Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SVCHOST.exe is infected, please help [Closed]


  • This topic is locked This topic is locked

#31
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Almost forgot:

 

The computer seems to be working well, including online.


  • 0

Advertisements


#32
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Thank you for your continuing assistance Biscuithd. I am really impressed with the progress we are making.

You are quite welcome!! Your machine has been a fun challenge ;)

 

 

 

I have started to parse down the number of anti-virus software.

 

Remember, just one of each.

 

 

Currently running avira as main with spyware blaster & spyboy search & destory as suplementary. I'm not sure what the gfi av you referenced was.

 

These are couple of log lines.

 

 

SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)

DRV:64bit: - [2013/05/31 00:47:29 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)

They source to this. I can't tell if it's just Cloud stuff or A/V. You'll have to decide that one :)

 

These logs are looking much better. How's it running from your end? I have two final scans that I run, but not until I'm sure we've got the serious stuff. Feel free to let it run a day or so. There's no hurry. :)


  • 0

#33
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Unfortunately, I am back to starting in safe mode. The computer seemed to be functioning normally yesterday but the pattern with the display warping before the whole screen is rendered unviewable has returned.

 

Windows also ran some automatic updates the last time I rebooted it.

 

Below I have included a recent OTL and Rogue Killer. Rogue Killer no longer thinks SVChost is infected; which hopefully means we are making some progress. I didn't delete any irregularities flagged from the Rogue Killer scan.

 

OTL:

OTL logfile created on: 8/17/2014 1:00:21 PM - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\GDC\Desktop\anti-rootkit
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.92 Gb Total Physical Memory | 14.61 Gb Available Physical Memory | 91.75% Memory free
31.84 Gb Paging File | 30.76 Gb Available in Paging File | 96.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 8.91 Gb Free Space | 15.97% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 18.65 Gb Free Space | 2.00% Space Free | Partition Type: NTFS
Drive F: | 499.71 Mb Total Space | 494.47 Mb Free Space | 98.95% Space Free | Partition Type: FAT
 
Computer Name: GDC-PC | User Name: Admin -disaster only | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/14 21:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GDC\Desktop\anti-rootkit\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/07/25 09:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/19 15:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/08/06 10:24:26 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/08/06 10:23:57 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/07/14 16:49:12 | 000,141,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/25 17:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/12/14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/29 17:48:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/12/14 18:53:44 | 000,303,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100v2)
SRV - [2010/12/14 20:17:12 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2009/10/13 20:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/17 12:49:14 | 000,036,456 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/07/03 13:03:42 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/06/03 13:15:22 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/11/30 03:27:44 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/05/31 00:47:29 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/04/24 15:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 15:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/12/14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/11/06 07:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/30 17:33:26 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/12 18:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/07/22 11:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/06/16 16:10:08 | 001,308,160 | -H-- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011/05/25 07:19:00 | 000,076,160 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/05/25 07:19:00 | 000,052,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/05/16 10:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/10 22:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/27 19:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 19:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 17:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 17:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 03:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/07/28 21:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2014/07/31 00:16:08 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 D9 7F 42 50 B6 CF 01  [binary data]
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: d:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: d:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/27 01:03:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/06 12:30:16 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2014/08/16 12:58:20 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - d:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {45d30484-7ded-43d9-957a-d2fd1f046511} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CAHS1Sound] C:\Windows\Syswow64\CAHS1.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeePass 2 PreLoad] d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1520015183-56102371-4256460016-1001..\Run: [SpybotSD TeaTimer] d:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62A7623-BBF0-4091-92FD-FE47161508D5}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/17 05:07:40 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/08/17 05:07:40 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/08/17 05:07:39 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/08/17 05:07:39 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/08/17 05:07:38 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/08/17 05:07:38 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/08/17 05:07:32 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/17 05:07:32 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/16 13:12:30 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/08/15 17:11:34 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/15 17:11:34 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/15 17:11:34 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/15 17:11:34 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/15 17:11:34 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/15 17:11:34 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/15 17:11:31 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/08/15 17:11:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/15 17:11:31 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/08/15 17:11:31 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/15 17:11:31 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/08/15 17:11:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/08/15 17:11:31 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/08/15 17:11:30 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/08/15 17:11:30 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/08/15 17:11:30 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/08/15 17:11:30 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/08/15 17:11:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/08/15 17:11:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/08/15 17:11:29 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/08/15 17:11:29 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/08/15 17:11:29 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/08/15 17:11:29 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/08/15 17:11:29 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/08/15 17:11:28 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/08/15 17:11:28 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/08/15 17:11:28 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/08/15 17:11:28 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/08/15 17:11:28 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/08/15 17:11:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/08/15 17:11:27 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/08/15 17:11:27 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/08/15 17:11:27 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/08/15 17:11:27 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/08/15 17:11:27 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/08/15 17:11:27 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/08/15 17:11:26 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/15 17:11:26 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/08/15 17:11:26 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/08/15 17:11:26 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/08/15 17:11:26 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/08/15 17:10:44 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/08/15 14:03:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/08/15 14:03:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/08/15 14:03:35 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Local\temp
[2014/08/15 11:53:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/08/15 11:53:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/08/15 11:53:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/08/15 11:53:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/08/15 11:53:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/08/15 11:51:24 | 000,000,000 | ---D | C] -- C:\FRST
[2014/08/15 11:42:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/08/12 20:57:36 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/08/12 20:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/08/12 20:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/08/06 21:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
[2014/08/06 21:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4
[2014/08/06 10:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/08/03 23:30:50 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/08/03 23:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/08/03 22:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/08/03 22:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/08/01 14:32:21 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/08/01 14:32:21 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/08/01 14:32:21 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/08/01 14:32:19 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/08/01 14:32:19 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014/08/01 14:32:19 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/08/01 14:32:19 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014/08/01 14:32:19 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/08/01 14:32:19 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014/08/01 14:32:19 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/08/01 14:32:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/08/01 14:32:19 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2014/08/01 14:32:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014/08/01 00:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/08/01 00:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/01 00:44:55 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/01 00:44:52 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/01 00:44:52 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/01 00:44:52 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/01 00:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/01 00:04:24 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Local\CrashDumps
[2014/07/31 23:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/07/31 23:44:27 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\Desktop\mbar
[2014/07/31 20:04:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/31 19:49:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/31 17:50:35 | 000,000,000 | ---D | C] -- C:\EEK
[2014/07/31 17:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/07/31 17:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/31 00:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2014/07/31 00:59:32 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/07/31 00:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2014/07/30 20:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/07/30 19:59:07 | 000,000,000 | -HSD | C] -- C:\Users\Admin -disaster only\AppData\Local\EmieUserList
[2014/07/30 19:59:07 | 000,000,000 | -HSD | C] -- C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
[2014/07/30 19:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/07/26 23:07:32 | 000,875,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
[2014/07/26 23:07:32 | 000,535,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
[2014/07/26 23:07:32 | 000,252,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/17 13:00:49 | 000,783,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/17 13:00:49 | 000,662,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/17 13:00:49 | 000,122,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/17 12:49:14 | 000,036,456 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/08/17 12:48:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/17 12:46:40 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/17 12:43:07 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/17 12:43:07 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/17 04:14:03 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/17 00:00:00 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2014/08/16 12:58:20 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/08/14 16:11:15 | 514,927,041 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/08/14 16:03:06 | 000,331,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/13 16:16:54 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/13 13:41:55 | 000,000,546 | ---- | M] () -- C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
[2014/08/12 20:57:36 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/08/06 21:57:47 | 000,001,500 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014/08/06 10:25:26 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/08/01 00:52:34 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/08/01 00:52:34 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/01 00:47:38 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/08/01 00:39:20 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2014/07/31 23:19:39 | 000,000,768 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140801-002457.backup
[2014/07/31 19:56:26 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2014/07/31 19:56:15 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2014/07/31 00:59:32 | 000,003,229 | ---- | M] () -- C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
[2014/07/26 23:07:32 | 000,875,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
[2014/07/26 23:07:32 | 000,535,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
[2014/07/26 23:07:32 | 000,252,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
[2014/07/25 10:01:41 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/07/25 09:30:30 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/07/25 09:28:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/07/25 09:28:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/07/25 09:25:45 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/07/25 09:10:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/07/25 09:03:50 | 000,598,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/07/25 09:00:51 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/07/25 09:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/07/25 08:59:28 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/07/25 08:47:25 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/25 08:40:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/07/25 08:34:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/07/25 08:33:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/07/25 08:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/07/25 08:28:15 | 005,824,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/07/25 08:28:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/25 08:19:18 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/07/25 08:17:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/07/25 08:17:26 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/07/25 08:12:35 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/07/25 08:10:53 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/07/25 08:10:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/07/25 08:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/07/25 07:47:50 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/07/25 07:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/25 07:42:31 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/07/25 07:39:29 | 002,087,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/07/25 07:39:25 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/07/25 07:36:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/07/25 07:34:04 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/07/25 07:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/07/25 07:07:10 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/07/25 06:17:47 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/07/25 06:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/07/24 08:53:03 | 000,042,040 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
 
========== Files Created - No Company Name ==========
 
[2014/08/15 11:53:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/08/15 11:53:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/08/15 11:53:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/08/15 11:53:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/08/15 11:53:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/08/14 16:11:15 | 514,927,041 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/08/12 20:57:36 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/08/06 21:57:47 | 000,001,500 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014/08/06 10:25:26 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/07/31 17:50:43 | 000,000,546 | ---- | C] () -- C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
[2014/07/31 17:32:56 | 000,036,456 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/07/31 00:59:32 | 000,003,229 | ---- | C] () -- C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
[2013/02/18 02:37:23 | 000,209,920 | ---- | C] () -- C:\Windows\iun3401.exe
[2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/02/17 13:50:11 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Ad-Aware Antivirus
[2014/05/06 14:50:09 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Double Dummy Solver
[2014/01/09 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Undefeated (Aldorlea Games)
[2014/08/14 19:57:06 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Wise Care 365
[2012/04/30 22:08:32 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\.ABC
[2013/02/21 18:45:40 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Anodyne
[2012/09/25 20:48:08 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\AstralTowers
[2014/04/12 14:53:56 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Battle.net
[2013/10/27 15:56:29 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Black Home
[2013/08/10 17:33:19 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Bridge Baron 23
[2014/04/19 18:58:40 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\com.emmanuelsalvacruz.crystalstory2
[2013/04/12 16:56:51 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\com.shirogames.evoland
[2014/04/02 15:23:43 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\com.treefortress.Bardbarian
[2012/01/02 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Corsair
[2013/11/06 23:43:25 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Crazy Viking Studios
[2012/06/06 22:14:26 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\DAEMON Tools Lite
[2013/12/30 15:10:10 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Darkblood Chronicles
[2012/12/01 01:04:02 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\DefendersQuest
[2014/06/13 17:38:41 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Double Dummy Solver
[2013/01/27 17:22:57 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Doublefine
[2012/11/04 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Dwarfs
[2012/06/03 12:25:08 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Dynamite Jack
[2013/10/05 16:25:04 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Epic Quest Saves
[2014/07/15 15:25:08 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Fancy Fish Games
[2014/05/28 18:15:13 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\FearlessFantasy
[2013/05/03 12:34:52 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\FEZ
[2012/11/10 19:49:10 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Frogwares
[2013/12/30 14:31:31 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\GD_RPG
[2013/10/04 02:09:47 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Journey - The Heart of Gaia Strategy Guide_OptimizedSize_
[2014/08/04 15:43:13 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\KeePass
[2013/08/19 18:58:25 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\LaxiusForceIII_Saves
[2013/08/12 23:56:46 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\LaxiusForceII_Saves
[2012/02/10 21:56:08 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Leahs_Tale
[2012/04/29 13:55:54 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\LegacyInteractive
[2014/08/06 21:58:18 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\LibreOffice
[2013/11/02 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\LoneSurvivor
[2012/11/28 16:24:55 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Might & Magic Heroes VI
[2013/07/31 00:52:12 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\MM2_Saves
[2013/07/31 00:52:12 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\MM3_Saves
[2013/07/31 10:28:35 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\MM4_Saves
[2013/08/03 21:24:58 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\MM5_Saves
[2012/09/03 14:57:41 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Moonchild_Saves
[2013/01/14 19:58:36 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Nifflas
[2013/12/04 21:43:59 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Onyx
[2012/11/24 12:53:44 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Opaline
[2012/08/11 22:48:30 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\PC Utility Kit
[2013/04/23 00:44:25 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\RenPy
[2013/07/02 22:30:17 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Rogue Legacy
[2012/05/08 22:28:46 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Silverback Productions
[2012/03/18 17:29:12 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Skyborn
[2014/08/14 01:54:05 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\SoftGrid Client
[2013/08/10 17:48:55 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Splashtop
[2011/12/28 20:27:03 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Sweet Lily Dreams Saves
[2013/11/09 03:40:17 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Sword of the Stars - The Pit
[2012/01/02 18:24:05 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\The Longest Journey
[2013/05/09 17:19:37 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\The Princess Heart Saves
[2014/01/08 18:53:45 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\TheBookofLegends_Saves
[2014/05/24 23:27:54 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\TLDCEPC
[2012/02/23 19:08:55 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\TP
[2014/01/10 02:06:23 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Undefeated (Aldorlea Games)
[2013/02/14 17:35:51 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Vendetta
[2014/08/02 15:54:24 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
[2013/12/30 11:54:41 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Wise Care 365
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:DD5042D8
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:7B532EF3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:321156F2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D169FA00
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8EBE034C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
 
< End of report >
 

Rogue Killer:

 

RogueKiller V9.2.8.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : Admin -disaster only [Admin rights]
Mode : Scan -- Date : 08/17/2014  12:50:49
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 16 ¤¤¤
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1003\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1003\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000035f]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: OCZ-AGILITY3 ATA Device +++++
--- User ---
[MBR] 6a9c53f0d8ff7805ddb34dd534c5037a
[BSP] 75fff2452ef0cf913d5bbf7ee5eabb81 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 57139 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Hitachi HDS721010DLE630 ATA Device +++++
--- User ---
[MBR] bb526e096c9225aed6ac1ded645f8cbf
[BSP] 6e0ed470eecb8f484fc0076dc4d8bd9d : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_07312014_173721.log - RKreport_DEL_07312014_231907.log - RKreport_DEL_08022014_150226.log - RKreport_DEL_08132014_131311.log
RKreport_DEL_08132014_131701.log - RKreport_DEL_08132014_132143.log - RKreport_DEL_08132014_164755.log - RKreport_DEL_08132014_170839.log
RKreport_DEL_08142014_163220.log - RKreport_SCN_07312014_173707.log - RKreport_SCN_07312014_231843.log - RKreport_SCN_08022014_150115.log
RKreport_SCN_08022014_160903.log - RKreport_SCN_08132014_131222.log - RKreport_SCN_08132014_131619.log - RKreport_SCN_08132014_132118.log
RKreport_SCN_08132014_164719.log - RKreport_SCN_08132014_170822.log - RKreport_SCN_08142014_163207.log

  • 0

#34
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, let's keep digging. Apparently it's something that we've not found that keeps reinfecting.

 

This is a Custom Scan with some special attention to frequently infected files and a couple that look odd to me in your current OTL scan.

 

51a5d669693dd-icon_OTL.png Scan with OTL

Please re-run OTL to give me a fresh look about your system.
 

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Make sure that Scan All Users, LOP check and Purity check are ticked.
  • For 64-bit systems only - make sure that Include 64-bit option is also ticked.
  • Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    netsvcs
    
    %SYSTEMDRIVE%\*.exe
    
    /md5start
    
    sed.exe
    
    msi.dll
    
    wups.dll
    
    explorer.exe
    
    winlogon.exe
    
    Userinit.exe
    
    svchost.exe
    
    services.exe
    
    /md5stop
    
    %systemroot%\*. /mp /s
    
    dir C:\ /S /A:L /C
    
    CREATERESTOREPOINT
    
    
    
    
  • Push Run Scan and wait patiently.
  • A notepad window with a logfile will open after this run.

Please include the content of this logfile in your next reply.

 

 


  • 0

#35
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Log:

 

Error: Unable to interpret <netsvcs> in the current context!
Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <sed.exe> in the current context!
Error: Unable to interpret <msi.dll> in the current context!
Error: Unable to interpret <wups.dll> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
Error: Unable to interpret <winlogon.exe> in the current context!
Error: Unable to interpret <Userinit.exe> in the current context!
Error: Unable to interpret <svchost.exe> in the current context!
Error: Unable to interpret <services.exe> in the current context!
Error: Unable to interpret </md5stop> in the current context!
Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context!
Error: Unable to interpret <dir C:\ /S /A:L /C> in the current context!
Error: Unable to interpret <CREATERESTOREPOINT> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 08172014_151349

  • 0

#36
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Let's try it again and be sure that there are no leading spaces at the beginning of each line. Sometimes the site adds them and OTL can't process the line.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
sed.exe
msi.dll
wups.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /mp /s
dir C:\ /S /A:L /C
CREATERESTOREPOINT

  • 0

#37
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

I was careful to make sure there were no spaces. Same result:

 

Error: Unable to interpret <netsvcs> in the current context!
Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <sed.exe> in the current context!
Error: Unable to interpret <msi.dll> in the current context!
Error: Unable to interpret <wups.dll> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
Error: Unable to interpret <winlogon.exe> in the current context!
Error: Unable to interpret <Userinit.exe> in the current context!
Error: Unable to interpret <svchost.exe> in the current context!
Error: Unable to interpret <services.exe> in the current context!
Error: Unable to interpret </md5stop> in the current context!
Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context!
Error: Unable to interpret <dir C:\ /S /A:L /C> in the current context!
Error: Unable to interpret <CREATERESTOREPOINT> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 08172014_152657

  • 0

#38
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I think you're clicking Run Fix and you need to click Run Scan


  • 0

#39
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

You're right. Sorry, that was careless of me.

 

Log:

 

OTL logfile created on: 8/17/2014 3:48:42 PM - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\GDC\Desktop\anti-rootkit
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.92 Gb Total Physical Memory | 14.48 Gb Available Physical Memory | 90.93% Memory free
31.84 Gb Paging File | 30.70 Gb Available in Paging File | 96.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 8.91 Gb Free Space | 15.97% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 18.65 Gb Free Space | 2.00% Space Free | Partition Type: NTFS
Drive F: | 499.71 Mb Total Space | 494.41 Mb Free Space | 98.94% Space Free | Partition Type: FAT
 
Computer Name: GDC-PC | User Name: Admin -disaster only | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/14 21:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GDC\Desktop\anti-rootkit\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/07/25 09:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/19 15:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/08/06 10:24:26 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/08/06 10:23:57 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/07/14 16:49:12 | 000,141,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/25 17:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/12/14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/29 17:48:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/12/14 18:53:44 | 000,303,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100v2)
SRV - [2010/12/14 20:17:12 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2009/10/13 20:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/17 12:49:14 | 000,036,456 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/07/03 13:03:42 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/06/03 13:15:22 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/11/30 03:27:44 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/05/31 00:47:29 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/04/24 15:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 15:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/12/14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/11/06 07:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/30 17:33:26 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/12 18:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/07/22 11:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/06/16 16:10:08 | 001,308,160 | -H-- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011/05/25 07:19:00 | 000,076,160 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/05/25 07:19:00 | 000,052,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/05/16 10:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/10 22:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/27 19:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 19:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 17:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 17:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 03:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/07/28 21:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2014/07/31 00:16:08 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 D9 7F 42 50 B6 CF 01  [binary data]
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: d:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: d:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/27 01:03:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/06 12:30:16 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2014/08/16 12:58:20 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - d:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {45d30484-7ded-43d9-957a-d2fd1f046511} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CAHS1Sound] C:\Windows\Syswow64\CAHS1.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeePass 2 PreLoad] d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1520015183-56102371-4256460016-1001..\Run: [SpybotSD TeaTimer] d:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62A7623-BBF0-4091-92FD-FE47161508D5}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/17 05:07:40 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/08/17 05:07:40 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/08/17 05:07:39 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/08/17 05:07:39 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/08/17 05:07:38 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/08/17 05:07:38 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/08/17 05:07:32 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/17 05:07:32 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/16 13:12:30 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/08/15 17:11:34 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/15 17:11:34 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/15 17:11:34 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/15 17:11:34 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/15 17:11:34 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/15 17:11:34 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/15 17:11:31 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/08/15 17:11:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/15 17:11:31 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/08/15 17:11:31 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/15 17:11:31 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/08/15 17:11:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/08/15 17:11:31 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/08/15 17:11:30 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/08/15 17:11:30 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/08/15 17:11:30 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/08/15 17:11:30 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/08/15 17:11:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/08/15 17:11:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/08/15 17:11:29 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/08/15 17:11:29 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/08/15 17:11:29 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/08/15 17:11:29 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/08/15 17:11:29 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/08/15 17:11:28 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/08/15 17:11:28 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/08/15 17:11:28 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/08/15 17:11:28 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/08/15 17:11:28 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/08/15 17:11:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/08/15 17:11:27 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/08/15 17:11:27 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/08/15 17:11:27 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/08/15 17:11:27 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/08/15 17:11:27 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/08/15 17:11:27 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/08/15 17:11:26 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/15 17:11:26 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/08/15 17:11:26 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/08/15 17:11:26 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/08/15 17:11:26 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/08/15 17:10:44 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/08/15 14:03:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/08/15 14:03:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/08/15 14:03:35 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Local\temp
[2014/08/15 11:53:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/08/15 11:53:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/08/15 11:53:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/08/15 11:53:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/08/15 11:53:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/08/15 11:51:24 | 000,000,000 | ---D | C] -- C:\FRST
[2014/08/15 11:42:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/08/12 20:57:36 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/08/12 20:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/08/12 20:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/08/06 21:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
[2014/08/06 21:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4
[2014/08/06 10:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/08/03 23:30:50 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/08/03 23:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/08/03 22:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/08/03 22:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/08/01 14:32:21 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/08/01 14:32:21 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/08/01 14:32:21 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/08/01 14:32:19 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/08/01 14:32:19 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014/08/01 14:32:19 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/08/01 14:32:19 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014/08/01 14:32:19 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/08/01 14:32:19 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014/08/01 14:32:19 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/08/01 14:32:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/08/01 14:32:19 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2014/08/01 14:32:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014/08/01 00:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/08/01 00:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/01 00:44:55 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/01 00:44:52 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/01 00:44:52 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/01 00:44:52 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/01 00:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/01 00:04:24 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Local\CrashDumps
[2014/07/31 23:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/07/31 23:44:27 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\Desktop\mbar
[2014/07/31 20:04:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/31 19:49:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/31 17:50:35 | 000,000,000 | ---D | C] -- C:\EEK
[2014/07/31 17:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/07/31 17:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/31 00:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2014/07/31 00:59:32 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/07/31 00:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2014/07/30 20:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/07/30 19:59:07 | 000,000,000 | -HSD | C] -- C:\Users\Admin -disaster only\AppData\Local\EmieUserList
[2014/07/30 19:59:07 | 000,000,000 | -HSD | C] -- C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
[2014/07/30 19:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/07/26 23:07:32 | 000,875,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
[2014/07/26 23:07:32 | 000,535,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
[2014/07/26 23:07:32 | 000,252,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/17 13:00:49 | 000,783,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/17 13:00:49 | 000,662,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/17 13:00:49 | 000,122,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/17 12:49:14 | 000,036,456 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/08/17 12:48:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/17 12:46:40 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/17 12:43:07 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/17 12:43:07 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/17 04:14:03 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/17 00:00:00 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2014/08/16 12:58:20 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/08/14 16:11:15 | 514,927,041 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/08/14 16:03:06 | 000,331,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/13 16:16:54 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/13 13:41:55 | 000,000,546 | ---- | M] () -- C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
[2014/08/12 20:57:36 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/08/06 21:57:47 | 000,001,500 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014/08/06 10:25:26 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/08/01 00:52:34 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/08/01 00:52:34 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/01 00:47:38 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/08/01 00:39:20 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2014/07/31 23:19:39 | 000,000,768 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140801-002457.backup
[2014/07/31 19:56:26 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2014/07/31 19:56:15 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2014/07/31 00:59:32 | 000,003,229 | ---- | M] () -- C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
[2014/07/26 23:07:32 | 000,875,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
[2014/07/26 23:07:32 | 000,535,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
[2014/07/26 23:07:32 | 000,252,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
[2014/07/25 10:01:41 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/07/25 09:30:30 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/07/25 09:28:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/07/25 09:28:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/07/25 09:25:45 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/07/25 09:10:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/07/25 09:03:50 | 000,598,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/07/25 09:00:51 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/07/25 09:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/07/25 08:59:28 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/07/25 08:47:25 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/25 08:40:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/07/25 08:34:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/07/25 08:33:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/07/25 08:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/07/25 08:28:15 | 005,824,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/07/25 08:28:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/25 08:19:18 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/07/25 08:17:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/07/25 08:17:26 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/07/25 08:12:35 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/07/25 08:10:53 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/07/25 08:10:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/07/25 08:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/07/25 07:47:50 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/07/25 07:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/25 07:42:31 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/07/25 07:39:29 | 002,087,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/07/25 07:39:25 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/07/25 07:36:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/07/25 07:34:04 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/07/25 07:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/07/25 07:07:10 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/07/25 06:17:47 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/07/25 06:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/07/24 08:53:03 | 000,042,040 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
 
========== Files Created - No Company Name ==========
 
[2014/08/15 11:53:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/08/15 11:53:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/08/15 11:53:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/08/15 11:53:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/08/15 11:53:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/08/14 16:11:15 | 514,927,041 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/08/12 20:57:36 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/08/06 21:57:47 | 000,001,500 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014/08/06 10:25:26 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/07/31 17:50:43 | 000,000,546 | ---- | C] () -- C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
[2014/07/31 17:32:56 | 000,036,456 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/07/31 00:59:32 | 000,003,229 | ---- | C] () -- C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
[2013/02/18 02:37:23 | 000,209,920 | ---- | C] () -- C:\Windows\iun3401.exe
[2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/02/17 13:50:11 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Ad-Aware Antivirus
[2014/05/06 14:50:09 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Double Dummy Solver
[2014/01/09 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Undefeated (Aldorlea Games)
[2014/08/14 19:57:06 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Wise Care 365
[2012/04/30 22:08:32 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\.ABC
[2013/02/21 18:45:40 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Anodyne
[2012/09/25 20:48:08 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\AstralTowers
[2014/04/12 14:53:56 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Battle.net
[2013/10/27 15:56:29 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Black Home
[2013/08/10 17:33:19 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Bridge Baron 23
[2014/04/19 18:58:40 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\com.emmanuelsalvacruz.crystalstory2
[2013/04/12 16:56:51 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\com.shirogames.evoland
[2014/04/02 15:23:43 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\com.treefortress.Bardbarian
[2012/01/02 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Corsair
[2013/11/06 23:43:25 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Crazy Viking Studios
[2012/06/06 22:14:26 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\DAEMON Tools Lite
[2013/12/30 15:10:10 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Darkblood Chronicles
[2012/12/01 01:04:02 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\DefendersQuest
[2014/06/13 17:38:41 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Double Dummy Solver
[2013/01/27 17:22:57 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Doublefine
[2012/11/04 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Dwarfs
[2012/06/03 12:25:08 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Dynamite Jack
[2013/10/05 16:25:04 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Epic Quest Saves
[2014/07/15 15:25:08 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Fancy Fish Games
[2014/05/28 18:15:13 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\FearlessFantasy
[2013/05/03 12:34:52 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\FEZ
[2012/11/10 19:49:10 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Frogwares
[2013/12/30 14:31:31 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\GD_RPG
[2013/10/04 02:09:47 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Journey - The Heart of Gaia Strategy Guide_OptimizedSize_
[2014/08/04 15:43:13 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\KeePass
[2013/08/19 18:58:25 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\LaxiusForceIII_Saves
[2013/08/12 23:56:46 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\LaxiusForceII_Saves
[2012/02/10 21:56:08 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Leahs_Tale
[2012/04/29 13:55:54 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\LegacyInteractive
[2014/08/06 21:58:18 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\LibreOffice
[2013/11/02 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\LoneSurvivor
[2012/11/28 16:24:55 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Might & Magic Heroes VI
[2013/07/31 00:52:12 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\MM2_Saves
[2013/07/31 00:52:12 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\MM3_Saves
[2013/07/31 10:28:35 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\MM4_Saves
[2013/08/03 21:24:58 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\MM5_Saves
[2012/09/03 14:57:41 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Moonchild_Saves
[2013/01/14 19:58:36 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Nifflas
[2013/12/04 21:43:59 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Onyx
[2012/11/24 12:53:44 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Opaline
[2012/08/11 22:48:30 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\PC Utility Kit
[2013/04/23 00:44:25 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\RenPy
[2013/07/02 22:30:17 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Rogue Legacy
[2012/05/08 22:28:46 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Silverback Productions
[2012/03/18 17:29:12 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Skyborn
[2014/08/14 01:54:05 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\SoftGrid Client
[2013/08/10 17:48:55 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Splashtop
[2011/12/28 20:27:03 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Sweet Lily Dreams Saves
[2013/11/09 03:40:17 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Sword of the Stars - The Pit
[2012/01/02 18:24:05 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\The Longest Journey
[2013/05/09 17:19:37 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\The Princess Heart Saves
[2014/01/08 18:53:45 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\TheBookofLegends_Saves
[2014/05/24 23:27:54 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\TLDCEPC
[2012/02/23 19:08:55 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\TP
[2014/01/10 02:06:23 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Undefeated (Aldorlea Games)
[2013/02/14 17:35:51 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Vendetta
[2014/08/02 15:54:24 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
[2013/12/30 11:54:41 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Wise Care 365
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: MSI.DLL  >
[2010/11/20 23:24:33 | 002,341,376 | ---- | M] (Microsoft Corporation) MD5=0CE4D3BD306DA6D1F6F233C403F5B667 -- C:\Windows\winsxs\wow64_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7601.17514_none_6bf52decfe850b3d\msi.dll
[2014/06/03 06:02:21 | 003,241,984 | ---- | M] (Microsoft Corporation) MD5=3B39F9D51E4D8BAABDA6518955B58C13 -- C:\Windows\SysNative\msi.dll
[2014/06/03 06:02:21 | 003,241,984 | ---- | M] (Microsoft Corporation) MD5=3B39F9D51E4D8BAABDA6518955B58C13 -- C:\Windows\winsxs\amd64_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7601.18493_none_6148eb42ca662bed\msi.dll
[2012/04/07 19:36:58 | 003,217,408 | ---- | M] (Microsoft Corporation) MD5=5864633FED2156AF701B99AFDF2683F9 -- C:\Windows\winsxs\amd64_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7601.21960_none_61f01553e36e06da\msi.dll
[2012/04/07 08:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) MD5=5EB6E9C8BE1ACC5830780E0F9A846255 -- C:\Windows\winsxs\amd64_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7601.17807_none_61ae5a16ca1970cb\msi.dll
[2010/11/20 23:24:25 | 003,211,776 | ---- | M] (Microsoft Corporation) MD5=6A16BCE3C09496650BE881C467611653 -- C:\Windows\winsxs\amd64_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7601.17514_none_61a0839aca244942\msi.dll
[2014/06/02 22:42:12 | 003,243,008 | ---- | M] (Microsoft Corporation) MD5=8AF56CF86B58DF4CC0F4F68E2AF14EC5 -- C:\Windows\winsxs\amd64_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7601.22708_none_6238dc97e336493f\msi.dll
[2012/04/07 07:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) MD5=A6C29DB53ECA94FA8591C5388D604B82 -- C:\Windows\winsxs\wow64_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7601.17807_none_6c030468fe7a32c6\msi.dll
[2014/06/03 05:29:50 | 002,363,392 | ---- | M] (Microsoft Corporation) MD5=C212A43AA83A717AD38505F23ACDCB33 -- C:\Windows\SysWOW64\msi.dll
[2014/06/03 05:29:50 | 002,363,392 | ---- | M] (Microsoft Corporation) MD5=C212A43AA83A717AD38505F23ACDCB33 -- C:\Windows\winsxs\wow64_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7601.18493_none_6b9d9594fec6ede8\msi.dll
[2012/04/07 18:42:15 | 002,342,912 | ---- | M] (Microsoft Corporation) MD5=EBD1AAA3612A3E37C616A057FD5F252C -- C:\Windows\winsxs\wow64_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7601.21960_none_6c44bfa617cec8d5\msi.dll
[2014/06/02 22:13:41 | 002,363,904 | ---- | M] (Microsoft Corporation) MD5=EFD4CE207E9B144A343AA9BC3D2F14B8 -- C:\Windows\winsxs\wow64_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7601.22708_none_6c8d86ea17970b3a\msi.dll
 
< MD5 for: SED.EXE  >
[2000/08/30 20:00:00 | 000,098,816 | ---- | M] () MD5=2B657A67AEBB84AEA5632C53E61E23BF -- C:\Windows\sed.exe
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/04 07:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 05:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\erdnt\cache64\winlogon.exe
[2014/03/04 05:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 05:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
 
< MD5 for: WUPS.DLL  >
[2014/05/14 12:23:42 | 000,036,320 | ---- | M] (Microsoft Corporation) MD5=255F0417EC31C71585824269522EC8E9 -- C:\Windows\SysWOW64\wups.dll
[2014/05/14 12:23:42 | 000,036,320 | ---- | M] (Microsoft Corporation) MD5=255F0417EC31C71585824269522EC8E9 -- C:\Windows\winsxs\wow64_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.320_none_c65c31ce99b0eafe\wups.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) MD5=3458EDA96E30FBD0477A2800D3FB1909 -- C:\Windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_5fe7b2baacf3da43\wups.dll
[2014/05/14 12:23:52 | 000,038,880 | ---- | M] (Microsoft Corporation) MD5=7EC6617005F76714C7E16605E7A8AB06 -- C:\Windows\SysNative\wups.dll
[2014/05/14 12:23:52 | 000,038,880 | ---- | M] (Microsoft Corporation) MD5=7EC6617005F76714C7E16605E7A8AB06 -- C:\Windows\winsxs\amd64_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.320_none_bc07877c65502903\wups.dll
[2010/11/20 23:24:28 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=BD47117CFDAB2879C8BED5E92F649CA2 -- C:\Windows\winsxs\amd64_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.5.7601.17514_none_05454dfbda0d69c8\wups.dll
[2012/06/02 18:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) MD5=E746ED90132C6B6313CE9179F56BD31D -- C:\Windows\winsxs\amd64_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.6.7600.256_none_bc064e3e65514b79\wups.dll
[2010/11/20 23:23:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=FB633DCC8664E4CCACF562DB5BAE38CF -- C:\Windows\winsxs\wow64_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.5.7601.17514_none_0f99f84e0e6e2bc3\wups.dll
 
< %systemroot%\*. /mp /s >
 
< dir C:\ /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is A241-9390
 Directory of C:\
07/14/2009  01:08 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/14/2009  01:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  01:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  01:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  01:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  01:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  01:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/14/2009  01:08 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009  01:08 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\Admin -disaster only
11/30/2013  03:29 AM    <JUNCTION>     Application Data [C:\Users\Admin -disaster only\AppData\Roaming]
11/30/2013  03:29 AM    <JUNCTION>     Cookies [C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Cookies]
11/30/2013  03:29 AM    <JUNCTION>     Local Settings [C:\Users\Admin -disaster only\AppData\Local]
11/30/2013  03:29 AM    <JUNCTION>     My Documents [C:\Users\Admin -disaster only\Documents]
11/30/2013  03:29 AM    <JUNCTION>     NetHood [C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/30/2013  03:29 AM    <JUNCTION>     PrintHood [C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/30/2013  03:29 AM    <JUNCTION>     Recent [C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Recent]
11/30/2013  03:29 AM    <JUNCTION>     SendTo [C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\SendTo]
11/30/2013  03:29 AM    <JUNCTION>     Start Menu [C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu]
11/30/2013  03:29 AM    <JUNCTION>     Templates [C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Admin -disaster only\AppData\Local
11/30/2013  03:29 AM    <JUNCTION>     Application Data [C:\Users\Admin -disaster only\AppData\Local]
11/30/2013  03:29 AM    <JUNCTION>     History [C:\Users\Admin -disaster only\AppData\Local\Microsoft\Windows\History]
11/30/2013  03:29 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Admin -disaster only\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Admin -disaster only\Documents
11/30/2013  03:29 AM    <JUNCTION>     My Music [C:\Users\Admin -disaster only\Music]
11/30/2013  03:29 AM    <JUNCTION>     My Pictures [C:\Users\Admin -disaster only\Pictures]
11/30/2013  03:29 AM    <JUNCTION>     My Videos [C:\Users\Admin -disaster only\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/14/2009  01:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  01:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  01:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  01:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  01:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  01:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/14/2009  01:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009  01:08 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009  01:08 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009  01:08 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009  01:08 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009  01:08 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009  01:08 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009  01:08 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009  01:08 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/14/2009  01:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009  01:08 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009  01:08 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/14/2009  01:08 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009  01:08 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009  01:08 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\GDC
12/27/2011  06:57 PM    <JUNCTION>     Application Data [C:\Users\GDC\AppData\Roaming]
12/27/2011  06:57 PM    <JUNCTION>     Cookies [C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Cookies]
12/27/2011  06:57 PM    <JUNCTION>     Local Settings [C:\Users\GDC\AppData\Local]
12/27/2011  06:57 PM    <JUNCTION>     My Documents [C:\Users\GDC\Documents]
12/27/2011  06:57 PM    <JUNCTION>     NetHood [C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/27/2011  06:57 PM    <JUNCTION>     PrintHood [C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/27/2011  06:57 PM    <JUNCTION>     Recent [C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Recent]
12/27/2011  06:57 PM    <JUNCTION>     SendTo [C:\Users\GDC\AppData\Roaming\Microsoft\Windows\SendTo]
12/27/2011  06:57 PM    <JUNCTION>     Start Menu [C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu]
12/27/2011  06:57 PM    <JUNCTION>     Templates [C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\GDC\AppData\Local
12/27/2011  06:57 PM    <JUNCTION>     Application Data [C:\Users\GDC\AppData\Local]
12/27/2011  06:57 PM    <JUNCTION>     History [C:\Users\GDC\AppData\Local\Microsoft\Windows\History]
12/27/2011  06:57 PM    <JUNCTION>     Temporary Internet Files [C:\Users\GDC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\GDC\AppData\LocalLow
12/30/2012  02:27 PM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]
               0 File(s)              0 bytes
 Directory of C:\Users\GDC\Documents
12/27/2011  06:57 PM    <JUNCTION>     My Music [C:\Users\GDC\Music]
12/27/2011  06:57 PM    <JUNCTION>     My Pictures [C:\Users\GDC\Pictures]
12/27/2011  06:57 PM    <JUNCTION>     My Videos [C:\Users\GDC\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/14/2009  01:08 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/14/2009  01:08 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/14/2009  01:08 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
12/09/2011  06:15 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
12/09/2011  06:15 PM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
12/09/2011  06:15 PM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
12/09/2011  06:15 PM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/09/2011  06:15 PM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/09/2011  06:15 PM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
12/09/2011  06:15 PM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
12/09/2011  06:15 PM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
12/09/2011  06:15 PM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
12/09/2011  06:15 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
12/09/2011  06:15 PM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
12/09/2011  06:15 PM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
12/09/2011  06:15 PM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
12/09/2011  06:15 PM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
12/09/2011  06:15 PM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
12/09/2011  06:15 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
12/09/2011  06:15 PM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
12/09/2011  06:15 PM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
12/09/2011  06:15 PM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/09/2011  06:15 PM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/09/2011  06:15 PM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
12/09/2011  06:15 PM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
12/09/2011  06:15 PM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
12/09/2011  06:15 PM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
12/09/2011  06:15 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
12/09/2011  06:15 PM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
12/09/2011  06:15 PM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
12/09/2011  06:15 PM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
12/09/2011  06:15 PM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
12/09/2011  06:15 PM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              96 Dir(s)   9,568,083,968 bytes free
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:DD5042D8
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:7B532EF3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:321156F2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D169FA00
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8EBE034C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
 
< End of report >

  • 0

#40
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Let's leave no stone unturned.

 

Download RogueKiller to your desktop and run. Post the resulting log.


  • 0

Advertisements


#41
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Never mind, wrong post! Sorry. Don't run RK


  • 0

#42
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi,

 

I've called in reinforcements in the form one of my very senior instructors. We are leaning to this as the possible cause rather than malware. Since you are quite computer literate, let me know your thoughts on what you read and whether you've got an appetite for undertaking this type of work.

 

Just my opinion, absent undertaking this, there are two other options, however, if the problem is really the Update, then the second and third idea pretty much fail.

 

Let's consider what to do if it's not Windows Update error and it is hidden Malware instead. We have done every possible scan on your computer in Active (Booted) mode and cleaned it all. The remaining option is to boot from an external source and scan the hard drive while it is inactive (not booted). This is done via an FRST Recovery Scan (read through instructions below) while booted from a bootable thumb drive that you create with the instructions below. This assumes that you have a clean machine with which to make the bootable thumb drive.

 

I think the last option would the dreaded re-install. My concern there is, if the Windows Update caused your problem, you must avoid that update until MS fixes it. However, we have way of knowing for certain which of these options is the right one. My guess is to proceed in the order I've presented here. However, if you have other thoughts or ideas, I will support your decision and help you in anyway I can.

 

Let me know your thoughts and I stand ready to help in any way I can :)  :thumbsup:

 

rufus-128.pngFRST.gif Scan with Farbar Recovery Scan Tool from the Recovery Environment

We will be working outside of Windows, so I think it would be prudent to save it or print down for further reference.
This instruction is a quite complicated one as it contains multiple steps. We will need a clean machine and a USB stick (thumbdrive).

DOWNLOADS

There will be three things to download on your clean machine:

  • RUFUS by Akeo Consulting
  • Recovery Environment for your Windows Edition
  • Farbar Recovery Scan Tool

Save them preferably to the desktop, as it would make the rest of instructions easier.

PREPARATIONS

Prepare the tool on your clean machine.

rufus-128.png Create bootable USB drive with RUFUS
 

  • Right-click on rufus-128.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Configure it with the settings listed below:
    • Device - make sure that your pendrive is listed;
    • File System - set to NTFS;
    • Make sure that Quick format option is checked;
    • Create a bootable disk using - select ISO Image;
    • Click on the small CD icon next to ISO Image - select the downloaded Recovery Environment .iso file.
  • Press Start ant the process should run.

You will be notified on the lower bar when it will be completed.

After that please copy FRST to the root of your pendrive.
Now unplug your pendrive and move it into your corrupted machine.

ACTION

Insert your USB drive to the corrupted machine and start the computer.
Make sure that booting from USB is set. If you don't know how to do it, instructions HERE.

Getting form one step to another during this part will take some time. Please be patient.

WindowsKey.png Run Recovery Environment
 

  • When the machine boots-up, you will see the Install now window. Instead choose the Repair my computer option.
  • You will be presented with the list of operating systems (usually there will be only one). Highlight it by clicking on it and select Next.
  • In the Choose Recovery Tool menu select Command Prompt.

You will see a big black window with a blinking cursor (command prompt).

notepad.png Access the notepad and identify your USB drive

In the Command Prompt please type in:

notepad

and press Enter.

  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.

Note down the letter and close the notepad.

FRST.gif Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:

  • Type in e:\frst.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.

When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.

 


  • 0

#43
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Thank you very much for your persistence working with me.

 

I tried following the steps but I am having a very tough time finding the Windows Recovery Environment for 64 bit computers (and Windows 7). I spent well over an hour searching the internet for it earlier. From what I read my only other option may be mounting another copy of Windows 7 and to somehow extract the files from there? If so, that sounds a bit daunting.  

 

Also today my computer is starting up normally without crashing. Very perplexing to me.

 

 

 

If I understood your post correctly, you would like me to do an external scan of the drive before trying to follow the workaround to deal with the bad microsoft patch?

Also, your theory about the microsoft patch being a problem sounds plausible to me. For example, I have played RPG Maker games with custom fonts, which sounds like a potential trigger.


  • 0

#44
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Thank you very much for your persistence working with me.

 

You are very welcome!

 

 

I tried following the steps but I am having a very tough time finding the Windows Recovery Environment for 64 bit computers (and Windows 7).

 

Sorry, I should have provided this in the previous post. Windows 7 Recovery Disk Let me know if you have trouble and I'll help.

 

 

If I understood your post correctly, you would like me to do an external scan of the drive before trying to follow the workaround to deal with the bad microsoft patch?

 

No, what I was trying to say, but not doing a very good job is...we (as a Helper) have a tendency, if there are several alternatives, to reccomend the easiest first. When in reality, the only solution that makes sense, is the correct one. From my perspective the the scan is the easiest to do, however, if the problem is a bad MS patch, we can scan forever and not find the issue. See what I mean? So, I we should do the Upgrade fix (or whatever we should call it) first as it is the most likely problem, followed by the scan, and then if we've not found it...scortched earth (reinstall).


  • 0

#45
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I just thought about it, you might not have access to this part of our board.

 

What Startup Repair is capable of can be read in this Microsoft Article.

You may need to Add The Run... Box For Windows 7 for the below...

However, you can also open the Run.. box via depressing both the Windows key and R together.

--------------

Create a Windows 7 System Repair Disc:

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

 

  • Click on Start(Windows 7 Orb) >> Run..., then copy/paste the following command into the box and click on OK:

    recdisc.exe
  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-

xWTSRD1.gif.pagespeed.ic.dW1s86QfH9.png

 

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.

A blank CD/R or DVD/R can be used also...

 

  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see similar to the below:-

xWTSRD2.gif.pagespeed.ic.WMCwCsQAvM.png

 

  • Now click on Close >> OK.
  • You now have a Windows 7 System Repair Disc.

Please note: The above can be created with either a 32 or 64 bit Operating System. However the disks are not interchangeable...IE a 32 bit Startup Repair Disk cannot be used on a 64 bit Operating System and vice versa otherwise damage may be caused rather than any actual repairs implemented.

The differences between the aforementioned can be read in this Microsoft Article:-

32-bit and 64-bit Windows: frequently asked questions


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP