I can view the report but it is not in a txt format.I cannot find the maintenance->scan logs. What i can find is scan->scan history. I cannot copy and paste the infection list this way. :\

Here are the rest of the logs.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wmi32 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1979\\http deleted successfully.
========== FILES ==========
< mkdir h:\Autorun.inf /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< mkdir h:\desktop.ini /c >
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: fbwuser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 44562682 bytes
->Temporary Internet Files folder emptied: 3561660 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 120286608 bytes
->Flash cache emptied: 707 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3946 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 161.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10232013_215354

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 10/23/2013 9:59:09 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.80 Gb Available Physical Memory | 72.62% Memory free
15.96 Gb Paging File | 13.40 Gb Available in Paging File | 83.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488.18 Gb Total Space | 20.56 Gb Free Space | 4.21% Space Free | Partition Type: NTFS
Drive D: | 443.23 Gb Total Space | 54.59 Gb Free Space | 12.32% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 121.62 Gb Free Space | 13.06% Space Free | Partition Type: FAT32
Drive G: | 7.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 3.73 Gb Total Space | 3.73 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: PRABHU | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/17 11:32:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/10/15 16:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/10/11 22:11:06 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/11 00:10:18 | 029,768,376 | ---- | M] (Dropbox, Inc.) -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/09 10:19:14 | 000,565,672 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/10/09 10:19:12 | 001,813,928 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\steam\Steam.exe
PRC - [2013/10/09 08:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/25 17:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/09/18 06:28:28 | 001,787,688 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
PRC - [2013/09/18 06:28:16 | 000,878,888 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
PRC - [2013/09/18 06:27:50 | 000,556,840 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013/08/28 05:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/08/28 05:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/08/27 03:15:34 | 001,091,264 | ---- | M] (Razer) -- C:\Program Files (x86)\Razer\Core\RazerCore.exe
PRC - [2013/08/06 19:00:59 | 009,739,056 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
PRC - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
PRC - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/02/17 18:53:28 | 000,522,720 | ---- | M] (Old McDonald's Farm) -- C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
PRC - [2012/02/17 17:52:52 | 000,425,250 | ---- | M] (Old McDonald's Farm) -- C:\Program Files (x86)\Autorun Eater\billy.exe
PRC - [2011/08/02 15:38:20 | 002,248,704 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
PRC - [2011/07/06 13:15:20 | 000,326,424 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/04/15 17:26:36 | 000,980,280 | ---- | M] () -- C:\Program Files (x86)\VOX\JamVOX\JVExec.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/23 21:56:30 | 001,175,040 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\wx._core_.pyd
MOD - [2013/10/23 21:56:30 | 001,153,024 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\_ssl.pyd
MOD - [2013/10/23 21:56:30 | 000,811,008 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\wx._windows_.pyd
MOD - [2013/10/23 21:56:30 | 000,805,888 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\wx._gdi_.pyd
MOD - [2013/10/23 21:56:30 | 000,735,232 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\wx._misc_.pyd
MOD - [2013/10/23 21:56:30 | 000,711,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\_hashlib.pyd
MOD - [2013/10/23 21:56:30 | 000,557,056 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\pysqlite2._sqlite.pyd
MOD - [2013/10/23 21:56:30 | 000,504,832 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\windows._cacheinvalidation.pyd
MOD - [2013/10/23 21:56:30 | 000,364,544 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\pythoncom27.dll
MOD - [2013/10/23 21:56:30 | 000,320,512 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\win32com.shell.shell.pyd
MOD - [2013/10/23 21:56:30 | 000,128,512 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\_elementtree.pyd
MOD - [2013/10/23 21:56:30 | 000,122,368 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\wx._wizard.pyd
MOD - [2013/10/23 21:56:30 | 000,110,080 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\PyWinTypes27.dll
MOD - [2013/10/23 21:56:30 | 000,108,544 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\win32security.pyd
MOD - [2013/10/23 21:56:30 | 000,098,816 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\win32api.pyd
MOD - [2013/10/23 21:56:30 | 000,087,040 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\_ctypes.pyd
MOD - [2013/10/23 21:56:30 | 000,070,656 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\wx._html2.pyd
MOD - [2013/10/23 21:56:30 | 000,044,032 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\_socket.pyd
MOD - [2013/10/23 21:56:30 | 000,035,840 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\win32process.pyd
MOD - [2013/10/23 21:56:30 | 000,026,624 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\_multiprocessing.pyd
MOD - [2013/10/23 21:56:30 | 000,025,600 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\win32pdh.pyd
MOD - [2013/10/23 21:56:30 | 000,022,528 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\win32ts.pyd
MOD - [2013/10/23 21:56:30 | 000,017,408 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\win32profile.pyd
MOD - [2013/10/23 21:56:30 | 000,011,264 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\win32crypt.pyd
MOD - [2013/10/23 21:56:29 | 001,062,400 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\wx._controls_.pyd
MOD - [2013/10/23 21:56:29 | 000,686,080 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\unicodedata.pyd
MOD - [2013/10/23 21:56:29 | 000,127,488 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\pyexpat.pyd
MOD - [2013/10/23 21:56:29 | 000,119,808 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\win32file.pyd
MOD - [2013/10/23 21:56:29 | 000,038,912 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\win32inet.pyd
MOD - [2013/10/23 21:56:29 | 000,018,432 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\win32event.pyd
MOD - [2013/10/23 21:56:29 | 000,010,240 | ---- | M] () -- C:\Users\Owner\AppData\Local\Temp\_MEI27082\select.pyd
MOD - [2013/10/11 00:09:30 | 003,558,400 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/10 23:11:56 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll
MOD - [2013/10/10 23:11:48 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
MOD - [2013/10/10 23:11:47 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\de9e77138e17f0188104c9ec32d375da\System.Data.ni.dll
MOD - [2013/10/10 23:11:45 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/10 23:11:45 | 000,693,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\7dd3be81af8b03416ad0109af26997b9\System.ComponentModel.Composition.ni.dll
MOD - [2013/10/10 23:11:44 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/10 23:11:42 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
MOD - [2013/10/10 23:11:41 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 10:19:16 | 001,121,704 | ---- | M] () -- C:\Program Files (x86)\steam\bin\chromehtml.dll
MOD - [2013/10/09 08:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/09 08:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/09 08:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/09 08:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/09 08:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/09/18 06:18:58 | 000,902,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
MOD - [2013/09/11 06:20:56 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\steam\bin\libcef.dll
MOD - [2013/08/29 13:21:34 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
MOD - [2013/08/29 13:21:24 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\b1560845b641faac0ca607b2dce8389a\Microsoft.VisualC.ni.dll
MOD - [2013/08/29 13:21:23 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/08/29 13:21:23 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/29 13:21:22 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/29 13:21:22 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/22 06:18:28 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\steam\SDL2.dll
MOD - [2013/08/15 03:04:27 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/15 03:04:26 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/15 03:04:25 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/07 15:33:54 | 000,027,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\VersionModule.dll
MOD - [2013/08/06 19:01:20 | 000,864,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
MOD - [2013/08/06 19:00:59 | 009,739,056 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
MOD - [2013/07/26 14:18:31 | 000,957,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XLL.dll
MOD - [2013/07/18 22:09:40 | 000,529,200 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll
MOD - [2013/07/15 22:29:36 | 001,545,520 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
MOD - [2013/07/11 23:44:22 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/11 23:44:22 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dll
MOD - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
MOD - [2013/06/15 07:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avcodec-53.dll
MOD - [2013/06/15 07:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avformat-53.dll
MOD - [2013/06/15 07:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\steam\bin\avutil-51.dll
MOD - [2013/04/10 17:23:12 | 000,170,800 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
MOD - [2013/04/10 17:22:55 | 000,155,440 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libmpg123.dll
MOD - [2013/03/14 04:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/03/13 18:05:59 | 000,374,064 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\Http.dll
MOD - [2013/03/07 10:10:42 | 000,106,288 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
MOD - [2013/03/07 10:10:39 | 000,224,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
MOD - [2013/03/07 10:10:22 | 000,487,216 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CxImage.dll
MOD - [2013/02/13 09:42:46 | 005,407,744 | ---- | M] () -- C:\Program Files (x86)\PlayClaw4\playclaw-vcam.dll
MOD - [2013/02/07 17:11:25 | 000,025,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginModule.dll
MOD - [2013/02/07 17:11:24 | 000,087,344 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginKernel.dll
MOD - [2013/02/07 17:11:22 | 000,192,816 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ImageModule.dll
MOD - [2013/02/07 17:11:17 | 000,051,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\FileLoader.dll
MOD - [2013/02/07 17:11:15 | 000,033,584 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\DibModule.dll
MOD - [2013/02/01 13:42:29 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libzmq.dll
MOD - [2013/01/30 16:26:41 | 002,941,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdownloader.dll
MOD - [2013/01/30 16:26:38 | 000,104,752 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CommonLib.dll
MOD - [2013/01/14 19:57:52 | 001,092,912 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
MOD - [2013/01/14 19:57:46 | 000,219,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
MOD - [2012/11/09 17:34:12 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
MOD - [2012/11/08 19:28:10 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
MOD - [2012/11/08 19:27:48 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
MOD - [2012/04/24 09:19:16 | 000,238,592 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
MOD - [2012/04/13 11:12:18 | 000,059,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
MOD - [2012/04/13 11:12:18 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
MOD - [2012/03/23 18:15:58 | 000,988,160 | ---- | M] () -- C:\Program Files (x86)\Razer\Core\Plugins\ChatApplet\libssh2.dll
MOD - [2012/03/08 16:56:40 | 000,510,464 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
MOD - [2012/03/02 16:23:26 | 000,577,621 | ---- | M] () -- C:\Program Files (x86)\Razer\Core\Plugins\ChatApplet\sqlite3.dll
MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lame_enc.dll
MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\sqlite3.dll
MOD - [2012/02/22 16:52:16 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/02 15:38:20 | 002,248,704 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/04/15 17:26:36 | 000,980,280 | ---- | M] () -- C:\Program Files (x86)\VOX\JamVOX\JVExec.exe
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBMANAGE.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/28 05:17:13 | 014,997,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/18 09:47:16 | 008,518,008 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2012/04/18 09:47:16 | 000,567,672 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
SRV - [2013/10/15 16:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/09 23:17:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 10:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/18 06:28:16 | 000,878,888 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe -- (hshld)
SRV - [2013/09/18 06:27:50 | 000,556,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/09/18 04:35:24 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/08/28 05:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/08/27 03:15:40 | 000,032,960 | ---- | M] (Razer) [Auto | Running] -- C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe -- (RzOvlMon)
SRV - [2013/08/16 17:37:02 | 000,757,144 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/06/26 12:31:08 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 15:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/30 05:24:28 | 005,117,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/07/06 13:15:26 | 002,656,536 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/07/06 13:15:20 | 000,326,424 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/18 04:31:12 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/08/27 03:05:21 | 000,128,984 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzDxgk.sys -- (RzDxgk)
DRV:64bit: - [2013/08/27 03:05:21 | 000,074,456 | ---- | M] (Razer USA Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RzFilter.sys -- (RzFilter)
DRV:64bit: - [2013/08/20 21:33:40 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/06/16 20:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/04/25 03:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/29 19:21:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/29 14:04:36 | 000,065,912 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/03/29 14:04:36 | 000,013,688 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/03/29 14:04:32 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/06/10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/28 07:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/28 07:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/28 05:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/28 05:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/15 01:00:00 | 000,062,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\JamDRV.sys -- (JAMVOX_AA)
DRV:64bit: - [2009/04/15 01:00:00 | 000,031,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JamWdm.sys -- (JAMVOX_01)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C 74 DD 0E 46 12 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.24.0.9
FF - prefs.js..extensions.enabledAddons: %7Bf701c26a-479a-4724-b4f1-870db12f063c%7D:1.4.4
FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.8
FF - prefs.js..extensions.enabledAddons: %7BB042753D-F57E-4e8e-A01B-7379A6D4CEFB%7D:1.35
FF - prefs.js..extensions.enabledAddons: afext%40anchorfree.com:3.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.6: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/26 12:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/12 00:43:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/26 12:31:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/12 00:43:03 | 000,000,000 | ---D | M]

[2012/03/10 21:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/10/06 00:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions
[2013/05/02 23:38:11 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012/03/13 21:15:01 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\[email protected]
[2013/01/01 10:25:46 | 000,067,812 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
[2013/07/28 13:20:30 | 000,223,750 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/02/10 00:02:03 | 000,328,332 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013/10/06 00:17:59 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/04/07 11:53:55 | 000,043,307 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\11n5c59f.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}.xpi
[2013/06/26 12:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/26 12:31:05 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/09/01 23:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/26 12:31:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/01 23:31:03 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]
[2012/01/12 16:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = https://www.google.c...q=t&channel=rcs
CHR - default_search_provider: suggest_url = https://www.google.c...q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: Dropdown List of Most Visited Links = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah\0.5_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/10/22 09:25:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [JamInit] C:\Windows\SysNative\InitJam.exe (Korg Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GarenaPlus] C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Razer Comms] C:\Program Files (x86)\Razer\Core\RazerCore.exe (Razer)
O4 - HKCU..\Run: [Steam] C:\program files (x86)\steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AE76720-B3CC-4EB0-B3AB-0845216492DE}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32BB1182-7706-4C35-9E35-39C64A3E8B9E}: DhcpNameServer = 202.65.247.32 202.65.244.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A05D824F-D3DF-47F2-B212-86EF81DD0CF3}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/22 09:05:52 | 000,000,000 | ---D | M] - C:\AuToRUn.iNf -- [ NTFS ]
O32 - AutoRun File - [2013/10/22 09:05:53 | 000,000,000 | ---D | M] - D:\AuToRUn.iNf -- [ NTFS ]
O32 - AutoRun File - [2013/10/20 10:35:04 | 000,000,000 | ---D | M] - F:\autorun .inf -- [ FAT32 ]
O32 - AutoRun File - [2013/10/22 09:05:54 | 000,000,000 | ---D | M] - F:\AuToRUn.iNf -- [ FAT32 ]
O32 - AutoRun File - [2013/08/23 22:28:53 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2013/10/23 21:53:56 | 000,000,000 | ---D | M] - H:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/22 09:56:32 | 001,954,698 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/10/22 09:26:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/22 09:23:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/22 09:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\wmimgmt.exe
[2013/10/22 09:05:52 | 000,000,000 | ---D | C] -- C:\AuToRUn.iNf
[2013/10/21 11:04:46 | 005,136,138 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/10/20 10:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Autorun Eater
[2013/10/20 10:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autorun Eater
[2013/10/20 10:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autorun Eater
[2013/10/20 10:32:35 | 001,458,415 | ---- | C] (Old McDonald's Farm) -- C:\Users\Owner\Desktop\aesetup2.6.exe
[2013/10/20 10:32:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\geekstogologs
[2013/10/19 11:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/19 11:18:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/19 11:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/19 10:41:43 | 000,358,923 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FSS.exe
[2013/10/19 10:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/19 10:24:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/19 10:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/19 10:13:29 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2013/10/19 09:56:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/19 09:56:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/19 09:56:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/19 09:56:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/19 09:56:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/19 09:50:47 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/19 09:44:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/17 11:32:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/10/08 08:49:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashDumps
[2013/09/29 21:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/09/29 21:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2013/09/29 21:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/09/29 21:44:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\usbvaccine
[2013/09/27 14:00:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Maintainability
[2013/09/27 13:10:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\scheduling
[2013/09/24 22:13:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Razer
[2013/09/24 22:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Comms
[2013/09/24 22:04:50 | 000,074,456 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzFilter.sys
[2013/09/24 22:04:49 | 000,128,984 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzDxgk.sys
[2013/09/24 22:04:37 | 000,000,000 | ---D | C] -- C:\Windows\Razer Core
[2013/09/24 22:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2013/09/24 22:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer

========== Files - Modified Within 30 Days ==========

[2013/10/23 21:58:05 | 000,224,256 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
[2013/10/23 21:56:14 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/23 21:55:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/23 21:55:39 | 2132,406,271 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/23 21:54:18 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/23 21:54:18 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/23 07:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/23 07:16:55 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/22 20:41:20 | 001,104,664 | ---- | M] () -- C:\Users\Owner\Desktop\Workplace Safety & Health Seminar (Prabhu).jpg
[2013/10/22 09:56:22 | 001,954,698 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2013/10/22 09:25:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/22 09:14:12 | 005,136,138 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/10/20 10:46:58 | 000,421,831 | ---- | M] () -- C:\Users\Owner\Desktop\autorunpic.jpg
[2013/10/20 10:45:07 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/20 10:45:07 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/20 10:45:07 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/20 10:40:43 | 000,048,573 | ---- | M] () -- C:\Users\Owner\Desktop\cmdpromptpic.jpg
[2013/10/20 10:33:04 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2013/10/19 23:20:40 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/19 10:41:53 | 000,358,923 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FSS.exe
[2013/10/19 10:24:41 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/19 10:13:14 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2013/10/18 23:11:00 | 000,000,220 | ---- | M] () -- C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
[2013/10/17 11:32:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/10/17 10:16:46 | 001,198,941 | ---- | M] () -- C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
[2013/10/16 08:48:05 | 000,023,287 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/10/15 21:53:31 | 000,454,227 | ---- | M] () -- C:\Users\Owner\Desktop\IMG_15102013_215300.png
[2013/10/15 16:14:31 | 000,000,877 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yuuguu.lnk
[2013/10/12 15:54:57 | 000,370,894 | ---- | M] () -- C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
[2013/10/12 15:38:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2013/10/12 12:43:08 | 000,001,011 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/10/12 12:42:58 | 000,000,979 | ---- | M] () -- C:\Users\Owner\Desktop\Dropbox.lnk
[2013/10/11 06:36:33 | 000,607,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 23:12:21 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 03:14:15 | 003,398,914 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/09/29 21:38:23 | 000,132,597 | ---- | M] () -- C:\Users\Owner\Desktop\Flash_Disinfector.exe
[2013/09/27 17:13:24 | 000,189,099 | ---- | M] () -- C:\Users\Owner\Desktop\Bharath Prabhu CV.pdf
[2013/09/24 22:04:57 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\Razer Comms.lnk
[2013/09/24 22:04:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf

========== Files Created - No Company Name ==========

[2013/10/22 20:41:48 | 001,104,664 | ---- | C] () -- C:\Users\Owner\Desktop\Workplace Safety & Health Seminar (Prabhu).jpg
[2013/10/20 10:46:58 | 000,421,831 | ---- | C] () -- C:\Users\Owner\Desktop\autorunpic.jpg
[2013/10/20 10:40:43 | 000,048,573 | ---- | C] () -- C:\Users\Owner\Desktop\cmdpromptpic.jpg
[2013/10/20 10:33:04 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2013/10/19 10:24:41 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/19 09:56:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/19 09:56:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/19 09:56:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/19 09:56:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/19 09:56:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/17 10:16:48 | 001,198,941 | ---- | C] () -- C:\Users\Owner\Desktop\Folder_SLFiles (4).zip
[2013/10/15 21:53:22 | 000,454,227 | ---- | C] () -- C:\Users\Owner\Desktop\IMG_15102013_215300.png
[2013/10/15 16:14:31 | 000,000,877 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yuuguu.lnk
[2013/10/14 22:36:43 | 000,000,220 | ---- | C] () -- C:\Users\Owner\Desktop\Sid Meier's Civilization V.url
[2013/10/12 15:55:03 | 000,370,894 | ---- | C] () -- C:\Users\Owner\Desktop\refacilitiesmaintainabilityinterviewrequestfromnusst.zip
[2013/09/29 21:38:17 | 000,132,597 | ---- | C] () -- C:\Users\Owner\Desktop\Flash_Disinfector.exe
[2013/09/27 17:12:32 | 000,189,099 | ---- | C] () -- C:\Users\Owner\Desktop\Bharath Prabhu CV.pdf
[2013/09/24 22:15:42 | 000,224,256 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\RZR_006005584beb94ed127de6940afb.db
[2013/09/24 22:04:57 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\Razer Comms.lnk
[2013/09/24 22:04:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf
[2013/09/23 21:21:36 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2013/08/24 11:49:19 | 000,007,168 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/09 17:42:14 | 000,045,270 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\room_v3.dat
[2013/03/27 21:09:55 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/23 20:49:08 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\tmb1-v32.dll
[2012/09/23 18:55:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/15 11:50:56 | 000,007,597 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/05/29 16:16:39 | 000,001,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/05/29 16:11:56 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/04/24 22:16:19 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/06 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Atari
[2012/03/11 14:49:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2013/10/22 10:03:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2013/08/29 13:16:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2013/10/23 21:58:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2013/07/15 21:20:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GameRanger
[2013/08/04 21:12:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Garena
[2013/10/23 21:59:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GarenaPlus
[2012/04/26 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Guitar Pro 6
[2013/03/09 01:02:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hotspot Shield
[2012/09/18 16:29:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2012/12/24 12:10:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient
[2012/09/23 20:49:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayClaw3
[2013/03/22 14:54:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayClaw4
[2012/08/07 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Subversion
[2012/03/11 00:46:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
[2013/08/18 20:54:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tunngle
[2012/05/23 18:43:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VOX
[2013/01/10 01:30:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\xim

========== Purity Check ==========



< End of report >

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 94.23 0 K 24 K 0
procexp64.exe 1.65 32,196 K 53,232 K 2760 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
svchost.exe 0.70 4,664 K 9,564 K 704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
Steam.exe 0.65 161,884 K 20,620 K 3180 Steam Client Bootstrapper ([email protected]) Valve Corporation (Verified) Valve
Interrupts 0.61 0 K 0 K n/a Hardware Interrupts and DPCs
RazerCore.exe 0.59 96,184 K 115,684 K 2456 RazerCore Razer (Verified) Razer Inc.
dwm.exe 0.41 43,000 K 51,652 K 1744 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.24 3,496 K 10,076 K 500 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 0.24 136 K 840 K 4
oldmcdonald.exe 0.17 9,404 K 3,180 K 4104 Old McDonald Old McDonald's Farm (No signature was present in the subject) Old McDonald's Farm
svchost.exe 0.16 140,420 K 146,080 K 964 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
billy.exe 0.06 7,376 K 2,612 K 4356 Billy The Goat Old McDonald's Farm (No signature was present in the subject) Old McDonald's Farm
explorer.exe 0.04 46,732 K 69,136 K 1960 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
HSSCP.exe 0.03 19,408 K 37,240 K 5452 Hotspot Shield 3.17 AnchorFree Inc. (Verified) AnchorFree Inc
googledrivesync.exe 0.03 45,040 K 56,604 K 3996 Google Drive Google (Verified) Google Inc
LWEMon.exe 0.02 4,500 K 9,628 K 4028 Logitech WingMan Event Monitor Logitech Inc. (Verified) Logitech
Wacom_Tablet.exe 0.02 13,196 K 23,492 K 2632 Tablet Service for professional driver Wacom Technology, Corp. (Verified) Wacom Technology Corp.
AppleMobileDeviceService.exe 0.02 3,464 K 9,672 K 1640 MobileDeviceService Apple Inc. (Verified) Apple Inc.
SteamService.exe 0.02 7,780 K 10,648 K 5280 Steam Client Service ([email protected]) Valve Corporation (Verified) Valve
LMS.exe 0.02 2,296 K 4,620 K 4616 Local Manageability Service Intel Corporation (Verified) Intel Corporation
JVExec.exe 0.01 8,728 K 14,016 K 2276 (Verified) Korg Inc.
Skype.exe 0.01 91,516 K 90,408 K 3228 Skype Skype Technologies S.A. (Verified) Skype Technologies SA
hsswd.exe < 0.01 3,200 K 6,128 K 1796 (Verified) AnchorFree Inc
cmw_srv.exe < 0.01 11,548 K 13,244 K 1712 Hotspot Shield 3.17 AnchorFree Inc. (Verified) AnchorFree Inc
GarenaMessenger.exe < 0.01 50,192 K 66,816 K 4068 Garena Plus (Verified) Garena Online Pte Ltd
iPodService.exe < 0.01 2,740 K 6,820 K 4336 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
chrome.exe < 0.01 98,996 K 110,112 K 5924 Google Chrome Google Inc. (Verified) Google Inc
ggdllhost.exe < 0.01 5,168 K 2,408 K 2128 Windows host process (Rundll32) (Verified) Garena Online Pte Ltd
svchost.exe < 0.01 14,020 K 21,036 K 1012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 4,844 K 8,528 K 832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe < 0.01 65,400 K 52,648 K 5476 Google Chrome Google Inc. (Verified) Google Inc
taskhost.exe < 0.01 9,364 K 13,752 K 1356 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
Dropbox.exe < 0.01 73,288 K 85,960 K 2040 Dropbox Dropbox, Inc. (Verified) Dropbox
svchost.exe < 0.01 24,900 K 39,752 K 300 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 20,572 K 21,632 K 924 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 16,560 K 17,856 K 1148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
daemonu.exe < 0.01 8,556 K 14,028 K 2000 NVIDIA Settings Update Manager NVIDIA Corporation (Verified) NVIDIA Corporation
csrss.exe < 0.01 2,260 K 4,692 K 420 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE < 0.01 7,576 K 14,624 K 2788 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
SearchIndexer.exe < 0.01 27,988 K 22,096 K 3892 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
nvvsvc.exe < 0.01 5,520 K 13,012 K 1256 NVIDIA Driver Helper Service, Version 331.58 NVIDIA Corporation (Verified) NVIDIA Corporation
wmpnetwk.exe < 0.01 4,456 K 2,132 K 4732 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
iTunesHelper.exe < 0.01 3,728 K 11,168 K 3528 iTunesHelper Apple Inc. (Verified) Apple Inc.
WUDFHost.exe 2,112 K 6,072 K 3256 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,948 K 6,472 K 5792 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 1,524 K 3,504 K 2904 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 3,324 K 7,652 K 568 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,704 K 4,532 K 472 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
Wacom_TouchUser.exe 5,008 K 11,636 K 1520 Touch User Mode Driver Wacom Technology, Corp. (Verified) Wacom Technology Corp.
Wacom_TouchService.exe 2,016 K 5,128 K 1084 Touch Service Wacom Technology, Corp. (Verified) Wacom Technology Corp.
Wacom_TabletUser.exe 2,184 K 6,724 K 2552 Tablet user module for professional driver Wacom Technology, Corp. (Verified) Wacom Technology Corp.
Wacom_Tablet.exe 2,392 K 6,492 K 2448 Tablet Service for professional driver Wacom Technology, Corp. (Verified) Wacom Technology Corp.
USBVaccine.exe 3,172 K 528 K 3308 USB Vaccine Panda Security (Verified) Panda Security S.L
UNS.exe 3,216 K 7,312 K 3716 User Notification Service Intel Corporation (Verified) Intel Corporation
TBPANEL.exe 2,308 K 6,728 K 4040 Vtune : Display Control Panel (No signature was present in the subject)
taskeng.exe 2,620 K 6,460 K 5032 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2,404 K 5,956 K 1288 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 42,336 K 31,856 K 2508 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 9,388 K 12,588 K 1444 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,112 K 8,908 K 4836 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,100 K 5,732 K 2404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,200 K 5,572 K 3160 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 7,232 K 12,392 K 1416 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 548 K 1,200 K 280 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 5,628 K 9,452 K 536 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RzOvlMon.exe 1,380 K 3,688 K 1072 Monitor Razer Overlay Driver Service Razer (Verified) Razer Inc.
rundll32.exe 2,304 K 6,560 K 2580 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 2,804 K 7,160 K 4464 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
nvxdsync.exe 8,728 K 20,056 K 1248 NVIDIA User Experience Driver Component NVIDIA Corporation (Verified) NVIDIA Corporation
nvvsvc.exe 2,968 K 7,504 K 764 NVIDIA Driver Helper Service, Version 331.58 NVIDIA Corporation (Verified) NVIDIA Corporation
nvtray.exe 6,004 K 13,064 K 3732 NVIDIA Settings NVIDIA Corporation (Verified) NVIDIA Corporation
NvTmru.exe 3,564 K 7,800 K 4020 NVIDIA NvTmru Application NVIDIA Corporation (Verified) NVIDIA Corporation
nvstreamsvc.exe 3,452 K 8,880 K 1900 NVIDIA Streamer Service NVIDIA Corporation (Verified) NVIDIA Corporation
nvstreamsvc.exe 5,292 K 10,128 K 2564 NVIDIA Streamer Service NVIDIA Corporation (Verified) NVIDIA Corporation
nvSCPAPISvr.exe 2,656 K 5,752 K 788 Stereo Vision Control Panel API Server NVIDIA Corporation (Verified) NVIDIA Corporation
nusb3mon.exe 1,800 K 5,256 K 3704 USB 3.0 Monitor Renesas Electronics Corporation (Verified) Renesas Electronics Corporation
MSOSYNC.EXE 4,848 K 9,884 K 4048 Microsoft Office Document Cache Microsoft Corporation (Verified) Microsoft Corporation
mscorsvw.exe 2,336 K 5,356 K 4592 .NET Runtime Optimization Service Microsoft Corporation (Verified) Microsoft Corporation
mscorsvw.exe 3,300 K 6,700 K 3100 .NET Runtime Optimization Service Microsoft Corporation (Verified) Microsoft Corporation
mDNSResponder.exe 2,408 K 5,748 K 1664 Bonjour Service Apple Inc. (Verified) Apple Inc.
mbamscheduler.exe 2,360 K 6,084 K 1824 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsm.exe 2,820 K 4,504 K 588 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 4,612 K 10,968 K 580 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 1,180 K 4,328 K 584 Java™ Update Scheduler Oracle Corporation (Verified) Oracle America
InitJam.exe 2,040 K 4,968 K 4008 InitJam Korg Inc. (Verified) Korg Inc.
googledrivesync.exe 1,044 K 3,328 K 2708 Google Drive Google (Verified) Google Inc
GoogleCrashHandler64.exe 1,968 K 768 K 3340 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler.exe 1,764 K 576 K 3332 Google Crash Handler Google Inc. (Verified) Google Inc
conhost.exe 1,684 K 4,636 K 2576 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 27,412 K 31,120 K 5176 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 26,844 K 27,392 K 1996 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 74,644 K 78,260 K 3136 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 30,100 K 39,752 K 6072 Google Chrome Google Inc. (Verified) Google Inc
audiodg.exe 16,060 K 15,744 K 3668 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,204 K 3,868 K 1620 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
OTL looks clean now. Any sign of the infection?

Can you do a screen shot of the Avast report?



Press the Alt + the Print Screen key on your keyboard. It may be labeled [PrtScn].

Open Microsoft Paint (All Programs, Accessories,Paint).

Go to the Edit menu and choose Paste (or just do Ctrl + v) and the image should appear.


Go to the File Menu and choose Save As.

Navigate to the folder where you want to save the image. (Desktop)

Type a file name for the image: Avast

Select a file type. jpeg

Click the Save button.

Attach Avast.jpg to your Reply.

(Start a Reply. Click on the Browse button, point it at your desktop and click on Avast.jpg then Open. Now click on Attach this File)
  • 0

Advertisements


#26
frozenthunder

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Hi Ron,

Nope the drives seem fine now :)! So the 2 files in (H:) will have to be there permanently?
I've attached the AVAST screenshots

Attached Thumbnails

  • 1.jpg
  • 2.jpg
  • 3.jpg
  • 4.jpg
  • 5.jpg
  • 6.jpg

  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
Looks like we got it all. The two files won't hurt anything, if you are just using the USB drive to hold data and such. As long as they are there the drive can't get infected again. They may have to go if you want to boot off it.

Stick with Avast for a while and see how you like it. Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings. (Need to update these instructions to the latest version of Avast but you should be able to find Settings) Then on Sounds and uncheck Automatic Updates, OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Popups and change the first two to 1 second.

The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free tho it won't be the default option.



I think we can clean up now:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system by removing the old restore points.



You can uninstall or delete any tools we had you download and their logs.

To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

Unless you have the latest version of Avast which has its own update checker: To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.

You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#28
frozenthunder

frozenthunder

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Thank You so much Ron!! :) You're really awesome at what you do! :D I really really appreciate all the help you have provided!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP