Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan Dropper from 'Ecard' [Closed]

Started by Bismillah , May 06 2014 07:10 AM

This topic is locked

#1
Bismillah

Posted 06 May 2014 - 07:10 AM

Member

Member
514 posts

Hi!

Unfortunately I've been the recipient of a new Trojan Dropper varient. My birthday is coming up and I received an 'Ecard' from a friends email address. As this all checked out and seemed legit, I opened the attatchment for it to then execute on my laptop. This started ringing alarm bells, So upon uploading the zipped ecard to virustotal it proves my suspicion that this indeed a Virus dropper, one which is not yet on Avasts database.

To further add to my suspicions I've had several emails from Microsoft telling me that my email account has been access by someone from Brazil, Spain and China! At least my email account has had an international outlook now.

The file on virustotal - https://www.virustot...sis/1399380855/

Tdsskiller - Clean

Mbam

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2014.05.06.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16661

Dan :: BISMILLAH [administrator]

06/05/2014 13:52:37

mbam-log-2014-05-06 (13-52-37).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 41923

Time elapsed: 11 minute(s), 40 second(s) [aborted]

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected:

C:\Users\Dan\Downloads\downloadmanager_Setup (1).exe (PUP.Optional.Ibryte) -> No action taken.

C:\Users\Dan\Downloads\downloadmanager_Setup (2).exe (PUP.Optional.Ibryte) -> No action taken.

C:\Users\Dan\Downloads\downloadmanager_Setup (3).exe (PUP.Optional.Ibryte) -> No action taken.

C:\Users\Dan\Downloads\downloadmanager_Setup.exe (PUP.Optional.Ibryte) -> No action taken.

C:\Users\Dan\Downloads\Setup 2014 working 100%.exe (PUP.Optional.Smart) -> No action taken.

C:\Users\Dan\Downloads\SoftonicDownloader_for_directx.exe (PUP.Optional.Softonic.A) -> No action taken.

(end)

OTL Logs coming, gotta dash out!

#2
Machiavelli

Posted 06 May 2014 - 08:05 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Hello and Welcome on board Bismillah :welcome:

,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:

Removing Malware is usually very difficult.
We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
Please follow these instructions
If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
Please stay in contact with me until your problem is resolved
As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
Read my post completely
If you don't do so, you may make mistakes that could result in your System crashing by your own actions!

Hiya,
because you are a trainee it could be a good learning experience to analyze yourself the OTL Log and tell me what you see if you like.

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.

Download Mirror #1

Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:
- Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
mpsvc.dll
winsock.*
rpcss.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
Open on the desktop. To do that:
- XP users: Double click on the OTL icon.
- Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
- You will see a console like the one below:
  - Click the box beside Scan All Users at the top of the console
  - If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
  - Make sure the Output box at the top is set to Standard Output.
  - Check the boxes beside LOP Check and Purity Check.
  - Make sure that Use Safe List is checked under Extra Registry.
  - Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
  - Click the button. Do not change any settings unless otherwise told to do so.
  - Let the scan run uninterrupted.
  - When the scan completes, it will open OTL.Txt on the desktop.
  - Please copy the contents of these files and paste it into your reply. To do that:
    - On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    - Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
  - Please do the same for the Extras.txt

#3
Bismillah

Posted 06 May 2014 - 03:32 PM

Member

Topic Starter
Member
514 posts

Hi Machiavelli!

From the OTL log this is what catches my eye

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. - Why is it locked?

[2014/04/20 22:31:56 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\ElevatedDiagnostics - This is a fraudulent Security program

Can't see anything else

OTL logfile created on: 06/05/2014 13:47:51 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dan\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16521)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.89 Gb Total Physical Memory | 2.78 Gb Available Physical Memory | 47.17% Memory free

11.79 Gb Paging File | 7.98 Gb Available in Paging File | 67.71% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 578.98 Gb Total Space | 178.13 Gb Free Space | 30.77% Space Free | Partition Type: NTFS

Computer Name: BISMILLAH | User Name: Dan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/06 13:47:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Downloads\OTL (2).exe

PRC - [2014/04/24 01:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2014/04/23 23:56:22 | 007,631,872 | ---- | M] (Google Inc.) -- C:\Users\Dan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

PRC - [2014/04/23 23:01:04 | 000,572,096 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2014/04/23 23:01:02 | 001,825,984 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2014/04/14 11:30:50 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2014/04/14 11:30:50 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

PRC - [2014/04/04 18:59:49 | 000,257,224 | ---- | M] (Microsoft Corporation) -- C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

PRC - [2014/03/19 00:09:43 | 001,287,168 | ---- | M] () -- C:\Program Files (x86)\Steam\vr\runtime\bin\vrserver.exe

PRC - [2014/02/22 19:44:06 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe

PRC - [2014/02/22 19:43:58 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

PRC - [2013/10/03 15:18:46 | 004,351,640 | ---- | M] (Insight Software Solutions, Inc.) -- C:\Program Files (x86)\ShortKeys 3\shortkey.exe

PRC - [2013/09/14 03:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe

PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2013/06/10 10:59:46 | 005,399,888 | ---- | M] (ManyCam LLC) -- C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe

PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/02/19 00:28:08 | 014,800,896 | ---- | M] () -- C:\Program Files (x86)\FAHClient\FAHClient.exe

PRC - [2012/12/14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2012/08/28 12:00:32 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

PRC - [2012/08/28 11:55:16 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

PRC - [2012/04/03 13:33:00 | 000,940,168 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE

PRC - [2012/04/03 13:27:16 | 001,087,608 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE

PRC - [2012/04/03 13:26:14 | 001,273,448 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE

PRC - [2012/03/28 13:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

PRC - [2012/03/26 17:35:16 | 000,449,168 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

PRC - [2012/02/29 01:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2012/02/29 01:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2012/02/21 20:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

PRC - [2012/02/21 20:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

PRC - [2012/01/05 11:59:50 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

PRC - [2011/11/04 13:40:06 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe

PRC - [2011/08/02 16:49:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe

PRC - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

PRC - [2007/11/07 00:20:15 | 000,377,303 | ---- | M] () -- C:\Users\Dan\Desktop\texter.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/06 13:38:45 | 000,086,016 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEMA34A.tmp

MOD - [2014/05/06 13:38:44 | 000,086,016 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEMA2BB.tmp

MOD - [2014/05/06 13:38:44 | 000,086,016 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM9FDC.tmp

MOD - [2014/05/06 13:38:44 | 000,086,016 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM9FBB.tmp

MOD - [2014/05/06 13:38:43 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM9CCA.tmp

MOD - [2014/05/06 13:38:43 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM9BCE.tmp

MOD - [2014/05/06 13:38:42 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM9A37.tmp

MOD - [2014/05/06 13:38:42 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM98BE.tmp

MOD - [2014/05/06 13:38:41 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM95B0.tmp

MOD - [2014/05/06 13:38:41 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM93FA.tmp

MOD - [2014/05/06 13:38:40 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM909E.tmp

MOD - [2014/05/06 13:38:39 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM8E5A.tmp

MOD - [2014/05/06 13:38:39 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM8C84.tmp

MOD - [2014/05/06 13:38:38 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM8B1C.tmp

MOD - [2014/05/06 13:38:38 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM8AAC.tmp

MOD - [2014/05/06 13:38:38 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM881B.tmp

MOD - [2014/05/06 13:38:37 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM86D2.tmp

MOD - [2014/05/06 13:38:37 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM85C6.tmp

MOD - [2014/05/06 13:38:37 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM8538.tmp

MOD - [2014/05/06 13:38:37 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM84B9.tmp

MOD - [2014/05/06 13:38:37 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM837F.tmp

MOD - [2014/05/06 13:38:35 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM7F2A.tmp

MOD - [2014/05/06 13:38:35 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM7C79.tmp

MOD - [2014/05/06 13:38:35 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM7BCC.tmp

MOD - [2014/05/06 13:38:34 | 000,120,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM790B.tmp

MOD - [2014/05/06 13:38:32 | 000,072,192 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM72F0.tmp

MOD - [2014/05/06 13:38:32 | 000,072,192 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM72AB.tmp

MOD - [2014/05/06 13:38:32 | 000,033,792 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\YTMP7MC8AA\TAA72DF.tmp

MOD - [2014/05/06 13:38:32 | 000,033,792 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\YTMP7MC8AA\TAA72CD.tmp

MOD - [2014/05/06 13:38:32 | 000,033,792 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\YTMP7MC8AA\TAA729B.tmp

MOD - [2014/05/06 13:38:32 | 000,033,792 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\YTMP7MC8AA\TAA7180.tmp

MOD - [2014/05/06 13:38:31 | 000,072,704 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM6ECF.tmp

MOD - [2014/05/06 13:38:31 | 000,072,192 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM6DD4.tmp

MOD - [2014/05/06 13:38:31 | 000,064,000 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM6C29.tmp

MOD - [2014/05/06 13:38:31 | 000,057,344 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM6D55.tmp

MOD - [2014/05/06 13:38:31 | 000,053,760 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM6C4A.tmp

MOD - [2014/05/06 13:38:30 | 000,075,776 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM6AED.tmp

MOD - [2014/05/06 13:38:30 | 000,075,776 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM6A5E.tmp

MOD - [2014/05/06 13:38:30 | 000,075,776 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM68C5.tmp

MOD - [2014/05/06 13:38:30 | 000,056,320 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM6A3D.tmp

MOD - [2014/05/06 13:38:30 | 000,053,760 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM6B1D.tmp

MOD - [2014/05/06 13:38:29 | 000,075,776 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM673D.tmp

MOD - [2014/05/06 13:38:29 | 000,075,776 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM672B.tmp

MOD - [2014/05/06 13:38:29 | 000,075,776 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM66F8.tmp

MOD - [2014/05/06 13:38:29 | 000,075,776 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM66D7.tmp

MOD - [2014/05/06 13:38:29 | 000,075,776 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM66C5.tmp

MOD - [2014/05/06 13:38:29 | 000,068,608 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM66A4.tmp

MOD - [2014/05/06 13:38:29 | 000,056,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM670A.tmp

MOD - [2014/05/06 13:38:29 | 000,056,320 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM6401.tmp

MOD - [2014/05/06 13:38:29 | 000,055,296 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM6673.tmp

MOD - [2014/05/06 13:38:28 | 000,075,776 | ---- | M] () -- C:\Users\Dan\AppData\Local\Temp\XTMP1MC3VE\DEM63D1.tmp

MOD - [2014/04/24 01:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll

MOD - [2014/04/24 01:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll

MOD - [2014/04/24 01:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll

MOD - [2014/04/24 01:33:05 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll

MOD - [2014/04/24 01:33:04 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll

MOD - [2014/04/24 01:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll

MOD - [2014/04/24 01:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll

MOD - [2014/04/23 23:40:00 | 000,253,440 | ---- | M] () -- C:\Users\Dan\AppData\Local\Programs\Google\MusicManager\libid3tag.dll

MOD - [2014/04/23 23:39:38 | 000,231,936 | ---- | M] () -- C:\Users\Dan\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll

MOD - [2014/04/23 23:38:44 | 000,117,248 | ---- | M] () -- C:\Users\Dan\AppData\Local\Programs\Google\MusicManager\libaacdec.dll

MOD - [2014/04/23 23:38:40 | 000,344,064 | ---- | M] () -- C:\Users\Dan\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll

MOD - [2014/04/23 23:01:04 | 001,092,288 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2014/04/21 23:55:38 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll

MOD - [2014/04/21 23:55:38 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll

MOD - [2014/04/14 11:30:51 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll

MOD - [2014/03/31 23:09:18 | 000,754,688 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll

MOD - [2014/03/19 00:09:43 | 001,287,168 | ---- | M] () -- C:\Program Files (x86)\Steam\vr\runtime\bin\vrserver.exe

MOD - [2014/03/19 00:09:43 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Steam\vr\runtime\drivers\oculus\bin\driver_oculus.dll

MOD - [2014/03/03 20:15:40 | 020,626,624 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2014/02/27 23:05:33 | 000,190,976 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll

MOD - [2014/02/27 23:05:28 | 000,018,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll

MOD - [2014/02/27 01:27:27 | 018,813,440 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll

MOD - [2014/02/27 01:27:19 | 001,889,792 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll

MOD - [2014/02/27 01:27:17 | 012,894,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll

MOD - [2014/02/27 01:27:17 | 000,802,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll

MOD - [2014/02/27 01:27:11 | 011,025,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll

MOD - [2014/02/27 01:27:08 | 001,644,544 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll

MOD - [2014/02/27 01:27:04 | 006,990,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll

MOD - [2014/02/27 01:27:03 | 007,662,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll

MOD - [2014/02/27 01:27:01 | 003,950,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll

MOD - [2014/02/27 01:26:59 | 000,470,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll

MOD - [2014/02/27 01:26:58 | 000,976,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll

MOD - [2014/02/27 01:26:57 | 010,060,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll

MOD - [2014/02/27 01:26:52 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll

MOD - [2014/02/12 21:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2014/02/12 21:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2013/12/10 22:06:52 | 000,026,624 | ---- | M] () -- C:\Users\Dan\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll

MOD - [2013/12/10 22:06:42 | 010,683,392 | ---- | M] () -- C:\Users\Dan\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll

MOD - [2013/12/10 22:06:40 | 001,681,408 | ---- | M] () -- C:\Users\Dan\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll

MOD - [2013/12/10 22:06:38 | 007,741,952 | ---- | M] () -- C:\Users\Dan\AppData\Local\Programs\Google\MusicManager\QtGui4.dll

MOD - [2013/12/10 22:06:36 | 002,248,192 | ---- | M] () -- C:\Users\Dan\AppData\Local\Programs\Google\MusicManager\QtCore4.dll

MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll

MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

MOD - [2013/06/15 00:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2013/06/15 00:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2013/06/15 00:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2013/06/10 10:55:08 | 002,010,624 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll

MOD - [2013/06/10 10:55:08 | 001,241,088 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll

MOD - [2013/06/10 10:55:08 | 000,775,680 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_highgui220.dll

MOD - [2013/06/10 10:55:08 | 000,241,152 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_objdetect220.dll

MOD - [2013/06/10 10:55:08 | 000,201,216 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_video220.dll

MOD - [2013/02/19 00:28:08 | 014,800,896 | ---- | M] () -- C:\Program Files (x86)\FAHClient\FAHClient.exe

MOD - [2009/12/07 12:09:18 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\ShortKeys 3\ssce32.dll

MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

MOD - [2007/11/07 00:20:15 | 000,377,303 | ---- | M] () -- C:\Users\Dan\Desktop\texter.exe

========== Services (SafeList) ==========

SRV:64bit: - [2014/04/14 11:30:50 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)

SRV:64bit: - [2014/03/01 05:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2012/12/10 08:24:16 | 009,723,392 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL55)

SRV:64bit: - [2012/02/03 06:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV:64bit: - [2011/12/16 07:16:48 | 000,583,088 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2011/12/14 23:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2011/11/26 02:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2011/11/24 21:20:38 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2010/10/20 22:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2010/09/10 01:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)

SRV:64bit: - [2009/07/14 02:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)

SRV - [2014/04/29 19:22:21 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/04/23 23:01:04 | 000,572,096 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)

SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)

SRV - [2014/03/12 00:52:08 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)

SRV - [2014/02/22 19:44:06 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)

SRV - [2014/02/22 19:43:58 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/12/14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2012/05/10 16:20:46 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012/03/28 13:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2012/02/29 01:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012/02/29 01:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012/02/21 20:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)

SRV - [2012/02/21 20:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®

SRV - [2011/11/04 13:40:06 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)

SRV - [2011/07/12 01:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2011/04/02 01:42:00 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2011/02/10 08:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)

SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/04/14 11:30:51 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2014/04/14 11:30:51 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2014/04/14 11:30:51 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2014/04/14 11:30:51 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2014/04/14 11:30:51 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)

DRV:64bit: - [2014/04/14 11:30:51 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2014/04/14 11:30:51 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2013/01/31 10:50:58 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)

DRV:64bit: - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/11/26 19:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2012/10/11 04:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)

DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2012/05/10 16:11:04 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/30 22:14:00 | 000,304,696 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)

DRV:64bit: - [2012/01/17 01:20:38 | 001,082,472 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTL8192Ce)

DRV:64bit: - [2012/01/05 21:42:32 | 000,021,096 | ---- | M] (Realtek Microelectronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtkBtfilter.sys -- (RtkBtFilter)

DRV:64bit: - [2012/01/05 11:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)

DRV:64bit: - [2012/01/05 11:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)

DRV:64bit: - [2012/01/05 11:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)

DRV:64bit: - [2011/12/19 20:15:10 | 000,411,920 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/12/17 01:24:00 | 000,079,040 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)

DRV:64bit: - [2011/12/06 12:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2011/12/01 10:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)

DRV:64bit: - [2011/12/01 10:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)

DRV:64bit: - [2011/11/30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/08/24 05:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/08/17 22:27:06 | 000,251,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/08 19:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2010/11/20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2010/11/20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2010/11/20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2010/08/30 18:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV:64bit: - [2010/06/19 00:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)

DRV:64bit: - [2009/07/31 04:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/15 00:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/06/24 23:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2009/06/20 03:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1AEAB112-D45F-4C13-BAD6-EE71ED7B8B64}

IE:64bit: - HKLM\..\SearchScopes\{1AEAB112-D45F-4C13-BAD6-EE71ED7B8B64}: "URL" = http://www.google.co...g}&rlz=1I7TEUA;

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{1AEAB112-D45F-4C13-BAD6-EE71ED7B8B64}: "URL" = http://www.google.co...g}&rlz=1I7TEUA;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com

IE - HKCU\..\SearchScopes,DefaultScope = {1AEAB112-D45F-4C13-BAD6-EE71ED7B8B64}

IE - HKCU\..\SearchScopes\{1AEAB112-D45F-4C13-BAD6-EE71ED7B8B64}: "URL" = http://www.google.co...UA_enGB516GB517

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Dan\AppData\Local\Roblox\Versions\version-38d9c3e04e394773\\NPRobloxProxy.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dan\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dan\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/12 01:27:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/12 01:27:42 | 000,000,000 | ---D | M]

[2013/05/10 23:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.co...=TEUA&bmod=TEUA

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: IntelÂ® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: IntelÂ® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Windows LiveÂ™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - Extension: WOT = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.14_0\

CHR - Extension: Adblock Plus = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\

CHR - Extension: avast! Online Security = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\

CHR - Extension: RealDownloader = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\

CHR - Extension: Skype Click to Call = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\

CHR - Extension: Google Wallet = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2014/04/14 11:20:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)

O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)

O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)

O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)

O4 - HKCU..\Run: [MusicManager] C:\Users\Dan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)

O4 - HKCU..\Run: [SkyDrive] C:\Users\Dan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)

O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[email protected] = C:\Program Files (x86)\FAHClient\HideConsole.exe ()

O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Texter.lnk = C:\Users\Dan\Desktop\texter.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)

O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)

O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)

O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9002BD8E-F33D-49AA-8006-E4BF84F58C8B}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18:64bit: - Protocol\Handler\osf - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)

O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/20 22:31:56 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\ElevatedDiagnostics

[2014/04/18 23:28:01 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\Horizon Game

[2014/04/18 20:32:21 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\TJR

[2014/04/14 11:42:11 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\AVAST Software

[2014/04/14 11:30:57 | 000,084,816 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys

[2014/04/14 11:30:51 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr

[2014/04/14 11:23:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2014/04/13 16:13:47 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\SpaceEngineers

[2014/04/07 22:25:23 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Nero

[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[12 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/06 13:49:34 | 000,000,434 | ---- | M] () -- C:\Users\Dan\Desktop\texter.ini

[2014/05/06 13:47:01 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/05/06 13:47:01 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/05/06 13:42:24 | 002,735,678 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2014/05/06 13:42:24 | 000,671,118 | ---- | M] () -- C:\windows\SysNative\perfh01D.dat

[2014/05/06 13:42:24 | 000,669,734 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2014/05/06 13:42:24 | 000,501,912 | ---- | M] () -- C:\windows\SysNative\perfh014.dat

[2014/05/06 13:42:24 | 000,488,900 | ---- | M] () -- C:\windows\SysNative\perfh00B.dat

[2014/05/06 13:42:24 | 000,148,440 | ---- | M] () -- C:\windows\SysNative\perfc01D.dat

[2014/05/06 13:42:24 | 000,128,110 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2014/05/06 13:42:24 | 000,107,486 | ---- | M] () -- C:\windows\SysNative\perfc00B.dat

[2014/05/06 13:42:24 | 000,101,370 | ---- | M] () -- C:\windows\SysNative\perfc014.dat

[2014/05/06 13:35:50 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

[2014/05/06 13:35:49 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/05/06 13:35:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2014/05/06 13:35:01 | 451,776,511 | -HS- | M] () -- C:\hiberfil.sys

[2014/05/06 00:22:10 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2014/05/06 00:11:29 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/05/06 00:00:45 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-269794971-2251558941-1448437433-1000UA.job

[2014/05/05 17:47:17 | 000,001,319 | ---- | M] () -- C:\Users\Dan\Desktop\ROBLOX Player.lnk

[2014/05/05 17:47:17 | 000,001,138 | ---- | M] () -- C:\Users\Dan\Desktop\ROBLOX Studio 2013.lnk

[2014/05/05 16:00:02 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-269794971-2251558941-1448437433-1000Core.job

[2014/04/28 22:40:56 | 000,441,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2014/04/19 23:46:23 | 004,070,573 | ---- | M] () -- C:\Users\Dan\Documents\09 Ghost.mp3

[2014/04/19 23:37:08 | 000,369,837 | ---- | M] () -- C:\Users\Dan\Documents\IMG_20140411_031534.jpg

[2014/04/14 11:31:20 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2014/04/14 11:30:51 | 001,039,096 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys

[2014/04/14 11:30:51 | 000,423,240 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys

[2014/04/14 11:30:51 | 000,334,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2014/04/14 11:30:51 | 000,208,928 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys

[2014/04/14 11:30:51 | 000,093,568 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys

[2014/04/14 11:30:51 | 000,084,816 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys

[2014/04/14 11:30:51 | 000,079,184 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2014/04/14 11:30:51 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys

[2014/04/14 11:30:51 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr

[2014/04/14 11:27:25 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt

[2014/04/14 11:20:27 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2014/04/14 11:04:23 | 005,194,807 | R--- | M] (Swearware) -- C:\Users\Dan\Desktop\ComboFixed.exe

[2014/04/10 16:44:44 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Blueline.lnk

[2014/04/07 22:26:21 | 349,413,276 | ---- | M] () -- C:\Users\Dan\Documents\Image.nrg

[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[12 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/05 23:31:48 | 001,287,168 | ---- | C] () -- C:\Users\Dan\Desktop\vrserver.exe

[2014/04/19 23:45:11 | 004,070,573 | ---- | C] () -- C:\Users\Dan\Documents\09 Ghost.mp3

[2014/04/19 23:36:51 | 000,369,837 | ---- | C] () -- C:\Users\Dan\Documents\IMG_20140411_031534.jpg

[2014/04/10 16:44:44 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Blueline.lnk

[2014/04/07 22:26:20 | 349,413,276 | ---- | C] () -- C:\Users\Dan\Documents\Image.nrg

[2014/02/22 19:44:00 | 000,107,832 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe

[2014/02/22 19:43:58 | 002,337,865 | ---- | C] () -- C:\windows\SysWow64\pbsvc.exe

[2014/02/22 19:43:58 | 000,066,872 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe

[2014/01/03 01:03:29 | 000,000,023 | ---- | C] () -- C:\Users\Dan\jagexappletviewer.preferences

[2013/09/19 15:10:21 | 000,196,128 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat

[2013/09/10 17:52:13 | 000,000,600 | ---- | C] () -- C:\Users\Dan\AppData\Local\PUTTY.RND

[2013/08/11 00:56:15 | 171,059,279 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\.technic.rar

[2013/05/03 16:18:01 | 000,007,602 | ---- | C] () -- C:\Users\Dan\AppData\Local\Resmon.ResmonCfg

[2013/04/02 20:05:30 | 000,013,055 | ---- | C] () -- C:\windows\BRRBCOM.INI

[2013/04/02 20:03:22 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL

[2013/04/02 20:03:21 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI

[2013/01/19 23:35:05 | 000,703,007 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\technic-launcher.jar.bak

[2013/01/05 22:09:33 | 002,673,230 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012/05/31 08:38:27 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll

[2012/05/31 08:35:05 | 000,028,528 | ---- | C] () -- C:\windows\rlt8723a_chip_bt40_fw_asic_rom_patch.dll

[2012/05/31 08:32:19 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe

[2012/05/10 16:14:32 | 000,755,572 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin

[2012/05/10 16:14:32 | 000,559,972 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin

[2012/05/10 16:07:18 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2012/05/10 15:25:28 | 013,026,304 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/01/19 21:19:36 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\.minecraft

[2013/09/16 13:55:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\.mono

[2013/04/02 22:01:17 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\.technic

[2013/03/23 00:29:19 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\.techniclauncher

[2013/12/20 22:16:46 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\11bitstudios

[2013/08/08 22:57:05 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\3909

[2013/04/24 19:08:34 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\3909 LLC

[2013/12/20 00:53:33 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\8BitMMO

[2014/04/14 11:42:11 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\AVAST Software

[2013/01/12 03:32:23 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2013/05/23 22:51:22 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\BitTorrent

[2013/09/17 21:23:49 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Canon

[2013/06/23 20:34:17 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\com.shirogames.evoland

[2013/04/02 20:12:38 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ControlCenter4

[2013/04/21 14:25:32 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\CorsixTH

[2013/07/31 18:17:56 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Faerie Solitaire

[2014/05/06 13:37:14 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\FAHClient

[2013/03/23 00:28:54 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\logs

[2013/06/16 23:42:59 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ManyCam

[2013/01/02 19:58:18 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\MotioninJoy

[2013/01/04 00:17:03 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\MySQL

[2013/01/25 00:35:12 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\NetBeans

[2013/01/08 01:27:10 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Notepad++

[2013/04/02 19:56:55 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Nuance

[2013/03/10 11:56:22 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Origin

[2013/10/12 17:42:13 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PC Remote

[2013/02/03 19:38:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PDF Writer

[2014/02/23 01:53:08 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PrimoPDF

[2013/09/04 12:16:07 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\SoftGrid Client

[2014/04/20 14:55:06 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\SpaceEngineers

[2013/04/05 19:26:58 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Spore

[2013/01/04 02:03:08 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\TeamViewer

[2013/03/13 20:43:23 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\The Creative Assembly

[2013/06/20 14:36:47 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Toshiba

[2013/01/16 23:17:42 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\TOSHIBA Online Product Information

[2013/01/05 22:10:37 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\TP

[2012/12/28 00:04:12 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Tropico 3

[2013/11/16 01:21:07 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Unity

[2014/03/20 23:00:02 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\WildTangent

[2012/12/27 15:55:07 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\WinBatch

========== Purity Check ==========

< End of report >