Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help me with malware remove [Closed]

Started by SomeNewUser , Oct 12 2014 08:29 AM

This topic is locked

#1
SomeNewUser

Posted 12 October 2014 - 08:29 AM

Member

Member
30 posts

I hope this is the right place for this topic.

So, about the problem, 2 days ago a malware infect my computer.

I'm with Windows XP SP3, used to have ESET NOD32 Antivirus 4.2.71.2 and Malwarebytes Anti-Malware v2.0.2.1012 - both with no self-defence options set.

It removes all antivirus software i had, by write an empty files in C:\Program Files named like a folders that any antivirus software make when installed. All files are 0 bytes, hidden and a permissions are deleted (so i'm not ale to delete them before i set change the permissions).

Same files are in: C:\Documents and Settings\All Users\Application Data, and there are a files in: C:\WINDOWS\system32\drivers - again hidden, but folders with changed permissions.

Files in system32 are like: 360AntiHacker64.sys, 360AntiHacker.sys, 360AvFlt.sys and so on - 307 in that folder. There are a changed folders and keys in system registry too - again with changed permissions (in places, where antivirus software make it's own folders).

I did try a lot of things past 2 days, after few hours i was able to remove fake files in safe mode and was able to install Avast, after that Kaspersky, after that Eset NOD Antivirus 7.xx - all of them was updated and i scan the system with them, but after a reboot that stuff removes them again by overwrite those empty files.

This far i was able to install Malwarebytes Anti-Malware v2.0.2.1012 and set it to self-defence - it is work by now, and no overwrite was made ot it. Also i install SUPERAntiSpyware Professional and SpyHunter, but they aren't a antivirus software, so i can't trust on them when i work online.

Windows is fully functional - everything but antivirus software - so i don't have any protection from viruses.

I did try with lot of tools till now:
ATF-Cleaner

herdProtectScan

RogueKiller

SecurityCheck

AdwCleaner

Kaspersky Virus Removal Tool

ComboFix

and so on - but nothing work so far.

I just scan the computer with FRST.exe, but don't know how to make fixlist.txt - can some one help me.

Sorry for the English - am from East Europe .

#2
SomeNewUser

Posted 14 October 2014 - 02:07 AM

Member

Topic Starter
Member
30 posts

Anyone?

Here is my FRST.txt, if can someone help me with fixlist.txt.

I did delete some personal info in it.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-10-2014
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (All) =========================

(Microsoft Corporation) C:\WINDOWS\system32\smss.exe
(Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
(Microsoft Corporation) C:\WINDOWS\system32\services.exe
(Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apache Software Foundation) C:\Program Files\Apache Group\Apache2\bin\Apache.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Apache Software Foundation) C:\Program Files\Apache Group\Apache2\bin\Apache.exe
(CrypKey (Canada) Ltd.) C:\WINDOWS\system32\Crypserv.exe
(Microsoft Corporation) C:\WINDOWS\explorer.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TightVNC Group) C:\Program Files\TightVNC\WinVNC.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(DT Soft Ltd.) C:\Program Files\DAEMON Tools\daemon.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
(Microsoft Corporation) C:\WINDOWS\system32\ctfmon.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Farbar) L:\New Software - Nesortiran\FRST.exe

==================== Registry (All) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16876032 2008-07-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-05-15] ()
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Resume copy] => copyfstq.exe /startup
HKLM\...\Run: [Lexmark 1200 Series] => C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [57344 2006-07-13] (Lexmark International, Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SpyHunter Security Suite] => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6434176 2014-10-11] (Enigma Software Group USA, LLC.)
HKLM\...\Run: [egui] => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe, [26112 2008-04-14] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] Explorer.exe [1033728 2008-04-14] (Microsoft Corporation)
HKLM\...\Winlogon: [UIHost] logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 323
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 67108863
HKLM\...\Policies\Explorer: [NoDrives] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-20\...\Policies\Explorer: [NoDriveTypeAutoRun] 145
HKU\S-1-5-21-1957994488-1177238915-1801674531-1003\...\Run: [DAEMON Tools] => C:\Program Files\DAEMON Tools\daemon.exe [167368 2007-08-16] (DT Soft Ltd.)
HKU\S-1-5-21-1957994488-1177238915-1801674531-1003\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1957994488-1177238915-1801674531-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-11] (SUPERAntiSpyware)
HKU\S-1-5-21-1957994488-1177238915-1801674531-1003\...\Policies\Explorer: [NoDriveTypeAutoRun] 323
HKU\S-1-5-21-1957994488-1177238915-1801674531-1003\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1957994488-1177238915-1801674531-1003\...\Policies\Explorer: [NoDrives] 0
HKU\S-1-5-21-1957994488-1177238915-1801674531-1003\...\Policies\Explorer: [NoDriveAutoRun] 67108863
HKU\S-1-5-21-1957994488-1177238915-1801674531-1003\...\MountPoints2: {94fa4ea2-d9ac-11e3-bf1a-00e04c164479} - I:\LGAutoRun.exe
HKU\S-1-5-21-1957994488-1177238915-1801674531-1003\...\MountPoints2: {9947af7d-30e7-11e3-9253-00221515cc76} - G:\.\_autorun\autorun_win.exe
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 323
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveAutoRun] 67108863
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\shell32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => C:\WINDOWS\System32\cscui.dll (Microsoft Corporation)
BootExecute: autocheck autochk * C:\WINDOWS\Temp:1
AlternateShell: cmd.exe

==================== Internet (All) ===========================

HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
URLSearchHook: HKCU - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...ms}&FORM=IE8SRC
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...ms}&FORM=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...Box&FORM=IE8SRC
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: bho2gr Class -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -> C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8461312 2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog5 02 %SystemRoot%\System32\winrnr.dll [16896] (Microsoft Corporation)
Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 01 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 02 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 03 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 04 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 05 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 06 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 07 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 08 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 09 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 10 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 11 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 12 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 13 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 14 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 15 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 16 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 17 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 18 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 19 %SystemRoot%\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 20 %SystemRoot%\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Winsock: Catalog9 21 %SystemRoot%\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Documents and Settings\SomeNewUser\Application Data\Mozilla\Firefox\Profiles\simr37uq.default
FF Homepage: about:home
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Plugin: hbgk.net/WebDvrCtrl -> C:\Program Files\WebControl\npWebCtrl.dll (TODO: <公司名>)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.10-next -> C:\Documents and Settings\SomeNewUser\Application Data\ACEStream\player\npace_plugin.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Mozilla Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\bing.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\google.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\twitter.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wikipedia.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo.xml
FF Extension: AS Magic Player - C:\Documents and Settings\SomeNewUser\Application Data\Mozilla\Firefox\Profiles\simr37uq.default\Extensions\[email protected] [2014-08-26]
FF Extension: DownloadHelper - C:\Documents and Settings\SomeNewUser\Application Data\Mozilla\Firefox\Profiles\simr37uq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-07]
FF Extension: YouTube Video and Audio Downloader - C:\Documents and Settings\SomeNewUser\Application Data\Mozilla\Firefox\Profiles\simr37uq.default\Extensions\[email protected] [2013-11-30]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014-08-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Mozilla Firefox 32.0.3\Extensions: [Components] - C:\Program Files\Mozilla Firefox\components
FF Extension: No Name - C:\Program Files\Mozilla Firefox\components [2014-08-30]
FF HKLM\...\Mozilla Firefox 32.0.3\Extensions: [Plugins] - C:\Program Files\Mozilla Firefox\plugins
FF Extension: No Name - C:\Program Files\Mozilla Firefox\plugins [2014-08-30]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files\Mozilla Firefox\firefox.exe"

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://google.bg/"
CHR Profile: C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (MightyText - SMS Text Messaging from Computer) - C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2014-05-13]
CHR Extension: (AS Magic Player) - C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-09-28]
CHR Extension: (Google Wallet) - C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx []
CHR StartMenuInternet: Google Chrome - "C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"

==================== Services (All) ========================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-10-11] (SUPERAntiSpyware.com)
R2 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
R2 Apache2; C:\Program Files\Apache Group\Apache2\bin\Apache.exe [20541 2006-04-29] (Apache Software Foundation) [File not signed]
S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation)
S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160 2010-03-18] (Microsoft Corporation)
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)
S3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
R2 Browser; C:\WINDOWS\System32\browser.dll [77824 2008-04-14] (Microsoft Corporation)
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
R2 clr_optimization_v4.0.30319_32; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2568120 2012-07-19] (WIBU-SYSTEMS AG)
S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [69632 2006-03-01] (CrypKey (Canada) Ltd.) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [399360 2008-04-14] (Microsoft Corporation)
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation)
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2008-04-14] (Microsoft Corporation)
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation)
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
R2 Eventlog; C:\WINDOWS\system32\services.exe [108544 2008-04-14] (Microsoft Corporation)
R3 EventSystem; C:\WINDOWS\system32\es.dll [246272 2008-04-14] (Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2008-04-14] (Microsoft Corporation)
S3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [116648 2012-08-28] (Google Inc.)
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840 2009-06-04] (Intel Corporation)
S3 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [96768 2008-04-14] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2008-04-14] (Microsoft Corporation)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2006-04-18] (Lexmark International, Inc.)
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
R2 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-24] (Mozilla Foundation)
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [95744 2008-05-19] (Microsoft Corporation)
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation)
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-04-14] (Microsoft Corporation)
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [192832 2011-09-19] (NVIDIA)
R2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [164160 2012-05-15] (NVIDIA Corporation)
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [89136 2005-09-29] (Microsoft Corporation)
R2 PlugPlay; C:\WINDOWS\system32\services.exe [108544 2008-04-14] (Microsoft Corporation)
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation)
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation)
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [399360 2008-04-14] (Microsoft Corporation)
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2008-04-14] (Microsoft Corporation)
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2008-04-14] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [315008 2014-04-03] (Skype Technologies)
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [57856 2008-04-14] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)
R2 TeamViewer9; C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [4799760 2014-09-12] (TeamViewer GmbH)
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation)
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2008-04-14] (Microsoft Corporation)
S3 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation)
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation)
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)
R2 winvnc; C:\Program Files\TightVNC\WinVNC.exe [585728 2009-03-05] (TightVNC Group) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2008-04-14] (Microsoft Corporation)
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
S3 WPFFontCache_v0400; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [753504 2010-03-18] (Microsoft Corporation)
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
R2 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [X]
S3 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\WINDOWS\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\WINDOWS\System32\DRIVERS\lgandnetdiag2.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\WINDOWS\System32\DRIVERS\lgandnetndis.sys [70656 2013-04-23] (LG Electronics Inc.)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R3 axsaki; C:\WINDOWS\System32\DRIVERS\axsaki.sys [102624 2003-03-30] ( ) [File not signed]
R3 axskbus; C:\WINDOWS\System32\DRIVERS\axskbus.sys [8640 2003-03-28] ( ) [File not signed]
S2 BT848; C:\WINDOWS\System32\drivers\BT848.SYS [294380 2002-02-22] (TelSignal Co., Ltd.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [118768 2013-09-17] (ESET)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [12288 2014-01-07] ()
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [36864 2008-06-26] (Atheros Communications, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2009-12-02] (Lavasoft AB)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\09AA0966.sys [110296 2014-10-11] (Malwarebytes Corporation)
R0 mrdd; C:\WINDOWS\System32\DRIVERS\mrdd.sys [18984 2008-11-12] (Marvell Semiconductor, Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R0 mv61xx; C:\WINDOWS\System32\DRIVERS\mv61xx.sys [152616 2009-02-09] (Marvell Semiconductor, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [31846 2006-01-10] () [File not signed]
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [0 2014-10-12] () [File not signed]
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.) [File not signed]
S3 PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) [File not signed]
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2006-05-16] (Sonic Solutions) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [99776 2012-08-14] (Acronis) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [685816 2013-10-10] () [File not signed]
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [34808 2014-10-11] ()
S3 w810bus; C:\WINDOWS\System32\DRIVERS\w810bus.sys [58288 2006-02-20] (MCCI)
S3 w810mdfl; C:\WINDOWS\System32\DRIVERS\w810mdfl.sys [8336 2006-02-20] (MCCI)
S3 w810mdm; C:\WINDOWS\System32\DRIVERS\w810mdm.sys [94064 2006-02-20] (MCCI)
S3 w810mgmt; C:\WINDOWS\System32\DRIVERS\w810mgmt.sys [85408 2006-02-20] (MCCI)
S3 w810obex; C:\WINDOWS\System32\DRIVERS\w810obex.sys [83344 2006-02-20] (MCCI)
U5 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [0 2014-10-12] () [File not signed]
U5 360AvFlt; C:\Windows\System32\Drivers\360AvFlt.sys [0 2014-10-12] () [File not signed]
U5 360Box; C:\Windows\System32\Drivers\360Box.sys [0 2014-10-12] () [File not signed]
U5 360Box64; C:\Windows\System32\Drivers\360Box64.sys [0 2014-10-12] () [File not signed]
U5 360Camera; C:\Windows\System32\Drivers\360Camera.sys [0 2014-10-12] () [File not signed]
U5 360fsflt; C:\Windows\System32\Drivers\360fsflt.sys [0 2014-10-12] () [File not signed]
U5 360SelfProtection; C:\Windows\System32\Drivers\360SelfProtection.sys [0 2014-10-12] () <===== ATTENTION Necurs Rootkit?
S0 69512100; system32\DRIVERS\69512100.sys [X]
U5 ABndis; C:\Windows\System32\Drivers\ABndis.sys [0 2014-10-12] () [File not signed]
U5 AFW; C:\Windows\System32\Drivers\AFW.sys [0 2014-10-12] () [File not signed]
U5 afwcore; C:\Windows\System32\Drivers\afwcore.sys [0 2014-10-12] () [File not signed]
U5 AhnFlt2K; C:\Windows\System32\Drivers\AhnFlt2K.sys [0 2014-10-12] () [File not signed]
U5 AhnRec2K; C:\Windows\System32\Drivers\AhnRec2K.sys [0 2014-10-12] () [File not signed]
U5 AhnRghNt; C:\Windows\System32\Drivers\AhnRghNt.sys [0 2014-10-12] () [File not signed]
U5 AhnSZE; C:\Windows\System32\Drivers\AhnSZE.sys [0 2014-10-12] () [File not signed]
U5 ALE_NF; C:\Windows\System32\Drivers\ALE_NF.sys [0 2014-10-12] () [File not signed]
U5 AMonLWLH; C:\Windows\System32\Drivers\AMonLWLH.sys [0 2014-10-12] () [File not signed]
U5 AMonTDLH; C:\Windows\System32\Drivers\AMonTDLH.sys [0 2014-10-12] () [File not signed]
U5 APPFLT; C:\Windows\System32\Drivers\APPFLT.sys [0 2014-10-12] () [File not signed]
U5 arcawfp; C:\Windows\System32\Drivers\arcawfp.sys [0 2014-10-12] () [File not signed]
U5 aswHwid; C:\Windows\System32\Drivers\aswHwid.sys [0 2014-10-12] () [File not signed]
U5 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [0 2014-10-12] () [File not signed]
U5 aswNdis; C:\Windows\System32\Drivers\aswNdis.sys [0 2014-10-12] () [File not signed]
U5 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [0 2014-10-12] () [File not signed]
U5 aswNdisFlt; C:\Windows\System32\Drivers\aswNdisFlt.sys [0 2014-10-12] () [File not signed]
U5 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [0 2014-10-12] () [File not signed]
U5 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [0 2014-10-12] () [File not signed]
U5 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [0 2014-10-12] () [File not signed]
U5 aswSP; C:\Windows\System32\Drivers\aswSP.sys [0 2014-10-12] () [File not signed]
U5 aswStm; C:\Windows\System32\Drivers\aswStm.sys [0 2014-10-12] () [File not signed]
U5 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [0 2014-10-12] () [File not signed]
U5 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [0 2014-10-12] () [File not signed]
U5 avasdmft; C:\Windows\System32\Drivers\avasdmft.sys [0 2014-10-12] () [File not signed]
U5 avc3; C:\Windows\System32\Drivers\avc3.sys [0 2014-10-12] () [File not signed]
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [0 2014-10-12] () [File not signed]
U5 avckf; C:\Windows\System32\Drivers\avckf.sys [0 2014-10-12] () [File not signed]
U5 Avgboota; C:\Windows\System32\Drivers\Avgboota.sys [0 2014-10-12] () [File not signed]
U5 Avgbootx; C:\Windows\System32\Drivers\Avgbootx.sys [0 2014-10-12] () [File not signed]
U5 Avgdiska; C:\Windows\System32\Drivers\Avgdiska.sys [0 2014-10-12] () [File not signed]
U5 Avgdiskx; C:\Windows\System32\Drivers\Avgdiskx.sys [0 2014-10-12] () [File not signed]
U5 Avgfwdx; C:\Windows\System32\Drivers\Avgfwdx.sys [0 2014-10-12] () [File not signed]
U5 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [0 2014-10-12] () [File not signed]
U5 AVGIDSHX; C:\Windows\System32\Drivers\AVGIDSHX.sys [0 2014-10-12] () [File not signed]
U5 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [0 2014-10-12] () [File not signed]
U5 Avgldx86; C:\Windows\System32\Drivers\Avgldx86.sys [0 2014-10-12] () [File not signed]
U5 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [0 2014-10-12] () [File not signed]
U5 Avglogx; C:\Windows\System32\Drivers\Avglogx.sys [0 2014-10-12] () [File not signed]
U5 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [0 2014-10-12] () [File not signed]
U5 Avgmfx86; C:\Windows\System32\Drivers\Avgmfx86.sys [0 2014-10-12] () [File not signed]
U5 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [0 2014-10-12] () [File not signed]
U5 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [0 2014-10-12] () [File not signed]
U5 Avgrkx86; C:\Windows\System32\Drivers\Avgrkx86.sys [0 2014-10-12] () [File not signed]
U5 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [0 2014-10-12] () [File not signed]
U5 Avgtdix; C:\Windows\System32\Drivers\Avgtdix.sys [0 2014-10-12] () [File not signed]
U5 Avgwfpa; C:\Windows\System32\Drivers\Avgwfpa.sys [0 2014-10-12] () [File not signed]
U5 Avgwfpx; C:\Windows\System32\Drivers\Avgwfpx.sys [0 2014-10-12] () [File not signed]
U5 avipbb; C:\Windows\System32\Drivers\avipbb.sys [0 2014-10-12] () [File not signed]
U5 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [0 2014-10-12] () [File not signed]
U5 avnetflt; C:\Windows\System32\Drivers\avnetflt.sys [0 2014-10-12] () [File not signed]
U5 BAPIDRV; C:\Windows\System32\Drivers\BAPIDRV.sys [0 2014-10-12] () [File not signed]
U5 Bcfilter; C:\Windows\System32\Drivers\Bcfilter.sys [0 2014-10-12] () [File not signed]
U5 bcfsrm; C:\Windows\System32\Drivers\bcfsrm.sys [0 2014-10-12] () [File not signed]
U5 bcftdi; C:\Windows\System32\Drivers\bcftdi.sys [0 2014-10-12] () [File not signed]
U5 bc_hash_f; C:\Windows\System32\Drivers\bc_hash_f.sys [0 2014-10-12] () [File not signed]
U5 bc_ip_f; C:\Windows\System32\Drivers\bc_ip_f.sys [0 2014-10-12] () [File not signed]
U5 bc_ngn; C:\Windows\System32\Drivers\bc_ngn.sys [0 2014-10-12] () [File not signed]
U5 bc_pat_f; C:\Windows\System32\Drivers\bc_pat_f.sys [0 2014-10-12] () [File not signed]
U5 bc_prt_f; C:\Windows\System32\Drivers\bc_prt_f.sys [0 2014-10-12] () [File not signed]
U5 bc_tdi_f; C:\Windows\System32\Drivers\bc_tdi_f.sys [0 2014-10-12] () [File not signed]
U5 BdAgent; C:\Windows\System32\Drivers\BdAgent.sys [0 2014-10-12] () [File not signed]
U5 bdelam; C:\Windows\System32\Drivers\bdelam.sys [0 2014-10-12] () [File not signed]
U5 Bdfndisf; C:\Windows\System32\Drivers\Bdfndisf.sys [0 2014-10-12] () [File not signed]
U5 bdfsfltr; C:\Windows\System32\Drivers\bdfsfltr.sys [0 2014-10-12] () [File not signed]
U5 BdNet; C:\Windows\System32\Drivers\BdNet.sys [0 2014-10-12] () [File not signed]
U5 BDSandBox; C:\Windows\System32\Drivers\BDSandBox.sys [0 2014-10-12] () [File not signed]
U5 bdsflt; C:\Windows\System32\Drivers\bdsflt.sys [0 2014-10-12] () [File not signed]
U5 bdsnm; C:\Windows\System32\Drivers\bdsnm.sys [0 2014-10-12] () [File not signed]
U5 BdSpy; C:\Windows\System32\Drivers\BdSpy.sys [0 2014-10-12] () [File not signed]
U5 BDVEDISK; C:\Windows\System32\Drivers\BDVEDISK.sys [0 2014-10-12] () [File not signed]
U5 Bfilter; C:\Windows\System32\Drivers\Bfilter.sys [0 2014-10-12] () [File not signed]
U5 Bfmon; C:\Windows\System32\Drivers\Bfmon.sys [0 2014-10-12] () [File not signed]
U5 Bhbase; C:\Windows\System32\Drivers\Bhbase.sys [0 2014-10-12] () [File not signed]
U5 Bprotect; C:\Windows\System32\Drivers\Bprotect.sys [0 2014-10-12] () [File not signed]
S2 BTTUNER; system32\drivers\BTTUNER.SYS [X]
S2 BTXBAR; system32\drivers\BTXBAR.SYS [X]
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
U5 catflt; C:\Windows\System32\Drivers\catflt.sys [0 2014-10-12] () [File not signed]
U5 CdmDrvNt; C:\Windows\System32\Drivers\CdmDrvNt.sys [0 2014-10-12] () [File not signed]
U5 cfwids; C:\Windows\System32\Drivers\cfwids.sys [0 2014-10-12] () [File not signed]
U5 cmderd; C:\Windows\System32\Drivers\cmderd.sys [0 2014-10-12] () [File not signed]
U5 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [0 2014-10-12] () [File not signed]
U5 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [0 2014-10-12] () [File not signed]
U5 ComFiltr; C:\Windows\System32\Drivers\ComFiltr.sys [0 2014-10-12] () [File not signed]
U5 DrWebLwf; C:\Windows\System32\Drivers\DrWebLwf.sys [0 2014-10-12] () [File not signed]
U5 DSAFLT; C:\Windows\System32\Drivers\DSAFLT.sys [0 2014-10-12] () [File not signed]
U5 DwProt; C:\Windows\System32\Drivers\DwProt.sys [0 2014-10-12] () [File not signed]
U5 eamon; C:\Windows\System32\Drivers\eamon.sys [0 2014-10-12] () [File not signed]
U5 eamonm; C:\Windows\System32\Drivers\eamonm.sys [0 2014-10-12] () [File not signed]
U5 econceal; C:\Windows\System32\Drivers\econceal.sys [0 2014-10-12] () [File not signed]
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [0 2014-10-12] () [File not signed]
U5 EfiMon; C:\Windows\System32\Drivers\EfiMon.sys [0 2014-10-12] () [File not signed]
U5 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [0 2014-10-12] () [File not signed]
U5 epfw; C:\Windows\System32\Drivers\epfw.sys [0 2014-10-12] () [File not signed]
U5 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [0 2014-10-12] () [File not signed]
U5 Epfwndis; C:\Windows\System32\Drivers\Epfwndis.sys [0 2014-10-12] () [File not signed]
U5 epfwtdi; C:\Windows\System32\Drivers\epfwtdi.sys [0 2014-10-12] () [File not signed]
U5 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [0 2014-10-12] () [File not signed]
U5 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [0 2014-10-12] () [File not signed]
U5 FNETMON; C:\Windows\System32\Drivers\FNETMON.sys [0 2014-10-12] () [File not signed]
U5 FPAV_RTP; C:\Windows\System32\Drivers\FPAV_RTP.sys [0 2014-10-12] () [File not signed]
U5 fsbts; C:\Windows\System32\Drivers\fsbts.sys [0 2014-10-12] () [File not signed]
U5 FWCore; C:\Windows\System32\Drivers\FWCore.sys [0 2014-10-12] () [File not signed]
U5 GDBehave; C:\Windows\System32\Drivers\GDBehave.sys [0 2014-10-12] () [File not signed]
U5 GDNdisIc; C:\Windows\System32\Drivers\GDNdisIc.sys [0 2014-10-12] () [File not signed]
U5 gfiark; C:\Windows\System32\Drivers\gfiark.sys [0 2014-10-12] () [File not signed]
U5 gfiutil; C:\Windows\System32\Drivers\gfiutil.sys [0 2014-10-12] () [File not signed]
U5 ggc; C:\Windows\System32\Drivers\ggc.sys [0 2014-10-12] () [File not signed]
U5 gzflt; C:\Windows\System32\Drivers\gzflt.sys [0 2014-10-12] () [File not signed]
U5 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [0 2014-10-12] () [File not signed]
U5 HookCentre; C:\Windows\System32\Drivers\HookCentre.sys [0 2014-10-12] () [File not signed]
U5 HookPort; C:\Windows\System32\Drivers\HookPort.sys [0 2014-10-12] () [File not signed]
U5 hooksys; C:\Windows\System32\Drivers\hooksys.sys [0 2014-10-12] () [File not signed]
U5 HookTdi; C:\Windows\System32\Drivers\HookTdi.sys [0 2014-10-12] () [File not signed]
U5 IDSFLT; C:\Windows\System32\Drivers\IDSFLT.sys [0 2014-10-12] () [File not signed]
U5 inspect; C:\Windows\System32\Drivers\inspect.sys [0 2014-10-12] () [File not signed]
S4 IntelIde; No ImagePath
U5 K7FWFilt; C:\Windows\System32\Drivers\K7FWFilt.sys [0 2014-10-12] () [File not signed]
U5 K7FWHlpr; C:\Windows\System32\Drivers\K7FWHlpr.sys [0 2014-10-12] () [File not signed]
U5 K7Sentry; C:\Windows\System32\Drivers\K7Sentry.sys [0 2014-10-12] () [File not signed]
U5 K7TdiHlp; C:\Windows\System32\Drivers\K7TdiHlp.sys [0 2014-10-12] () [File not signed]
U5 kl1; C:\Windows\System32\Drivers\kl1.sys [0 2014-10-12] () [File not signed]
U5 klelam; C:\Windows\System32\Drivers\klelam.sys [0 2014-10-12] () [File not signed]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [0 2014-10-12] () [File not signed]
U5 klhk; C:\Windows\System32\Drivers\klhk.sys [0 2014-10-12] () [File not signed]
U5 KLIF; C:\Windows\System32\Drivers\KLIF.sys [0 2014-10-12] () [File not signed]
U5 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [0 2014-10-12] () [File not signed]
U5 klpd; C:\Windows\System32\Drivers\klpd.sys [0 2014-10-12] () [File not signed]
U5 kltdi; C:\Windows\System32\Drivers\kltdi.sys [0 2014-10-12] () [File not signed]
U5 klwfp; C:\Windows\System32\Drivers\klwfp.sys [0 2014-10-12] () [File not signed]
U5 KmxAgent; C:\Windows\System32\Drivers\KmxAgent.sys [0 2014-10-12] () [File not signed]
U5 KmxAMRT; C:\Windows\System32\Drivers\KmxAMRT.sys [0 2014-10-12] () [File not signed]
U5 KmxCF; C:\Windows\System32\Drivers\KmxCF.sys [0 2014-10-12] () [File not signed]
U5 KmxCfg; C:\Windows\System32\Drivers\KmxCfg.sys [0 2014-10-12] () [File not signed]
U5 KmxFile; C:\Windows\System32\Drivers\KmxFile.sys [0 2014-10-12] () [File not signed]
U5 KmxFilter; C:\Windows\System32\Drivers\KmxFilter.sys [0 2014-10-12] () [File not signed]
U5 KmxFw; C:\Windows\System32\Drivers\KmxFw.sys [0 2014-10-12] () [File not signed]
U5 KmxSbx; C:\Windows\System32\Drivers\KmxSbx.sys [0 2014-10-12] () [File not signed]
U5 KmxStart; C:\Windows\System32\Drivers\KmxStart.sys [0 2014-10-12] () [File not signed]
U5 kneps; C:\Windows\System32\Drivers\kneps.sys [0 2014-10-12] () [File not signed]
U5 kvnet; C:\Windows\System32\Drivers\kvnet.sys [0 2014-10-12] () [File not signed]
U5 kwflower; C:\Windows\System32\Drivers\kwflower.sys [0 2014-10-12] () [File not signed]
U5 kwfupper; C:\Windows\System32\Drivers\kwfupper.sys [0 2014-10-12] () [File not signed]
U5 llio; C:\Windows\System32\Drivers\llio.sys [0 2014-10-12] () [File not signed]
U5 McPvDrv; C:\Windows\System32\Drivers\McPvDrv.sys [0 2014-10-12] () [File not signed]
U5 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [0 2014-10-12] () [File not signed]
U5 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [0 2014-10-12] () [File not signed]
U5 mfebopk; C:\Windows\System32\Drivers\mfebopk.sys [0 2014-10-12] () [File not signed]
U5 mfeelamk; C:\Windows\System32\Drivers\mfeelamk.sys [0 2014-10-12] () [File not signed]
U5 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [0 2014-10-12] () [File not signed]
U5 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [0 2014-10-12] () [File not signed]
U5 mfencbdc; C:\Windows\System32\Drivers\mfencbdc.sys [0 2014-10-12] () [File not signed]
U5 mfencrk; C:\Windows\System32\Drivers\mfencrk.sys [0 2014-10-12] () [File not signed]
U5 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [0 2014-10-12] () [File not signed]
U5 mscank; C:\Windows\System32\Drivers\mscank.sys [0 2014-10-12] () [File not signed]
U5 netfilter; C:\Windows\System32\Drivers\netfilter.sys [0 2014-10-10] () [File not signed]
U5 NETFLTDI; C:\Windows\System32\Drivers\NETFLTDI.sys [0 2014-10-12] () [File not signed]
U5 nnetsec; C:\Windows\System32\Drivers\nnetsec.sys [0 2014-10-12] () [File not signed]
U5 NNSALPC; C:\Windows\System32\Drivers\NNSALPC.sys [0 2014-10-12] () [File not signed]
U5 NNSHTTP; C:\Windows\System32\Drivers\NNSHTTP.sys [0 2014-10-12] () [File not signed]
U5 NNSHTTPS; C:\Windows\System32\Drivers\NNSHTTPS.sys [0 2014-10-12] () [File not signed]
U5 NNSIDS; C:\Windows\System32\Drivers\NNSIDS.sys [0 2014-10-12] () [File not signed]
U5 NNSNAHS; C:\Windows\System32\Drivers\NNSNAHS.sys [0 2014-10-12] () [File not signed]
U5 NNSNAHSL; C:\Windows\System32\Drivers\NNSNAHSL.sys [0 2014-10-12] () [File not signed]
U5 NNSPICC; C:\Windows\System32\Drivers\NNSPICC.sys [0 2014-10-12] () [File not signed]
U5 NNSPIHS; C:\Windows\System32\Drivers\NNSPIHS.sys [0 2014-10-12] () [File not signed]
U5 NNSPIHSW; C:\Windows\System32\Drivers\NNSPIHSW.sys [0 2014-10-12] () [File not signed]
U5 NNSPOP3; C:\Windows\System32\Drivers\NNSPOP3.sys [0 2014-10-12] () [File not signed]
U5 NNSPROT; C:\Windows\System32\Drivers\NNSPROT.sys [0 2014-10-12] () [File not signed]
U5 NNSPRV; C:\Windows\System32\Drivers\NNSPRV.sys [0 2014-10-12] () [File not signed]
U5 NNSSMTP; C:\Windows\System32\Drivers\NNSSMTP.sys [0 2014-10-12] () [File not signed]
U5 NNSSTRM; C:\Windows\System32\Drivers\NNSSTRM.sys [0 2014-10-12] () [File not signed]
U5 NNSTLSC; C:\Windows\System32\Drivers\NNSTLSC.sys [0 2014-10-12] () [File not signed]
U5 OAmon; C:\Windows\System32\Drivers\OAmon.sys [0 2014-10-12] () [File not signed]
U5 OAnet; C:\Windows\System32\Drivers\OAnet.sys [0 2014-10-12] () [File not signed]
U5 pavboot; C:\Windows\System32\Drivers\pavboot.sys [0 2014-10-12] () [File not signed]
U5 PavProc; C:\Windows\System32\Drivers\PavProc.sys [0 2014-10-12] () [File not signed]
U5 PSINAflt; C:\Windows\System32\Drivers\PSINAflt.sys [0 2014-10-12] () [File not signed]
U5 PSINFile; C:\Windows\System32\Drivers\PSINFile.sys [0 2014-10-12] () [File not signed]
U5 PSINKNC; C:\Windows\System32\Drivers\PSINKNC.sys [0 2014-10-12] () [File not signed]
U5 PSINProc; C:\Windows\System32\Drivers\PSINProc.sys [0 2014-10-12] () [File not signed]
U5 PSINProt; C:\Windows\System32\Drivers\PSINProt.sys [0 2014-10-12] () [File not signed]
U5 PSINReg; C:\Windows\System32\Drivers\PSINReg.sys [0 2014-10-12] () [File not signed]
U5 PSKMAD; C:\Windows\System32\Drivers\PSKMAD.sys [0 2014-10-12] () [File not signed]
U5 qutmipc; C:\Windows\System32\Drivers\qutmipc.sys [0 2014-10-12] () [File not signed]
U5 SandBox; C:\Windows\System32\Drivers\SandBox.sys [0 2014-10-12] () [File not signed]
U5 SAVOnAccess; C:\Windows\System32\Drivers\SAVOnAccess.sys [0 2014-10-12] () [File not signed]
U5 SAVOnAccessControl; C:\Windows\System32\Drivers\SAVOnAccessControl.sys [0 2014-10-12] () <===== ATTENTION Necurs Rootkit?
U5 SAVOnAccessFilter; C:\Windows\System32\Drivers\SAVOnAccessFilter.sys [0 2014-10-12] () <===== ATTENTION Necurs Rootkit?
U5 sbaphd; C:\Windows\System32\Drivers\sbaphd.sys [0 2014-10-12] () [File not signed]
U5 sbapifs; C:\Windows\System32\Drivers\sbapifs.sys [0 2014-10-12] () [File not signed]
U5 SbFw; C:\Windows\System32\Drivers\SbFw.sys [0 2014-10-12] () [File not signed]
U5 sbhips; C:\Windows\System32\Drivers\sbhips.sys [0 2014-10-12] () [File not signed]
U5 sbtis; C:\Windows\System32\Drivers\sbtis.sys [0 2014-10-12] () [File not signed]
U5 sbwtis; C:\Windows\System32\Drivers\sbwtis.sys [0 2014-10-12] () [File not signed]
U5 scfdriver; C:\Windows\System32\Drivers\scfdriver.sys [0 2014-10-12] () [File not signed]
U5 scfndis; C:\Windows\System32\Drivers\scfndis.sys [0 2014-10-12] () [File not signed]
U5 ShldFlt; C:\Windows\System32\Drivers\ShldFlt.sys [0 2014-10-12] () [File not signed]
U5 SKMScan; C:\Windows\System32\Drivers\SKMScan.sys [0 2014-10-12] () [File not signed]
U5 SophosBootDriver; C:\Windows\System32\Drivers\SophosBootDriver.sys [0 2014-10-12] () <===== ATTENTION Necurs Rootkit?
U5 SpiderG3; C:\Windows\System32\Drivers\SpiderG3.sys [0 2014-10-12] () [File not signed]
U5 ssmdrv; C:\Windows\System32\Drivers\ssmdrv.sys [0 2014-10-12] () [File not signed]
U5 SymEvent; C:\Windows\System32\Drivers\SymEvent.sys [0 2014-10-12] () [File not signed]
U5 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [0 2014-10-12] () [File not signed]
U5 tdifw; C:\Windows\System32\Drivers\tdifw.sys [0 2014-10-12] () [File not signed]
U5 tdi_nf; C:\Windows\System32\Drivers\tdi_nf.sys [0 2014-10-12] () [File not signed]
U5 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [0 2014-10-12] () [File not signed]
U5 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [0 2014-10-12] () [File not signed]
U5 tmeevw; C:\Windows\System32\Drivers\tmeevw.sys [0 2014-10-12] () [File not signed]
U5 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [0 2014-10-12] () [File not signed]
U5 tmnciesc; C:\Windows\System32\Drivers\tmnciesc.sys [0 2014-10-12] () [File not signed]
U5 tmusa; C:\Windows\System32\Drivers\tmusa.sys [0 2014-10-12] () [File not signed]
U5 tpdevflt; C:\Windows\System32\Drivers\tpdevflt.sys [0 2014-10-12] () [File not signed]
U5 tpsec; C:\Windows\System32\Drivers\tpsec.sys [0 2014-10-12] () [File not signed]
U5 trufos; C:\Windows\System32\Drivers\trufos.sys [0 2014-10-12] () [File not signed]
U5 TS4NT; C:\Windows\System32\Drivers\TS4NT.sys [0 2014-10-12] () [File not signed]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-02-18] () [File not signed]
U5 v3engine; C:\Windows\System32\Drivers\v3engine.sys [0 2014-10-12] () [File not signed]
U5 VBEngNT; C:\Windows\System32\Drivers\VBEngNT.sys [0 2014-10-12] () [File not signed]
U5 Vsdatant; C:\Windows\System32\Drivers\Vsdatant.sys [0 2014-10-12] () [File not signed]
U5 webssx; C:\Windows\System32\Drivers\webssx.sys [0 2014-10-12] () [File not signed]
U5 WNMFLT; C:\Windows\System32\Drivers\WNMFLT.sys [0 2014-10-12] () [File not signed]
U5 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [0 2014-10-12] () [File not signed]
U5 wsnf; C:\Windows\System32\Drivers\wsnf.sys [0 2014-10-12] () [File not signed]
U5 wstif; C:\Windows\System32\Drivers\wstif.sys [0 2014-10-12] () [File not signed]
U3 a1b36fpo; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 03:30 - 2014-10-12 03:36 - 00000000 ____D () C:\FRST
2014-10-12 03:26 - 2014-10-12 03:26 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ehdrv.sys
2014-10-12 03:26 - 2014-10-12 03:26 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\eamon.sys
2014-10-12 03:26 - 2014-10-12 03:26 - 00000000 ____H () C:\Documents and Settings\All Users\Application Data\cm-lock
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Zillya Internet Security
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Zillya Antivirus
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\WRData
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\WinRoute Pro
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Windows Defender
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Winalysis
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Webroot
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\VIPRE
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Vba32
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\UnThreat AntiVirus
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\UnThreat
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\TrustPort
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\TrojanHunter 5.5
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\TrojanHunter
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Trend Micro
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\TotalDefense
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Total Defense
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Symantec AntiVirus
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\StopSign
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\SpyShelter Premium
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\SpyShelter
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Spybot - Search & Destroy 2
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Spybot - Search & Destroy
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Sophos
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Rising
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Quick Heal
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\PSafe
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Proland Software
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Proland
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\PC Tools Security
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\pandasecuritytb
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Panda Security URL Filtering
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Panda Security
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Padvish Antivirus
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\OnlineArmor
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Online Armor
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Norton Internet Security
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Norton AntiVirus
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Norton 360
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Norman
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\nanolsp
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\nanoav
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\NANO Antivirus
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\mks_vir_9
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\MicroWorld
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Microsoft Security Client
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\McAfeeMOBK
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\McAfee.com
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\McAfee Security Scan
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\McAfee
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Malwarebytes' Anti-Malware
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Malwarebytes
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Malware Defender
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Lavasoft
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Kerio
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Kaspersky Lab
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\K7 Computing
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Jetico
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\IObit
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\IKARUS
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\GFI
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\G DATA Software
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\G Data
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\F-Secure
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\FRISK Software
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Fortego Security
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Filseclab
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\ESET
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\eScan
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Emsisoft Anti-Malware
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\eAcceleration
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\DrWeb Enterprise Suite
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\DrWeb
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Doctor Web
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Comodo Downloader
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\COMODO
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\ClamWin
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\CheckPoint
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\CA
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\BullGuard Ltd
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\BullGuard
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\BitGuard
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Bitdefender
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Baidu Security
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Avira
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\AVG Nation toolbar
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\AVG
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\AVAST Software
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Avanquest
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Arcabit
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\AntiVirus
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Alwil Software
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\AhnLab
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Agnitum
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Acceleration Software
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\360SD
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\360
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\.clamwin
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Zillya Internet Security
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Zillya Antivirus
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\WRData
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\WinRoute Pro
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Windows Defender
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Winalysis
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Webroot
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\VIPRE
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Vba32
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\UnThreat AntiVirus
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\UnThreat
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\TrustPort
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\TrojanHunter 5.5
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\TrojanHunter
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Trend Micro
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\TotalDefense
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Total Defense
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Symantec AntiVirus
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\StopSign
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\SpyShelter Premium
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\SpyShelter
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Sophos
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Rising
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Quick Heal
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\PSafe
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Proland Software
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Proland
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\PC Tools Security
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\pandasecuritytb
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Panda Security
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Padvish Antivirus
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\OnlineArmor
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Online Armor
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Norton Internet Security
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Norton AntiVirus
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Norton 360
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Norman
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\nanolsp
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\nanoav
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\NANO Antivirus
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\mks_vir_9
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\MicroWorld
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Microsoft Security Client
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\McAfeeMOBK
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\McAfee.com
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\McAfee
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Malware
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Malware Defender
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Kerio
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\K7 Computing
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Jetico
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\IObit
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\IKARUS
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\GFI
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\G DATA Software
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\G Data
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\F-Secure
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\FRISK Software
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Fortego Security
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Filseclab
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\ESET
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\eScan
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Emsisoft Anti-Malware
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\eAcceleration
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\DrWeb Enterprise Suite
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\DrWeb
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Doctor Web
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\COMODO
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\ClamWin
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\CA
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\BullGuard Ltd
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\BullGuard
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\BitGuard
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Bitdefender
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Baidu Security
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Avira
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\AVG Nation toolbar
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\AVG
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Avanquest
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Arcabit
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\AntiVirus
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Alwil Software
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\AhnLab
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Agnitum
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Acceleration Software
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\360SD
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\360
2014-10-12 03:25 - 2014-10-12 03:26 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\.clamwin
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\wstif.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\wsnf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\WRkrn.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\wnmflt64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\wnmflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\WGX64.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\webssx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\vsdatant.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\VBEngNT.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\v3engine.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\TS4nt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\Trufos.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tpsec.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tpdevflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tmusa.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tmnciesc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tmevtmgr.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tmeevw.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\TMEBC64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\TMEBC32.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tmcomm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tmactmon.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\Teefer.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tdifw.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tdi_nf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\SysPlant.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ssmdrv.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\spiderg3.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\SophosBootDriver.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\skmscan.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ShlDrv51.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ShldFlt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\scfndis.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\scfdriver.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\sbwtis.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\sbtis.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\sbhips.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\SbFwIm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\SbFw.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\sbapifs.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\sbaphd.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\savonaccessfilter.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\savonaccesscontrol.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\savonaccess.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\SandBox64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\SandBox.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\qutmipc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\qutmdrv.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PSKMAD.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PSINReg.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PSINProt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PSINProc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PSINKNC.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PSINFile.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PSINAflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\protreg.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PktIcpt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pctwfpfilter64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PCTSD64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pctplsm64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pctplsg64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pctgntdi64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pctEFA64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pctDS64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PCTCore64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pctBTFix64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PCTBD64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PavProc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pavboot64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pavboot.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\OAnet.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\OAmon.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\oahlp32.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\OADriver.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\nvcv64mf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NSNetmon.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NSKernel.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\npf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNStlsc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSStrm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSSmtp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSPrv.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSProt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSPop3.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSPihsw.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSpihs.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSpicc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSNAHSL.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSNAHS.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSIds.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSHttps.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSHttp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSAlpc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\nnetsecl64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\nnetsecl.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\nnetsec.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NETTDI64.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\neti1644.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\n64i1644.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mwfsmflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mscank.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\MOBK.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\MiniIcpt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfewfpk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfencrk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfencbdc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfehidk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfefirek.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfeelamk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfeclnrk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfebopk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfeavfk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfeapfk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\McPvDrv.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\llio.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\kwfupper.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\kwflower.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\kvnet.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\kneps.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxStart.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxSbx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxFw.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxFilter.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxFile.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxCfg.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxCF.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxAMRT.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxAgent.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\klwfp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\kltdi.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\klpd.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\klim6.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\klim5.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\klif.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\klhk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\klflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\klelam.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\kl2.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\kl1.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\K7TdiHlp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\K7Sentry.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\K7FWHlpr.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\K7FWFilt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\inspect.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\idsflt64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\idsflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\hvm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\HookTdi.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\Hooksys.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\hookport.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\HookHelp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\HookCentre.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\HipShieldK.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\gzflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ggc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\gfiutil.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\gfiark.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\gdwfpcd64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\gdwfpcd32.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\GDTdiIcpt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\GDNdisIc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\gddcv64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\gddcd64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\GDBehave.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\fwcore.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\fsbts.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\FPAV_RTP.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\fnetmon.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\fnetm64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\epfwwfpr.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\epfwwfp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\epfwtdi.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\epfwndis.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\EpfwLWF.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\epfw.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\EMLTDI.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\efimon.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\edevmon.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\econceal.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\eamonm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\dwprot.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\dw_wfp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\dsaflt64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\dsaflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\DrWebLwf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\COMFiltr.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\cmdhlp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\cmdguard.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\cmderd.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\cfwids.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\CdmDrvNt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\catflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\Bprotect.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\Bhbase.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\Bfmon.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\Bfilter.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bdvedisk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\BdSpy.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bdsnm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bdsflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bdsandbox.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\BdNet.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bdfsfltr.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\BdfNdisf6.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bdfndisf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bdelam.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\BdAgent.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bcftdi.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bcfsrm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bcfilter.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bc_tdi_f.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bc_prt_f.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bc_pat_f.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bc_ngn.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bc_ip_f.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bc_hash_f.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\BAPIDRV64.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\BAPIDRV.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avkmgr.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avipbb.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgwfpx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgwfpa.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgtdix.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgtdia.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgrkx86.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgrkx64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgmfx86.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgmfx64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avglogx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgloga.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgldx86.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgldx64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgidsshimx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgidsshimw8x.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgidshx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgidsha.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgidsdriverx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgfwdx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgfwd6x.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgfwd6a.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgdiskx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgdiska.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgbootx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgboota.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avckf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avchv.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avc3.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avasdmft.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswStm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswSP.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswNdis2.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswNdis.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswMon2.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\arcawfp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\apsp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\APPFLT.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\apkhelper.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\AMonTDNt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\AMonTDLH.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\AMonLWLH.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\AMonHKNT.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\amm8660.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\amm8651.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\amm6460.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ale7_nf64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ale7_nf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ale_nf64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ale_nf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ahnsze.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\AhnRghNt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\AhnRec2k.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\AhnFlt2k.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\afwcore.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\afw.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\abp470n5.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\abndis.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\Aavmker4.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360SelfProtection.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360FsFlt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360Camera64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360Camera.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360Box64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360Box.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360AvFlt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360AntiHacker64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360AntiHacker.sys
2014-10-12 02:24 - 2014-10-12 02:24 - 00000512 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 8cd658d0-07e7-4655-9a07-af658958c9ef.job
2014-10-12 02:15 - 2014-10-12 02:15 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\ESET
2014-10-12 01:13 - 2014-10-12 01:13 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
2014-10-12 00:45 - 2014-10-12 00:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2014-10-11 22:31 - 2014-10-11 22:38 - 00000000 ____D () C:\Documents and Settings\All Users\Kaspersky Lab Setup Files
2014-10-11 21:59 - 2014-10-11 21:59 - 00001919 _____ () C:\WINDOWS\epplauncher.mif
2014-10-11 21:59 - 2014-10-11 21:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2014-10-11 19:51 - 2014-10-11 20:10 - 00000945 _____ () C:\Documents and Settings\All Users\Desktop\herdProtect.lnk
2014-10-11 19:51 - 2014-10-11 19:51 - 00000000 ____D () C:\Program Files\Reason
2014-10-11 19:51 - 2014-10-11 19:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\herdProtect
2014-10-11 17:54 - 2014-10-11 18:04 - 00000013 _____ () C:\Documents and Settings\Administrator\Desktop\New Text Document.txt
2014-10-11 17:42 - 2014-10-11 17:42 - 00000000 ____D () C:\Program Files\Windows Resource Kits
2014-10-11 17:21 - 2014-10-11 17:21 - 00060408 _____ () C:\Documents and Settings\Administrator\Desktop\regscanner.zip
2014-10-11 16:05 - 2014-10-11 16:05 - 00014215 _____ () C:\WINDOWS\KB942288-v3.log
2014-10-11 16:05 - 2014-10-11 16:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-10-11 16:05 - 2007-11-30 05:39 - 00017272 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2014-10-11 15:57 - 2014-10-11 15:57 - 00011348 _____ () C:\Documents and Settings\Administrator\Desktop\safemsi.zip
2014-10-11 15:57 - 2014-10-11 15:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\safemsi
2014-10-11 15:44 - 2014-10-11 15:44 - 00001153 _____ () C:\Documents and Settings\Administrator\Desktop\fix2.zip
2014-10-11 15:44 - 2014-10-11 15:44 - 00000397 _____ () C:\Documents and Settings\Administrator\Desktop\fix1.zip
2014-10-11 14:51 - 2014-10-11 14:51 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\09AA0966.sys
2014-10-11 14:31 - 2014-10-11 14:46 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-10-11 14:28 - 2014-10-11 20:16 - 00000512 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 0f52ea52-8cab-4639-a9b7-5137eda1d326.job
2014-10-11 13:28 - 2014-10-11 13:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-11 13:28 - 2014-10-11 13:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-10-11 13:28 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-11 13:28 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-11 12:36 - 2014-10-11 12:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2014-10-11 12:16 - 2014-10-11 12:16 - 00001684 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2014-10-11 12:16 - 2014-10-11 12:16 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Application Data\SUPERAntiSpyware.com
2014-10-11 12:16 - 2014-10-11 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-10-11 12:15 - 2014-10-12 03:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-11 12:15 - 2014-10-11 12:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-10-11 02:40 - 2014-10-12 03:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-10-11 02:40 - 2014-10-11 02:40 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-10-11 02:40 - 2014-10-11 02:40 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-10-11 02:40 - 2014-10-11 02:40 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-10-11 02:40 - 2014-10-11 02:40 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-10-11 02:40 - 2014-10-11 02:40 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-10-11 02:40 - 2014-10-11 02:40 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-10-11 02:40 - 2014-10-11 02:40 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-10-11 02:31 - 2014-10-11 02:31 - 00000000 _RSHD () C:\cmdcons
2014-10-11 02:31 - 2014-08-26 14:30 - 00000245 _____ () C:\Boot.bak
2014-10-11 02:31 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-10-11 02:29 - 2014-10-11 02:46 - 00000000 ____D () C:\WINDOWS\erdnt
2014-10-11 02:29 - 2014-10-11 02:46 - 00000000 ____D () C:\ComboFix
2014-10-11 02:29 - 2014-10-11 02:39 - 00000000 ____D () C:\Qoobox
2014-10-11 02:29 - 2011-06-26 09:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-10-11 02:29 - 2010-11-07 20:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-10-11 02:29 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-10-11 02:29 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-10-11 02:29 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-10-11 02:29 - 2000-08-31 03:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-10-11 02:29 - 2000-08-31 03:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-10-11 02:29 - 2000-08-31 03:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-10-11 02:29 - 2000-08-31 03:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-10-11 01:30 - 2014-10-11 01:31 - 00004478 _____ () C:\Documents and Settings\SomeNewUser\Desktop\Rkill.txt
2014-10-11 00:09 - 2014-10-11 00:09 - 00001981 _____ () C:\Documents and Settings\SomeNewUser\Desktop\SpyHunter.lnk
2014-10-11 00:09 - 2014-10-11 00:09 - 00000000 ____D () C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-10-11 00:09 - 2014-10-11 00:09 - 00000000 ____D () C:\sh4ldr
2014-10-11 00:09 - 2014-10-11 00:09 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-11 00:09 - 2014-10-11 00:09 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-11 00:09 - 2014-10-11 00:09 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Start Menu\Programs\SpyHunter
2014-10-11 00:02 - 2014-10-11 00:02 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-10-11 00:02 - 2014-10-11 00:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-10-10 23:52 - 2014-10-10 23:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-10-10 23:51 - 2014-10-10 23:51 - 00001234 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
2014-10-10 23:50 - 2014-10-10 23:50 - 00000773 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-10-10 23:50 - 2014-10-10 23:50 - 00000744 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2014-10-10 23:50 - 2008-04-14 15:00 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2014-10-10 23:49 - 2014-10-10 23:49 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-10 23:25 - 2014-10-10 23:44 - 00000000 ____D () C:\AdwCleaner
2014-10-10 23:16 - 2014-10-12 03:25 - 00000000 ___SH () C:\WINDOWS\VZT6nsdX.txt
2014-10-10 23:16 - 2014-10-10 23:16 - 00000000 ____D () C:\WINDOWS\system32\Drivers\netfilter.sys
2014-10-10 22:05 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Common Files\TrustPort
2014-10-10 22:05 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Common Files\Panda Security
2014-10-10 22:05 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Common Files\MicroWorld
2014-10-10 22:05 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Common Files\McAfee
2014-10-10 22:05 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Common Files\InfoWatch
2014-10-10 22:05 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Common Files\G Data
2014-10-10 22:05 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Common Files\eAcceleration
2014-10-10 22:05 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Common Files\Doctor Web
2014-10-10 22:05 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Common Files\BullGuard Ltd
2014-10-10 22:05 - 2014-10-12 03:26 - 00000000 __RSH () C:\Program Files\Common Files\Bitdefender
2014-10-10 21:54 - 2014-10-12 03:26 - 00000330 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-10-10 21:49 - 2014-10-11 13:28 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-10 13:54 - 2014-10-10 23:55 - 00000855 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.conf
2014-10-10 13:54 - 2014-10-10 23:21 - 00000000 __SHD () C:\Documents and Settings\SomeNewUser\Application Data\vT2Tj2gpD7Y
2014-10-10 13:54 - 2014-10-10 13:54 - 00000000 ___SH () C:\WINDOWS\PsfjH4KN.txt
2014-10-10 13:54 - 2014-10-10 13:54 - 00000000 ___SH () C:\WINDOWS\F5Ws94kb.txt
2014-10-10 13:50 - 2014-10-10 09:30 - 00002048 _____ () C:\WINDOWS\bootstat2.dat
2014-10-02 13:48 - 2014-10-02 13:48 - 00000097 _____ () C:\New Text Document (2).txt
2014-09-29 22:00 - 2014-09-29 22:00 - 00000730 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-09-25 12:54 - 2014-09-25 12:54 - 00000672 _____ () C:\Documents and Settings\SomeNewUser\Desktop\Core FTP LE.lnk
2014-09-25 12:54 - 2014-09-25 12:54 - 00000000 ____D () C:\Program Files\CoreFTP
2014-09-25 12:54 - 2014-09-25 12:54 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Start Menu\Programs\Core FTP
2014-09-19 15:08 - 2014-09-19 15:34 - 00009980 _____ () C:\Documents and Settings\SomeNewUser\Desktop\G.Popovci - 10.15.1.29.backup
2014-09-16 16:32 - 2014-09-16 16:32 - 00000000 ___RD () C:\Program Files\Skype
2014-09-16 16:32 - 2014-09-16 16:32 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-16 16:32 - 2014-09-16 16:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-09-15 23:07 - 2014-09-15 23:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 03:36 - 2012-07-25 02:07 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Local Settings\Temp
2014-10-12 03:35 - 2012-08-28 17:29 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-12 03:32 - 2012-07-25 02:03 - 00454627 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-12 03:29 - 2012-07-25 02:02 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-10-12 03:28 - 2012-10-28 13:22 - 00857290 _____ () C:\WINDOWS\error.log
2014-10-12 03:28 - 2008-04-14 15:00 - 00001068 _____ () C:\WINDOWS\win.ini
2014-10-12 03:27 - 2012-07-25 04:53 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-10-12 03:26 - 2012-10-28 13:22 - 00016709 _____ () C:\WINDOWS\errord.log
2014-10-12 03:26 - 2012-08-28 17:29 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 03:26 - 2012-07-25 04:53 - 00000053 ____C () C:\WINDOWS\wiaservc.log
2014-10-12 03:26 - 2012-07-25 02:07 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-12 03:23 - 2012-07-25 17:14 - 00001082 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-1801674531-1003UA.job
2014-10-12 03:23 - 2012-07-25 02:07 - 00032508 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-12 03:23 - 2012-07-25 02:07 - 00000278 ___SH () C:\Documents and Settings\SomeNewUser\ntuser.ini
2014-10-12 03:23 - 2012-07-25 02:07 - 00000000 ____D () C:\Documents and Settings\SomeNewUser
2014-10-12 03:22 - 2013-12-29 03:20 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Application Data\BitTorrent
2014-10-12 02:50 - 2014-03-03 19:17 - 00007970 _____ () C:\Documents and Settings\SomeNewUser\Desktop\Mihail Zadornov.txt
2014-10-12 02:17 - 2012-10-05 23:41 - 00000000 ____D () C:\Program Files\Cheat Engine
2014-10-12 02:17 - 2012-07-25 12:48 - 00000000 ____D () C:\Installs
2014-10-12 02:13 - 2012-07-26 02:35 - 00063488 _____ () C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-12 02:13 - 2012-07-26 00:07 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-10-12 02:08 - 2012-07-26 11:39 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-10-12 01:24 - 2012-07-25 17:08 - 00000000 ____D () C:\Program Files\The KMPlayer
2014-10-12 00:36 - 2012-07-25 04:51 - 00172439 _____ () C:\WINDOWS\setupapi.log
2014-10-11 23:23 - 2012-07-25 17:14 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-1801674531-1003Core.job
2014-10-11 23:12 - 2012-07-26 12:37 - 00000178 __SHC () C:\Documents and Settings\Administrator\ntuser.ini
2014-10-11 22:48 - 2013-12-29 03:21 - 00000823 _____ () C:\Documents and Settings\SomeNewUser\Desktop\BitTorrent.lnk
2014-10-11 22:41 - 2012-11-14 01:26 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-10-11 22:41 - 2012-07-25 02:04 - 00002577 _____ () C:\WINDOWS\system32\CONFIG.NT
2014-10-11 21:59 - 2008-04-14 15:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-11 18:03 - 2012-07-25 04:52 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-11 16:05 - 2012-07-25 04:52 - 00068219 ____C () C:\WINDOWS\iis6.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00030088 ____C () C:\WINDOWS\FaxSetup.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00023640 ____C () C:\WINDOWS\ocgen.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00021922 ____C () C:\WINDOWS\comsetup.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00019266 ____C () C:\WINDOWS\tsoc.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00015592 ____C () C:\WINDOWS\msmqinst.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00011613 ____C () C:\WINDOWS\ntdtcsetup.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00006039 ____C () C:\WINDOWS\netfxocm.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00002762 ____C () C:\WINDOWS\MedCtrOC.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00002185 ____C () C:\WINDOWS\tabletoc.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00001911 ____C () C:\WINDOWS\ocmsn.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00001798 ____C () C:\WINDOWS\msgsocm.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-10-11 16:05 - 2012-07-25 04:43 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-10-11 15:46 - 2014-01-13 15:53 - 00006238 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-10-11 15:21 - 2014-02-25 21:19 - 00000000 __SHD () C:\WINDOWS\CSC
2014-10-11 15:07 - 2012-07-26 12:37 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-10-11 13:28 - 2014-09-07 19:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-11 12:23 - 2012-07-25 13:07 - 00000600 _____ () C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\PUTTY.RND
2014-10-11 11:39 - 2012-11-14 12:43 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-10-11 02:43 - 2008-04-14 15:00 - 00000435 _____ () C:\WINDOWS\system.ini
2014-10-11 02:41 - 2012-07-25 04:51 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-10-11 02:41 - 2012-07-25 04:51 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-10-11 02:41 - 2012-07-25 04:50 - 28311552 _____ () C:\WINDOWS\system32\config\software.bak
2014-10-11 02:41 - 2012-07-25 04:50 - 09961472 _____ () C:\WINDOWS\system32\config\system.bak
2014-10-11 02:41 - 2012-07-25 04:50 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2014-10-11 02:31 - 2012-07-25 04:50 - 00000355 __RSH () C:\boot.ini
2014-10-11 00:27 - 2012-07-25 02:07 - 00001605 _____ () C:\Documents and Settings\SomeNewUser\Start Menu\Programs\Remote Assistance.lnk
2014-10-11 00:27 - 2012-07-25 02:04 - 00001605 ____C () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2014-10-11 00:20 - 2012-11-10 01:49 - 00000000 ____D () C:\Documents and Settings\All Users\Local Settings\Temp
2014-10-11 00:15 - 2012-07-25 02:04 - 00001513 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-10-11 00:14 - 2012-07-26 12:37 - 00001605 ____C () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-10-10 23:50 - 2012-07-26 12:37 - 00000798 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-10-10 23:50 - 2012-07-26 12:37 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-10-10 23:50 - 2012-07-25 02:01 - 00005832 ____C () C:\WINDOWS\wmsetup.log
2014-10-10 22:39 - 2012-07-25 04:51 - 00188301 _____ () C:\WINDOWS\setupact.log
2014-10-10 21:48 - 2012-07-26 15:00 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Ashampoo
2014-10-10 15:02 - 2012-07-25 13:26 - 00002497 _____ () C:\Documents and Settings\SomeNewUser\Desktop\Microsoft Office Word 2003.lnk
2014-10-10 13:53 - 2013-04-12 15:45 - 00000000 ____D () C:\Program Files\Adobe
2014-10-10 13:53 - 2012-07-25 02:02 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2014-10-10 09:42 - 2012-07-25 18:29 - 00000000 ____D () C:\Program Files\GetRight
2014-10-10 09:30 - 2012-11-14 14:55 - 00187010 _____ () C:\aaw7boot.log
2014-10-09 23:13 - 2013-10-05 02:11 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Application Data\vlc
2014-10-09 18:52 - 2014-08-26 11:59 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Application Data\.ACEStream
2014-10-09 18:51 - 2012-07-25 13:26 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Application Data\Skype
2014-10-09 18:46 - 2012-09-26 12:50 - 00062675 _____ () C:\Osigurovki - Mitko.txt
2014-10-09 15:52 - 2012-07-26 11:27 - 00000000 ____D () C:\Program Files\ICQ
2014-10-09 15:26 - 2012-07-25 13:25 - 00002495 _____ () C:\Documents and Settings\SomeNewUser\Desktop\Microsoft Office Excel 2003.lnk
2014-10-08 10:39 - 2012-07-25 18:40 - 00000041 _____ () C:\WINDOWS\crw.ini
2014-10-07 01:21 - 2012-07-25 18:12 - 00002397 _____ () C:\Documents and Settings\All Users\Desktop\ACDSee 5.0.lnk
2014-09-30 09:01 - 2012-07-25 12:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-29 22:00 - 2014-08-30 13:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-29 22:00 - 2012-07-25 12:04 - 00000736 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-29 13:18 - 2014-03-07 04:29 - 00000000 ____D () C:\New Movies - Neobraboteni
2014-09-28 00:55 - 2012-10-25 19:54 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Application Data\CoreFTP
2014-09-17 14:00 - 2014-07-07 21:16 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Desktop\Config files - Routers
2014-09-16 16:32 - 2012-07-25 13:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-09-15 23:07 - 2014-02-09 12:06 - 00000821 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 9.lnk
2014-09-13 20:15 - 2013-09-09 20:58 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Desktop\123

Some content of TEMP:
====================
C:\Documents and Settings\SomeNewUser\Local Settings\Temp\rtdrvmon.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

#3
Naathim

Posted 14 October 2014 - 02:34 AM

GeekU Minion

Expert
4,568 posts

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!

First of all, please delete your version of FRST and obtain a fresh one.
When executing scan, don't amend the default settings. Just make sure that the Addition option is checked.
I need two logfiles, FRST.txt and Addition.txt.

I'm also from Central/Eastern Europe, so we may be able to communicate in the timely manner. So far I see that there is MSIL/Injector here. It's a very severe infection.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
When the tool opens click Yes to disclaimer.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

#4
SomeNewUser

Posted 14 October 2014 - 03:25 AM

Member

Topic Starter
Member
30 posts

Hello,

i'm glad that finally someone response

Here is my logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014 01
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apache Software Foundation) C:\Program Files\Apache Group\Apache2\bin\Apache.exe
(CrypKey (Canada) Ltd.) C:\WINDOWS\system32\Crypserv.exe
(Apache Software Foundation) C:\Program Files\Apache Group\Apache2\bin\Apache.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(TightVNC Group) C:\Program Files\TightVNC\WinVNC.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
(DT Soft Ltd.) C:\Program Files\DAEMON Tools\daemon.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
() C:\WINDOWS\Datecs\Flex2K.exe
() C:\WINDOWS\Datecs\FlexWord2K\FlexWord2K.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Simon Tatham) C:\Documents and Settings\SomeNewUser\Desktop\putty.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16876032 2008-07-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-05-15] ()
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Resume copy] => copyfstq.exe /startup
HKLM\...\Run: [Lexmark 1200 Series] => C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [57344 2006-07-13] (Lexmark International, Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SpyHunter Security Suite] => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6434176 2014-10-11] (Enigma Software Group USA, LLC.)
HKLM\...\Run: [egui] => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1957994488-1177238915-1801674531-1003\...\Run: [DAEMON Tools] => C:\Program Files\DAEMON Tools\daemon.exe [167368 2007-08-16] (DT Soft Ltd.)
HKU\S-1-5-21-1957994488-1177238915-1801674531-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-11] (SUPERAntiSpyware)
HKU\S-1-5-21-1957994488-1177238915-1801674531-1003\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1957994488-1177238915-1801674531-1003\...\MountPoints2: {94fa4ea2-d9ac-11e3-bf1a-00e04c164479} - I:\LGAutoRun.exe
HKU\S-1-5-21-1957994488-1177238915-1801674531-1003\...\MountPoints2: {9947af7d-30e7-11e3-9253-00221515cc76} - G:\.\_autorun\autorun_win.exe
HKU\S-1-5-21-1957994488-1177238915-1801674531-500\...\RunOnce: [Kaspersky Setup] => "L:\New Software - Nesortiran\Kaspersky Antivirus and Internet Security 2014 v14.0.0.4651 FINAL\Kaspersky Anti-Virus 2014 14.0.0.4651 Final\kav2014_14.0.0.4651EN_4702.exe" /-new_wait
BootExecute: autocheck autochk * C:\WINDOWS\Temp:1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: bho2gr Class -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -> C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Documents and Settings\SomeNewUser\Application Data\Mozilla\Firefox\Profiles\simr37uq.default
FF Homepage: about:home
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF Plugin: hbgk.net/WebDvrCtrl -> C:\Program Files\WebControl\npWebCtrl.dll (TODO: <公司名>)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.10-next -> C:\Documents and Settings\SomeNewUser\Application Data\ACEStream\player\npace_plugin.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Mozilla Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: AS Magic Player - C:\Documents and Settings\SomeNewUser\Application Data\Mozilla\Firefox\Profiles\simr37uq.default\Extensions\[email protected] [2014-08-26]
FF Extension: DownloadHelper - C:\Documents and Settings\SomeNewUser\Application Data\Mozilla\Firefox\Profiles\simr37uq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-07]
FF Extension: YouTube Video and Audio Downloader - C:\Documents and Settings\SomeNewUser\Application Data\Mozilla\Firefox\Profiles\simr37uq.default\Extensions\[email protected] [2013-11-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://google.bg/"
CHR Profile: C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (MightyText - SMS Text Messaging from Computer) - C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2014-05-13]
CHR Extension: (AS Magic Player) - C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-09-28]
CHR Extension: (Google Wallet) - C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx []
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "360AntiHacker" service was unlocked successfully. <===== ATTENTION
Locked "360AvFlt" service was unlocked successfully. <===== ATTENTION
Locked "360Box" service was unlocked successfully. <===== ATTENTION
Locked "360Box64" service was unlocked successfully. <===== ATTENTION
Locked "360Camera" service was unlocked successfully. <===== ATTENTION
Locked "360fsflt" service was unlocked successfully. <===== ATTENTION
Locked "360rp" service was unlocked successfully. <===== ATTENTION
Locked "360SelfProtection" service was unlocked successfully. <===== ATTENTION
Locked "a2acc" service was unlocked successfully. <===== ATTENTION
Locked "a2AntiMalware" service was unlocked successfully. <===== ATTENTION
Locked "A2DDA" service was unlocked successfully. <===== ATTENTION
Locked "a2injectiondriver" service was unlocked successfully. <===== ATTENTION
Locked "a2util" service was unlocked successfully. <===== ATTENTION
Locked "AAVScan" service was unlocked successfully. <===== ATTENTION
Locked "AAVService" service was unlocked successfully. <===== ATTENTION
Locked "ABConfSV" service was unlocked successfully. <===== ATTENTION
Locked "ABFLT" service was unlocked successfully. <===== ATTENTION
Locked "ABMainSV" service was unlocked successfully. <===== ATTENTION
Locked "ABndis" service was unlocked successfully. <===== ATTENTION
Locked "ABndisMP" service was unlocked successfully. <===== ATTENTION
Locked "ABWFP" service was unlocked successfully. <===== ATTENTION
Locked "acssrv" service was unlocked successfully. <===== ATTENTION
Locked "AFW" service was unlocked successfully. <===== ATTENTION
Locked "afwcore" service was unlocked successfully. <===== ATTENTION
Locked "AhnActNt" service was unlocked successfully. <===== ATTENTION
Locked "AhnFlt2K" service was unlocked successfully. <===== ATTENTION
Locked "AhnRec2K" service was unlocked successfully. <===== ATTENTION
Locked "AhnRghNt" service was unlocked successfully. <===== ATTENTION
Locked "AhnSZE" service was unlocked successfully. <===== ATTENTION
Locked "ALE_NF" service was unlocked successfully. <===== ATTENTION
Locked "AmFSM" service was unlocked successfully. <===== ATTENTION
Locked "Amnpardaz Filter" service was unlocked successfully. <===== ATTENTION
Locked "AMonLWLH" service was unlocked successfully. <===== ATTENTION
Locked "AMonTDLH" service was unlocked successfully. <===== ATTENTION
Locked "Amsp" service was unlocked successfully. <===== ATTENTION
Locked "AntiVirMailService" service was unlocked successfully. <===== ATTENTION
Locked "AntiVirSchedulerService" service was unlocked successfully. <===== ATTENTION
Locked "AntiVirService" service was unlocked successfully. <===== ATTENTION
Locked "AntiVirWebService" service was unlocked successfully. <===== ATTENTION
Locked "APPFLT" service was unlocked successfully. <===== ATTENTION
Locked "Application Updater" service was unlocked successfully. <===== ATTENTION
Locked "apspDriver" service was unlocked successfully. <===== ATTENTION
Locked "ArcaRemoteService" service was unlocked successfully. <===== ATTENTION
Locked "arcawfp" service was unlocked successfully. <===== ATTENTION
Locked "aswHwid" service was unlocked successfully. <===== ATTENTION
Locked "aswMonFlt" service was unlocked successfully. <===== ATTENTION
Locked "aswNdis" service was unlocked successfully. <===== ATTENTION
Locked "aswNdis2" service was unlocked successfully. <===== ATTENTION
Locked "aswNdisFlt" service was unlocked successfully. <===== ATTENTION
Locked "aswRdr" service was unlocked successfully. <===== ATTENTION
Locked "aswRvrt" service was unlocked successfully. <===== ATTENTION
Locked "aswSnx" service was unlocked successfully. <===== ATTENTION
Locked "aswSP" service was unlocked successfully. <===== ATTENTION
Locked "aswStm" service was unlocked successfully. <===== ATTENTION
Locked "aswTdi" service was unlocked successfully. <===== ATTENTION
Locked "aswUpdSv" service was unlocked successfully. <===== ATTENTION
Locked "aswVmm" service was unlocked successfully. <===== ATTENTION
Locked "ASZFltNt" service was unlocked successfully. <===== ATTENTION
Locked "ATamptNt_V3IS80" service was unlocked successfully. <===== ATTENTION
Locked "avasdmft" service was unlocked successfully. <===== ATTENTION
Locked "avast! Antivirus" service was unlocked successfully. <===== ATTENTION
Locked "avast! Firewall" service was unlocked successfully. <===== ATTENTION
Locked "avast! Mail Scanner" service was unlocked successfully. <===== ATTENTION
Locked "avast! Web Scanner" service was unlocked successfully. <===== ATTENTION
Locked "avas_service" service was unlocked successfully. <===== ATTENTION
Locked "AVBackup" service was unlocked successfully. <===== ATTENTION
Locked "avc3" service was unlocked successfully. <===== ATTENTION
Locked "avchv" service was unlocked successfully. <===== ATTENTION
Locked "avckf" service was unlocked successfully. <===== ATTENTION
Locked "Avg" service was unlocked successfully. <===== ATTENTION
Locked "Avgboota" service was unlocked successfully. <===== ATTENTION
Locked "Avgbootx" service was unlocked successfully. <===== ATTENTION
Locked "Avgdiska" service was unlocked successfully. <===== ATTENTION
Locked "Avgdiskx" service was unlocked successfully. <===== ATTENTION
Locked "Avgfwdx" service was unlocked successfully. <===== ATTENTION
Locked "Avgfwfd" service was unlocked successfully. <===== ATTENTION
Locked "avgfws" service was unlocked successfully. <===== ATTENTION
Locked "AVGIDSAgent" service was unlocked successfully. <===== ATTENTION
Locked "AVGIDSDriver" service was unlocked successfully. <===== ATTENTION
Locked "AVGIDSDriverl" service was unlocked successfully. <===== ATTENTION
Locked "AVGIDSHA" service was unlocked successfully. <===== ATTENTION
Locked "AVGIDSHX" service was unlocked successfully. <===== ATTENTION
Locked "AVGIDSShim" service was unlocked successfully. <===== ATTENTION
Locked "Avgldx64" service was unlocked successfully. <===== ATTENTION
Locked "Avgldx86" service was unlocked successfully. <===== ATTENTION
Locked "Avgloga" service was unlocked successfully. <===== ATTENTION
Locked "Avglogx" service was unlocked successfully. <===== ATTENTION
Locked "Avgmfx64" service was unlocked successfully. <===== ATTENTION
Locked "Avgmfx86" service was unlocked successfully. <===== ATTENTION
Locked "avgntflt" service was unlocked successfully. <===== ATTENTION
Locked "Avgrkx64" service was unlocked successfully. <===== ATTENTION
Locked "Avgrkx86" service was unlocked successfully. <===== ATTENTION
Locked "Avgtdia" service was unlocked successfully. <===== ATTENTION
Locked "Avgtdix" service was unlocked successfully. <===== ATTENTION
Locked "avgwd" service was unlocked successfully. <===== ATTENTION
Locked "Avgwfpa" service was unlocked successfully. <===== ATTENTION
Locked "Avgwfpx" service was unlocked successfully. <===== ATTENTION
Locked "avipbb" service was unlocked successfully. <===== ATTENTION
Locked "avkmgr" service was unlocked successfully. <===== ATTENTION
Locked "AVKProxy" service was unlocked successfully. <===== ATTENTION
Locked "AVKService" service was unlocked successfully. <===== ATTENTION
Locked "AVKWCtl" service was unlocked successfully. <===== ATTENTION
Locked "avnetflt" service was unlocked successfully. <===== ATTENTION
Locked "AVP" service was unlocked successfully. <===== ATTENTION
Locked "AVP15.0.0" service was unlocked successfully. <===== ATTENTION
Locked "AVTasks2" service was unlocked successfully. <===== ATTENTION
Locked "AVUpdate" service was unlocked successfully. <===== ATTENTION
Locked "BAPIDRV" service was unlocked successfully. <===== ATTENTION
Locked "BAVSvc" service was unlocked successfully. <===== ATTENTION
Locked "Bcfilter" service was unlocked successfully. <===== ATTENTION
Locked "BcfilterMP" service was unlocked successfully. <===== ATTENTION
Locked "bcfsrm" service was unlocked successfully. <===== ATTENTION
Locked "bcftdi" service was unlocked successfully. <===== ATTENTION
Locked "bc_hash_f" service was unlocked successfully. <===== ATTENTION
Locked "bc_ip_f" service was unlocked successfully. <===== ATTENTION
Locked "bc_ngn" service was unlocked successfully. <===== ATTENTION
Locked "bc_pat_f" service was unlocked successfully. <===== ATTENTION
Locked "bc_prt_f" service was unlocked successfully. <===== ATTENTION
Locked "bc_tdi_f" service was unlocked successfully. <===== ATTENTION
Locked "BdAgent" service was unlocked successfully. <===== ATTENTION
Locked "BdApiUtil" service was unlocked successfully. <===== ATTENTION
Locked "BdCameraProtect" service was unlocked successfully. <===== ATTENTION
Locked "BdDesktopParental" service was unlocked successfully. <===== ATTENTION
Locked "bdelam" service was unlocked successfully. <===== ATTENTION
Locked "Bdfndisf" service was unlocked successfully. <===== ATTENTION
Locked "bdfsfltr" service was unlocked successfully. <===== ATTENTION
Locked "bdftdif" service was unlocked successfully. <===== ATTENTION
Locked "bdfwfpf" service was unlocked successfully. <===== ATTENTION
Locked "bdfwfpf_pc" service was unlocked successfully. <===== ATTENTION
Locked "BdNet" service was unlocked successfully. <===== ATTENTION
Locked "BDSandBox" service was unlocked successfully. <===== ATTENTION
Locked "bdselfpr" service was unlocked successfully. <===== ATTENTION
Locked "bdsflt" service was unlocked successfully. <===== ATTENTION
Locked "bdsnm" service was unlocked successfully. <===== ATTENTION
Locked "BdSpy" service was unlocked successfully. <===== ATTENTION
Locked "BDVEDISK" service was unlocked successfully. <===== ATTENTION
Locked "Behavior Detection System" service was unlocked successfully. <===== ATTENTION
Locked "Bfilter" service was unlocked successfully. <===== ATTENTION
Locked "Bfmon" service was unlocked successfully. <===== ATTENTION
Locked "Bhbase" service was unlocked successfully. <===== ATTENTION
Locked "BHDrvx64" service was unlocked successfully. <===== ATTENTION
Locked "BHDrvx86" service was unlocked successfully. <===== ATTENTION
Locked "BHipsSvc" service was unlocked successfully. <===== ATTENTION
Locked "Bprotect" service was unlocked successfully. <===== ATTENTION
Locked "Browser Defender Update Service" service was unlocked successfully. <===== ATTENTION
Locked "BsBackup" service was unlocked successfully. <===== ATTENTION
Locked "BsBhvScan" service was unlocked successfully. <===== ATTENTION
Locked "BsFileScan" service was unlocked successfully. <===== ATTENTION
Locked "BsFire" service was unlocked successfully. <===== ATTENTION
Locked "BsMailProxy" service was unlocked successfully. <===== ATTENTION
Locked "BsMain" service was unlocked successfully. <===== ATTENTION
Locked "BsScanner" service was unlocked successfully. <===== ATTENTION
Locked "BsUpdate" service was unlocked successfully. <===== ATTENTION
Locked "CAAMSvc" service was unlocked successfully. <===== ATTENTION
Locked "CaCCProvSP" service was unlocked successfully. <===== ATTENTION
Locked "CAISafe" service was unlocked successfully. <===== ATTENTION
Locked "catflt" service was unlocked successfully. <===== ATTENTION
Locked "ccSchedulerSVC" service was unlocked successfully. <===== ATTENTION
Locked "ccSettings_{3AC20362-8119-4C85-8CAC-8FC00AFA6B91}" service was unlocked successfully. <===== ATTENTION
Locked "ccSet_N360" service was unlocked successfully. <===== ATTENTION
Locked "ccSet_NIS" service was unlocked successfully. <===== ATTENTION
Locked "CdmDrvNt" service was unlocked successfully. <===== ATTENTION
Locked "cfwids" service was unlocked successfully. <===== ATTENTION
Locked "cleanhlp" service was unlocked successfully. <===== ATTENTION
Locked "cmdAgent" service was unlocked successfully. <===== ATTENTION
Locked "cmderd" service was unlocked successfully. <===== ATTENTION
Locked "cmdGuard" service was unlocked successfully. <===== ATTENTION
Locked "cmdHlp" service was unlocked successfully. <===== ATTENTION
Locked "cmdvirth" service was unlocked successfully. <===== ATTENTION
Locked "ComFiltr" service was unlocked successfully. <===== ATTENTION
Locked "Core Mail Protection" service was unlocked successfully. <===== ATTENTION
Locked "Core Scanning Server" service was unlocked successfully. <===== ATTENTION
Locked "Core Scanning ServerEx" service was unlocked successfully. <===== ATTENTION
Locked "CSCrySec" service was unlocked successfully. <===== ATTENTION
Locked "CSObjectsSrv" service was unlocked successfully. <===== ATTENTION
Locked "CSVirtualDiskDrv" service was unlocked successfully. <===== ATTENTION
Locked "Double Anti-Spy Task Manager" service was unlocked successfully. <===== ATTENTION
Locked "DrWebAVService" service was unlocked successfully. <===== ATTENTION
Locked "DrWebEngine" service was unlocked successfully. <===== ATTENTION
Locked "DrWebFwSvc" service was unlocked successfully. <===== ATTENTION
Locked "DrWebLwf" service was unlocked successfully. <===== ATTENTION
Locked "DrWebNetFilter" service was unlocked successfully. <===== ATTENTION
Locked "DrWebWfp" service was unlocked successfully. <===== ATTENTION
Locked "DSAFLT" service was unlocked successfully. <===== ATTENTION
Locked "dsio" service was unlocked successfully. <===== ATTENTION
Locked "DwProt" service was unlocked successfully. <===== ATTENTION
Locked "eac_notifysvc" service was unlocked successfully. <===== ATTENTION
Locked "eac_productsvc" service was unlocked successfully. <===== ATTENTION
Locked "eamon" service was unlocked successfully. <===== ATTENTION
Locked "eamonm" service was unlocked successfully. <===== ATTENTION
Locked "econceal" service was unlocked successfully. <===== ATTENTION
Locked "econcealMP" service was unlocked successfully. <===== ATTENTION
Locked "EconService" service was unlocked successfully. <===== ATTENTION
Locked "edevmon" service was unlocked successfully. <===== ATTENTION
Locked "EfiMon" service was unlocked successfully. <===== ATTENTION
Locked "ehdrv" service was unlocked successfully. <===== ATTENTION
Locked "EhttpSrv" service was unlocked successfully. <===== ATTENTION
Locked "ekrn" service was unlocked successfully. <===== ATTENTION
Locked "eLoggerSvc6" service was unlocked successfully. <===== ATTENTION
Locked "EMLSS" service was unlocked successfully. <===== ATTENTION
Locked "EncDisk" service was unlocked successfully. <===== ATTENTION
Locked "epfw" service was unlocked successfully. <===== ATTENTION
Locked "EpfwLWF" service was unlocked successfully. <===== ATTENTION
Locked "Epfwndis" service was unlocked successfully. <===== ATTENTION
Locked "epfwtdi" service was unlocked successfully. <===== ATTENTION
Locked "epfwwfp" service was unlocked successfully. <===== ATTENTION
Locked "epfwwfpr" service was unlocked successfully. <===== ATTENTION
Locked "eScan Monitor Service" service was unlocked successfully. <===== ATTENTION
Locked "eScan-trayicos" service was unlocked successfully. <===== ATTENTION
Locked "F-Secure Gatekeeper" service was unlocked successfully. <===== ATTENTION
Locked "F-Secure HIPS" service was unlocked successfully. <===== ATTENTION
Locked "ffsmon" service was unlocked successfully. <===== ATTENTION
Locked "fildds" service was unlocked successfully. <===== ATTENTION
Locked "FileMonitor" service was unlocked successfully. <===== ATTENTION
Locked "filmfd" service was unlocked successfully. <===== ATTENTION
Locked "filppd" service was unlocked successfully. <===== ATTENTION
Locked "FNETMON" service was unlocked successfully. <===== ATTENTION
Locked "FPAVServer" service was unlocked successfully. <===== ATTENTION
Locked "FPAV_RTP" service was unlocked successfully. <===== ATTENTION
Locked "fsbts" service was unlocked successfully. <===== ATTENTION
Locked "fshoster" service was unlocked successfully. <===== ATTENTION
Locked "FSMA" service was unlocked successfully. <===== ATTENTION
Locked "fsni" service was unlocked successfully. <===== ATTENTION
Locked "FSORSPClient" service was unlocked successfully. <===== ATTENTION
Locked "fsvista" service was unlocked successfully. <===== ATTENTION
Locked "FWCore" service was unlocked successfully. <===== ATTENTION
Locked "FWService" service was unlocked successfully. <===== ATTENTION
Locked "GDBackupSvc" service was unlocked successfully. <===== ATTENTION
Locked "GDBehave" service was unlocked successfully. <===== ATTENTION
Locked "gddcd" service was unlocked successfully. <===== ATTENTION
Locked "gddcv" service was unlocked successfully. <===== ATTENTION
Locked "GDFwSvc" service was unlocked successfully. <===== ATTENTION
Locked "GDMnIcpt" service was unlocked successfully. <===== ATTENTION
Locked "GDNdisIc" service was unlocked successfully. <===== ATTENTION
Locked "GDPkIcpt" service was unlocked successfully. <===== ATTENTION
Locked "GDScan" service was unlocked successfully. <===== ATTENTION
Locked "GDTdiInterceptor" service was unlocked successfully. <===== ATTENTION
Locked "GDTunerSvc" service was unlocked successfully. <===== ATTENTION
Locked "gdwfpcd" service was unlocked successfully. <===== ATTENTION
Locked "gfiark" service was unlocked successfully. <===== ATTENTION
Locked "gfiutil" service was unlocked successfully. <===== ATTENTION
Locked "gfi_lanss11_attservice" service was unlocked successfully. <===== ATTENTION
Locked "ggc" service was unlocked successfully. <===== ATTENTION
Locked "GLogin" service was unlocked successfully. <===== ATTENTION
Locked "gozer" service was unlocked successfully. <===== ATTENTION
Locked "GuardX" service was unlocked successfully. <===== ATTENTION
Locked "gzflt" service was unlocked successfully. <===== ATTENTION
Locked "HipShieldK" service was unlocked successfully. <===== ATTENTION
Locked "HomeNetSvc" service was unlocked successfully. <===== ATTENTION
Locked "HookCentre" service was unlocked successfully. <===== ATTENTION
Locked "HookPort" service was unlocked successfully. <===== ATTENTION
Locked "hooksys" service was unlocked successfully. <===== ATTENTION
Locked "HookTdi" service was unlocked successfully. <===== ATTENTION
Locked "HyperVM" service was unlocked successfully. <===== ATTENTION
Locked "IDriverT" service was unlocked successfully. <===== ATTENTION
Locked "IDSFLT" service was unlocked successfully. <===== ATTENTION
Locked "IDSVia64" service was unlocked successfully. <===== ATTENTION
Locked "IDSVix86" service was unlocked successfully. <===== ATTENTION
Locked "IMFservice" service was unlocked successfully. <===== ATTENTION
Locked "inspect" service was unlocked successfully. <===== ATTENTION
Locked "ISFWEnt" service was unlocked successfully. <===== ATTENTION
Locked "ISIPSEnt" service was unlocked successfully. <===== ATTENTION
Locked "ISPIBEnt" service was unlocked successfully. <===== ATTENTION
Locked "ISPrxEnt" service was unlocked successfully. <===== ATTENTION
Locked "Jetico Personal Firewall server" service was unlocked successfully. <===== ATTENTION
Locked "K7CrvSvc" service was unlocked successfully. <===== ATTENTION
Locked "K7EmlPxy" service was unlocked successfully. <===== ATTENTION
Locked "K7FWFilt" service was unlocked successfully. <===== ATTENTION
Locked "K7FWHlpr" service was unlocked successfully. <===== ATTENTION
Locked "K7FWSrvc" service was unlocked successfully. <===== ATTENTION
Locked "K7PSSrvc" service was unlocked successfully. <===== ATTENTION
Locked "K7RTScan" service was unlocked successfully. <===== ATTENTION
Locked "K7Sentry" service was unlocked successfully. <===== ATTENTION
Locked "K7SpmSrc" service was unlocked successfully. <===== ATTENTION
Locked "K7TdiHlp" service was unlocked successfully. <===== ATTENTION
Locked "K7TSMngr" service was unlocked successfully. <===== ATTENTION
Locked "KerioMailServer" service was unlocked successfully. <===== ATTENTION
Locked "khelperDriver" service was unlocked successfully. <===== ATTENTION
Locked "kl1" service was unlocked successfully. <===== ATTENTION
Locked "klelam" service was unlocked successfully. <===== ATTENTION
Locked "klflt" service was unlocked successfully. <===== ATTENTION
Locked "klhk" service was unlocked successfully. <===== ATTENTION
Locked "KLIF" service was unlocked successfully. <===== ATTENTION
Locked "KLIM6" service was unlocked successfully. <===== ATTENTION
Locked "klpd" service was unlocked successfully. <===== ATTENTION
Locked "kltdi" service was unlocked successfully. <===== ATTENTION
Locked "klwfp" service was unlocked successfully. <===== ATTENTION
Locked "KmxAgent" service was unlocked successfully. <===== ATTENTION
Locked "KmxAMRT" service was unlocked successfully. <===== ATTENTION
Locked "KmxCF" service was unlocked successfully. <===== ATTENTION
Locked "KmxCfg" service was unlocked successfully. <===== ATTENTION
Locked "KmxFile" service was unlocked successfully. <===== ATTENTION
Locked "KmxFilter" service was unlocked successfully. <===== ATTENTION
Locked "KmxFw" service was unlocked successfully. <===== ATTENTION
Locked "KmxSbx" service was unlocked successfully. <===== ATTENTION
Locked "KmxStart" service was unlocked successfully. <===== ATTENTION
Locked "kneps" service was unlocked successfully. <===== ATTENTION
Locked "kvnet" service was unlocked successfully. <===== ATTENTION
Locked "kwflower" service was unlocked successfully. <===== ATTENTION
Locked "kwfupper" service was unlocked successfully. <===== ATTENTION
Locked "LavasoftAdAwareService11" service was unlocked successfully. <===== ATTENTION
Locked "llio" service was unlocked successfully. <===== ATTENTION
Locked "MBAMProtector" service was unlocked successfully. <===== ATTENTION
Locked "MBAMScheduler" service was unlocked successfully. <===== ATTENTION
Locked "MBAMService" service was unlocked successfully. <===== ATTENTION
Locked "McAfee SiteAdvisor Service" service was unlocked successfully. <===== ATTENTION
Locked "McAPExe" service was unlocked successfully. <===== ATTENTION
Locked "McComponentHostService" service was unlocked successfully. <===== ATTENTION
Locked "McMPFSvc" service was unlocked successfully. <===== ATTENTION
Locked "McNaiAnn" service was unlocked successfully. <===== ATTENTION
Locked "McODS" service was unlocked successfully. <===== ATTENTION
Locked "mcpltsvc" service was unlocked successfully. <===== ATTENTION
Locked "McProxy" service was unlocked successfully. <===== ATTENTION
Locked "McPvDrv" service was unlocked successfully. <===== ATTENTION
Locked "McShield" service was unlocked successfully. <===== ATTENTION
Locked "McTaskManager" service was unlocked successfully. <===== ATTENTION
Locked "MeDCoreD_V3IS80" service was unlocked successfully. <===== ATTENTION
Locked "mfeapfk" service was unlocked successfully. <===== ATTENTION
Locked "mfeavfk" service was unlocked successfully. <===== ATTENTION
Locked "mfebopk" service was unlocked successfully. <===== ATTENTION
Locked "mfecore" service was unlocked successfully. <===== ATTENTION
Locked "mfeelamk" service was unlocked successfully. <===== ATTENTION
Locked "mfefire" service was unlocked successfully. <===== ATTENTION
Locked "mfefirek" service was unlocked successfully. <===== ATTENTION
Locked "mfehidk" service was unlocked successfully. <===== ATTENTION
Locked "mfencbdc" service was unlocked successfully. <===== ATTENTION
Locked "mfencrk" service was unlocked successfully. <===== ATTENTION
Locked "mfevtp" service was unlocked successfully. <===== ATTENTION
Locked "mfewfpk" service was unlocked successfully. <===== ATTENTION
Locked "Microsoft Antimalware" service was unlocked successfully. <===== ATTENTION
Locked "mksfwallf" service was unlocked successfully. <===== ATTENTION
Locked "mksidsa" service was unlocked successfully. <===== ATTENTION
Locked "mksidsf" service was unlocked successfully. <===== ATTENTION
Locked "MksMonEn" service was unlocked successfully. <===== ATTENTION
Locked "MksMonEv" service was unlocked successfully. <===== ATTENTION
Locked "MksMonFd" service was unlocked successfully. <===== ATTENTION
Locked "mks_services" service was unlocked successfully. <===== ATTENTION
Locked "MOBKbackup" service was unlocked successfully. <===== ATTENTION
Locked "MOBKFilter" service was unlocked successfully. <===== ATTENTION
Locked "MpFilter" service was unlocked successfully. <===== ATTENTION
Locked "mscank" service was unlocked successfully. <===== ATTENTION
Locked "MSK80Service" service was unlocked successfully. <===== ATTENTION
Locked "MsMpSvc" service was unlocked successfully. <===== ATTENTION
Locked "MWAgent" service was unlocked successfully. <===== ATTENTION
Locked "mwfsmfltr" service was unlocked successfully. <===== ATTENTION
Locked "N360" service was unlocked successfully. <===== ATTENTION
Locked "nanoflt" service was unlocked successfully. <===== ATTENTION
Locked "nanokrn" service was unlocked successfully. <===== ATTENTION
Locked "NanoServiceMain" service was unlocked successfully. <===== ATTENTION
Locked "nanosvc" service was unlocked successfully. <===== ATTENTION
Locked "NASS" service was unlocked successfully. <===== ATTENTION
Locked "NAVENG" service was unlocked successfully. <===== ATTENTION
Locked "NAVEX15" service was unlocked successfully. <===== ATTENTION
Locked "Ndiskio" service was unlocked successfully. <===== ATTENTION
Locked "netfilter" service was unlocked successfully. <===== ATTENTION
Locked "NETFLTDI" service was unlocked successfully. <===== ATTENTION
Locked "NETIMFLT01060034" service was unlocked successfully. <===== ATTENTION
Locked "NETIMFLT01060039" service was unlocked successfully. <===== ATTENTION
Locked "NETIMFLT01060044" service was unlocked successfully. <===== ATTENTION
Locked "NGS" service was unlocked successfully. <===== ATTENTION
Locked "NHS" service was unlocked successfully. <===== ATTENTION
Locked "NIG" service was unlocked successfully. <===== ATTENTION
Locked "NIS" service was unlocked successfully. <===== ATTENTION
Locked "NisSrv" service was unlocked successfully. <===== ATTENTION
Locked "nnetsec" service was unlocked successfully. <===== ATTENTION
Locked "NNetSecC" service was unlocked successfully. <===== ATTENTION
Locked "NNFSVC" service was unlocked successfully. <===== ATTENTION
Locked "NNSALPC" service was unlocked successfully. <===== ATTENTION
Locked "NNSHTTP" service was unlocked successfully. <===== ATTENTION
Locked "NNSHTTPS" service was unlocked successfully. <===== ATTENTION
Locked "NNSIDS" service was unlocked successfully. <===== ATTENTION
Locked "NNSNAHS" service was unlocked successfully. <===== ATTENTION
Locked "NNSNAHSL" service was unlocked successfully. <===== ATTENTION
Locked "NNSPICC" service was unlocked successfully. <===== ATTENTION
Locked "NNSPIHS" service was unlocked successfully. <===== ATTENTION
Locked "NNSPIHSW" service was unlocked successfully. <===== ATTENTION
Locked "NNSPOP3" service was unlocked successfully. <===== ATTENTION
Locked "NNSPROT" service was unlocked successfully. <===== ATTENTION
Locked "NNSPRV" service was unlocked successfully. <===== ATTENTION
Locked "NNSSMTP" service was unlocked successfully. <===== ATTENTION
Locked "NNSSTRM" service was unlocked successfully. <===== ATTENTION
Locked "NNSTLSC" service was unlocked successfully. <===== ATTENTION
Locked "Norman NJeeves" service was unlocked successfully. <===== ATTENTION
Locked "Norman ZANDA" service was unlocked successfully. <===== ATTENTION
Locked "NovaShieldFilterDriver" service was unlocked successfully. <===== ATTENTION
Locked "NovaShieldTDIDriver" service was unlocked successfully. <===== ATTENTION
Locked "NPFSvc32" service was unlocked successfully. <===== ATTENTION
Locked "NPFSvc32_Data" service was unlocked successfully. <===== ATTENTION
Locked "NPROSEC" service was unlocked successfully. <===== ATTENTION
Locked "NPROSECSVC" service was unlocked successfully. <===== ATTENTION
Locked "npsvc32" service was unlocked successfully. <===== ATTENTION
Locked "nregsec" service was unlocked successfully. <===== ATTENTION
Locked "nsesvc" service was unlocked successfully. <===== ATTENTION
Locked "NTGUARD" service was unlocked successfully. <===== ATTENTION
Locked "NUAA" service was unlocked successfully. <===== ATTENTION
Locked "NvcMFlt" service was unlocked successfully. <===== ATTENTION
Locked "nvcoas" service was unlocked successfully. <===== ATTENTION
Locked "nvoy" service was unlocked successfully. <===== ATTENTION
Locked "OAcat" service was unlocked successfully. <===== ATTENTION
Locked "OADevice" service was unlocked successfully. <===== ATTENTION
Locked "oahlpXX" service was unlocked successfully. <===== ATTENTION
Locked "OAmon" service was unlocked successfully. <===== ATTENTION
Locked "OAnet" service was unlocked successfully. <===== ATTENTION
Locked "Online Protection System" service was unlocked successfully. <===== ATTENTION
Locked "Panda Software Controller" service was unlocked successfully. <===== ATTENTION
Locked "pavboot" service was unlocked successfully. <===== ATTENTION
Locked "PAVFNSVR" service was unlocked successfully. <===== ATTENTION
Locked "PavProc" service was unlocked successfully. <===== ATTENTION
Locked "PavPrSrv" service was unlocked successfully. <===== ATTENTION
Locked "PAVSRV" service was unlocked successfully. <===== ATTENTION
Locked "PavTPK.sys" service was unlocked successfully. <===== ATTENTION
Locked "PCTBD" service was unlocked successfully. <===== ATTENTION
Locked "PCTCore" service was unlocked successfully. <===== ATTENTION
Locked "pctDS" service was unlocked successfully. <===== ATTENTION
Locked "pctEFA" service was unlocked successfully. <===== ATTENTION
Locked "pctgntdi" service was unlocked successfully. <===== ATTENTION
Locked "pctplsm" service was unlocked successfully. <===== ATTENTION
Locked "PCTSD" service was unlocked successfully. <===== ATTENTION
Locked "PROCMON20" service was unlocked successfully. <===== ATTENTION
Locked "PROCMON23" service was unlocked successfully. <===== ATTENTION
Locked "ProcObsrv" service was unlocked successfully. <===== ATTENTION
Locked "PSHost" service was unlocked successfully. <===== ATTENTION
Locked "PSIMSVC" service was unlocked successfully. <===== ATTENTION
Locked "PSINAflt" service was unlocked successfully. <===== ATTENTION
Locked "PSINFile" service was unlocked successfully. <===== ATTENTION
Locked "PSINKNC" service was unlocked successfully. <===== ATTENTION
Locked "PSINProc" service was unlocked successfully. <===== ATTENTION
Locked "PSINProt" service was unlocked successfully. <===== ATTENTION
Locked "PSINReg" service was unlocked successfully. <===== ATTENTION
Locked "PSKMAD" service was unlocked successfully. <===== ATTENTION
Locked "PskSvcRetail" service was unlocked successfully. <===== ATTENTION
Locked "PSUAService" service was unlocked successfully. <===== ATTENTION
Locked "Quick Update Service" service was unlocked successfully. <===== ATTENTION
Locked "qutmdserv" service was unlocked successfully. <===== ATTENTION
Locked "qutmipc" service was unlocked successfully. <===== ATTENTION
Locked "RegFilter" service was unlocked successfully. <===== ATTENTION
Locked "rsdsys" service was unlocked successfully. <===== ATTENTION
Locked "RsMgrSvc" service was unlocked successfully. <===== ATTENTION
Locked "RsRavMon" service was unlocked successfully. <===== ATTENTION
Locked "SafeBox" service was unlocked successfully. <===== ATTENTION
Locked "SandBox" service was unlocked successfully. <===== ATTENTION
Locked "SAVAdminService" service was unlocked successfully. <===== ATTENTION
Locked "SAVOnAccess" service was unlocked successfully. <===== ATTENTION
Locked "SAVOnAccessControl" service was unlocked successfully. <===== ATTENTION
Locked "SAVOnAccessFilter" service was unlocked successfully. <===== ATTENTION
Locked "SAVService" service was unlocked successfully. <===== ATTENTION
Locked "SBAMSvc" service was unlocked successfully. <===== ATTENTION
Locked "sbaphd" service was unlocked successfully. <===== ATTENTION
Locked "sbapifs" service was unlocked successfully. <===== ATTENTION
Locked "SbFw" service was unlocked successfully. <===== ATTENTION
Locked "SBFWIMCL" service was unlocked successfully. <===== ATTENTION
Locked "SBFWIMCLMP" service was unlocked successfully. <===== ATTENTION
Locked "sbhips" service was unlocked successfully. <===== ATTENTION
Locked "SBPIMSvc" service was unlocked successfully. <===== ATTENTION
Locked "sbtis" service was unlocked successfully. <===== ATTENTION
Locked "sbwtis" service was unlocked successfully. <===== ATTENTION
Locked "scan" service was unlocked successfully. <===== ATTENTION
Locked "ScanWscS" service was unlocked successfully. <===== ATTENTION
Locked "scfdriver" service was unlocked successfully. <===== ATTENTION
Locked "scfndis" service was unlocked successfully. <===== ATTENTION
Locked "Scheduler" service was unlocked successfully. <===== ATTENTION
Locked "ScSecSvc" service was unlocked successfully. <===== ATTENTION
Locked "sdAuxService" service was unlocked successfully. <===== ATTENTION
Locked "sdCoreService" service was unlocked successfully. <===== ATTENTION
Locked "SDScannerService" service was unlocked successfully. <===== ATTENTION
Locked "SDUpdateService" service was unlocked successfully. <===== ATTENTION
Locked "SDWSCService" service was unlocked successfully. <===== ATTENTION
Locked "semsrv" service was unlocked successfully. <===== ATTENTION
Locked "semwebsrv" service was unlocked successfully. <===== ATTENTION
Locked "SepMasterService" service was unlocked successfully. <===== ATTENTION
Locked "ShldDrv" service was unlocked successfully. <===== ATTENTION
Locked "ShldFlt" service was unlocked successfully. <===== ATTENTION
Locked "SKMScan" service was unlocked successfully. <===== ATTENTION
Locked "Sophos AutoUpdate Service" service was unlocked successfully. <===== ATTENTION
Locked "Sophos Client Firewall" service was unlocked successfully. <===== ATTENTION
Locked "SophosBootDriver" service was unlocked successfully. <===== ATTENTION
Locked "SpiderG3" service was unlocked successfully. <===== ATTENTION
Locked "Spyshelter" service was unlocked successfully. <===== ATTENTION
Locked "SpyshelterKb" service was unlocked successfully. <===== ATTENTION
Locked "SRTSP" service was unlocked successfully. <===== ATTENTION
Locked "SRTSPX" service was unlocked successfully. <===== ATTENTION
Locked "ssfwmonsvc" service was unlocked successfully. <===== ATTENTION
Locked "ssmdrv" service was unlocked successfully. <===== ATTENTION
Locked "sstsmonsvc" service was unlocked successfully. <===== ATTENTION
Locked "StopSign Update Manager" service was unlocked successfully. <===== ATTENTION
Locked "SvcOnlineArmor" service was unlocked successfully. <===== ATTENTION
Locked "swi_service" service was unlocked successfully. <===== ATTENTION
Locked "swi_update" service was unlocked successfully. <===== ATTENTION
Locked "SymDS" service was unlocked successfully. <===== ATTENTION
Locked "SymEFA" service was unlocked successfully. <===== ATTENTION
Locked "SymEvent" service was unlocked successfully. <===== ATTENTION
Locked "SymIRON" service was unlocked successfully. <===== ATTENTION
Locked "SymNetS" service was unlocked successfully. <===== ATTENTION
Locked "SysPlant" service was unlocked successfully. <===== ATTENTION
Locked "tdifw" service was unlocked successfully. <===== ATTENTION
Locked "tdimapper" service was unlocked successfully. <===== ATTENTION
Locked "tdi_nf" service was unlocked successfully. <===== ATTENTION
Locked "Teefer2" service was unlocked successfully. <===== ATTENTION
Locked "TfFRegNt" service was unlocked successfully. <===== ATTENTION
Locked "TfProcNt" service was unlocked successfully. <===== ATTENTION
Locked "tmactmon" service was unlocked successfully. <===== ATTENTION
Locked "tmcomm" service was unlocked successfully. <===== ATTENTION
Locked "TMEBC" service was unlocked successfully. <===== ATTENTION
Locked "tmeevw" service was unlocked successfully. <===== ATTENTION
Locked "tmevtmgr" service was unlocked successfully. <===== ATTENTION
Locked "tmnciesc" service was unlocked successfully. <===== ATTENTION
Locked "tmtdi" service was unlocked successfully. <===== ATTENTION
Locked "tmusa" service was unlocked successfully. <===== ATTENTION
Locked "tpdevflt" service was unlocked successfully. <===== ATTENTION
Locked "tpmgma_service" service was unlocked successfully. <===== ATTENTION
Locked "TPPFHOOK" service was unlocked successfully. <===== ATTENTION
Locked "tpsec" service was unlocked successfully. <===== ATTENTION
Locked "TPSrv" service was unlocked successfully. <===== ATTENTION
Locked "trufos" service was unlocked successfully. <===== ATTENTION
Locked "TS4NT" service was unlocked successfully. <===== ATTENTION
Locked "TSNxGService" service was unlocked successfully. <===== ATTENTION
Locked "twssrv" service was unlocked successfully. <===== ATTENTION
Locked "UmxEngine" service was unlocked successfully. <===== ATTENTION
Locked "UPDATESRV" service was unlocked successfully. <===== ATTENTION
Locked "UrlFilter" service was unlocked successfully. <===== ATTENTION
Locked "UTSvcManager3" service was unlocked successfully. <===== ATTENTION
Locked "V3 Service" service was unlocked successfully. <===== ATTENTION
Locked "v3engine" service was unlocked successfully. <===== ATTENTION
Locked "V3Flt2K" service was unlocked successfully. <===== ATTENTION
Locked "V3Flu2k_V3IS80" service was unlocked successfully. <===== ATTENTION
Locked "V3IFt2K" service was unlocked successfully. <===== ATTENTION
Locked "Vba32dNT" service was unlocked successfully. <===== ATTENTION
Locked "Vba32ECM" service was unlocked successfully. <===== ATTENTION
Locked "Vba32ifs" service was unlocked successfully. <===== ATTENTION
Locked "Vba32Ldr" service was unlocked successfully. <===== ATTENTION
Locked "Vba32mNT" service was unlocked successfully. <===== ATTENTION
Locked "Vba32PP3" service was unlocked successfully. <===== ATTENTION
Locked "Vba32Prot" service was unlocked successfully. <===== ATTENTION
Locked "VbaControlAgent" service was unlocked successfully. <===== ATTENTION
Locked "VBCoreNT.0" service was unlocked successfully. <===== ATTENTION
Locked "VBEngNT" service was unlocked successfully. <===== ATTENTION
Locked "VBFilt" service was unlocked successfully. <===== ATTENTION
Locked "viprecomsvc" service was unlocked successfully. <===== ATTENTION
Locked "Vsdatant" service was unlocked successfully. <===== ATTENTION
Locked "vsmon" service was unlocked successfully. <===== ATTENTION
Locked "VSSERV" service was unlocked successfully. <===== ATTENTION
Locked "webssx" service was unlocked successfully. <===== ATTENTION
Locked "WinDefend" service was unlocked successfully. <===== ATTENTION
Locked "WinRoute" service was unlocked successfully. <===== ATTENTION
Locked "wipesrv" service was unlocked successfully. <===== ATTENTION
Locked "WNMFLT" service was unlocked successfully. <===== ATTENTION
Locked "WRDRV" service was unlocked successfully. <===== ATTENTION
Locked "WRkrn" service was unlocked successfully. <===== ATTENTION
Locked "WRSVC" service was unlocked successfully. <===== ATTENTION
Locked "wsnf" service was unlocked successfully. <===== ATTENTION
Locked "wstif" service was unlocked successfully. <===== ATTENTION
Locked "ZAPrivacyService" service was unlocked successfully. <===== ATTENTION
Locked "ZhuDongFangYu" service was unlocked successfully. <===== ATTENTION
Locked "ZillyaAVAuxSvc" service was unlocked successfully. <===== ATTENTION
Locked "ZillyaAVCoreSvc" service was unlocked successfully. <===== ATTENTION
Locked "Znf" service was unlocked successfully. <===== ATTENTION
Locked "zsc" service was unlocked successfully. <===== ATTENTION

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-10-11] (SUPERAntiSpyware.com)
R2 Apache2; C:\Program Files\Apache Group\Apache2\bin\Apache.exe [20541 2006-04-29] (Apache Software Foundation) [File not signed]
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2568120 2012-07-19] (WIBU-SYSTEMS AG)
R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [69632 2006-03-01] (CrypKey (Canada) Ltd.) [File not signed]
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2006-04-18] (Lexmark International, Inc.)
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [192832 2011-09-19] (NVIDIA)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)
R2 winvnc; C:\Program Files\TightVNC\WinVNC.exe [585728 2009-03-05] (TightVNC Group) [File not signed]
S3 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\WINDOWS\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\WINDOWS\System32\DRIVERS\lgandnetdiag2.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\WINDOWS\System32\DRIVERS\lgandnetndis.sys [70656 2013-04-23] (LG Electronics Inc.)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R3 axsaki; C:\WINDOWS\System32\DRIVERS\axsaki.sys [102624 2003-03-30] ( ) [File not signed]
R3 axskbus; C:\WINDOWS\System32\DRIVERS\axskbus.sys [8640 2003-03-28] ( ) [File not signed]
S2 BT848; C:\WINDOWS\System32\drivers\BT848.SYS [294380 2002-02-22] (TelSignal Co., Ltd.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [118768 2013-09-17] (ESET)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [12288 2014-01-07] ()
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [36864 2008-06-26] (Atheros Communications, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2009-12-02] (Lavasoft AB)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\7AC25C73.sys [110296 2014-10-14] (Malwarebytes Corporation)
R0 mrdd; C:\WINDOWS\System32\DRIVERS\mrdd.sys [18984 2008-11-12] (Marvell Semiconductor, Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R0 mv61xx; C:\WINDOWS\System32\DRIVERS\mv61xx.sys [152616 2009-02-09] (Marvell Semiconductor, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [31846 2006-01-10] () [File not signed]
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [0 2014-10-12] () [File not signed]
S3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.) [File not signed]
S3 PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) [File not signed]
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2006-05-16] (Sonic Solutions) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [99776 2012-08-14] (Acronis) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [685816 2013-10-10] () [File not signed]
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [34808 2014-10-11] ()
S3 w810bus; C:\WINDOWS\System32\DRIVERS\w810bus.sys [58288 2006-02-20] (MCCI)
S3 w810mdfl; C:\WINDOWS\System32\DRIVERS\w810mdfl.sys [8336 2006-02-20] (MCCI)
S3 w810mdm; C:\WINDOWS\System32\DRIVERS\w810mdm.sys [94064 2006-02-20] (MCCI)
S3 w810mgmt; C:\WINDOWS\System32\DRIVERS\w810mgmt.sys [85408 2006-02-20] (MCCI)
S3 w810obex; C:\WINDOWS\System32\DRIVERS\w810obex.sys [83344 2006-02-20] (MCCI)
U5 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [0 2014-10-12] () [File not signed]
U5 360AvFlt; C:\Windows\System32\Drivers\360AvFlt.sys [0 2014-10-12] () [File not signed]
U5 360Box; C:\Windows\System32\Drivers\360Box.sys [0 2014-10-12] () [File not signed]
U5 360Box64; C:\Windows\System32\Drivers\360Box64.sys [0 2014-10-12] () [File not signed]
U5 360Camera; C:\Windows\System32\Drivers\360Camera.sys [0 2014-10-12] () [File not signed]
U5 360fsflt; C:\Windows\System32\Drivers\360fsflt.sys [0 2014-10-12] () [File not signed]
U5 360SelfProtection; C:\Windows\System32\Drivers\360SelfProtection.sys [0 2014-10-12] () <===== ATTENTION Necurs Rootkit?
S0 69512100; system32\DRIVERS\69512100.sys [X]
U5 ABndis; C:\Windows\System32\Drivers\ABndis.sys [0 2014-10-12] () [File not signed]
U5 AFW; C:\Windows\System32\Drivers\AFW.sys [0 2014-10-12] () [File not signed]
U5 afwcore; C:\Windows\System32\Drivers\afwcore.sys [0 2014-10-12] () [File not signed]
U5 AhnFlt2K; C:\Windows\System32\Drivers\AhnFlt2K.sys [0 2014-10-12] () [File not signed]
U5 AhnRec2K; C:\Windows\System32\Drivers\AhnRec2K.sys [0 2014-10-12] () [File not signed]
U5 AhnRghNt; C:\Windows\System32\Drivers\AhnRghNt.sys [0 2014-10-12] () [File not signed]
U5 AhnSZE; C:\Windows\System32\Drivers\AhnSZE.sys [0 2014-10-12] () [File not signed]
U5 ALE_NF; C:\Windows\System32\Drivers\ALE_NF.sys [0 2014-10-12] () [File not signed]
U5 AMonLWLH; C:\Windows\System32\Drivers\AMonLWLH.sys [0 2014-10-12] () [File not signed]
U5 AMonTDLH; C:\Windows\System32\Drivers\AMonTDLH.sys [0 2014-10-12] () [File not signed]
U5 APPFLT; C:\Windows\System32\Drivers\APPFLT.sys [0 2014-10-12] () [File not signed]
U5 arcawfp; C:\Windows\System32\Drivers\arcawfp.sys [0 2014-10-12] () [File not signed]
U5 aswHwid; C:\Windows\System32\Drivers\aswHwid.sys [0 2014-10-12] () [File not signed]
U5 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [0 2014-10-12] () [File not signed]
U5 aswNdis; C:\Windows\System32\Drivers\aswNdis.sys [0 2014-10-12] () [File not signed]
U5 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [0 2014-10-12] () [File not signed]
U5 aswNdisFlt; C:\Windows\System32\Drivers\aswNdisFlt.sys [0 2014-10-12] () [File not signed]
U5 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [0 2014-10-12] () [File not signed]
U5 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [0 2014-10-12] () [File not signed]
U5 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [0 2014-10-12] () [File not signed]
U5 aswSP; C:\Windows\System32\Drivers\aswSP.sys [0 2014-10-12] () [File not signed]
U5 aswStm; C:\Windows\System32\Drivers\aswStm.sys [0 2014-10-12] () [File not signed]
U5 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [0 2014-10-12] () [File not signed]
U5 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [0 2014-10-12] () [File not signed]
U5 avasdmft; C:\Windows\System32\Drivers\avasdmft.sys [0 2014-10-12] () [File not signed]
U5 avc3; C:\Windows\System32\Drivers\avc3.sys [0 2014-10-12] () [File not signed]
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [0 2014-10-12] () [File not signed]
U5 avckf; C:\Windows\System32\Drivers\avckf.sys [0 2014-10-12] () [File not signed]
U5 Avgboota; C:\Windows\System32\Drivers\Avgboota.sys [0 2014-10-12] () [File not signed]
U5 Avgbootx; C:\Windows\System32\Drivers\Avgbootx.sys [0 2014-10-12] () [File not signed]
U5 Avgdiska; C:\Windows\System32\Drivers\Avgdiska.sys [0 2014-10-12] () [File not signed]
U5 Avgdiskx; C:\Windows\System32\Drivers\Avgdiskx.sys [0 2014-10-12] () [File not signed]
U5 Avgfwdx; C:\Windows\System32\Drivers\Avgfwdx.sys [0 2014-10-12] () [File not signed]
U5 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [0 2014-10-12] () [File not signed]
U5 AVGIDSHX; C:\Windows\System32\Drivers\AVGIDSHX.sys [0 2014-10-12] () [File not signed]
U5 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [0 2014-10-12] () [File not signed]
U5 Avgldx86; C:\Windows\System32\Drivers\Avgldx86.sys [0 2014-10-12] () [File not signed]
U5 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [0 2014-10-12] () [File not signed]
U5 Avglogx; C:\Windows\System32\Drivers\Avglogx.sys [0 2014-10-12] () [File not signed]
U5 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [0 2014-10-12] () [File not signed]
U5 Avgmfx86; C:\Windows\System32\Drivers\Avgmfx86.sys [0 2014-10-12] () [File not signed]
U5 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [0 2014-10-12] () [File not signed]
U5 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [0 2014-10-12] () [File not signed]
U5 Avgrkx86; C:\Windows\System32\Drivers\Avgrkx86.sys [0 2014-10-12] () [File not signed]
U5 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [0 2014-10-12] () [File not signed]
U5 Avgtdix; C:\Windows\System32\Drivers\Avgtdix.sys [0 2014-10-12] () [File not signed]
U5 Avgwfpa; C:\Windows\System32\Drivers\Avgwfpa.sys [0 2014-10-12] () [File not signed]
U5 Avgwfpx; C:\Windows\System32\Drivers\Avgwfpx.sys [0 2014-10-12] () [File not signed]
U5 avipbb; C:\Windows\System32\Drivers\avipbb.sys [0 2014-10-12] () [File not signed]
U5 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [0 2014-10-12] () [File not signed]
U5 avnetflt; C:\Windows\System32\Drivers\avnetflt.sys [0 2014-10-12] () [File not signed]
U5 BAPIDRV; C:\Windows\System32\Drivers\BAPIDRV.sys [0 2014-10-12] () [File not signed]
U5 Bcfilter; C:\Windows\System32\Drivers\Bcfilter.sys [0 2014-10-12] () [File not signed]
U5 bcfsrm; C:\Windows\System32\Drivers\bcfsrm.sys [0 2014-10-12] () [File not signed]
U5 bcftdi; C:\Windows\System32\Drivers\bcftdi.sys [0 2014-10-12] () [File not signed]
U5 bc_hash_f; C:\Windows\System32\Drivers\bc_hash_f.sys [0 2014-10-12] () [File not signed]
U5 bc_ip_f; C:\Windows\System32\Drivers\bc_ip_f.sys [0 2014-10-12] () [File not signed]
U5 bc_ngn; C:\Windows\System32\Drivers\bc_ngn.sys [0 2014-10-12] () [File not signed]
U5 bc_pat_f; C:\Windows\System32\Drivers\bc_pat_f.sys [0 2014-10-12] () [File not signed]
U5 bc_prt_f; C:\Windows\System32\Drivers\bc_prt_f.sys [0 2014-10-12] () [File not signed]
U5 bc_tdi_f; C:\Windows\System32\Drivers\bc_tdi_f.sys [0 2014-10-12] () [File not signed]
U5 BdAgent; C:\Windows\System32\Drivers\BdAgent.sys [0 2014-10-12] () [File not signed]
U5 bdelam; C:\Windows\System32\Drivers\bdelam.sys [0 2014-10-12] () [File not signed]
U5 Bdfndisf; C:\Windows\System32\Drivers\Bdfndisf.sys [0 2014-10-12] () [File not signed]
U5 bdfsfltr; C:\Windows\System32\Drivers\bdfsfltr.sys [0 2014-10-12] () [File not signed]
U5 BdNet; C:\Windows\System32\Drivers\BdNet.sys [0 2014-10-12] () [File not signed]
U5 BDSandBox; C:\Windows\System32\Drivers\BDSandBox.sys [0 2014-10-12] () [File not signed]
U5 bdsflt; C:\Windows\System32\Drivers\bdsflt.sys [0 2014-10-12] () [File not signed]
U5 bdsnm; C:\Windows\System32\Drivers\bdsnm.sys [0 2014-10-12] () [File not signed]
U5 BdSpy; C:\Windows\System32\Drivers\BdSpy.sys [0 2014-10-12] () [File not signed]
U5 BDVEDISK; C:\Windows\System32\Drivers\BDVEDISK.sys [0 2014-10-12] () [File not signed]
U5 Bfilter; C:\Windows\System32\Drivers\Bfilter.sys [0 2014-10-12] () [File not signed]
U5 Bfmon; C:\Windows\System32\Drivers\Bfmon.sys [0 2014-10-12] () [File not signed]
U5 Bhbase; C:\Windows\System32\Drivers\Bhbase.sys [0 2014-10-12] () [File not signed]
U5 Bprotect; C:\Windows\System32\Drivers\Bprotect.sys [0 2014-10-12] () [File not signed]
S2 BTTUNER; system32\drivers\BTTUNER.SYS [X]
S2 BTXBAR; system32\drivers\BTXBAR.SYS [X]
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
U5 catflt; C:\Windows\System32\Drivers\catflt.sys [0 2014-10-12] () [File not signed]
U5 CdmDrvNt; C:\Windows\System32\Drivers\CdmDrvNt.sys [0 2014-10-12] () [File not signed]
U5 cfwids; C:\Windows\System32\Drivers\cfwids.sys [0 2014-10-12] () [File not signed]
U5 cmderd; C:\Windows\System32\Drivers\cmderd.sys [0 2014-10-12] () [File not signed]
U5 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [0 2014-10-12] () [File not signed]
U5 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [0 2014-10-12] () [File not signed]
U5 ComFiltr; C:\Windows\System32\Drivers\ComFiltr.sys [0 2014-10-12] () [File not signed]
U5 DrWebLwf; C:\Windows\System32\Drivers\DrWebLwf.sys [0 2014-10-12] () [File not signed]
U5 DSAFLT; C:\Windows\System32\Drivers\DSAFLT.sys [0 2014-10-12] () [File not signed]
U5 DwProt; C:\Windows\System32\Drivers\DwProt.sys [0 2014-10-12] () [File not signed]
U5 eamon; C:\Windows\System32\Drivers\eamon.sys [0 2014-10-12] () [File not signed]
U5 eamonm; C:\Windows\System32\Drivers\eamonm.sys [0 2014-10-12] () [File not signed]
U5 econceal; C:\Windows\System32\Drivers\econceal.sys [0 2014-10-12] () [File not signed]
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [0 2014-10-12] () [File not signed]
U5 EfiMon; C:\Windows\System32\Drivers\EfiMon.sys [0 2014-10-12] () [File not signed]
U5 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [0 2014-10-12] () [File not signed]
U5 epfw; C:\Windows\System32\Drivers\epfw.sys [0 2014-10-12] () [File not signed]
U5 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [0 2014-10-12] () [File not signed]
U5 Epfwndis; C:\Windows\System32\Drivers\Epfwndis.sys [0 2014-10-12] () [File not signed]
U5 epfwtdi; C:\Windows\System32\Drivers\epfwtdi.sys [0 2014-10-12] () [File not signed]
U5 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [0 2014-10-12] () [File not signed]
U5 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [0 2014-10-12] () [File not signed]
U5 FNETMON; C:\Windows\System32\Drivers\FNETMON.sys [0 2014-10-12] () [File not signed]
U5 FPAV_RTP; C:\Windows\System32\Drivers\FPAV_RTP.sys [0 2014-10-12] () [File not signed]
U5 fsbts; C:\Windows\System32\Drivers\fsbts.sys [0 2014-10-12] () [File not signed]
U5 FWCore; C:\Windows\System32\Drivers\FWCore.sys [0 2014-10-12] () [File not signed]
U5 GDBehave; C:\Windows\System32\Drivers\GDBehave.sys [0 2014-10-12] () [File not signed]
U5 GDNdisIc; C:\Windows\System32\Drivers\GDNdisIc.sys [0 2014-10-12] () [File not signed]
U5 gfiark; C:\Windows\System32\Drivers\gfiark.sys [0 2014-10-12] () [File not signed]
U5 gfiutil; C:\Windows\System32\Drivers\gfiutil.sys [0 2014-10-12] () [File not signed]
U5 ggc; C:\Windows\System32\Drivers\ggc.sys [0 2014-10-12] () [File not signed]
U5 gzflt; C:\Windows\System32\Drivers\gzflt.sys [0 2014-10-12] () [File not signed]
U5 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [0 2014-10-12] () [File not signed]
U5 HookCentre; C:\Windows\System32\Drivers\HookCentre.sys [0 2014-10-12] () [File not signed]
U5 HookPort; C:\Windows\System32\Drivers\HookPort.sys [0 2014-10-12] () [File not signed]
U5 hooksys; C:\Windows\System32\Drivers\hooksys.sys [0 2014-10-12] () [File not signed]
U5 HookTdi; C:\Windows\System32\Drivers\HookTdi.sys [0 2014-10-12] () [File not signed]
U5 IDSFLT; C:\Windows\System32\Drivers\IDSFLT.sys [0 2014-10-12] () [File not signed]
U5 inspect; C:\Windows\System32\Drivers\inspect.sys [0 2014-10-12] () [File not signed]
S4 IntelIde; No ImagePath
U5 K7FWFilt; C:\Windows\System32\Drivers\K7FWFilt.sys [0 2014-10-12] () [File not signed]
U5 K7FWHlpr; C:\Windows\System32\Drivers\K7FWHlpr.sys [0 2014-10-12] () [File not signed]
U5 K7Sentry; C:\Windows\System32\Drivers\K7Sentry.sys [0 2014-10-12] () [File not signed]
U5 K7TdiHlp; C:\Windows\System32\Drivers\K7TdiHlp.sys [0 2014-10-12] () [File not signed]
U5 kl1; C:\Windows\System32\Drivers\kl1.sys [0 2014-10-12] () [File not signed]
U5 klelam; C:\Windows\System32\Drivers\klelam.sys [0 2014-10-12] () [File not signed]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [0 2014-10-12] () [File not signed]
U5 klhk; C:\Windows\System32\Drivers\klhk.sys [0 2014-10-12] () [File not signed]
U5 KLIF; C:\Windows\System32\Drivers\KLIF.sys [0 2014-10-12] () [File not signed]
U5 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [0 2014-10-12] () [File not signed]
U5 klpd; C:\Windows\System32\Drivers\klpd.sys [0 2014-10-12] () [File not signed]
U5 kltdi; C:\Windows\System32\Drivers\kltdi.sys [0 2014-10-12] () [File not signed]
U5 klwfp; C:\Windows\System32\Drivers\klwfp.sys [0 2014-10-12] () [File not signed]
U5 KmxAgent; C:\Windows\System32\Drivers\KmxAgent.sys [0 2014-10-12] () [File not signed]
U5 KmxAMRT; C:\Windows\System32\Drivers\KmxAMRT.sys [0 2014-10-12] () [File not signed]
U5 KmxCF; C:\Windows\System32\Drivers\KmxCF.sys [0 2014-10-12] () [File not signed]
U5 KmxCfg; C:\Windows\System32\Drivers\KmxCfg.sys [0 2014-10-12] () [File not signed]
U5 KmxFile; C:\Windows\System32\Drivers\KmxFile.sys [0 2014-10-12] () [File not signed]
U5 KmxFilter; C:\Windows\System32\Drivers\KmxFilter.sys [0 2014-10-12] () [File not signed]
U5 KmxFw; C:\Windows\System32\Drivers\KmxFw.sys [0 2014-10-12] () [File not signed]
U5 KmxSbx; C:\Windows\System32\Drivers\KmxSbx.sys [0 2014-10-12] () [File not signed]
U5 KmxStart; C:\Windows\System32\Drivers\KmxStart.sys [0 2014-10-12] () [File not signed]
U5 kneps; C:\Windows\System32\Drivers\kneps.sys [0 2014-10-12] () [File not signed]
U5 kvnet; C:\Windows\System32\Drivers\kvnet.sys [0 2014-10-12] () [File not signed]
U5 kwflower; C:\Windows\System32\Drivers\kwflower.sys [0 2014-10-12] () [File not signed]
U5 kwfupper; C:\Windows\System32\Drivers\kwfupper.sys [0 2014-10-12] () [File not signed]
U5 llio; C:\Windows\System32\Drivers\llio.sys [0 2014-10-12] () [File not signed]
U5 McPvDrv; C:\Windows\System32\Drivers\McPvDrv.sys [0 2014-10-12] () [File not signed]
U5 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [0 2014-10-12] () [File not signed]
U5 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [0 2014-10-12] () [File not signed]
U5 mfebopk; C:\Windows\System32\Drivers\mfebopk.sys [0 2014-10-12] () [File not signed]
U5 mfeelamk; C:\Windows\System32\Drivers\mfeelamk.sys [0 2014-10-12] () [File not signed]
U5 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [0 2014-10-12] () [File not signed]
U5 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [0 2014-10-12] () [File not signed]
U5 mfencbdc; C:\Windows\System32\Drivers\mfencbdc.sys [0 2014-10-12] () [File not signed]
U5 mfencrk; C:\Windows\System32\Drivers\mfencrk.sys [0 2014-10-12] () [File not signed]
U5 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [0 2014-10-12] () [File not signed]
U5 mscank; C:\Windows\System32\Drivers\mscank.sys [0 2014-10-12] () [File not signed]
U5 netfilter; C:\Windows\System32\Drivers\netfilter.sys [0 2014-10-10] () [File not signed]
U5 NETFLTDI; C:\Windows\System32\Drivers\NETFLTDI.sys [0 2014-10-12] () [File not signed]
U5 nnetsec; C:\Windows\System32\Drivers\nnetsec.sys [0 2014-10-12] () [File not signed]
U5 NNSALPC; C:\Windows\System32\Drivers\NNSALPC.sys [0 2014-10-12] () [File not signed]
U5 NNSHTTP; C:\Windows\System32\Drivers\NNSHTTP.sys [0 2014-10-12] () [File not signed]
U5 NNSHTTPS; C:\Windows\System32\Drivers\NNSHTTPS.sys [0 2014-10-12] () [File not signed]
U5 NNSIDS; C:\Windows\System32\Drivers\NNSIDS.sys [0 2014-10-12] () [File not signed]
U5 NNSNAHS; C:\Windows\System32\Drivers\NNSNAHS.sys [0 2014-10-12] () [File not signed]
U5 NNSNAHSL; C:\Windows\System32\Drivers\NNSNAHSL.sys [0 2014-10-12] () [File not signed]
U5 NNSPICC; C:\Windows\System32\Drivers\NNSPICC.sys [0 2014-10-12] () [File not signed]
U5 NNSPIHS; C:\Windows\System32\Drivers\NNSPIHS.sys [0 2014-10-12] () [File not signed]
U5 NNSPIHSW; C:\Windows\System32\Drivers\NNSPIHSW.sys [0 2014-10-12] () [File not signed]
U5 NNSPOP3; C:\Windows\System32\Drivers\NNSPOP3.sys [0 2014-10-12] () [File not signed]
U5 NNSPROT; C:\Windows\System32\Drivers\NNSPROT.sys [0 2014-10-12] () [File not signed]
U5 NNSPRV; C:\Windows\System32\Drivers\NNSPRV.sys [0 2014-10-12] () [File not signed]
U5 NNSSMTP; C:\Windows\System32\Drivers\NNSSMTP.sys [0 2014-10-12] () [File not signed]
U5 NNSSTRM; C:\Windows\System32\Drivers\NNSSTRM.sys [0 2014-10-12] () [File not signed]
U5 NNSTLSC; C:\Windows\System32\Drivers\NNSTLSC.sys [0 2014-10-12] () [File not signed]
U5 OAmon; C:\Windows\System32\Drivers\OAmon.sys [0 2014-10-12] () [File not signed]
U5 OAnet; C:\Windows\System32\Drivers\OAnet.sys [0 2014-10-12] () [File not signed]
U5 pavboot; C:\Windows\System32\Drivers\pavboot.sys [0 2014-10-12] () [File not signed]
U5 PavProc; C:\Windows\System32\Drivers\PavProc.sys [0 2014-10-12] () [File not signed]
U5 PSINAflt; C:\Windows\System32\Drivers\PSINAflt.sys [0 2014-10-12] () [File not signed]
U5 PSINFile; C:\Windows\System32\Drivers\PSINFile.sys [0 2014-10-12] () [File not signed]
U5 PSINKNC; C:\Windows\System32\Drivers\PSINKNC.sys [0 2014-10-12] () [File not signed]
U5 PSINProc; C:\Windows\System32\Drivers\PSINProc.sys [0 2014-10-12] () [File not signed]
U5 PSINProt; C:\Windows\System32\Drivers\PSINProt.sys [0 2014-10-12] () [File not signed]
U5 PSINReg; C:\Windows\System32\Drivers\PSINReg.sys [0 2014-10-12] () [File not signed]
U5 PSKMAD; C:\Windows\System32\Drivers\PSKMAD.sys [0 2014-10-12] () [File not signed]
U5 qutmipc; C:\Windows\System32\Drivers\qutmipc.sys [0 2014-10-12] () [File not signed]
U5 SandBox; C:\Windows\System32\Drivers\SandBox.sys [0 2014-10-12] () [File not signed]
U5 SAVOnAccess; C:\Windows\System32\Drivers\SAVOnAccess.sys [0 2014-10-12] () [File not signed]
U5 SAVOnAccessControl; C:\Windows\System32\Drivers\SAVOnAccessControl.sys [0 2014-10-12] () <===== ATTENTION Necurs Rootkit?
U5 SAVOnAccessFilter; C:\Windows\System32\Drivers\SAVOnAccessFilter.sys [0 2014-10-12] () <===== ATTENTION Necurs Rootkit?
U5 sbaphd; C:\Windows\System32\Drivers\sbaphd.sys [0 2014-10-12] () [File not signed]
U5 sbapifs; C:\Windows\System32\Drivers\sbapifs.sys [0 2014-10-12] () [File not signed]
U5 SbFw; C:\Windows\System32\Drivers\SbFw.sys [0 2014-10-12] () [File not signed]
U5 sbhips; C:\Windows\System32\Drivers\sbhips.sys [0 2014-10-12] () [File not signed]
U5 sbtis; C:\Windows\System32\Drivers\sbtis.sys [0 2014-10-12] () [File not signed]
U5 sbwtis; C:\Windows\System32\Drivers\sbwtis.sys [0 2014-10-12] () [File not signed]
U5 scfdriver; C:\Windows\System32\Drivers\scfdriver.sys [0 2014-10-12] () [File not signed]
U5 scfndis; C:\Windows\System32\Drivers\scfndis.sys [0 2014-10-12] () [File not signed]
U5 ShldFlt; C:\Windows\System32\Drivers\ShldFlt.sys [0 2014-10-12] () [File not signed]
U5 SKMScan; C:\Windows\System32\Drivers\SKMScan.sys [0 2014-10-12] () [File not signed]
U5 SophosBootDriver; C:\Windows\System32\Drivers\SophosBootDriver.sys [0 2014-10-12] () <===== ATTENTION Necurs Rootkit?
U5 SpiderG3; C:\Windows\System32\Drivers\SpiderG3.sys [0 2014-10-12] () [File not signed]
U5 ssmdrv; C:\Windows\System32\Drivers\ssmdrv.sys [0 2014-10-12] () [File not signed]
U5 SymEvent; C:\Windows\System32\Drivers\SymEvent.sys [0 2014-10-12] () [File not signed]
U5 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [0 2014-10-12] () [File not signed]
U5 tdifw; C:\Windows\System32\Drivers\tdifw.sys [0 2014-10-12] () [File not signed]
U5 tdi_nf; C:\Windows\System32\Drivers\tdi_nf.sys [0 2014-10-12] () [File not signed]
U5 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [0 2014-10-12] () [File not signed]
U5 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [0 2014-10-12] () [File not signed]
U5 tmeevw; C:\Windows\System32\Drivers\tmeevw.sys [0 2014-10-12] () [File not signed]
U5 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [0 2014-10-12] () [File not signed]
U5 tmnciesc; C:\Windows\System32\Drivers\tmnciesc.sys [0 2014-10-12] () [File not signed]
U5 tmusa; C:\Windows\System32\Drivers\tmusa.sys [0 2014-10-12] () [File not signed]
U5 tpdevflt; C:\Windows\System32\Drivers\tpdevflt.sys [0 2014-10-12] () [File not signed]
U5 tpsec; C:\Windows\System32\Drivers\tpsec.sys [0 2014-10-12] () [File not signed]
U5 trufos; C:\Windows\System32\Drivers\trufos.sys [0 2014-10-12] () [File not signed]
U5 TS4NT; C:\Windows\System32\Drivers\TS4NT.sys [0 2014-10-12] () [File not signed]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-02-18] () [File not signed]
U5 v3engine; C:\Windows\System32\Drivers\v3engine.sys [0 2014-10-12] () [File not signed]
U5 VBEngNT; C:\Windows\System32\Drivers\VBEngNT.sys [0 2014-10-12] () [File not signed]
U5 Vsdatant; C:\Windows\System32\Drivers\Vsdatant.sys [0 2014-10-12] () [File not signed]
U5 webssx; C:\Windows\System32\Drivers\webssx.sys [0 2014-10-12] () [File not signed]
U5 WNMFLT; C:\Windows\System32\Drivers\WNMFLT.sys [0 2014-10-12] () [File not signed]
U5 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [0 2014-10-12] () [File not signed]
U5 wsnf; C:\Windows\System32\Drivers\wsnf.sys [0 2014-10-12] () [File not signed]
U5 wstif; C:\Windows\System32\Drivers\wstif.sys [0 2014-10-12] () [File not signed]
U3 agmpxa7m; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 11:00 - 2014-10-14 11:00 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\7AC25C73.sys
2014-10-14 08:17 - 2014-10-14 08:17 - 00000000 ____H () C:\Documents and Settings\All Users\Application Data\cm-lock
2014-10-13 02:03 - 2014-10-14 10:59 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4232604E.sys
2014-10-13 02:03 - 2014-10-13 02:03 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\7D44203F.sys
2014-10-12 03:30 - 2014-10-14 12:18 - 00000000 ____D () C:\FRST
2014-10-12 03:26 - 2014-10-12 03:26 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ehdrv.sys
2014-10-12 03:26 - 2014-10-12 03:26 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\eamon.sys
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Zillya Internet Security
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Zillya Antivirus
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\WRData
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\WinRoute Pro
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Windows Defender
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Winalysis
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Webroot
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\VIPRE
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Vba32
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\UnThreat AntiVirus
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\UnThreat
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\TrustPort
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\TrojanHunter 5.5
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\TrojanHunter
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Trend Micro
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\TotalDefense
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Total Defense
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Symantec AntiVirus
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\StopSign
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\SpyShelter Premium
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\SpyShelter
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Spybot - Search & Destroy 2
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Spybot - Search & Destroy
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Sophos
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Rising
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Quick Heal
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\PSafe
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Proland Software
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Proland
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\PC Tools Security
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\pandasecuritytb
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Panda Security URL Filtering
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Panda Security
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Padvish Antivirus
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\OnlineArmor
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Online Armor
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Norton Internet Security
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Norton AntiVirus
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Norton 360
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Norman
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\nanolsp
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\nanoav
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\NANO Antivirus
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\mks_vir_9
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\MicroWorld
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Microsoft Security Client
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\McAfeeMOBK
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\McAfee.com
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\McAfee Security Scan
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\McAfee
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Malwarebytes' Anti-Malware
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Malwarebytes
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Malware Defender
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Lavasoft
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Kerio
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Kaspersky Lab
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\K7 Computing
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Jetico
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\IObit
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\IKARUS
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\GFI
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\G DATA Software
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\G Data
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\F-Secure
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\FRISK Software
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Fortego Security
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Filseclab
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\ESET
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\eScan
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Emsisoft Anti-Malware
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\eAcceleration
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\DrWeb Enterprise Suite
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\DrWeb
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Doctor Web
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Comodo Downloader
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\COMODO
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\ClamWin
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\CheckPoint
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\CA
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\BullGuard Ltd
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\BullGuard
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\BitGuard
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Bitdefender
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Baidu Security
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Avira
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\AVG Nation toolbar
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\AVG
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\AVAST Software
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Avanquest
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Arcabit
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\AntiVirus
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Alwil Software
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\AhnLab
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Agnitum
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Acceleration Software
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\360SD
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\360
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\.clamwin
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Zillya Internet Security
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Zillya Antivirus
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\WRData
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\WinRoute Pro
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Windows Defender
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Winalysis
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Webroot
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\VIPRE
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Vba32
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\UnThreat AntiVirus
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\UnThreat
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\TrustPort
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\TrojanHunter 5.5
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\TrojanHunter
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Trend Micro
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\TotalDefense
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Total Defense
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Symantec AntiVirus
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\StopSign
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\SpyShelter Premium
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\SpyShelter
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Sophos
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Rising
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Quick Heal
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\PSafe
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Proland Software
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Proland
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\PC Tools Security
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\pandasecuritytb
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Panda Security
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Padvish Antivirus
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\OnlineArmor
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Online Armor
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Norton Internet Security
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Norton AntiVirus
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Norton 360
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Norman
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\nanolsp
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\nanoav
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\NANO Antivirus
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\mks_vir_9
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\MicroWorld
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Microsoft Security Client
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\McAfeeMOBK
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\McAfee.com
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\McAfee
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Malware
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Malware Defender
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Kerio
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\K7 Computing
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Jetico
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\IObit
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\IKARUS
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\GFI
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\G DATA Software
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\G Data
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\F-Secure
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\FRISK Software
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Fortego Security
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Filseclab
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\ESET
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\eScan
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Emsisoft Anti-Malware
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\eAcceleration
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\DrWeb Enterprise Suite
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\DrWeb
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Doctor Web
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\COMODO
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\ClamWin
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\CA
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\BullGuard Ltd
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\BullGuard
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\BitGuard
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Bitdefender
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Baidu Security
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Avira
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\AVG Nation toolbar
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\AVG
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Avanquest
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Arcabit
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\AntiVirus
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Alwil Software
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\AhnLab
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Agnitum
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\Acceleration Software
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\360SD
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\360
2014-10-12 03:25 - 2014-10-14 08:16 - 00000000 __RSH () C:\Documents and Settings\All Users\Application Data\.clamwin
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\wstif.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\wsnf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\WRkrn.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\wnmflt64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\wnmflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\WGX64.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\webssx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\vsdatant.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\VBEngNT.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\v3engine.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\TS4nt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\Trufos.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tpsec.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tpdevflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tmusa.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tmnciesc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tmevtmgr.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tmeevw.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\TMEBC64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\TMEBC32.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tmcomm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tmactmon.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\Teefer.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tdifw.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\tdi_nf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\SysPlant.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ssmdrv.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\spiderg3.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\SophosBootDriver.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\skmscan.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ShlDrv51.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ShldFlt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\scfndis.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\scfdriver.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\sbwtis.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\sbtis.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\sbhips.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\SbFwIm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\SbFw.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\sbapifs.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\sbaphd.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\savonaccessfilter.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\savonaccesscontrol.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\savonaccess.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\SandBox64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\SandBox.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\qutmipc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\qutmdrv.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PSKMAD.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PSINReg.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PSINProt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PSINProc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PSINKNC.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PSINFile.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PSINAflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\protreg.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PktIcpt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pctwfpfilter64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PCTSD64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pctplsm64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pctplsg64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pctgntdi64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pctEFA64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pctDS64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PCTCore64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pctBTFix64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PCTBD64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\PavProc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pavboot64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\pavboot.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\OAnet.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\OAmon.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\oahlp32.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\OADriver.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\nvcv64mf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NSNetmon.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NSKernel.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\npf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNStlsc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSStrm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSSmtp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSPrv.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSProt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSPop3.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSPihsw.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSpihs.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSpicc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSNAHSL.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSNAHS.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSIds.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSHttps.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSHttp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NNSAlpc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\nnetsecl64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\nnetsecl.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\nnetsec.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NETTDI64.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\neti1644.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\n64i1644.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mwfsmflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mscank.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\MOBK.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\MiniIcpt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfewfpk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfencrk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfencbdc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfehidk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfefirek.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfeelamk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfeclnrk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfebopk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfeavfk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\mfeapfk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\McPvDrv.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\llio.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\kwfupper.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\kwflower.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\kvnet.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\kneps.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxStart.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxSbx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxFw.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxFilter.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxFile.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxCfg.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxCF.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxAMRT.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\KmxAgent.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\klwfp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\kltdi.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\klpd.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\klim6.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\klim5.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\klif.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\klhk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\klflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\klelam.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\kl2.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\kl1.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\K7TdiHlp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\K7Sentry.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\K7FWHlpr.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\K7FWFilt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\inspect.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\idsflt64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\idsflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\hvm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\HookTdi.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\Hooksys.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\hookport.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\HookHelp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\HookCentre.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\HipShieldK.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\gzflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ggc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\gfiutil.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\gfiark.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\gdwfpcd64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\gdwfpcd32.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\GDTdiIcpt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\GDNdisIc.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\gddcv64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\gddcd64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\GDBehave.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\fwcore.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\fsbts.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\FPAV_RTP.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\fnetmon.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\fnetm64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\epfwwfpr.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\epfwwfp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\epfwtdi.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\epfwndis.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\EpfwLWF.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\epfw.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\EMLTDI.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\efimon.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\edevmon.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\econceal.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\eamonm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\dwprot.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\dw_wfp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\dsaflt64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\dsaflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\DrWebLwf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\COMFiltr.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\cmdhlp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\cmdguard.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\cmderd.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\cfwids.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\CdmDrvNt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\catflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\Bprotect.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\Bhbase.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\Bfmon.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\Bfilter.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bdvedisk.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\BdSpy.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bdsnm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bdsflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bdsandbox.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\BdNet.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bdfsfltr.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\BdfNdisf6.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bdfndisf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bdelam.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\BdAgent.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bcftdi.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bcfsrm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bcfilter.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bc_tdi_f.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bc_prt_f.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bc_pat_f.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bc_ngn.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bc_ip_f.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\bc_hash_f.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\BAPIDRV64.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\BAPIDRV.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avkmgr.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avipbb.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgwfpx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgwfpa.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgtdix.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgtdia.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgrkx86.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgrkx64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgmfx86.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgmfx64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avglogx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgloga.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgldx86.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgldx64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgidsshimx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgidsshimw8x.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgidshx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgidsha.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgidsdriverx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgfwdx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgfwd6x.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgfwd6a.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgdiskx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgdiska.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgbootx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avgboota.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avckf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avchv.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avc3.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\avasdmft.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswStm.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswSP.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswNdis2.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswNdis.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswMon2.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\arcawfp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\apsp.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\APPFLT.SYS
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\apkhelper.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\AMonTDNt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\AMonTDLH.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\AMonLWLH.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\AMonHKNT.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\amm8660.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\amm8651.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\amm6460.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ale7_nf64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ale7_nf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ale_nf64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ale_nf.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\ahnsze.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\AhnRghNt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\AhnRec2k.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\AhnFlt2k.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\afwcore.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\afw.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\abp470n5.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\abndis.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\Aavmker4.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360SelfProtection.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360FsFlt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360Camera64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360Camera.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360Box64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360Box.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360AvFlt.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360AntiHacker64.sys
2014-10-12 03:25 - 2014-10-12 03:25 - 00000000 _RSHD () C:\WINDOWS\system32\Drivers\360AntiHacker.sys
2014-10-12 02:24 - 2014-10-13 02:00 - 00000512 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 8cd658d0-07e7-4655-9a07-af658958c9ef.job
2014-10-12 02:15 - 2014-10-12 02:15 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\ESET
2014-10-12 01:13 - 2014-10-12 01:13 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
2014-10-12 00:45 - 2014-10-12 00:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2014-10-11 22:31 - 2014-10-11 22:38 - 00000000 ____D () C:\Documents and Settings\All Users\Kaspersky Lab Setup Files
2014-10-11 21:59 - 2014-10-11 21:59 - 00001919 _____ () C:\WINDOWS\epplauncher.mif
2014-10-11 21:59 - 2014-10-11 21:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2014-10-11 19:51 - 2014-10-11 20:10 - 00000945 _____ () C:\Documents and Settings\All Users\Desktop\herdProtect.lnk
2014-10-11 19:51 - 2014-10-11 19:51 - 00000000 ____D () C:\Program Files\Reason
2014-10-11 19:51 - 2014-10-11 19:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\herdProtect
2014-10-11 17:54 - 2014-10-11 18:04 - 00000013 _____ () C:\Documents and Settings\Administrator\Desktop\New Text Document.txt
2014-10-11 17:42 - 2014-10-11 17:42 - 00000000 ____D () C:\Program Files\Windows Resource Kits
2014-10-11 17:21 - 2014-10-11 17:21 - 00060408 _____ () C:\Documents and Settings\Administrator\Desktop\regscanner.zip
2014-10-11 16:05 - 2014-10-11 16:05 - 00014215 _____ () C:\WINDOWS\KB942288-v3.log
2014-10-11 16:05 - 2014-10-11 16:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-10-11 16:05 - 2007-11-30 05:39 - 00017272 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2014-10-11 15:57 - 2014-10-11 15:57 - 00011348 _____ () C:\Documents and Settings\Administrator\Desktop\safemsi.zip
2014-10-11 15:57 - 2014-10-11 15:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\safemsi
2014-10-11 15:44 - 2014-10-11 15:44 - 00001153 _____ () C:\Documents and Settings\Administrator\Desktop\fix2.zip
2014-10-11 15:44 - 2014-10-11 15:44 - 00000397 _____ () C:\Documents and Settings\Administrator\Desktop\fix1.zip
2014-10-11 14:51 - 2014-10-13 02:02 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\09AA0966.sys
2014-10-11 14:31 - 2014-10-11 14:46 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-10-11 14:28 - 2014-10-14 12:16 - 00000512 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 0f52ea52-8cab-4639-a9b7-5137eda1d326.job
2014-10-11 13:28 - 2014-10-11 13:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-11 13:28 - 2014-10-11 13:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-10-11 13:28 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-11 13:28 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-11 12:36 - 2014-10-11 12:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2014-10-11 12:16 - 2014-10-11 12:16 - 00001684 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2014-10-11 12:16 - 2014-10-11 12:16 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Application Data\SUPERAntiSpyware.com
2014-10-11 12:16 - 2014-10-11 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-10-11 12:15 - 2014-10-14 12:16 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-11 12:15 - 2014-10-11 12:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-10-11 02:40 - 2014-10-12 03:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-10-11 02:40 - 2014-10-11 02:40 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-10-11 02:40 - 2014-10-11 02:40 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-10-11 02:40 - 2014-10-11 02:40 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-10-11 02:40 - 2014-10-11 02:40 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-10-11 02:40 - 2014-10-11 02:40 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-10-11 02:40 - 2014-10-11 02:40 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-10-11 02:40 - 2014-10-11 02:40 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-10-11 02:31 - 2014-10-11 02:31 - 00000000 _RSHD () C:\cmdcons
2014-10-11 02:31 - 2014-08-26 14:30 - 00000245 _____ () C:\Boot.bak
2014-10-11 02:31 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-10-11 02:29 - 2014-10-11 02:46 - 00000000 ____D () C:\WINDOWS\erdnt
2014-10-11 02:29 - 2014-10-11 02:46 - 00000000 ____D () C:\ComboFix
2014-10-11 02:29 - 2014-10-11 02:39 - 00000000 ____D () C:\Qoobox
2014-10-11 02:29 - 2011-06-26 09:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-10-11 02:29 - 2010-11-07 20:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-10-11 02:29 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-10-11 02:29 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-10-11 02:29 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-10-11 02:29 - 2000-08-31 03:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-10-11 02:29 - 2000-08-31 03:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-10-11 02:29 - 2000-08-31 03:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-10-11 02:29 - 2000-08-31 03:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-10-11 01:30 - 2014-10-11 01:31 - 00004478 _____ () C:\Documents and Settings\SomeNewUser\Desktop\Rkill.txt
2014-10-11 00:09 - 2014-10-11 00:09 - 00001981 _____ () C:\Documents and Settings\SomeNewUser\Desktop\SpyHunter.lnk
2014-10-11 00:09 - 2014-10-11 00:09 - 00000000 ____D () C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-10-11 00:09 - 2014-10-11 00:09 - 00000000 ____D () C:\sh4ldr
2014-10-11 00:09 - 2014-10-11 00:09 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-11 00:09 - 2014-10-11 00:09 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-11 00:09 - 2014-10-11 00:09 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Start Menu\Programs\SpyHunter
2014-10-11 00:02 - 2014-10-11 00:02 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-10-11 00:02 - 2014-10-11 00:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-10-10 23:52 - 2014-10-10 23:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-10-10 23:51 - 2014-10-10 23:51 - 00001234 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
2014-10-10 23:50 - 2014-10-10 23:50 - 00000773 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-10-10 23:50 - 2014-10-10 23:50 - 00000744 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2014-10-10 23:50 - 2008-04-14 15:00 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2014-10-10 23:49 - 2014-10-10 23:49 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-10 23:25 - 2014-10-10 23:44 - 00000000 ____D () C:\AdwCleaner
2014-10-10 23:16 - 2014-10-12 03:25 - 00000000 ___SH () C:\WINDOWS\VZT6nsdX.txt
2014-10-10 23:16 - 2014-10-10 23:16 - 00000000 ____D () C:\WINDOWS\system32\Drivers\netfilter.sys
2014-10-10 22:05 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Common Files\TrustPort
2014-10-10 22:05 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Common Files\Panda Security
2014-10-10 22:05 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Common Files\MicroWorld
2014-10-10 22:05 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Common Files\McAfee
2014-10-10 22:05 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Common Files\InfoWatch
2014-10-10 22:05 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Common Files\G Data
2014-10-10 22:05 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Common Files\eAcceleration
2014-10-10 22:05 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Common Files\Doctor Web
2014-10-10 22:05 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Common Files\BullGuard Ltd
2014-10-10 22:05 - 2014-10-14 08:16 - 00000000 __RSH () C:\Program Files\Common Files\Bitdefender
2014-10-10 21:54 - 2014-10-14 08:16 - 00000330 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-10-10 21:49 - 2014-10-11 13:28 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-10 13:54 - 2014-10-10 23:55 - 00000855 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.conf
2014-10-10 13:54 - 2014-10-10 23:21 - 00000000 __SHD () C:\Documents and Settings\SomeNewUser\Application Data\vT2Tj2gpD7Y
2014-10-10 13:54 - 2014-10-10 13:54 - 00000000 ___SH () C:\WINDOWS\PsfjH4KN.txt
2014-10-10 13:54 - 2014-10-10 13:54 - 00000000 ___SH () C:\WINDOWS\F5Ws94kb.txt
2014-10-10 13:50 - 2014-10-10 09:30 - 00002048 _____ () C:\WINDOWS\bootstat2.dat
2014-10-02 13:48 - 2014-10-02 13:48 - 00000097 _____ () C:\New Text Document (2).txt
2014-09-29 22:00 - 2014-09-29 22:00 - 00000730 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-09-25 12:54 - 2014-09-25 12:54 - 00000672 _____ () C:\Documents and Settings\SomeNewUser\Desktop\Core FTP LE.lnk
2014-09-25 12:54 - 2014-09-25 12:54 - 00000000 ____D () C:\Program Files\CoreFTP
2014-09-25 12:54 - 2014-09-25 12:54 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Start Menu\Programs\Core FTP
2014-09-19 15:08 - 2014-09-19 15:34 - 00009980 _____ () C:\Documents and Settings\SomeNewUser\Desktop\G.Popovci - 10.15.1.29.backup
2014-09-16 16:32 - 2014-09-16 16:32 - 00000000 ___RD () C:\Program Files\Skype
2014-09-16 16:32 - 2014-09-16 16:32 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-16 16:32 - 2014-09-16 16:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-09-15 23:07 - 2014-09-15 23:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-14 12:19 - 2012-07-25 02:07 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Local Settings\Temp
2014-10-14 11:47 - 2012-07-25 13:26 - 00002497 _____ () C:\Documents and Settings\SomeNewUser\Desktop\Microsoft Office Word 2003.lnk
2014-10-14 11:35 - 2012-08-28 17:29 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-14 11:23 - 2012-07-25 17:14 - 00001082 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-1801674531-1003UA.job
2014-10-14 08:22 - 2012-07-25 02:03 - 00461157 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-14 08:18 - 2012-10-28 13:22 - 00860203 _____ () C:\WINDOWS\error.log
2014-10-14 08:18 - 2008-04-14 15:00 - 00001068 _____ () C:\WINDOWS\win.ini
2014-10-14 08:17 - 2012-07-25 04:53 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-10-14 08:16 - 2012-10-28 13:22 - 00016766 _____ () C:\WINDOWS\errord.log
2014-10-14 08:16 - 2012-08-28 17:29 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-14 08:16 - 2012-07-25 04:53 - 00000053 ____C () C:\WINDOWS\wiaservc.log
2014-10-14 08:16 - 2012-07-25 02:07 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-14 01:03 - 2012-07-25 02:07 - 00032440 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-14 01:03 - 2012-07-25 02:07 - 00000278 ___SH () C:\Documents and Settings\SomeNewUser\ntuser.ini
2014-10-14 01:02 - 2013-12-29 03:20 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Application Data\BitTorrent
2014-10-14 01:02 - 2012-07-25 02:07 - 00000000 ____D () C:\Documents and Settings\SomeNewUser
2014-10-14 00:18 - 2012-07-25 13:07 - 00000600 _____ () C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\PUTTY.RND
2014-10-13 23:34 - 2012-07-25 17:08 - 00000000 ____D () C:\Program Files\The KMPlayer
2014-10-13 23:30 - 2014-03-07 04:29 - 00000000 ____D () C:\New Movies - Neobraboteni
2014-10-13 23:23 - 2012-07-25 17:14 - 00001030 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-1801674531-1003Core.job
2014-10-13 16:25 - 2012-07-25 18:29 - 00000000 ____D () C:\Program Files\GetRight
2014-10-13 13:14 - 2014-03-03 19:17 - 00008097 _____ () C:\Documents and Settings\SomeNewUser\Desktop\Mihail Zadornov.txt
2014-10-13 12:50 - 2014-04-21 01:06 - 00000000 ____D () C:\New Folder
2014-10-13 03:33 - 2012-07-26 12:37 - 00000178 __SHC () C:\Documents and Settings\Administrator\ntuser.ini
2014-10-13 03:33 - 2012-07-26 12:37 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-10-13 03:05 - 2012-07-26 02:35 - 00061952 _____ () C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-13 03:05 - 2012-07-26 00:07 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-10-12 16:37 - 2012-07-26 11:39 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-10-12 16:31 - 2012-09-26 12:50 - 00063089 _____ () C:\Osigurovki - Mitko.txt
2014-10-12 03:29 - 2012-07-25 02:02 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-10-12 02:17 - 2012-10-05 23:41 - 00000000 ____D () C:\Program Files\Cheat Engine
2014-10-12 02:17 - 2012-07-25 12:48 - 00000000 ____D () C:\Installs
2014-10-12 00:36 - 2012-07-25 04:51 - 00172439 _____ () C:\WINDOWS\setupapi.log
2014-10-11 22:48 - 2013-12-29 03:21 - 00000823 _____ () C:\Documents and Settings\SomeNewUser\Desktop\BitTorrent.lnk
2014-10-11 22:41 - 2012-11-14 01:26 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-10-11 22:41 - 2012-07-25 02:04 - 00002577 _____ () C:\WINDOWS\system32\CONFIG.NT
2014-10-11 21:59 - 2008-04-14 15:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-11 18:03 - 2012-07-25 04:52 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-11 16:05 - 2012-07-25 04:52 - 00068219 ____C () C:\WINDOWS\iis6.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00030088 ____C () C:\WINDOWS\FaxSetup.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00023640 ____C () C:\WINDOWS\ocgen.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00021922 ____C () C:\WINDOWS\comsetup.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00019266 ____C () C:\WINDOWS\tsoc.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00015592 ____C () C:\WINDOWS\msmqinst.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00011613 ____C () C:\WINDOWS\ntdtcsetup.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00006039 ____C () C:\WINDOWS\netfxocm.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00002762 ____C () C:\WINDOWS\MedCtrOC.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00002185 ____C () C:\WINDOWS\tabletoc.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00001911 ____C () C:\WINDOWS\ocmsn.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00001798 ____C () C:\WINDOWS\msgsocm.log
2014-10-11 16:05 - 2012-07-25 04:52 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-10-11 16:05 - 2012-07-25 04:43 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-10-11 15:46 - 2014-01-13 15:53 - 00006238 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-10-11 15:21 - 2014-02-25 21:19 - 00000000 __SHD () C:\WINDOWS\CSC
2014-10-11 13:28 - 2014-09-07 19:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-11 11:39 - 2012-11-14 12:43 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-10-11 02:43 - 2008-04-14 15:00 - 00000435 _____ () C:\WINDOWS\system.ini
2014-10-11 02:41 - 2012-07-25 04:51 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-10-11 02:41 - 2012-07-25 04:51 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-10-11 02:41 - 2012-07-25 04:50 - 28311552 _____ () C:\WINDOWS\system32\config\software.bak
2014-10-11 02:41 - 2012-07-25 04:50 - 09961472 _____ () C:\WINDOWS\system32\config\system.bak
2014-10-11 02:41 - 2012-07-25 04:50 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2014-10-11 02:31 - 2012-07-25 04:50 - 00000355 __RSH () C:\boot.ini
2014-10-11 00:27 - 2012-07-25 02:07 - 00001605 _____ () C:\Documents and Settings\SomeNewUser\Start Menu\Programs\Remote Assistance.lnk
2014-10-11 00:27 - 2012-07-25 02:04 - 00001605 ____C () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2014-10-11 00:20 - 2012-11-10 01:49 - 00000000 ____D () C:\Documents and Settings\All Users\Local Settings\Temp
2014-10-11 00:15 - 2012-07-25 02:04 - 00001513 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-10-11 00:14 - 2012-07-26 12:37 - 00001605 ____C () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-10-10 23:50 - 2012-07-26 12:37 - 00000798 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-10-10 23:50 - 2012-07-26 12:37 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-10-10 23:50 - 2012-07-25 02:01 - 00005832 ____C () C:\WINDOWS\wmsetup.log
2014-10-10 22:39 - 2012-07-25 04:51 - 00188301 _____ () C:\WINDOWS\setupact.log
2014-10-10 21:48 - 2012-07-26 15:00 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Local Settings\Application Data\Ashampoo
2014-10-10 13:53 - 2013-04-12 15:45 - 00000000 ____D () C:\Program Files\Adobe
2014-10-10 13:53 - 2012-07-25 02:02 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2014-10-10 09:30 - 2012-11-14 14:55 - 00187010 _____ () C:\aaw7boot.log
2014-10-09 23:13 - 2013-10-05 02:11 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Application Data\vlc
2014-10-09 18:52 - 2014-08-26 11:59 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Application Data\.ACEStream
2014-10-09 18:51 - 2012-07-25 13:26 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Application Data\Skype
2014-10-09 15:52 - 2012-07-26 11:27 - 00000000 ____D () C:\Program Files\ICQ
2014-10-09 15:26 - 2012-07-25 13:25 - 00002495 _____ () C:\Documents and Settings\SomeNewUser\Desktop\Microsoft Office Excel 2003.lnk
2014-10-08 10:39 - 2012-07-25 18:40 - 00000041 _____ () C:\WINDOWS\crw.ini
2014-10-07 01:21 - 2012-07-25 18:12 - 00002397 _____ () C:\Documents and Settings\All Users\Desktop\ACDSee 5.0.lnk
2014-09-30 09:01 - 2012-07-25 12:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-29 22:00 - 2014-08-30 13:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-29 22:00 - 2012-07-25 12:04 - 00000736 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-28 00:55 - 2012-10-25 19:54 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Application Data\CoreFTP
2014-09-17 14:00 - 2014-07-07 21:16 - 00000000 ____D () C:\Documents and Settings\SomeNewUser\Desktop\Config files - Routers
2014-09-16 16:32 - 2012-07-25 13:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-09-15 23:07 - 2014-02-09 12:06 - 00000821 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 9.lnk

Some content of TEMP:
====================
C:\Documents and Settings\SomeNewUser\Local Settings\Temp\rtdrvmon.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

And Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-10-2014 01
Ran by SomeNewUser at 2014-10-14 12:19:37
Running from L:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 7.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 1.8.5 - )
3Com TFTP Server (HKLM\...\{155940A6-F4CF-434F-BBFD-A26A4E3D02C0}) (Version: 1.05 - 3Com)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
ACDSee 5.0 Standard (HKLM\...\{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}) (Version: 5.0.0 - ACD Systems Ltd)
Ace Stream Media 2.2.10-next (HKCU\...\AceStream) (Version: 2.2.10-next - Ace Stream Media)
Acronis Disk Director Suite (HKLM\...\{2300EE96-0A41-4FAB-BD03-989EC44577A0}) (Version: 10.0.2117 - Acronis)
Adobe Reader XI (11.0.02) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Apache HTTP Server 2.0.58 (HKLM\...\{3A862C7D-0504-48BC-AEF8-7F7479C7C158}) (Version: 2.0.58 - Apache Software Foundation)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros

Communications Inc.)
Avant Browser (remove only) (HKLM\...\AvantBrowser) (Version: 12.0.0.0 - Avant Force)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30445 - BitTorrent Inc.)
Bulgarian BDS (2000,XP,2003,Vista,7,2008) - Microinvest (HKLM\...\{67437C58-1E0A-40E0-915E-95DF37BB4196}) (Version: 1.0.3.40 - Microinvest Ltd.)
Bulgarian PHO (2000,XP,2003,Vista,7,2008) - Microinvest (HKLM\...\{B263EA04-647B-4F01-B528-936E87ABA8A6}) (Version: 1.0.3.40 - Microinvest Ltd.)
Cantennator 1.0 (HKLM\...\Cantennator_is1) (Version: - Island Limited)
CDex extraction audio (HKLM\...\CDex) (Version: - )
Cheat Engine 5.5 (HKLM\...\Cheat Engine 5.5_is1) (Version: - Dark Byte)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
Core FTP LE (HKLM\...\CoreFTP) (Version: - )
CrystalDiskMark 3.0.1c (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.1c - Crystal Dew World)
CSV to vCard (HKLM\...\{B9DCBBD4-20F5-424B-9C56-FFF62BE71CD7}_is1) (Version: - csvtovcard.com)
Decal Converter (HKLM\...\{5BB207D6-0E1E-11D5-9B6A-00C04F7EC248}) (Version: - )
Doro 1.42 (HKLM\...\Doro_is1) (Version: - CompSoft)
EasyCleanBG (HKLM\...\EasyCleanBG) (Version: - )
ESET NOD32 Antivirus (HKLM\...\{006B8604-097D-47F5-9590-6F43F94B9279}) (Version: 7.0.317.4 - ESET, spol s r. o.)
Eternal-WoW! Launcher (HKCU\...\1b3fd9835e4d92e9) (Version: 2.0.2.20 - Eternal-WoW!)
Ethereal 0.99.0 (HKLM\...\Ethereal) (Version: 0.99.0 - The Ethereal developer community, http://www.ethereal.com)
FlexType 2K (HKLM\...\FlexType 2K) (Version: - )
FlexWord 2K (HKLM\...\FlexWord 2K) (Version: - )
Foxit Reader 5.1 (HKLM\...\Foxit Reader_is1) (Version: 5.1.4.104 - Foxit Corporation)
Free YouTube Download version 3.2.18.1128 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.18.1128 - DVDVideoSoft Ltd.)
GetDataBack for NTFS (HKLM\...\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}) (Version: 4.24.000 - Runtime Software)
GetRight (HKLM\...\GetRight) (Version: - )
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
grepWin (HKLM\...\{AFDF754A-1694-4933-8E8F-58E97A525015}) (Version: 1.6.466 - Stefans Tools)
HD Tune Pro 5.00 (HKLM\...\HD Tune Pro_is1) (Version: - EFD Software)
HDD Health v2.1 Beta (HKLM\...\HDD Health_is1) (Version: - )
herdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
HP USB Key Utility (HKLM\...\HP USB Key Utility) (Version: - )
ICQ (HKLM\...\ICQ) (Version: - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iSlim 300X (HKLM\...\{7EF900F4-61A8-4D95-8A65-488D3BECA206}) (Version: 1.0.0.28 - )
ISO to USB (HKLM\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)
Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.01.0000 - Jasc Software Inc)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 40 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Java SE Development Kit 7 Update 51 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
Lexmark 1200 Series (HKLM\...\Lexmark 1200 Series) (Version: - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
marvell 61xx (HKLM\...\mv61xxDriver) (Version: 1.2.0.68 - Marvell)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM\...\{90510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft SMS Sender (HKLM\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
NVIDIA Control Panel 301.42 (Version: 301.42 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 301.42 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden
NVIDIA nView 136.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.27 - NVIDIA Corporation)
NVIDIA Performance (HKLM\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA Performance (Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (Version: 6.5 - NVIDIA Corporation) Hidden
Opera 12.02 (HKLM\...\Opera 12.02.1578) (Version: 12.02.1578 - Opera Software ASA)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.72 - ASUSTek)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Readon TV Movie Radio Player 7.6.0.0 (HKLM\...\{80074966-5231-428D-9AE7-B7D5D2DC3246}) (Version: 7.6.0 - Readon Technology)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5657 - Realtek Semiconductor Corp.)
Rename Master (HKLM\...\Rename Master_is1) (Version: - )
Revo Uninstaller Pro 2.5.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.8 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM\...\Rockstar Games Social Club) (Version: 1.0.9.5 - Rockstar Games)
Scavenger (HKLM\...\Scavenger_is1) (Version: - )
SeaTools for Windows (HKLM\...\SeaTools for Windows) (Version: - Seagate Technology)
SimpleTV 0.4.6 r (HKLM\...\{290A2821-B1F8-4565-B49A-25F349A5B5CB}_is1) (Version: - SergeyVS)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SMS Control Center Free (HKLM\...\{1EB31B96-CD37-45DC-B637-7D56BAE4D0D9}) (Version: 7.5.9.1 - KD Apps)
Socrates Personal 4.1 (HKLM\...\{9CD789E2-B7CE-11D5-B7E9-00A0C9449F99}) (Version: - )
SopCast 3.4.8 (HKLM\...\SopCast) (Version: 3.4.8 - www.sopcast.com)
SpyHunter (HKLM\...\{AF549236-6258-4AC6-A043-5B5B89C6EB61}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1032 - SUPERAntiSpyware.com)
SysTools SQL Recovery (HKLM\...\SysTools Access Recovery v3.1 - DEMO Version_is1) (Version: - )
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
TightVNC 1.3.10 (HKLM\...\TightVNC_is1) (Version: 1.3.10 - TightVNC Group)
Unlocker 1.8.0 (HKLM\...\Unlocker) (Version: 1.8.0 - Cedrick Collomb)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Where Is It? 3.20 (HKLM\...\Where Is It? 3.20) (Version: 3.20 - Robert Galle)
Winamp (remove only) (HKLM\...\Winamp) (Version: - )
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin

Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin

Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.124\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin

Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1957994488-1177238915-1801674531-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and

Settings\SomeNewUser\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll N (the data entry has 6 more characters).

==================== Restore Points =========================

12-10-2014 09:07:16 System Checkpoint
13-10-2014 11:10:06 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 15:00 - 2014-10-11 12:18 - 00000105 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1       www.getright.com
127.0.0.1       license.superantispyware.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-1801674531-1003Core.job => C:\Documents and Settings\SomeNewUser\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-1801674531-1003UA.job => C:\Documents and Settings\SomeNewUser\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 0f52ea52-8cab-4639-a9b7-5137eda1d326.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 8cd658d0-07e7-4655-9a07-af658958c9ef.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2014-02-11 14:07 - 2006-01-19 13:33 - 00078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXCZPP5C.dll
2006-02-18 14:28 - 2006-02-18 14:28 - 00009216 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-07-25 13:23 - 2000-12-13 00:55 - 00028672 _____ () C:\WINDOWS\system32\newdll.dll
2003-06-09 16:05 - 2003-06-09 16:05 - 00094636 _____ () C:\WINDOWS\dropcpyr.dll
2008-04-14 15:00 - 2008-04-14 15:00 - 01288192 _____ () C:\WINDOWS\system32\quartz.dll
2007-07-16 10:59 - 2007-07-16 10:59 - 00007680 _____ () C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll
2008-04-14 15:00 - 2008-04-14 15:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 15:00 - 2008-04-14 15:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2012-07-29 03:05 - 2000-12-30 12:39 - 00151552 _____ () C:\WINDOWS\Datecs\Flex2K.exe
2012-07-25 13:24 - 2001-10-22 15:50 - 00059904 _____ () C:\WINDOWS\Datecs\FlexWord2K\FlexWord2K.exe
2014-08-30 13:12 - 2014-09-24 08:09 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2012-07-25 02:17 - 2012-05-15 13:18 - 00357184 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\Temp:1
AlternateDataStreams: C:\WINDOWS\Temp:temp
AlternateDataStreams: C:\Documents and Settings\All Users\DRM:احتضان

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1957994488-1177238915-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
SomeNewUser (S-1-5-21-1957994488-1177238915-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\SomeNewUser
ASPNET (S-1-5-21-1957994488-1177238915-1801674531-1004 - Limited - Enabled)
Guest (S-1-5-21-1957994488-1177238915-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1957994488-1177238915-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1957994488-1177238915-1801674531-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2014 04:36:44 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: Microsoft.Workflow.Compiler, Version=4.0.0.0, Culture=neutral,

PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005

Error: (10/12/2014 04:36:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: Microsoft.Workflow.Compiler, Version=4.0.0.0, Culture=neutral,

PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005

Error: (10/12/2014 11:57:00 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe . Error code

= 0x80070005

Error: (10/12/2014 11:56:59 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe . Error code

= 0x80070005

Error: (10/12/2014 11:29:56 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe . Error code

= 0x80070005

Error: (10/12/2014 11:29:55 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe . Error code

= 0x80070005

Error: (10/12/2014 11:04:06 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe . Error code

= 0x80070005

Error: (10/12/2014 10:58:38 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe . Error code =

0x80070005

Error: (10/12/2014 10:58:37 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe . Error code =

0x80070005

Error: (10/12/2014 02:08:26 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe . Error code =

0x80070005

System errors:
=============
Error: (10/14/2014 10:59:49 AM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The MBAMScheduler Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Error: (10/14/2014 10:59:49 AM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The MBAMScheduler Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Error: (10/14/2014 10:59:49 AM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The MBAMScheduler Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Error: (10/14/2014 10:59:49 AM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The MBAMScheduler Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Error: (10/14/2014 10:59:49 AM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The MBAMProtector Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Error: (10/14/2014 08:17:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
69512100

Error: (10/14/2014 08:17:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BtXBar, WDM Crossbar service failed to start due to the following error:
%%2

Error: (10/14/2014 08:17:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BtTuner, WDM TV Tuner service failed to start due to the following error:
%%2

Error: (10/14/2014 08:17:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BtCap, WDM Video Capture service failed to start due to the following error:
%%1058

Error: (10/13/2014 08:30:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
69512100

Microsoft Office Sessions:
=========================
Error: (10/12/2014 04:36:44 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: Microsoft.Workflow.Compiler, Version=4.0.0.0, Culture=neutral,

PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005
Microsoft.Workflow.Compiler, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (10/12/2014 04:36:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: Microsoft.Workflow.Compiler, Version=4.0.0.0, Culture=neutral,

PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005
Microsoft.Workflow.Compiler, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (10/12/2014 11:57:00 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe . Error code

= 0x80070005
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe

Error: (10/12/2014 11:56:59 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe . Error code

= 0x80070005
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe

Error: (10/12/2014 11:29:56 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe . Error code

= 0x80070005
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

Error: (10/12/2014 11:29:55 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe . Error code

= 0x80070005
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

Error: (10/12/2014 11:04:06 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe . Error code

= 0x80070005
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

Error: (10/12/2014 10:58:38 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe . Error code =

0x80070005
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Error: (10/12/2014 10:58:37 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe . Error code =

0x80070005
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Error: (10/12/2014 02:08:26 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe . Error code =

0x80070005
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 54%
Total physical RAM: 2046.97 MB
Available physical RAM: 934.2 MB
Total Pagefile: 3939.02 MB
Available Pagefile: 3007.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.09 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:20 GB) (Free:2.89 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Games) (Fixed) (Total:40 GB) (Free:0.13 GB) NTFS
Drive e: (Data) (Fixed) (Total:150 GB) (Free:0.08 GB) NTFS
Drive k: (500GB-1) (Fixed) (Total:200 GB) (Free:0.11 GB) NTFS
Drive l: (500GB-2) (Fixed) (Total:265.76 GB) (Free:0.21 GB) NTFS
Drive o: (Debian) (Fixed) (Total:12 GB) (Free:0.15 GB) NTFS
Drive p: (BT3) (Fixed) (Total:10 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2CEB7248)
Partition 1: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=265.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 6036B098)
Partition 1: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=190.9 GB) - (Type=05)

==================== End Of Log ============================

#5
Naathim

Posted 14 October 2014 - 03:35 AM

GeekU Minion

Expert
4,568 posts

Finally? People are waiting for a couple of days... We are overwhelmed here with the amount of threads. The average time to reply is 2-3 days.

Do you have your Windows Installation DVD? I'd like to see a scan from the Recovery Environment.

#6
SomeNewUser

Posted 14 October 2014 - 04:24 AM

Member

Topic Starter
Member
30 posts

I did find one and try to enter in Recovery console, but after CD boot i get a blue screen with error:

0x0000007B (0xF78DA63C,0xC0000034,0x00000000,0x00000000)

Edited by SomeNewUser, 14 October 2014 - 06:52 AM.

#7
Naathim

Posted 14 October 2014 - 06:59 AM

GeekU Minion

Expert
4,568 posts

No, do not attempt it. I'll try to rework it from normal mode. I need some time to prepare a fix.

#8
Naathim

Posted 14 October 2014 - 08:20 AM

GeekU Minion

Expert
4,568 posts

Before we start I'd like to see an additional report.

Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

Right-click on randomly named icon and select Run as Administrator to start the tool.
It is very important that you do not use your computer while Gmer is running!
Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

When the pre-scan is completed, please do the following:

Please check in the Quick scan box.
Please uncheck the IAT/EAT and Show All.
Click Scan.
If you see a rootkit warning window click OK.
When the scan is finished, Save the results to your desktop as gmer.log.

Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

If you encounter any problems, try running GMER in Safe Mode.
If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.

#9
SomeNewUser

Posted 14 October 2014 - 10:01 AM

Member

Topic Starter
Member
30 posts

Thanks for your time.

Here is the log:

GMER 2.1.19357 - httpwww.gmer.net
Rootkit scan 2014-10-14 185851GMER 2.1.19357 - httpwww.gmer.net
Rootkit scan 2014-10-14 185851
Windows 5.1.2600 Service Pack 3 DeviceHarddisk1DR1 - DeviceScsimv61xx1Port1Path0Target0Lun0 ATA_____ rev.HPG7 232.89GB
Running d3v1cegw.exe; Driver CDOCUME~1ADMINI~1LOCALS~1Temppgddypow.sys

---- System - GMER 2.1 ----

SSDT            Lbd.sys (Boot DriverLavasoft AB)                                                                                      ZwCreateKey [0xB811887E]
SSDT            CProgram FilesEnigma Software GroupSpyHunteresgiguard.sys                                                     ZwCreateSection [0xA805F7EE]
SSDT            sptd.sys                                                                                                               ZwEnumerateKey [0xB7EC3FB2]
SSDT            sptd.sys                                                                                                               ZwEnumerateValueKey [0xB7EC4340]
SSDT            sptd.sys                                                                                                               ZwOpenKey [0xB7EBE0B0]
SSDT            CWINDOWSsystem32driversmbamchameleon.sys (Malwarebytes Chameleon Protection DriverMalwarebytes Corporation) ZwOpenProcess [0xB0B46ABA]
SSDT            CWINDOWSsystem32driversmbamchameleon.sys (Malwarebytes Chameleon Protection DriverMalwarebytes Corporation) ZwOpenThread [0xB0B46C2E]
SSDT            sptd.sys                                                                                                               ZwQueryKey [0xB7EC4418]
SSDT            sptd.sys                                                                                                               ZwQueryValueKey [0xB7EC4298]
SSDT            Lbd.sys (Boot DriverLavasoft AB)                                                                                      ZwSetValueKey [0xB8118BFE]
SSDT            CProgram FilesSUPERAntiSpywareSASKUTIL.SYS (SASKUTIL.SYSSUPERAdBlocker.com and SUPERAntiSpyware.com)          ZwTerminateProcess [0xAE6D7640]

Code            CWINDOWSsystem32driversmbamchameleon.sys (Malwarebytes Chameleon Protection DriverMalwarebytes Corporation) KeInsertQueueApc

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeInsertQueueApc                                                                                          804FC47A 5 Bytes JMP B0B47CA6 CWINDOWSsystem32driversmbamchameleon.sys (Malwarebytes Chameleon Protection DriverMalwarebytes Corporation)
               CWINDOWSsystem32driverssptd.sys                                                                                   The process cannot access the file because it is being used by another process.
.text           CWINDOWSsystem32DRIVERSnv4_mini.sys                                                                               section is writeable [0xB50193C0, 0x9B091A, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                  B4F9D8AC 5 Bytes JMP 887AA1C8
               System32Driversa3nqo9b8.SYS                                                                                          The system cannot find the path specified. !
               CDOCUME~1AndreyLOCALS~1Temppgddypob.sys                                                                          The system cannot find the path specified. !

---- User code sections - GMER 2.1 ----

.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] ntdll.dll!NtCreateFile                                              7C90D090 5 Bytes JMP 018DA210 CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] ntdll.dll!NtFlushBuffersFile                                        7C90D310 5 Bytes JMP 018BEB90 CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] ntdll.dll!NtQueryFullAttributesFile                                 7C90D790 5 Bytes JMP 018D9C70 CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] ntdll.dll!NtReadFile                                                7C90D9B0 5 Bytes JMP 018BEC80 CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] ntdll.dll!NtReadFileScatter                                         7C90D9C0 5 Bytes JMP 021D4CE1 CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] ntdll.dll!NtWriteFile                                               7C90DF60 5 Bytes JMP 018DACB0 CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] ntdll.dll!NtWriteFileGather                                         7C90DF70 5 Bytes JMP 021D4C90 CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] ntdll.dll!LdrLoadDll                                                7C9163A3 5 Bytes JMP 10001F42 CProgram FilesMozilla Firefoxmozglue.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] kernel32.dll!lstrlenW + 43                                          7C809ADC 7 Bytes JMP 02141D0E CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] kernel32.dll!MapViewOfFileEx + 6A                                   7C80B990 7 Bytes JMP 02141CEB CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] kernel32.dll!ValidateLocale + B1E8                                  7C8449F8 7 Bytes JMP 018D6A9C CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] GDI32.dll!SetDIBitsToDevice + 209                                   77F19E04 7 Bytes JMP 02141C6C CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] USER32.dll!GetWindowInfo                                            7E42C49C 5 Bytes JMP 020478E5 CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)

---- Devices - GMER 2.1 ----

Device          FileSystemNtfs Ntfs                                                                                                 8AA491E8
Device          FileSystemFastfat FatCdrom                                                                                          88158790
Device          Driverusbuhci DeviceUSBPDO-0                                                                                       887A81E8
Device          Driverdmio DeviceDmControlDmIoDaemon                                                                              8AA4C1E8
Device          Driverdmio DeviceDmControlDmConfig                                                                                8AA4C1E8
Device          Driverdmio DeviceDmControlDmPnP                                                                                   8AA4C1E8
Device          Driverdmio DeviceDmControlDmInfo                                                                                  8AA4C1E8
Device          Driverusbuhci DeviceUSBPDO-1                                                                                       887A81E8
Device          Driverusbuhci DeviceUSBPDO-2                                                                                       887A81E8
Device          Driverusbehci DeviceUSBPDO-3                                                                                       887A11E8
Device          Driverusbuhci DeviceUSBPDO-4                                                                                       887A81E8

AttachedDevice DriverTcpip DeviceTcp                                                                                              epfwtdir.sys (ESET Antivirus Network RedirectorESET)

Device          Driverusbuhci DeviceUSBPDO-5                                                                                       887A81E8
Device          Driverusbuhci DeviceUSBPDO-6                                                                                       887A81E8
Device          DriverFtdisk DeviceHarddiskVolume1                                                                                 8A9DB1E8

AttachedDevice DriverFtdisk DeviceHarddiskVolume1                                                                                 snapman.sys (Acronis Snapshot APIAcronis)

Device          Driverusbehci DeviceUSBPDO-7                                                                                       887A11E8
Device          DriverFtdisk DeviceHarddiskVolume2                                                                                 8A9DB1E8

AttachedDevice DriverFtdisk DeviceHarddiskVolume2                                                                                 snapman.sys (Acronis Snapshot APIAcronis)

Device          DriverCdrom DeviceCdRom0                                                                                           88743790
Device          DriverCdrom DeviceCdRom0                                                                                           885B4010
Device          DriveriaStor DeviceIdeiaStor0                                                                                     8AA4B1E8
Device          DriveriaStor DeviceIdeiaStor0                                                                                     885B5300
Device          DriveriaStor DeviceIdeIAAStorageDevice-0                                                                          8AA4B1E8
Device          DriveriaStor DeviceIdeIAAStorageDevice-0                                                                          885B5300
Device          DriveriaStor DeviceIdeIAAStorageDevice-1                                                                          8AA4B1E8
Device          DriveriaStor DeviceIdeIAAStorageDevice-1                                                                          885B5300
Device          DriverFtdisk DeviceHarddiskVolume3                                                                                 8A9DB1E8

AttachedDevice DriverFtdisk DeviceHarddiskVolume3                                                                                 snapman.sys (Acronis Snapshot APIAcronis)

Device          DriverCdrom DeviceCdRom1                                                                                           88743790
Device          DriverCdrom DeviceCdRom1                                                                                           885B4010
Device          DriverFtdisk DeviceHarddiskVolume4                                                                                 8A9DB1E8

AttachedDevice DriverFtdisk DeviceHarddiskVolume4                                                                                 snapman.sys (Acronis Snapshot APIAcronis)

Device          DriverFtdisk DeviceHarddiskVolume5                                                                                 8A9DB1E8

AttachedDevice DriverFtdisk DeviceHarddiskVolume5                                                                                 snapman.sys (Acronis Snapshot APIAcronis)

Device          DriverFtdisk DeviceHarddiskVolume6                                                                                 8A9DB1E8

AttachedDevice DriverFtdisk DeviceHarddiskVolume6                                                                                 snapman.sys (Acronis Snapshot APIAcronis)

Device          DriverFtdisk DeviceHarddiskVolume7                                                                                 8A9DB1E8

AttachedDevice DriverFtdisk DeviceHarddiskVolume7                                                                                 snapman.sys (Acronis Snapshot APIAcronis)

Device          DriverNetBT DeviceNetBt_Wins_Export                                                                                881881E8
Device          DriverFtdisk DeviceHarddiskVolume8                                                                                 8A9DB1E8

AttachedDevice DriverFtdisk DeviceHarddiskVolume8                                                                                 snapman.sys (Acronis Snapshot APIAcronis)

Device          DriverNetBT DeviceNetbiosSmb                                                                                       881881E8
Device          DriverPCI_NTPNP3650 Device0000005a                                                                                 sptd.sys
Device          Driverusbuhci DeviceUSBFDO-0                                                                                       887A81E8
Device          Driverusbuhci DeviceUSBFDO-1                                                                                       887A81E8
Device          FileSystemMRxSmb DeviceLanmanDatagramReceiver                                                                      88185790
Device          Driverusbuhci DeviceUSBFDO-2                                                                                       887A81E8
Device          FileSystemMRxSmb DeviceLanmanRedirector                                                                            88185790
Device          Driverusbehci DeviceUSBFDO-3                                                                                       887A11E8
Device          Driverusbuhci DeviceUSBFDO-4                                                                                       887A81E8
Device          DriverFtdisk DeviceFtControl                                                                                       8A9DB1E8
Device          Driverusbuhci DeviceUSBFDO-5                                                                                       887A81E8
Device          Driverusbuhci DeviceUSBFDO-6                                                                                       887A81E8
Device          Driverusbehci DeviceUSBFDO-7                                                                                       887A11E8
Device          Drivermv61xx DeviceScsimv61xx1Port1Path0Target14Lun0                                                              8A9D91E8
Device          Drivera3nqo9b8 DeviceScsia3nqo9b81Port2Path0Target0Lun0                                                           88742790
Device          Drivera3nqo9b8 DeviceScsia3nqo9b81Port2Path0Target0Lun0                                                           885B6510
Device          Drivermv61xx DeviceScsimv61xx1Port1Path0Target0Lun0                                                               8A9D91E8
Device          Drivera3nqo9b8 DeviceScsia3nqo9b81                                                                                88742790
Device          Drivera3nqo9b8 DeviceScsia3nqo9b81                                                                                885B6510
Device          Drivermv61xx DeviceScsimv61xx1                                                                                    8A9D91E8
Device          Driveraxsaki DeviceScsiaxsaki1                                                                                    886E31E8
Device          FileSystemFastfat Fat                                                                                               88158790

AttachedDevice FileSystemFastfat Fat                                                                                               fltMgr.sys (Microsoft Filesystem Filter ManagerMicrosoft Corporation)

Device          FileSystemCdfs Cdfs                                                                                                 8815F790

---- Trace IO - GMER 2.1 ----

Trace           ntkrnlpa.exe CLASSPNP.SYS disk.sys UNKNOWN [0x8a9d91e8]                                                            8a9d91e8
Trace           1 nt!IofCallDriver - DeviceHarddisk1DR1[0x889f7030]                                                                889f7030
Trace           3 CLASSPNP.SYS[b8108fd7] - nt!IofCallDriver - DeviceScsimv61xx1Port1Path0Target0Lun0[0x892fd390]                  892fd390
Trace           Drivermv61xx[0x8a8c7730] - IRP_MJ_CREATE - 0x8a9d91e8                                                              8a9d91e8

---- Registry - GMER 2.1 ----

Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0                                        CProgram FilesDAEMON Tools
Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0                                        0
Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh                                     0x10 0xFE 0x30 0xD5 ...
Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001 (not active ControlSet)
Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@a0                               0x20 0x01 0x00 0x00 ...
Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@khjeh                            0xFD 0x0E 0x3E 0x64 ...
Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40 (not active ControlSet)
Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40@khjeh                      0x4B 0x0F 0x3E 0x9E ...
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg@s1                                                                     771343423
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg@s2                                                                     285507792
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg@h0                                                                     1
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0                                    CProgram FilesDAEMON Tools
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0                                    0
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh                                 0x10 0xFE 0x30 0xD5 ...
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA400000001
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@a0                           0x20 0x01 0x00 0x00 ...
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@khjeh                        0xFD 0x0E 0x3E 0x64 ...
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40@khjeh                  0x4B 0x0F 0x3E 0x9E ...
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0                                        CProgram FilesDAEMON Tools
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0                                        0
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh                                     0x10 0xFE 0x30 0xD5 ...
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001 (not active ControlSet)
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@a0                               0x20 0x01 0x00 0x00 ...
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@khjeh                            0xFD 0x0E 0x3E 0x64 ...
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40 (not active ControlSet)
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40@khjeh                      0x4B 0x0F 0x3E 0x9E ...

---- EOF - GMER 2.1 ----

Windows 5.1.2600 Service Pack 3 DeviceHarddisk1DR1 - DeviceScsimv61xx1Port1Path0Target0Lun0 ATA_____ rev.HPG7 232.89GB
Running d3v1cegw.exe; Driver CDOCUME~1ADMINI~1LOCALS~1Temppgddypow.sys

---- System - GMER 2.1 ----

SSDT            Lbd.sys (Boot DriverLavasoft AB)                                                                                      ZwCreateKey [0xB811887E]
SSDT            CProgram FilesEnigma Software GroupSpyHunteresgiguard.sys                                                     ZwCreateSection [0xA805F7EE]
SSDT            sptd.sys                                                                                                               ZwEnumerateKey [0xB7EC3FB2]
SSDT            sptd.sys                                                                                                               ZwEnumerateValueKey [0xB7EC4340]
SSDT            sptd.sys                                                                                                               ZwOpenKey [0xB7EBE0B0]
SSDT            CWINDOWSsystem32driversmbamchameleon.sys (Malwarebytes Chameleon Protection DriverMalwarebytes Corporation) ZwOpenProcess [0xB0B46ABA]
SSDT            CWINDOWSsystem32driversmbamchameleon.sys (Malwarebytes Chameleon Protection DriverMalwarebytes Corporation) ZwOpenThread [0xB0B46C2E]
SSDT            sptd.sys                                                                                                               ZwQueryKey [0xB7EC4418]
SSDT            sptd.sys                                                                                                               ZwQueryValueKey [0xB7EC4298]
SSDT            Lbd.sys (Boot DriverLavasoft AB)                                                                                      ZwSetValueKey [0xB8118BFE]
SSDT            CProgram FilesSUPERAntiSpywareSASKUTIL.SYS (SASKUTIL.SYSSUPERAdBlocker.com and SUPERAntiSpyware.com)          ZwTerminateProcess [0xAE6D7640]

Code            CWINDOWSsystem32driversmbamchameleon.sys (Malwarebytes Chameleon Protection DriverMalwarebytes Corporation) KeInsertQueueApc

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeInsertQueueApc                                                                                          804FC47A 5 Bytes JMP B0B47CA6 CWINDOWSsystem32driversmbamchameleon.sys (Malwarebytes Chameleon Protection DriverMalwarebytes Corporation)
               CWINDOWSsystem32driverssptd.sys                                                                                   The process cannot access the file because it is being used by another process.
.text           CWINDOWSsystem32DRIVERSnv4_mini.sys                                                                               section is writeable [0xB50193C0, 0x9B091A, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                  B4F9D8AC 5 Bytes JMP 887AA1C8
               System32Driversa3nqo9b8.SYS                                                                                          The system cannot find the path specified. !
               CDOCUME~1SomeNewUserLOCALS~1Temppgddypob.sys                                                                          The system cannot find the path specified. !

---- User code sections - GMER 2.1 ----

.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] ntdll.dll!NtCreateFile                                              7C90D090 5 Bytes JMP 018DA210 CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] ntdll.dll!NtFlushBuffersFile                                        7C90D310 5 Bytes JMP 018BEB90 CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] ntdll.dll!NtQueryFullAttributesFile                                 7C90D790 5 Bytes JMP 018D9C70 CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] ntdll.dll!NtReadFile                                                7C90D9B0 5 Bytes JMP 018BEC80 CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] ntdll.dll!NtReadFileScatter                                         7C90D9C0 5 Bytes JMP 021D4CE1 CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] ntdll.dll!NtWriteFile                                               7C90DF60 5 Bytes JMP 018DACB0 CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] ntdll.dll!NtWriteFileGather                                         7C90DF70 5 Bytes JMP 021D4C90 CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] ntdll.dll!LdrLoadDll                                                7C9163A3 5 Bytes JMP 10001F42 CProgram FilesMozilla Firefoxmozglue.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] kernel32.dll!lstrlenW + 43                                          7C809ADC 7 Bytes JMP 02141D0E CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] kernel32.dll!MapViewOfFileEx + 6A                                   7C80B990 7 Bytes JMP 02141CEB CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] kernel32.dll!ValidateLocale + B1E8                                  7C8449F8 7 Bytes JMP 018D6A9C CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] GDI32.dll!SetDIBitsToDevice + 209                                   77F19E04 7 Bytes JMP 02141C6C CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)
.text           CProgram FilesMozilla Firefoxfirefox.exe[1340] USER32.dll!GetWindowInfo                                            7E42C49C 5 Bytes JMP 020478E5 CProgram FilesMozilla Firefoxxul.dll (Mozilla Foundation)

---- Devices - GMER 2.1 ----

Device          FileSystemNtfs Ntfs                                                                                                 8AA491E8
Device          FileSystemFastfat FatCdrom                                                                                          88158790
Device          Driverusbuhci DeviceUSBPDO-0                                                                                       887A81E8
Device          Driverdmio DeviceDmControlDmIoDaemon                                                                              8AA4C1E8
Device          Driverdmio DeviceDmControlDmConfig                                                                                8AA4C1E8
Device          Driverdmio DeviceDmControlDmPnP                                                                                   8AA4C1E8
Device          Driverdmio DeviceDmControlDmInfo                                                                                  8AA4C1E8
Device          Driverusbuhci DeviceUSBPDO-1                                                                                       887A81E8
Device          Driverusbuhci DeviceUSBPDO-2                                                                                       887A81E8
Device          Driverusbehci DeviceUSBPDO-3                                                                                       887A11E8
Device          Driverusbuhci DeviceUSBPDO-4                                                                                       887A81E8

AttachedDevice DriverTcpip DeviceTcp                                                                                              epfwtdir.sys (ESET Antivirus Network RedirectorESET)

Device          Driverusbuhci DeviceUSBPDO-5                                                                                       887A81E8
Device          Driverusbuhci DeviceUSBPDO-6                                                                                       887A81E8
Device          DriverFtdisk DeviceHarddiskVolume1                                                                                 8A9DB1E8

AttachedDevice DriverFtdisk DeviceHarddiskVolume1                                                                                 snapman.sys (Acronis Snapshot APIAcronis)

Device          Driverusbehci DeviceUSBPDO-7                                                                                       887A11E8
Device          DriverFtdisk DeviceHarddiskVolume2                                                                                 8A9DB1E8

AttachedDevice DriverFtdisk DeviceHarddiskVolume2                                                                                 snapman.sys (Acronis Snapshot APIAcronis)

Device          DriverCdrom DeviceCdRom0                                                                                           88743790
Device          DriverCdrom DeviceCdRom0                                                                                           885B4010
Device          DriveriaStor DeviceIdeiaStor0                                                                                     8AA4B1E8
Device          DriveriaStor DeviceIdeiaStor0                                                                                     885B5300
Device          DriveriaStor DeviceIdeIAAStorageDevice-0                                                                          8AA4B1E8
Device          DriveriaStor DeviceIdeIAAStorageDevice-0                                                                          885B5300
Device          DriveriaStor DeviceIdeIAAStorageDevice-1                                                                          8AA4B1E8
Device          DriveriaStor DeviceIdeIAAStorageDevice-1                                                                          885B5300
Device          DriverFtdisk DeviceHarddiskVolume3                                                                                 8A9DB1E8

AttachedDevice DriverFtdisk DeviceHarddiskVolume3                                                                                 snapman.sys (Acronis Snapshot APIAcronis)

Device          DriverCdrom DeviceCdRom1                                                                                           88743790
Device          DriverCdrom DeviceCdRom1                                                                                           885B4010
Device          DriverFtdisk DeviceHarddiskVolume4                                                                                 8A9DB1E8

AttachedDevice DriverFtdisk DeviceHarddiskVolume4                                                                                 snapman.sys (Acronis Snapshot APIAcronis)

Device          DriverFtdisk DeviceHarddiskVolume5                                                                                 8A9DB1E8

AttachedDevice DriverFtdisk DeviceHarddiskVolume5                                                                                 snapman.sys (Acronis Snapshot APIAcronis)

Device          DriverFtdisk DeviceHarddiskVolume6                                                                                 8A9DB1E8

AttachedDevice DriverFtdisk DeviceHarddiskVolume6                                                                                 snapman.sys (Acronis Snapshot APIAcronis)

Device          DriverFtdisk DeviceHarddiskVolume7                                                                                 8A9DB1E8

AttachedDevice DriverFtdisk DeviceHarddiskVolume7                                                                                 snapman.sys (Acronis Snapshot APIAcronis)

Device          DriverNetBT DeviceNetBt_Wins_Export                                                                                881881E8
Device          DriverFtdisk DeviceHarddiskVolume8                                                                                 8A9DB1E8

AttachedDevice DriverFtdisk DeviceHarddiskVolume8                                                                                 snapman.sys (Acronis Snapshot APIAcronis)

Device          DriverNetBT DeviceNetbiosSmb                                                                                       881881E8
Device          DriverPCI_NTPNP3650 Device0000005a                                                                                 sptd.sys
Device          Driverusbuhci DeviceUSBFDO-0                                                                                       887A81E8
Device          Driverusbuhci DeviceUSBFDO-1                                                                                       887A81E8
Device          FileSystemMRxSmb DeviceLanmanDatagramReceiver                                                                      88185790
Device          Driverusbuhci DeviceUSBFDO-2                                                                                       887A81E8
Device          FileSystemMRxSmb DeviceLanmanRedirector                                                                            88185790
Device          Driverusbehci DeviceUSBFDO-3                                                                                       887A11E8
Device          Driverusbuhci DeviceUSBFDO-4                                                                                       887A81E8
Device          DriverFtdisk DeviceFtControl                                                                                       8A9DB1E8
Device          Driverusbuhci DeviceUSBFDO-5                                                                                       887A81E8
Device          Driverusbuhci DeviceUSBFDO-6                                                                                       887A81E8
Device          Driverusbehci DeviceUSBFDO-7                                                                                       887A11E8
Device          Drivermv61xx DeviceScsimv61xx1Port1Path0Target14Lun0                                                              8A9D91E8
Device          Drivera3nqo9b8 DeviceScsia3nqo9b81Port2Path0Target0Lun0                                                           88742790
Device          Drivera3nqo9b8 DeviceScsia3nqo9b81Port2Path0Target0Lun0                                                           885B6510
Device          Drivermv61xx DeviceScsimv61xx1Port1Path0Target0Lun0                                                               8A9D91E8
Device          Drivera3nqo9b8 DeviceScsia3nqo9b81                                                                                88742790
Device          Drivera3nqo9b8 DeviceScsia3nqo9b81                                                                                885B6510
Device          Drivermv61xx DeviceScsimv61xx1                                                                                    8A9D91E8
Device          Driveraxsaki DeviceScsiaxsaki1                                                                                    886E31E8
Device          FileSystemFastfat Fat                                                                                               88158790

AttachedDevice FileSystemFastfat Fat                                                                                               fltMgr.sys (Microsoft Filesystem Filter ManagerMicrosoft Corporation)

Device          FileSystemCdfs Cdfs                                                                                                 8815F790

---- Trace IO - GMER 2.1 ----

Trace           ntkrnlpa.exe CLASSPNP.SYS disk.sys UNKNOWN [0x8a9d91e8]                                                            8a9d91e8
Trace           1 nt!IofCallDriver - DeviceHarddisk1DR1[0x889f7030]                                                                889f7030
Trace           3 CLASSPNP.SYS[b8108fd7] - nt!IofCallDriver - DeviceScsimv61xx1Port1Path0Target0Lun0[0x892fd390]                  892fd390
Trace           Drivermv61xx[0x8a8c7730] - IRP_MJ_CREATE - 0x8a9d91e8                                                              8a9d91e8

---- Registry - GMER 2.1 ----

Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0                                        CProgram FilesDAEMON Tools
Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0                                        0
Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh                                     0x10 0xFE 0x30 0xD5 ...
Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001 (not active ControlSet)
Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@a0                               0x20 0x01 0x00 0x00 ...
Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@khjeh                            0xFD 0x0E 0x3E 0x64 ...
Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40 (not active ControlSet)
Reg             HKLMSYSTEMControlSet001ServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40@khjeh                      0x4B 0x0F 0x3E 0x9E ...
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg@s1                                                                     771343423
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg@s2                                                                     285507792
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg@h0                                                                     1
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0                                    CProgram FilesDAEMON Tools
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0                                    0
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh                                 0x10 0xFE 0x30 0xD5 ...
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA400000001
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@a0                           0x20 0x01 0x00 0x00 ...
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@khjeh                        0xFD 0x0E 0x3E 0x64 ...
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40
Reg             HKLMSYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40@khjeh                  0x4B 0x0F 0x3E 0x9E ...
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4@p0                                        CProgram FilesDAEMON Tools
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4@h0                                        0
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4@khjeh                                     0x10 0xFE 0x30 0xD5 ...
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001 (not active ControlSet)
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@a0                               0x20 0x01 0x00 0x00 ...
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA400000001@khjeh                            0xFD 0x0E 0x3E 0x64 ...
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40 (not active ControlSet)
Reg             HKLMSYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4000000010Jf40@khjeh                      0x4B 0x0F 0x3E 0x9E ...

---- EOF - GMER 2.1 ----

#10
Naathim

Posted 15 October 2014 - 12:11 AM

GeekU Minion

Expert
4,568 posts

While running Gmer, the sptd driver was present, that made the indications unclear.

R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [685816 2013-10-10] () [File not signed]

Please refer to this:

http://www.bleepingc...removal-advice/

Either disable any emulation software for the cleaning process, or uninstall it (along with the driver).

After that please re-run Gmer and post a new logfile.

Tell me (be honest) - what way the infection came?

#11
SomeNewUser

Posted 15 October 2014 - 02:23 AM

Member

Topic Starter
Member
30 posts

Hi,

i just disabled that with DeFogger - last time only close the program - the process might be still running .

The infection must come from web site - i did search for some SN, keygen, cracks and stuff like that soon.
Few days ago i clean some Internet temp files and there were an file updater.exe (its starts by it self when I open the folder - explorer.exe start it by viewing the content of the folder). My NOD 32 Antivirus was out of date (expired serial key) and did not block the *.exe file. After i see the file, its modify something in my system, because an error occurred on the screen and timer in seconds start to count down (i did see that few years ago with slasser infection) for restart of the system. And after restart, there were no more antivirus/anti-malware software on my PC.

There is a new scan log:
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-15 11:03:27
Windows 5.1.2600 Service Pack 3 \Device\Harddisk1\DR1 -> \Device\Scsi\mv61xx1Port1Path0Target0Lun0 ATA_____ rev.HPG7 232.89GB
Running: d3v1cegw.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pgddypow.sys

---- System - GMER 2.1 ----

SSDT            Lbd.sys (Boot Driver/Lavasoft AB)                                                                                      ZwCreateKey [0xB811887E]
SSDT            \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys                                                     ZwCreateSection [0xA9AFE7EE]
SSDT            \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation) ZwOpenProcess [0xB224AABA]
SSDT            \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation) ZwOpenThread [0xB224AC2E]
SSDT            Lbd.sys (Boot Driver/Lavasoft AB)                                                                                      ZwSetValueKey [0xB8118BFE]
SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)          ZwTerminateProcess [0xB064B640]

Code            \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation) KeInsertQueueApc

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeInsertQueueApc                                                                                          804FC47A 5 Bytes JMP B224BCA6 \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation)
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                               section is writeable [0xB67863C0, 0x9B091A, 0xE8000020]

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\Tcpip \Device\Tcp                                                                                              epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1                                                                                 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2                                                                                 snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\Cdrom \Device\CdRom0                                                                                           88784140
Device          \Driver\Cdrom \Device\CdRom0                                                                                           8894A1A0

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3                                                                                 snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                     8867E290
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                          8867E290
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                          8867E290

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4                                                                                 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5                                                                                 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6                                                                                 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7                                                                                 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8                                                                                 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat                                                                                               fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                        C:\Program Files\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                        0
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                     0x10 0xFE 0x30 0xD5 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                               0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                            0xFD 0x0E 0x3E 0x64 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                      0x4B 0x0F 0x3E 0x9E ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                    C:\Program Files\DAEMON Tools\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                    0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                 0x10 0xFE 0x30 0xD5 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                        0xFD 0x0E 0x3E 0x64 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                  0x4B 0x0F 0x3E 0x9E ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                        C:\Program Files\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                        0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                     0x10 0xFE 0x30 0xD5 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                               0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                            0xFD 0x0E 0x3E 0x64 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                      0x4B 0x0F 0x3E 0x9E ...

---- EOF - GMER 2.1 ----

#12
Naathim

Posted 15 October 2014 - 02:44 AM

GeekU Minion

Expert
4,568 posts

From what I have noticed, this machine i quite opened to the web.

Apache
VNC
Teamviewer
Putty
uTorrent
FTP Server

Is it used as some kind of a server?

Please perform also this scan:

Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
click Search For Files.
When finished, click Save List To File.
Remember to run this tool once only, if not asked to run it again.

Please include the content of CKFiles.txt in your next reply.

#13
SomeNewUser

Posted 16 October 2014 - 03:02 AM

Member

Topic Starter
Member
30 posts

Hi, only some of that software are in server mode - most of them are clients.

I work with Linux servers and some time i need an access to some of them remotely from outside.

I'm behind a few Linux servers and use an private IP addresses - so the servers on my PC are not accessible from Internet (only TeamViewer).

Here is the log file:
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\documents and settings\somenewuser\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
c:\documents and settings\somenewuser\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#www.crackle.com\settings.sol
c:\documents and settings\somenewuser\application data\utorrent\g.t.a.iv.crack-razor1911.torrent
c:\documents and settings\somenewuser\my documents\downloads\g.t.a.iv.crack-razor1911\razor1911.nfo
c:\documents and settings\somenewuser\my documents\downloads\g.t.a.iv.crack-razor1911\rzr-gta4-crack.rar
c:\documents and settings\somenewuser\my documents\downloads\g.t.a.iv.crack-razor1911\rzr-gta4-crack.sfv
c:\documents and settings\somenewuser\my documents\downloads\g.t.a.iv.crack-razor1911\rzr-gta4-crack\1911.dll
c:\documents and settings\somenewuser\my documents\downloads\g.t.a.iv.crack-razor1911\rzr-gta4-crack\gtaiv.exe
c:\documents and settings\somenewuser\my documents\downloads\g.t.a.iv.crack-razor1911\rzr-gta4-crack\launchgtaiv.exe
c:\documents and settings\somenewuser\my documents\downloads\old downloads\[isohunt] mikrotik3.30 crack.torrent
c:\installs\getright v5.2 final + crack\getrt520.exe
c:\installs\getright v5.2 final + crack\crack\getright v5.2 key.reg
c:\installs\getright v5.2 final + crack\crack\hosts
c:\installs\getright v5.2 final + crack\crack\read this first!!! getright registration crack tutorial.txt
c:\installs\getright v5.2 final + crack\crack\unblacklist.reg
c:\installs\icq 2003b pro\icqpro2003_crack.exe
c:\installs\icq 2003b pro\icqpro2003b_build3916+crack\icqpro2003b.exe
c:\installs\icq 2003b pro\icqpro2003b_build3916+crack\crack\en_readme_or_i_will_kill_you.txt
c:\installs\icq 2003b pro\icqpro2003b_build3916+crack\crack\full_patch_for_icq_pro_2003b_build_3916_by_ven000m.exe
c:\installs\icq 2003b pro\icqpro2003b_build3916+crack\crack\patch.reg
c:\installs\socrates personal 4.1\keygen\socratpersonalkeygen.exe
c:\installs\teleport pro 1.29.1889 + keygen\lockless.txt
c:\installs\teleport pro 1.29.1889 + keygen\pro12.exe
c:\installs\teleport pro 1.29.1889 + keygen\sn.txt
c:\installs\teleport pro 1.29.1889 + keygen\teleport pro crack.exe
scanner sequence 3.ZZ.11.HWNAHZ
----- EOF -----

#14
Naathim

Posted 16 October 2014 - 03:08 AM

GeekU Minion

Expert
4,568 posts

Hi.

The CKScanner logfile just provided indicates that you are using pirated (ilegally obtained) software. I'm sorry, but here at GeeksToGo we don't provide help for that. It is very probable that your infection came exactly through the cracks (this type of infection is often seen to be spread this way).

From our Terms of use:

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.

However, I will give you the opportunity to remove ALL instances of illegitimate software in order to continue with my assistance. Let me know what you have decided.

#15
SomeNewUser

Posted 16 October 2014 - 01:23 PM

Member

Topic Starter
Member
30 posts

Most of these software are only stored on the HDD, they are not installed (except getright and socrates).

If you mean the last list:

g.t.a.iv.crack-razor1911.torrent - it is an old file - i have no time to play games anymore

getright v5.2 - that is the only software i use by now, but it is not important for me - i can remove it, if it is that much of a problem.

icq 2003b pro - i use Skype now - and ICQ 2003 is an very old version!

socrates personal 4.1 - same as getright, and it is too old again.
teleport pro 1.29.1889 - did not use that for a long time - its a site downloader,

I don't think that the infection comes from that particular software, because i did use that exact software 5-6 years ago (with Xp again) and have no such problems.

I fight a lot of viruses and all kind of stuff in years back, with my kind of job (i work like system/network administrator), but did not meet something strong like this one - that's why i search for help here.

But if you can't or don't want to help me - tell me to stop losing my time.

Thanks for your time.