My pc got infested after i just plug in a thumd drive that contact a pc being infested and want to format it.I run malware animalware and antirootkit with no results>here is otl log
OTL logfile created on: 8/3/2014 12:21:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\andrei\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.53% Memory free
8.00 Gb Paging File | 5.58 Gb Available in Paging File | 69.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 48.66 Gb Free Space | 49.83% Space Free | Partition Type: NTFS
Drive D: | 368.01 Gb Total Space | 98.74 Gb Free Space | 26.83% Space Free | Partition Type: NTFS
Computer Name: ANDREI-PC | User Name: andrei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/08/03 00:12:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andrei\Downloads\OTL.exe
PRC - [2014/08/02 23:59:48 | 014,349,744 | ---- | M] (Malwarebytes Corp.) -- C:\Users\andrei\Downloads\mbar-1.07.0.1012.exe
PRC - [2014/08/02 23:53:39 | 000,132,096 | ---- | M] (Microsoft) -- C:\Users\andrei\AppData\Roaming\copy1.exe
PRC - [2014/07/15 12:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/07/06 16:28:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/06/23 03:41:29 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/06/03 07:44:21 | 001,184,056 | ---- | M] (Malwarebytes Corporation) -- C:\Users\andrei\Desktop\mbar\mbar.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/05/08 16:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/02/15 07:55:24 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/11/19 00:36:38 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2013/10/18 01:27:02 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2013/08/27 22:42:50 | 000,358,480 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013/08/27 22:42:48 | 000,111,696 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2013/08/27 22:42:14 | 000,437,328 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2013/08/27 21:50:10 | 000,086,096 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012/12/13 09:41:26 | 001,634,304 | ---- | M] (CMedia) -- C:\Program Files\UNi Xonar Audio\Customapp\AsusAudioCenter.exe
PRC - [2010/11/21 06:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2008/07/11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
========== Modules (No Company Name) ==========
MOD - [2014/07/15 12:24:48 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll
MOD - [2014/07/15 12:24:46 | 014,664,008 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
MOD - [2014/07/15 12:24:44 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014/07/15 12:24:38 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
MOD - [2014/07/15 12:24:36 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
MOD - [2014/07/15 12:24:35 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
MOD - [2012/06/06 10:56:50 | 000,143,360 | ---- | M] () -- C:\Program Files\UNi Xonar Audio\Customapp\VmixP8.dll
MOD - [2010/11/21 06:51:49 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
MOD - [2010/11/21 06:51:24 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll
MOD - [2010/11/21 06:48:49 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010/11/21 06:48:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010/11/21 06:48:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010/11/21 06:48:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010/11/21 06:48:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010/11/21 06:48:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2008/07/11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
========== Services (SafeList) ==========
SRV:64bit: - [2014/08/02 23:31:51 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2012/05/04 14:33:20 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/07/16 05:28:18 | 000,542,912 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/07/09 01:37:24 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/06 16:28:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/08 16:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/19 00:36:38 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2013/10/18 01:27:02 | 000,166,912 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2013/08/27 22:42:50 | 000,358,480 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013/08/27 22:42:14 | 000,437,328 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013/08/27 22:09:34 | 014,401,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2013/08/27 21:50:10 | 000,086,096 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2013/08/27 09:33:42 | 000,904,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012/07/09 10:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/08/03 00:01:20 | 000,092,888 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2014/08/03 00:01:08 | 000,079,064 | ---- | M] (Malwarebytes Corporation) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\oyjmgew.sys -- (wvuqgp)
DRV:64bit: - [2014/08/02 23:51:52 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/08/02 23:43:31 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/04/15 19:55:49 | 000,017,280 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBDrv_AMD64.sys -- (awUSB)
DRV:64bit: - [2014/04/12 20:25:00 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2014/03/30 09:26:02 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/12/26 08:41:40 | 000,206,136 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/12/26 08:41:40 | 000,108,856 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/10/18 01:27:02 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2013/08/27 22:42:46 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2013/08/27 22:42:20 | 000,064,080 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2013/08/27 22:42:02 | 000,046,160 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2013/08/27 22:42:02 | 000,020,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2013/08/27 09:33:30 | 000,053,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2013/08/27 09:33:26 | 000,038,456 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2013/08/16 04:25:16 | 000,073,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2013/08/16 04:25:12 | 000,085,584 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2013/06/28 21:45:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:64bit: - [2013/04/19 02:14:12 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:64bit: - [2013/04/11 19:21:08 | 002,734,080 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2012/05/04 14:33:12 | 002,196,592 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012/04/25 05:08:00 | 000,118,272 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser)
DRV:64bit: - [2010/11/21 06:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 06:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 06:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 06:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 06:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 06:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 06:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/21 06:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 06:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 06:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/02 03:00:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandadb.sys -- (androidusb)
DRV:64bit: - [2010/03/09 14:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)
DRV:64bit: - [2009/11/03 04:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/08/02 23:23:36 | 000,029,160 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysWOW64\drivers\TrueSight.sys -- (TrueSight)
DRV - [2014/06/10 09:04:42 | 000,013,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 19 37 EF 8F 98 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\andrei\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: Reverse Youtube Playlist = C:\Users\andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhonbaagcobjdmbocblbebcmbmmbfmi\1.0_0\
CHR - Extension: Google Docs = C:\Users\andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Reverse Playback for YouTube = C:\Users\andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkcmigpoihikjdbclmhgcgdckcfcjid\0.0.1.73_0\
CHR - Extension: Google Search = C:\Users\andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: IE Tab = C:\Users\andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\7.7.24.1_0\ietab_nm_
CHR - Extension: IE Tab = C:\Users\andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\7.7.24.1_0\
CHR - Extension: Google Wallet = C:\Users\andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\andrei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKCU..\Run: [eb4b40a5d7e90fb7bb1aadd5beab440b] C:\Users\andrei\AppData\Roaming\copy1.exe (Microsoft)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\andrei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eb4b40a5d7e90fb7bb1aadd5beab440b.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{198DD62B-EF02-418B-B005-619F08C69779}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1c1f6350-f18c-11e3-aa60-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{1c1f6350-f18c-11e3-aa60-005056c00008}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{1c1f63ba-f18c-11e3-aa60-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{1c1f63ba-f18c-11e3-aa60-005056c00008}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{9a07efe1-c3ec-11e3-a3a6-001966e78996}\Shell - "" = AutoRun
O33 - MountPoints2\{9a07efe1-c3ec-11e3-a3a6-001966e78996}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/08/03 00:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/08/03 00:01:18 | 000,000,000 | ---D | C] -- C:\Users\andrei\Desktop\mbar
[2014/08/03 00:01:08 | 000,079,064 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\oyjmgew.sys
[2014/08/02 23:53:39 | 000,132,096 | ---- | C] (Microsoft) -- C:\Users\andrei\AppData\Roaming\copy1.exe
[2014/08/02 23:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/08/02 23:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/08/02 23:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/08/02 23:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hitman Pro 3.5
[2014/08/02 23:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/08/02 23:12:28 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/08/02 23:11:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/02 21:27:09 | 000,000,000 | ---D | C] -- C:\Users\andrei\AppData\Roaming\foobar2000
[2014/08/02 21:26:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000
[2014/08/02 12:09:24 | 007,946,240 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CmiCnfgp.dll
[2014/08/02 12:09:24 | 000,465,408 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysNative\cmasiopx.dll
[2014/08/02 12:09:24 | 000,303,104 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\cmasiop.dll
[2014/08/02 12:09:24 | 000,212,992 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\HsSrv2.dll
[2014/08/02 12:09:24 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\Cmpaoxy.dll
[2014/08/02 12:09:24 | 000,122,880 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\HsSrv642.dll
[2014/08/02 12:09:24 | 000,122,880 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\HsSrv64.dll
[2014/08/02 12:09:24 | 000,122,880 | ---- | C] (CMedia Electronics Inc.) -- C:\Windows\SysWow64\Cm_Oal.dll
[2014/08/02 12:09:24 | 000,122,880 | ---- | C] (CMedia Electronics Inc.) -- C:\Windows\SysNative\Cm_Oal.dll
[2014/08/02 12:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UNi Xonar Audio
[2014/08/02 12:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\UNi Xonar Audio
[2014/08/02 12:08:48 | 002,734,080 | ---- | C] (C-Media Inc) -- C:\Windows\SysNative\drivers\cmudaxp.sys
[2014/08/02 12:08:48 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\CmiFltr.dll
[2014/08/02 12:08:48 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\CmiFltr.dll
[2014/08/02 12:08:48 | 000,032,768 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysNative\cmudaxp.dll
[2014/08/02 11:44:09 | 000,000,000 | ---D | C] -- C:\Users\andrei\AppData\Roaming\ASUS
[2014/08/02 11:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Xonar DG Audio
[2014/08/02 11:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS Xonar DG Audio
[2014/08/02 11:36:53 | 000,212,992 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\HsSrv.dll
[2014/07/26 22:15:41 | 000,000,000 | ---D | C] -- C:\Users\andrei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TransMac
[2014/07/26 22:15:41 | 000,000,000 | ---D | C] -- C:\Users\andrei\AppData\Local\TransMac
[2014/07/26 22:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TransMac
[2014/07/26 15:10:44 | 000,000,000 | ---D | C] -- C:\Users\andrei\AppData\Roaming\PowerISO
[2014/07/23 05:09:07 | 000,000,000 | ---D | C] -- C:\Users\andrei\Desktop\paste
[2014/07/23 03:21:13 | 000,000,000 | ---D | C] -- C:\Users\andrei\poze
[2014/07/23 02:50:56 | 000,000,000 | ---D | C] -- C:\Users\andrei\AppData\Roaming\PandoraRecovery
[2014/07/23 02:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
[2014/07/23 02:48:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pandora Recovery
[2014/07/23 02:34:56 | 000,000,000 | ---D | C] -- C:\Users\andrei\Documents\Rm undelete
[2014/07/23 01:49:43 | 000,000,000 | ---D | C] -- C:\Users\andrei\AppData\Roaming\R-TT
[2014/07/23 01:49:40 | 000,000,000 | ---D | C] -- C:\Users\andrei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Undelete
[2014/07/23 01:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\R-Undelete
[2014/07/23 01:49:40 | 000,000,000 | ---D | C] -- C:\Users\andrei\Documents\R-TT
[2014/07/23 01:46:06 | 000,000,000 | ---D | C] -- C:\Users\andrei\Desktop\New folder
[2014/07/22 21:55:06 | 000,000,000 | ---D | C] -- C:\Users\andrei\AppData\Local\Wondershare
[2014/07/22 21:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2014/07/22 21:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2014/07/22 21:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare
[2014/07/22 21:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2014/07/22 21:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Temp
[2014/07/22 21:54:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare Software Co.,Ltd
[2014/07/17 23:34:19 | 000,085,504 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2014/07/17 23:34:19 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2014/07/16 07:53:27 | 000,000,000 | ---D | C] -- C:\Users\andrei\AppData\Local\Adobe
[2014/07/12 00:03:04 | 000,000,000 | ---D | C] -- C:\Users\andrei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2014/07/06 16:30:52 | 000,000,000 | ---D | C] -- C:\Users\andrei\AppData\Local\PunkBuster
[2014/07/05 23:34:47 | 000,000,000 | ---D | C] -- C:\Users\andrei\AppData\Roaming\Macromedia
[2014/07/05 23:32:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2014/07/05 23:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014/07/05 17:57:58 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/05 17:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/05 17:57:50 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/05 17:57:50 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/07/05 17:57:50 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/07/05 17:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/05 17:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/02 23:54:32 | 000,132,096 | ---- | C] (Microsoft) -- C:\Users\andrei\AppData\Roaming\data.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/08/03 00:12:47 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1376693644-3071282699-2049382522-1001UA.job
[2014/08/03 00:12:32 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1376693644-3071282699-2049382522-1001Core.job
[2014/08/03 00:01:20 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/08/03 00:01:08 | 000,079,064 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\oyjmgew.sys
[2014/08/02 23:55:01 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/02 23:55:01 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/02 23:53:39 | 000,132,096 | ---- | M] () -- C:\Users\andrei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eb4b40a5d7e90fb7bb1aadd5beab440b.exe
[2014/08/02 23:51:52 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/02 23:51:38 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/02 23:46:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/02 23:43:33 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/02 23:43:31 | 000,032,512 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/08/02 23:43:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/02 23:43:27 | 3220,652,032 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/02 23:40:27 | 000,001,876 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/08/02 23:37:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/02 23:31:51 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/08/02 23:23:36 | 000,029,160 | ---- | M] () -- C:\Windows\SysWow64\drivers\TrueSight.sys
[2014/08/02 23:20:59 | 000,664,340 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/02 23:20:59 | 000,122,734 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/02 23:20:58 | 000,785,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/02 21:26:13 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2014/08/02 12:09:30 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2014/08/02 12:09:30 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2014/08/02 12:09:24 | 000,045,397 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.cfl
[2014/08/02 12:09:24 | 000,000,858 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.imi
[2014/08/02 12:09:24 | 000,000,797 | ---- | M] () -- C:\Windows\System\Cmicnfgp.ini
[2014/08/02 12:09:24 | 000,000,140 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2014/08/02 11:45:22 | 000,376,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/02 11:37:34 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\8Äl
[2014/07/27 22:04:25 | 000,000,219 | ---- | M] () -- C:\Users\andrei\Desktop\Dota 2.url
[2014/07/26 22:15:41 | 000,001,011 | ---- | M] () -- C:\Users\andrei\Desktop\TransMac.lnk
[2014/07/24 22:25:41 | 000,002,524 | ---- | M] () -- C:\Users\andrei\Documents\cc_20140724_222538.reg
[2014/07/23 05:08:41 | 000,499,706 | ---- | M] () -- C:\Users\andrei\Documents\G(29.50 GB) Lost File Recovery 2014-07-23 at 05.08.37.res
[2014/07/23 02:48:32 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2014/07/22 21:55:05 | 000,001,218 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare Data Recovery.lnk
[2014/07/19 22:08:17 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/07/17 23:34:26 | 000,001,206 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2014/07/17 20:55:56 | 000,001,613 | ---- | M] () -- C:\Users\andrei\Desktop\Continue Odin v3.09.lnk
[2014/07/12 00:03:05 | 000,002,528 | ---- | M] () -- C:\Users\andrei\Desktop\Windows 7 USB DVD Download Tool.lnk
[2014/07/11 22:24:19 | 000,000,583 | ---- | M] () -- C:\Users\Public\Desktop\WRC 4 FIA World Rally Championship.lnk
[2014/07/10 21:41:21 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2014/07/10 21:41:21 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/07/09 22:26:19 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014/07/06 16:28:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/07/04 21:54:46 | 000,000,619 | ---- | M] () -- C:\Users\Public\Desktop\Sniper Elite 3.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/08/02 23:53:51 | 000,132,096 | ---- | C] () -- C:\Users\andrei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eb4b40a5d7e90fb7bb1aadd5beab440b.exe
[2014/08/02 23:43:31 | 000,032,512 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/08/02 23:40:27 | 000,001,876 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/08/02 23:31:51 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/08/02 23:23:36 | 000,029,160 | ---- | C] () -- C:\Windows\SysWow64\drivers\TrueSight.sys
[2014/08/02 21:26:13 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2014/08/02 21:26:13 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2014/08/02 12:09:24 | 000,293,376 | ---- | C] () -- C:\Windows\SysNative\CmiCnfgP.cpl
[2014/08/02 12:09:24 | 000,282,112 | ---- | C] () -- C:\Windows\System\HsMgr64.exe
[2014/08/02 12:09:24 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2014/08/02 12:09:24 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2014/08/02 12:09:24 | 000,000,062 | ---- | C] () -- C:\Windows\SysNative\cmasiopx.ini
[2014/08/02 12:09:24 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2014/08/02 12:09:21 | 000,045,397 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2014/08/02 11:43:57 | 001,144,983 | ---- | C] () -- C:\Windows\KB936225x64.msu
[2014/08/02 11:43:55 | 000,827,904 | ---- | C] () -- C:\Windows\SysNative\Cmeauoxy.exe
[2014/08/02 11:37:34 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\8Äl
[2014/08/02 11:36:51 | 000,000,140 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2014/08/02 11:36:30 | 000,000,858 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2014/08/02 11:36:28 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2014/08/02 11:36:28 | 000,005,874 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2014/08/02 11:36:28 | 000,005,120 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2014/08/02 11:36:28 | 000,000,797 | ---- | C] () -- C:\Windows\System\Cmicnfgp.ini
[2014/07/26 22:15:41 | 000,001,011 | ---- | C] () -- C:\Users\andrei\Desktop\TransMac.lnk
[2014/07/24 22:25:39 | 000,002,524 | ---- | C] () -- C:\Users\andrei\Documents\cc_20140724_222538.reg
[2014/07/23 05:08:40 | 000,499,706 | ---- | C] () -- C:\Users\andrei\Documents\G(29.50 GB) Lost File Recovery 2014-07-23 at 05.08.37.res
[2014/07/23 02:48:32 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2014/07/22 21:55:05 | 000,001,218 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare Data Recovery.lnk
[2014/07/17 23:34:26 | 000,001,218 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2014/07/17 23:34:26 | 000,001,206 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2014/07/12 00:03:04 | 000,002,528 | ---- | C] () -- C:\Users\andrei\Desktop\Windows 7 USB DVD Download Tool.lnk
[2014/07/11 22:24:19 | 000,000,583 | ---- | C] () -- C:\Users\Public\Desktop\WRC 4 FIA World Rally Championship.lnk
[2014/07/11 22:24:19 | 000,000,583 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WRC 4 FIA World Rally Championship.lnk
[2014/07/06 16:30:59 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2014/07/06 16:28:46 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/07/06 16:28:46 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014/07/06 16:28:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/07/05 23:32:43 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/05 17:57:51 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/04 21:54:46 | 000,000,619 | ---- | C] () -- C:\Users\Public\Desktop\Sniper Elite 3.lnk
[2014/07/04 21:54:46 | 000,000,619 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sniper Elite 3.lnk
[2014/06/02 22:18:45 | 000,410,942 | ---- | C] () -- C:\Windows\adb.exe
[2014/06/02 22:18:45 | 000,401,408 | ---- | C] () -- C:\Windows\wget.exe
[2014/06/02 22:18:45 | 000,356,009 | ---- | C] () -- C:\Windows\fastboot.exe
[2014/06/02 22:18:45 | 000,063,488 | ---- | C] () -- C:\Windows\md5sum.exe
[2014/04/15 18:49:27 | 000,798,048 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/14 21:23:27 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2014/04/14 21:23:27 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2014/01/24 04:31:12 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2014/01/24 04:31:08 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2014/01/24 04:31:08 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2014/01/24 04:31:08 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2014/01/24 04:31:08 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
========== ZeroAccess Check ==========
[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 06:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 06:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/05/18 01:50:42 | 000,000,000 | ---D | M] -- C:\Users\andrei\AppData\Roaming\Acronis
[2014/08/02 11:44:09 | 000,000,000 | ---D | M] -- C:\Users\andrei\AppData\Roaming\ASUS
[2014/07/04 00:11:29 | 000,000,000 | ---D | M] -- C:\Users\andrei\AppData\Roaming\DarkSoulsII
[2014/08/02 22:45:38 | 000,000,000 | ---D | M] -- C:\Users\andrei\AppData\Roaming\foobar2000
[2014/05/17 06:23:59 | 000,000,000 | ---D | M] -- C:\Users\andrei\AppData\Roaming\HTC
[2014/06/16 22:29:15 | 000,000,000 | ---D | M] -- C:\Users\andrei\AppData\Roaming\Mael
[2014/04/21 18:38:28 | 000,000,000 | ---D | M] -- C:\Users\andrei\AppData\Roaming\mgyun
[2014/07/11 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\andrei\AppData\Roaming\Milestone
[2014/07/23 02:50:56 | 000,000,000 | ---D | M] -- C:\Users\andrei\AppData\Roaming\PandoraRecovery
[2014/07/26 15:10:44 | 000,000,000 | ---D | M] -- C:\Users\andrei\AppData\Roaming\PowerISO
[2014/07/23 01:49:43 | 000,000,000 | ---D | M] -- C:\Users\andrei\AppData\Roaming\R-TT
[2014/06/25 21:01:39 | 000,000,000 | ---D | M] -- C:\Users\andrei\AppData\Roaming\RigNRoll_pol
[2014/07/03 20:24:59 | 000,000,000 | ---D | M] -- C:\Users\andrei\AppData\Roaming\Samsung
[2014/08/03 00:00:04 | 000,000,000 | ---D | M] -- C:\Users\andrei\AppData\Roaming\uTorrent
[2014/07/02 23:33:10 | 000,000,000 | -HSD | M] -- C:\Users\andrei\AppData\Roaming\wyUpdate AU
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2014/07/22 00:00:49 | 000,000,000 | ---D | M](C:\Users\andrei\Documents\Fi?iere Outlook) -- C:\Users\andrei\Documents\Fișiere Outlook
[2014/07/03 21:39:24 | 000,000,000 | ---D | C](C:\Users\andrei\Documents\Fi?iere Outlook) -- C:\Users\andrei\Documents\Fișiere Outlook
< End of report >