Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Exploit Virus [Closed]

Started by SavageRgh1234 , Dec 07 2014 03:37 AM

  • This topic is locked This topic is locked

#1
SavageRgh1234
Posted 07 December 2014 - 03:37 AM

SavageRgh1234

    New Member

  • Member
  • Pip
  • 2 posts
Hello today i was infected by an exploit virus don't know about an exploit by here's how it happened i was on team viewer with my friend and i got an pop up saying i have an trojan on my computer, and then some random guy joined my team viewer and stared controlling my computer, and then he booted my computer into safe mode and after getting out of that safe mode [bleep] i booted back into window's, and then he said he hacked my port's and i was infected by him and he will keep me safe from other viruses, so i really don't know what happened, hope fully i get this [bleep] off my computer or someone can help me remove it.

 OTL logfile created on: 12/7/2014 3:03:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\apksa_000\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17416)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.88 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 55.65% Memory free
9.13 Gb Paging File | 5.14 Gb Available in Paging File | 56.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.54 Gb Total Space | 765.39 Gb Free Space | 83.42% Space Free | Partition Type: NTFS
Drive E: | 3.81 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 3.73 Gb Total Space | 0.02 Gb Free Space | 0.43% Space Free | Partition Type: FAT32
Drive G: | 496.00 Mb Total Space | 446.01 Mb Free Space | 89.92% Space Free | Partition Type: FAT32
Drive X: | 450.00 Mb Total Space | 148.38 Mb Free Space | 32.97% Space Free | Partition Type: NTFS
Drive Y: | 12.40 Gb Total Space | 0.71 Gb Free Space | 5.71% Space Free | Partition Type: NTFS

Computer Name: JADIN | User Name: apksa_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/12/07 03:00:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\apksa_000\Downloads\OTL.exe
PRC - [2014/11/28 11:22:44 | 005,419,792 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2014/11/25 13:50:36 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
PRC - [2014/11/21 16:09:00 | 000,455,168 | ---- | M] (Skillbrains) -- C:\Users\apksa_000\AppData\Local\Skillbrains\lightshot\5.1.4.41\Lightshot.exe
PRC - [2014/11/20 18:44:38 | 000,438,464 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2014/11/20 18:44:26 | 000,359,104 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2014/11/20 17:47:06 | 000,087,744 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2014/11/12 23:13:08 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/10 17:55:23 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/10/01 14:40:28 | 001,349,576 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2014/10/01 11:36:24 | 022,066,272 | R--- | M] (Skype Technologies S.A.) -- C:\Users\apksa_000\Desktop\Skype.exe
PRC - [2014/10/01 10:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/09/12 03:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/30 17:48:46 | 000,234,520 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe
PRC - [2014/08/30 17:47:54 | 000,193,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avpui.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/05/08 07:49:02 | 003,499,896 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2014/05/01 09:47:28 | 004,163,552 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
PRC - [2014/04/04 14:39:50 | 000,493,072 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
PRC - [2014/04/04 14:38:46 | 001,915,920 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2013/12/10 23:27:58 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/12/10 23:27:54 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2013/08/30 23:18:18 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/01/23 12:29:48 | 000,150,264 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
PRC - [2013/01/23 12:29:47 | 000,772,712 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
PRC - [2012/12/03 00:18:30 | 000,111,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/11/29 13:56:26 | 001,436,160 | ---- | M] (Wyse Technology.) -- C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
PRC - [2012/10/23 16:43:52 | 000,102,928 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2010/04/14 13:56:01 | 000,598,696 | ---- | M] ( ) -- C:\Windows\SysWOW64\lxebcoms.exe


========== Modules (No Company Name) ==========

MOD - [2014/11/25 13:50:33 | 016,841,392 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
MOD - [2014/11/20 05:48:33 | 000,587,048 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected]\npvkplugin.dll
MOD - [2014/11/20 05:48:30 | 000,459,048 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected]\npcontentblocker.dll
MOD - [2014/11/10 17:55:21 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/11/09 07:55:04 | 002,964,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a027a5ca6358908b97b5085fb0464a36\System.IdentityModel.ni.dll
MOD - [2014/11/09 07:54:57 | 001,070,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\9c83f0e7098f709abd115e29c73e601e\System.ServiceModel.Web.ni.dll
MOD - [2014/11/08 07:32:37 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1c09d6db83322a23a1744d75c4836f85\SMDiagnostics.ni.dll
MOD - [2014/11/08 07:32:36 | 000,786,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\7159bb28e23de8ed898a2acb1dbfef6c\System.ServiceModel.Internals.ni.dll
MOD - [2014/11/08 07:31:29 | 007,785,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\43edd630a9f8cd6ac38c527b106ec94f\System.Xml.ni.dll
MOD - [2014/11/08 07:31:29 | 000,392,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\9b0c1539963f393f6641949a67757b8f\System.Xml.Linq.ni.dll
MOD - [2014/11/08 07:31:17 | 001,874,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\6281ab590224520bad7c4f5b3ef37575\System.Xaml.ni.dll
MOD - [2014/11/08 07:31:14 | 012,856,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\70c6bf4a51d18b4a9a1805cd48d1caad\System.Windows.Forms.ni.dll
MOD - [2014/11/08 07:30:53 | 019,567,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\055a9f703a30ece9cce1f6a130a296b5\System.ServiceModel.ni.dll
MOD - [2014/11/08 07:30:21 | 002,803,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ab763e7f2c7532e9fe8f587995105156\System.Runtime.Serialization.ni.dll
MOD - [2014/11/08 07:30:15 | 000,522,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Net.Http\f13998cc28c6bb3c3138398e19c0d631\System.Net.Http.ni.dll
MOD - [2014/11/08 07:30:14 | 001,169,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\8843bc51abc35b8247ffb506ef61d954\System.Management.ni.dll
MOD - [2014/11/08 07:30:12 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8efdc7a3726640f79d9333da88accaf8\System.Drawing.ni.dll
MOD - [2014/11/08 07:29:58 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\00fc7d14bbb38db00e4103912c041adf\System.Configuration.ni.dll
MOD - [2014/11/08 07:29:56 | 000,463,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\eb62bc6e97d1d2aafbf3a101d7f029e1\PresentationFramework.Aero2.ni.dll
MOD - [2014/11/08 07:29:55 | 018,744,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\377e9afc870e7d53922fbcfd6023b2f7\PresentationFramework.ni.dll
MOD - [2014/11/08 07:29:26 | 011,027,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1799dc618cfa61adb75b82311884c3d\PresentationCore.ni.dll
MOD - [2014/11/08 07:29:08 | 003,957,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\b8e2e79f70d09551560548cda72e2c51\WindowsBase.ni.dll
MOD - [2014/11/08 07:28:59 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\483443985708dc5439abe7fd6350abe4\System.Core.ni.dll
MOD - [2014/11/08 07:28:47 | 010,030,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1c5fe4cb68f67046baec4c3a854f722f\System.ni.dll
MOD - [2014/10/03 17:36:28 | 016,810,624 | ---- | M] () -- C:\Windows\SysWOW64\igd11dxva32.dll
MOD - [2014/09/24 01:24:28 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2013/12/17 16:47:06 | 001,904,928 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
MOD - [2013/01/23 12:29:48 | 000,150,264 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
MOD - [2013/01/23 12:29:47 | 000,772,712 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
MOD - [2012/11/26 01:20:38 | 000,117,608 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
MOD - [2012/11/26 01:20:28 | 001,153,384 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
MOD - [2012/06/08 13:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 21:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2010/04/05 04:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epoemdll.dll
MOD - [2010/04/05 04:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll
MOD - [2010/04/05 04:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizres.dll
MOD - [2010/04/05 04:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizard.dll
MOD - [2010/04/05 04:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll
MOD - [2010/04/05 04:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epfunct.dll
MOD - [2010/04/05 04:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\eputil.dll
MOD - [2010/04/05 04:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\imagutil.dll
MOD - [2010/04/01 11:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdrs.dll
MOD - [2010/04/01 11:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
MOD - [2009/05/27 06:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
MOD - [2009/04/07 13:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll
MOD - [2009/03/09 23:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
MOD - [2009/03/02 08:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll
MOD - [2009/02/20 07:48:44 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\lxebsmr.dll
MOD - [2009/02/20 07:48:04 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\lxebsm.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SoftEther VPN Server\vpnserver_x64.exe /service -- (SEVPNSERVER)
SRV:64bit: - [2014/10/30 22:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/30 01:24:10 | 002,443,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/10/29 13:52:40 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2014/10/14 13:33:28 | 000,174,600 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2014/10/06 19:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/10/03 17:36:52 | 000,329,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:64bit: - [2014/10/01 14:40:28 | 001,349,576 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2014/09/24 02:16:43 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/09/24 01:50:29 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/09/24 01:50:27 | 000,834,560 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/09/24 01:33:15 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/09/24 01:24:03 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/09/24 01:24:02 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/09/24 01:23:54 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/09/24 01:23:52 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/09/24 01:23:51 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/09/24 01:23:47 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/09/21 21:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/21 21:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/15 21:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/15 18:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/15 18:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/08/30 23:18:16 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/08/27 13:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/08/27 13:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2013/08/22 05:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 05:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 05:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 05:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 05:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 04:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 04:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 03:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 03:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 03:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 03:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 03:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 03:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 03:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 03:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/05/18 04:53:30 | 000,245,832 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2010/04/14 18:56:14 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV:64bit: - [2009/11/18 08:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/11/28 11:22:44 | 005,419,792 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2014/11/25 13:50:37 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/20 18:44:38 | 000,438,464 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2014/11/20 18:44:26 | 000,359,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2014/11/20 18:20:10 | 012,730,560 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2014/11/20 17:47:06 | 000,087,744 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2014/11/18 08:04:04 | 000,912,576 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2014/11/10 17:55:22 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/10/03 17:36:56 | 000,279,952 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/09/24 02:16:42 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/09/12 03:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/30 17:48:46 | 000,234,520 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe -- (AVP15.0.1)
SRV - [2014/08/15 21:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/04 14:38:46 | 001,915,920 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2014/04/03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/12/10 23:27:58 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/12/10 23:27:54 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/12/02 09:58:48 | 002,151,232 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/08/21 21:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 20:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/06/21 19:46:38 | 000,016,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe -- (WysePocketCloud)
SRV - [2013/03/02 05:57:18 | 000,081,536 | ---- | M] (Atheros) [Auto | Stopped] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2013/02/28 21:15:52 | 000,227,968 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013/02/28 19:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/11/29 13:56:26 | 001,436,160 | ---- | M] (Wyse Technology.) [Auto | Running] -- C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe -- (WyseRemoteAccess)
SRV - [2010/04/14 18:56:14 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/12/06 23:53:10 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/12/06 23:39:46 | 000,043,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2014/11/23 01:32:35 | 000,022,240 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pxwfp.sys -- (pxwfp)
DRV:64bit: - [2014/11/23 01:30:34 | 000,038,240 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\see.sys -- (SEE)
DRV:64bit: - [2014/11/20 18:44:38 | 000,066,752 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2014/11/20 18:44:38 | 000,026,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2014/11/20 18:44:20 | 000,048,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2014/11/20 18:44:20 | 000,028,864 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2014/11/20 05:49:38 | 000,077,512 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klwtp.sys -- (Klwtp)
DRV:64bit: - [2014/11/20 05:49:33 | 000,068,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klwfp.sys -- (klwfp)
DRV:64bit: - [2014/11/20 05:49:25 | 000,799,944 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2014/11/20 05:49:21 | 000,150,536 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2014/11/18 08:04:10 | 000,055,488 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2014/11/18 08:04:00 | 000,058,048 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2014/11/17 17:38:42 | 000,076,480 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2014/11/17 17:38:40 | 000,085,584 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2014/10/14 13:33:28 | 000,185,352 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2014/10/11 13:27:46 | 000,142,528 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2014/10/09 19:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/10/03 17:36:38 | 004,753,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/09/24 02:46:53 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/09/24 01:50:37 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/09/24 01:50:30 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/09/24 01:50:28 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/09/24 01:33:00 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/09/24 01:32:54 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/09/24 01:32:54 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/09/24 01:23:53 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/09/24 01:23:48 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/09/24 01:23:32 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/09/24 01:23:31 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/09/24 01:23:31 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2014/09/24 01:23:31 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/09/24 01:23:31 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/09/24 01:23:31 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/09/24 01:23:31 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/09/24 01:23:30 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/09/24 01:23:30 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/09/24 01:23:30 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/09/24 00:53:09 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/09/21 21:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/21 21:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/21 20:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/09/18 19:58:48 | 000,038,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2014/09/18 19:58:48 | 000,027,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2014/09/18 12:38:22 | 000,158,968 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2014/08/18 10:28:32 | 000,243,440 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2014/08/18 10:28:32 | 000,241,368 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\edevmon.sys -- (edevmon)
DRV:64bit: - [2014/08/18 10:28:32 | 000,169,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2014/08/14 19:58:07 | 000,028,768 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Neo_VPN.sys -- (Neo_VPN)
DRV:64bit: - [2014/08/14 18:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/08/14 05:51:23 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2014/08/12 18:32:58 | 000,247,480 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk)
DRV:64bit: - [2014/08/08 10:31:10 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ptun0901.sys -- (ptun0901)
DRV:64bit: - [2014/07/30 22:17:26 | 000,013,344 | ---- | M] (Rsupport Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vrvd5.sys -- (vrvd5)
DRV:64bit: - [2014/07/09 16:23:54 | 000,179,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2014/07/02 16:10:42 | 000,046,144 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kldisk.sys -- (kldisk)
DRV:64bit: - [2014/03/31 11:47:10 | 000,468,576 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2014/03/28 17:51:02 | 000,028,768 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2014/02/25 13:09:02 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2013/12/10 23:27:54 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/12/06 07:37:50 | 000,035,232 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2013/11/26 19:53:58 | 000,052,128 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv.sys -- (ManyCam)
DRV:64bit: - [2013/09/18 17:09:40 | 000,452,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/08/29 09:13:36 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/08/22 07:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 07:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 06:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 06:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 06:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 06:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 06:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 06:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 06:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 06:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 06:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 06:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 06:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 06:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 06:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 06:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 06:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 06:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 06:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 06:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 06:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 06:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 06:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 06:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 06:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 06:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 06:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 06:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 06:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 05:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 05:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 05:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 05:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 05:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 05:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 05:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 05:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 05:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 05:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 05:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 05:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 05:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 05:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 05:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 05:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 05:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 05:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 05:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 05:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 05:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 02:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 17:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 18:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/08/08 17:11:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/07/30 12:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 13:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/04/12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2013/03/05 12:34:58 | 000,469,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/03/05 12:34:56 | 000,031,984 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/03/05 12:34:56 | 000,028,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/02/28 20:59:12 | 000,583,760 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/02/28 20:59:08 | 000,136,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2013/02/28 20:59:06 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2013/02/28 20:59:06 | 000,089,168 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2013/02/28 20:59:06 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2013/02/28 20:59:04 | 000,346,192 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2013/02/28 20:59:04 | 000,115,280 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2013/02/28 19:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/02/20 23:50:30 | 003,765,760 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:64bit: - [2013/01/24 20:12:08 | 000,010,752 | ---- | M] (OSR Open Systems Resources, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DellRbtn.sys -- (DellRbtn)
DRV:64bit: - [2013/01/14 21:10:52 | 000,238,288 | ---- | M] (Kaspersky Lab UK Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cm_km_w.sys -- (cm_km_w)
DRV:64bit: - [2012/12/27 18:01:36 | 000,760,032 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/12/21 16:42:28 | 000,326,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/07/27 18:38:24 | 000,029,616 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\klelam.sys -- (klelam)
DRV:64bit: - [2012/06/25 12:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV - [2014/07/01 11:37:56 | 000,020,872 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{91BE4B2F-FDDC-4583-B135-C136B3D8F99E}: "URL" = http://www.bing.com/...=IE10TR&pc=DCJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{91BE4B2F-FDDC-4583-B135-C136B3D8F99E}: "URL" = http://www.bing.com/...=IE10TR&pc=DCJB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=dcjb
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7RVEA_enUS604
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: content_blocker_6418E0D362104DADA084DC312DFA8ABC%40kaspersky.com:4.5.3.8
FF - prefs.js..extensions.enabledAddons: virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB%40kaspersky.com:4.5.3.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected] [2014/11/20 05:51:58 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected] [2014/11/20 05:51:59 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@PackageTracer_69.com/Plugin: C:\Program Files (x86)\PackageTracer_69\bar\1.bin\NP69Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014/09/02 13:10:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected] [2014/11/20 05:51:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected] [2014/11/20 05:51:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2014/11/17 22:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\apksa_000\AppData\Roaming\mozilla\Extensions
[2014/12/05 13:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\apksa_000\AppData\Roaming\mozilla\Firefox\Profiles\264bal2f.default-1416485126634\extensions
[2014/12/05 23:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/10 17:55:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
[2014/11/20 05:51:58 | 000,000,000 | ---D | M] (Модуль блокування небезпечних веб-сайтів) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 15.0.1\FFEXT\[email protected]
[2014/11/20 05:51:59 | 000,000,000 | ---D | M] (Віртуальна клавіатура) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 15.0.1\FFEXT\[email protected]
File not found (No name found) -- C:\USERS\APKSA_000\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\264BAL2F.DEFAULT-1416485126634\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe\1.1.2_0\
CHR - Extension: No name found = C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho\4.0.9.130_0\
CHR - Extension: No name found = C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.9.0_1\
CHR - Extension: No name found = C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik\2.2014.1203.11301_1\
CHR - Extension: No name found = C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: No name found = C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmnpmgnojjhopfglajfmhclmlmpgclp\1.0_0\
CHR - Extension: No name found = C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl\1.0.9_0\
CHR - Extension: No name found = C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2:64bit: - BHO: (Content Blocker Plugin) - {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Object Browser) - {11111111-1111-1111-1111-110311281150} - C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll File not found
O2:64bit: - BHO: (Reg Error: Value error.) - {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} - C:\Users\apksa_000\AppData\Local\Temp\Rar$EXa0.078\OldNewExplorer64.dll File not found
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (Safe Money Plugin) - {E3D96E85-529D-4269-AC6A-97CF9E2221E3} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Content Blocker Plugin) - {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Reg Error: Value error.) - {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} - C:\Users\apksa_000\AppData\Local\Temp\Rar$EXa0.078\OldNewExplorer32.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (Safe Money Plugin) - {E3D96E85-529D-4269-AC6A-97CF9E2221E3} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [lxebmon.exe] C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [LightShot] C:\Users\apksa_000\AppData\Local\Skillbrains\lightshot\Lightshot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Qualcomm Atheros Commnucations)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Virtual Keyboard - {09A10376-994C-4BBF-9121-F50CF7BA237E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Virtual Keyboard - {09A10376-994C-4BBF-9121-F50CF7BA237E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A3CBE73-7CE9-4C39-A8C2-A712BAFC0C7B}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CE174B3-88C6-4203-8755-44C8758ECDC2}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CE174B3-88C6-4203-8755-44C8758ECDC2}: NameServer = 89.41.60.38,95.169.183.219
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/11 21:47:04 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- [2011/04/11 21:47:04 | 000,112,400 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/12/06 23:36:46 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/12/06 22:09:19 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\LogMeIn
[2014/12/06 22:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2014/12/06 20:47:53 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\join.me
[2014/12/06 06:47:31 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\Imminent
[2014/12/06 01:41:09 | 000,076,480 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vsock.sys
[2014/12/06 01:41:09 | 000,068,288 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\vsocklib.dll
[2014/12/06 01:41:09 | 000,064,192 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysWow64\vsocklib.dll
[2014/12/06 01:40:56 | 000,066,752 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vmx86.sys
[2014/12/06 01:39:16 | 000,359,104 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysWow64\vmnetdhcp.exe
[2014/12/06 01:39:13 | 000,438,464 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysWow64\vmnat.exe
[2014/12/06 01:39:13 | 000,026,816 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vmnetuserif.sys
[2014/12/06 01:39:02 | 000,931,008 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\vnetlib64.dll
[2014/12/06 01:38:20 | 000,055,488 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\hcmon.sys
[2014/12/06 01:38:19 | 000,058,048 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vmusb.sys
[2014/12/06 01:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2014/12/06 01:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2014/12/06 01:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2014/12/06 01:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2014/12/06 01:31:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines
[2014/12/06 00:39:14 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2014/12/05 23:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/12/05 23:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/12/05 23:04:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/12/05 22:14:31 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\Desktop\vidalia-0.2.21
[2014/12/05 17:01:55 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\Desktop\Skype
[2014/12/05 15:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Temp
[2014/12/05 15:56:40 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\Desktop\KLTRH 2.0
[2014/12/05 14:38:11 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\Desktop\All Rgh files
[2014/12/05 14:07:36 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\VirtualBox VMs
[2014/12/05 13:02:49 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\Desktop\Tor Browser
[2014/12/02 18:49:50 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\vlc
[2014/11/30 13:33:44 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\Documents\ClownfishSoundTemp
[2014/11/30 01:50:05 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\Documents\Skype Voice Records
[2014/11/30 01:50:05 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\Documents\Clownfish Avatars
[2014/11/25 23:06:25 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\TeamViewer
[2014/11/23 18:56:06 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\AppData\Local\EmieUserList
[2014/11/23 18:56:06 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\AppData\Local\EmieSiteList
[2014/11/23 18:56:06 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\AppData\Local\EmieBrowserModeList
[2014/11/23 13:42:53 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\Imminent Monitor
[2014/11/23 01:32:35 | 000,022,240 | ---- | C] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\drivers\pxwfp.sys
[2014/11/23 01:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Server
[2014/11/23 00:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2014/11/23 00:56:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2014/11/23 00:41:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/11/23 00:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN Technologies
[2014/11/22 23:40:06 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\Wireshark
[2014/11/22 19:28:29 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\Documents\Virtual Machines
[2014/11/22 14:24:08 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\Apple Computer
[2014/11/22 11:27:02 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\Apple
[2014/11/20 18:44:20 | 000,081,088 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\vmnetbridge.dll
[2014/11/20 18:44:20 | 000,049,856 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\vnetinst.dll
[2014/11/20 18:44:20 | 000,048,832 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vmnetbridge.sys
[2014/11/20 18:44:20 | 000,028,864 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vmnetadapter.sys
[2014/11/20 18:44:20 | 000,027,328 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vmnet.sys
[2014/11/20 17:04:39 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\StartIsBack
[2014/11/20 17:02:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\update_evolution8_mrb
[2014/11/20 17:01:51 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/11/20 17:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/11/20 17:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2014/11/20 16:45:10 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\Desktop\StartIsGone
[2014/11/20 16:23:24 | 000,157,659 | ---- | C] (Manuel Hoefs (Zottel)) -- C:\Users\apksa_000\Desktop\UltraUXThemePatcher_2.4.exe
[2014/11/20 13:58:08 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\CrashDumps
[2014/11/20 12:43:19 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\VMware
[2014/11/20 12:43:18 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\VMware
[2014/11/20 12:42:51 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\.VirtualBox
[2014/11/20 11:15:03 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\Diagnostics
[2014/11/20 10:33:47 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\WinRAR
[2014/11/20 05:52:02 | 000,077,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\SysNative\drivers\klwtp.sys
[2014/11/20 05:52:02 | 000,068,616 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\SysNative\drivers\klwfp.sys
[2014/11/20 05:52:01 | 000,799,944 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\SysNative\drivers\klif.sys
[2014/11/20 05:52:01 | 000,150,536 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\SysNative\drivers\klflt.sys
[2014/11/20 04:06:58 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\Google
[2014/11/20 04:01:00 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\Ulead Systems
[2014/11/20 04:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2014/11/20 04:00:56 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\Corel
[2014/11/20 04:00:51 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\Documents\Corel PaintShop Pro
[2014/11/20 04:00:51 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\Corel PaintShop Pro
[2014/11/18 05:35:09 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\IObit
[2014/11/18 02:42:05 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\ESET
[2014/11/18 02:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2014/11/18 02:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2014/11/18 02:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/11/18 02:15:07 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\Documents\Lightshot
[2014/11/18 01:30:47 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
[2014/11/18 01:30:45 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\Skillbrains
[2014/11/18 01:30:41 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\Programs
[2014/11/17 23:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/11/17 22:57:48 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\Skype
[2014/11/17 22:57:46 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\Skype
[2014/11/17 22:31:53 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\Macromedia
[2014/11/17 22:30:07 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\Google
[2014/11/17 22:29:34 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\Mozilla
[2014/11/17 22:29:34 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\Mozilla
[2014/11/17 22:20:24 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\OneDrive
[2014/11/17 22:19:13 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\Intel Corporation
[2014/11/17 22:18:34 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\BMExplorer
[2014/11/17 22:18:19 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\Documents\Bluetooth Folder
[2014/11/17 22:18:11 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\Adobe
[2014/11/17 22:18:07 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\Atheros
[2014/11/17 22:17:41 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\Power2Go8
[2014/11/17 22:16:56 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/11/17 22:16:56 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\Searches
[2014/11/17 22:16:56 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\Contacts
[2014/11/17 22:16:56 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/11/17 22:16:56 | 000,000,000 | -H-D | C] -- C:\Users\apksa_000\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/11/17 22:16:45 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\VirtualStore
[2014/11/17 22:16:45 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\Packages
[2014/11/17 22:16:45 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\Adobe
[2014/11/17 22:16:42 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\IntelGraphicsProfiles
[2014/11/17 22:16:38 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\AppData\Local\Temporary Internet Files
[2014/11/17 22:16:38 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\Templates
[2014/11/17 22:16:38 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\Start Menu
[2014/11/17 22:16:38 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\SendTo
[2014/11/17 22:16:38 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\Recent
[2014/11/17 22:16:38 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\PrintHood
[2014/11/17 22:16:38 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\NetHood
[2014/11/17 22:16:38 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\Documents\My Videos
[2014/11/17 22:16:38 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\Documents\My Pictures
[2014/11/17 22:16:38 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\Documents\My Music
[2014/11/17 22:16:38 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\My Documents
[2014/11/17 22:16:38 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\Local Settings
[2014/11/17 22:16:38 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\AppData\Local\History
[2014/11/17 22:16:38 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\Cookies
[2014/11/17 22:16:38 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\Application Data
[2014/11/17 22:16:38 | 000,000,000 | -HSD | C] -- C:\Users\apksa_000\AppData\Local\Application Data
[2014/11/17 22:16:37 | 000,000,000 | --SD | C] -- C:\Users\apksa_000\AppData\Roaming\Microsoft
[2014/11/17 22:16:37 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\Videos
[2014/11/17 22:16:37 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/11/17 22:16:37 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\Saved Games
[2014/11/17 22:16:37 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\Pictures
[2014/11/17 22:16:37 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\Music
[2014/11/17 22:16:37 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\Links
[2014/11/17 22:16:37 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\Favorites
[2014/11/17 22:16:37 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\Downloads
[2014/11/17 22:16:37 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\Documents
[2014/11/17 22:16:37 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\Desktop
[2014/11/17 22:16:37 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/11/17 22:16:37 | 000,000,000 | R--D | C] -- C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/11/17 22:16:37 | 000,000,000 | -H-D | C] -- C:\Users\apksa_000\AppData
[2014/11/17 22:16:37 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\Temp
[2014/11/17 22:16:37 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Local\Microsoft
[2014/11/17 22:16:37 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/11/17 22:16:37 | 000,000,000 | ---D | C] -- C:\Users\apksa_000\AppData\Roaming\Macromedia
[2014/11/17 17:38:40 | 000,085,584 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vmci.sys
[2014/11/09 21:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2014/11/09 21:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2014/11/09 19:40:47 | 000,033,496 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\VMkbd.sys
[2014/11/09 19:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2014/11/09 19:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
[2014/11/09 19:05:16 | 000,110,176 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\SysNative\klfphc.dll
[2014/11/09 19:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/11/09 19:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2014/11/09 19:02:09 | 000,247,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\SysNative\drivers\klhk.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/12/07 02:50:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/12/07 02:18:03 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/07 01:48:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012.job
[2014/12/07 01:22:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\update-sys.job
[2014/12/07 00:51:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008.job
[2014/12/06 23:53:10 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/06 23:39:46 | 000,043,664 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\hitmanpro37.sys
[2014/12/06 23:36:27 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/12/06 23:35:17 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/06 23:34:59 | 000,001,362 | ---- | M] () -- C:\WINDOWS\tasks\BUBIOM.job
[2014/12/06 23:34:24 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/12/06 23:34:21 | 2477,121,535 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/06 22:12:42 | 000,000,600 | ---- | M] () -- C:\Users\apksa_000\AppData\Local\PUTTY.RND
[2014/12/06 22:09:18 | 000,001,127 | ---- | M] () -- C:\Users\apksa_000\Desktop\join.me.lnk
[2014/12/06 06:47:33 | 000,002,078 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2014/12/06 04:01:47 | 3988,099,188 | ---- | M] () -- C:\Users\apksa_000\Desktop\Windows_7_Home_Basic_32Bit_64Bit.iso
[2014/12/06 02:40:50 | 3541,400,924 | ---- | M] () -- C:\Users\apksa_000\Desktop\Windows_Vista_Ultimate_SP2_64_Bit.iso
[2014/12/06 01:41:19 | 000,001,056 | ---- | M] () -- C:\Users\apksa_000\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2014/12/06 01:37:43 | 000,735,372 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/12/06 01:37:43 | 000,137,472 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/12/06 01:37:42 | 000,883,630 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/12/06 01:37:38 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2014/12/05 23:05:03 | 000,002,561 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/12/02 22:01:08 | 000,381,280 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/12/02 19:02:26 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 10.lnk
[2014/11/29 13:27:45 | 001,473,107 | ---- | M] () -- C:\Users\apksa_000\Desktop\nigga.rar
[2014/11/28 17:55:57 | 000,005,494 | ---- | M] () -- C:\Users\apksa_000\Desktop\poop.rar
[2014/11/27 22:36:25 | 000,240,026 | ---- | M] () -- C:\Users\apksa_000\SAVAGE.jpg
[2014/11/23 17:31:27 | 000,000,445 | ---- | M] () -- C:\Users\apksa_000\AppData\Local\UserProducts.xml
[2014/11/23 01:32:35 | 000,022,240 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\drivers\pxwfp.sys
[2014/11/23 01:30:36 | 000,135,736 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\vpncmd.exe
[2014/11/23 01:30:34 | 000,038,240 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) -- C:\WINDOWS\SysNative\drivers\see.sys
[2014/11/23 01:30:31 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\SoftEther VPN Server Manager.lnk
[2014/11/22 19:25:31 | 000,869,556 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/11/20 18:44:40 | 000,931,008 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysNative\vnetlib64.dll
[2014/11/20 18:44:38 | 000,438,464 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysWow64\vmnat.exe
[2014/11/20 18:44:38 | 000,066,752 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vmx86.sys
[2014/11/20 18:44:38 | 000,026,816 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vmnetuserif.sys
[2014/11/20 18:44:26 | 000,359,104 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysWow64\vmnetdhcp.exe
[2014/11/20 18:44:20 | 000,081,088 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysNative\vmnetbridge.dll
[2014/11/20 18:44:20 | 000,049,856 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysNative\vnetinst.dll
[2014/11/20 18:44:20 | 000,048,832 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vmnetbridge.sys
[2014/11/20 18:44:20 | 000,028,864 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vmnetadapter.sys
[2014/11/20 18:44:20 | 000,027,328 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vmnet.sys
[2014/11/20 17:01:51 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2014/11/20 16:23:30 | 000,157,659 | ---- | M] (Manuel Hoefs (Zottel)) -- C:\Users\apksa_000\Desktop\UltraUXThemePatcher_2.4.exe
[2014/11/20 05:49:38 | 000,077,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\SysNative\drivers\klwtp.sys
[2014/11/20 05:49:33 | 000,068,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\SysNative\drivers\klwfp.sys
[2014/11/20 05:49:25 | 000,799,944 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\SysNative\drivers\klif.sys
[2014/11/20 05:49:21 | 000,150,536 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\SysNative\drivers\klflt.sys
[2014/11/20 04:06:41 | 000,001,438 | ---- | M] () -- C:\Users\apksa_000\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/11/18 08:04:10 | 000,055,488 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\hcmon.sys
[2014/11/18 08:04:00 | 000,058,048 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vmusb.sys
[2014/11/17 22:30:27 | 000,001,816 | ---- | M] () -- C:\Users\apksa_000\Desktop\Chrome.lnk
[2014/11/17 17:38:44 | 000,068,288 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysNative\vsocklib.dll
[2014/11/17 17:38:42 | 000,076,480 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vsock.sys
[2014/11/17 17:38:42 | 000,064,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysWow64\vsocklib.dll
[2014/11/17 17:38:40 | 000,085,584 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysNative\drivers\vmci.sys
[2014/11/10 05:10:44 | 000,001,024 | ---- | M] () -- C:\WINDOWS\SysWow64\%TMP%
[2014/11/09 21:57:00 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014/11/09 19:05:43 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/12/06 23:39:46 | 000,043,664 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\hitmanpro37.sys
[2014/12/06 22:09:18 | 000,001,127 | ---- | C] () -- C:\Users\apksa_000\Desktop\join.me.lnk
[2014/12/06 22:09:18 | 000,001,127 | ---- | C] () -- C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
[2014/12/06 03:25:44 | 3988,099,188 | ---- | C] () -- C:\Users\apksa_000\Desktop\Windows_7_Home_Basic_32Bit_64Bit.iso
[2014/12/06 02:37:03 | 000,000,256 | ---- | C] () -- C:\Users\apksa_000\Desktop\Set Proxy.reg
[2014/12/06 02:37:03 | 000,000,194 | ---- | C] () -- C:\Users\apksa_000\Desktop\SkypeRemoveProxy.reg
[2014/12/06 02:37:03 | 000,000,055 | ---- | C] () -- C:\Users\apksa_000\Desktop\Read Me.url
[2014/12/06 02:10:31 | 3541,400,924 | ---- | C] () -- C:\Users\apksa_000\Desktop\Windows_Vista_Ultimate_SP2_64_Bit.iso
[2014/12/06 01:41:19 | 000,001,056 | ---- | C] () -- C:\Users\apksa_000\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2014/12/06 01:37:38 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2014/12/05 23:05:03 | 000,002,561 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/12/02 19:02:26 | 000,000,989 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
[2014/12/02 19:02:26 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 10.lnk
[2014/11/29 13:27:28 | 001,473,107 | ---- | C] () -- C:\Users\apksa_000\Desktop\nigga.rar
[2014/11/28 17:55:57 | 000,005,494 | ---- | C] () -- C:\Users\apksa_000\Desktop\poop.rar
[2014/11/27 22:35:08 | 000,240,026 | ---- | C] () -- C:\Users\apksa_000\SAVAGE.jpg
[2014/11/23 01:30:30 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\SoftEther VPN Server Manager.lnk
[2014/11/20 17:01:51 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2014/11/20 04:06:41 | 000,001,438 | ---- | C] () -- C:\Users\apksa_000\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/11/18 02:14:13 | 000,000,600 | ---- | C] () -- C:\Users\apksa_000\AppData\Local\PUTTY.RND
[2014/11/18 01:30:49 | 000,000,445 | ---- | C] () -- C:\Users\apksa_000\AppData\Local\UserProducts.xml
[2014/11/18 01:30:48 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012.job
[2014/11/17 22:24:19 | 000,001,816 | ---- | C] () -- C:\Users\apksa_000\Desktop\Chrome.lnk
[2014/11/17 22:16:45 | 000,001,444 | ---- | C] () -- C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/11/17 22:16:37 | 000,000,369 | ---- | C] () -- C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[2014/11/17 22:16:37 | 000,000,369 | ---- | C] () -- C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[2014/11/17 22:16:37 | 000,000,352 | ---- | C] () -- C:\Users\apksa_000\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/11/17 22:16:37 | 000,000,334 | ---- | C] () -- C:\Users\apksa_000\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/11/16 20:24:24 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/11/12 23:13:46 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/12 23:13:43 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/12 03:35:17 | 000,389,176 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/11/10 05:10:44 | 000,001,024 | ---- | C] () -- C:\WINDOWS\SysWow64\%TMP%
[2014/11/09 21:57:00 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2014/11/09 19:06:03 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
[2014/11/07 19:57:45 | 000,050,745 | ---- | C] () -- C:\WINDOWS\SysNative\srms.dat
[2014/11/06 22:01:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/10/22 14:28:48 | 000,002,078 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2014/10/03 17:36:30 | 000,186,368 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/10/03 17:36:28 | 016,810,624 | ---- | C] () -- C:\WINDOWS\SysWow64\igd11dxva32.dll
[2014/09/24 01:24:06 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/09/24 01:23:34 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/08/04 15:39:07 | 000,000,379 | ---- | C] () -- C:\WINDOWS\SysWow64\ff.bin
[2014/08/04 09:01:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\SysWow64\schtasks.bin
[2014/08/01 06:42:28 | 000,000,678 | ---- | C] () -- C:\WINDOWS\PCHealthFix.INI
[2014/05/05 09:17:01 | 000,344,064 | ---- | C] () -- C:\WINDOWS\SysWow64\lxebcomx.dll
[2014/05/05 09:17:01 | 000,331,776 | ---- | C] () -- C:\WINDOWS\SysWow64\LXEBinst.dll
[2014/05/05 09:17:00 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxebpmui.dll
[2014/05/05 09:17:00 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxebinpa.dll
[2014/05/05 09:17:00 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxebiesc.dll
[2014/05/05 09:17:00 | 000,262,144 | ---- | C] () -- C:\WINDOWS\SysWow64\lxebinsb.dll
[2014/05/05 09:17:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\SysWow64\lxebinsr.dll
[2014/05/05 09:17:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\lxebjswr.dll
[2014/05/05 09:17:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\SysWow64\lxebcur.dll
[2014/05/05 09:16:59 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxebserv.dll
[2014/05/05 09:16:59 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxebusb1.dll
[2014/05/05 09:16:59 | 000,323,584 | ---- | C] () -- C:\WINDOWS\SysWow64\lxebins.dll
[2014/05/05 09:16:59 | 000,253,952 | ---- | C] () -- C:\WINDOWS\SysWow64\lxebcu.dll
[2014/05/05 09:16:59 | 000,090,112 | ---- | C] () -- C:\WINDOWS\SysWow64\lxebcub.dll
[2014/05/05 09:16:58 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxebcomc.dll
[2014/05/05 09:16:58 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxebhbn3.dll
[2014/05/05 09:16:58 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxebcoms.exe
[2014/05/05 09:16:58 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxeblmpm.dll
[2014/05/05 09:16:58 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxebcfg.exe
[2014/05/05 09:16:58 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxebcomm.dll
[2014/05/05 09:16:58 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\lxebih.exe
[2014/03/14 15:52:16 | 001,176,777 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2014/03/14 15:52:16 | 000,201,125 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2014/03/01 19:43:40 | 000,238,128 | ---- | C] () -- C:\WINDOWS\RegBootClean64.exe
[2014/02/17 05:45:35 | 000,883,630 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/08/22 09:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 09:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 08:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 01:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 21:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 17:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 17:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/05/11 19:17:52 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll
[2013/02/28 19:47:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\SysWow64\pthreadVC.dll

========== ZeroAccess Check ==========

[2014/11/05 01:45:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/30 18:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 16:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 03:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 20:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 03:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/12/06 00:39:14 | 000,000,000 | ---D | M] -- C:\Users\apksa_000\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2014/12/07 02:00:55 | 000,000,000 | ---D | M] -- C:\Users\apksa_000\AppData\Roaming\Imminent
[2014/12/06 17:23:34 | 000,000,000 | ---D | M] -- C:\Users\apksa_000\AppData\Roaming\Imminent Monitor
[2014/11/18 05:35:09 | 000,000,000 | ---D | M] -- C:\Users\apksa_000\AppData\Roaming\IObit
[2014/11/25 23:31:18 | 000,000,000 | ---D | M] -- C:\Users\apksa_000\AppData\Roaming\TeamViewer
[2014/11/20 04:01:00 | 000,000,000 | ---D | M] -- C:\Users\apksa_000\AppData\Roaming\Ulead Systems
[2014/11/22 23:40:48 | 000,000,000 | ---D | M] -- C:\Users\apksa_000\AppData\Roaming\Wireshark

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\Users\apksa_000\OneDrive:ms-properties

< End of report >
 
 

 
 
Edit: I'll just put it in a pastebin link to the log (http://pastebin.com/QFUyFuGN)

Attached Files

  • Attached File  OTL.Txt   217.16KB   125 downloads

Edited by CompCav, 07 December 2014 - 06:28 AM.

  • 0

Advertisements

#2
SavageRgh1234
Posted 07 December 2014 - 06:22 AM

SavageRgh1234

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Still need help.
  • 0

#3
23red
Posted 08 December 2014 - 09:10 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

:welcome:  SavageRgh1234
 
I'm 23red, and it'll be my pleasure to assist you with your problem.  A few guidelines to help make this successful:
 
•  Please make sure to carefully read every post completely before doing anything.
 
•  If you're not sure, or if something unexpected happens do not continue! Stop and ask!  It is not a problem.
 
•  Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.
 
•  Please stick with me until all malware is gone from your system.  Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear.
 
•  Please copy/paste to Notepad and save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
 
•  Please download all tools to the Desktop and leave them there.  I'll clean them all up when we are finished, I promise!
 
  Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
 
•  I do my best to respond as quick as I can.  I, like everyone else here am also a volunteer and sometimes life keeps me busy  ;)
 
•  Thank you for your understanding and I appreciate your patience.
 
OTL does not work great with Wndows 8, so let's look with a tool that is better for Windows 8:
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system.  Yours is a 64bit system, please choose FRST64.
 
To Download to the Desktop do the following:
 
When the Download window pops up on the bottom of your screen first click the arrow button
 
saveastrianglearrow.jpg
 
Then click Save As

 savesaveasvistaup.jpg
 
Then choose Desktop from the left side panel.
 
 savetodesktopvistaup.jpg
 
This will set FRST on to your Desktop.

  • Right click to run as administrator.  When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Thank you :)


  • 0

#4
23red
Posted 10 December 2014 - 10:31 PM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi :)

Are you still requiring assistance?


  • 0

#5
23red
Posted 12 December 2014 - 09:33 AM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP