Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Think I might be infected from this

Started by PatchyIsBeast , Jan 02 2015 06:10 PM

  • Please log in to reply

#1
PatchyIsBeast
Posted 02 January 2015 - 06:10 PM

PatchyIsBeast

    New Member

  • Member
  • Pip
  • 3 posts

So yesterday my friend offered to make a new logo for my website, and I said sure.
But he sent it through skype, and as I trusted him I downloaded it and opened it to see it, and then I uploaded it to the site.

But today that same moderator gone rogue on the site and he sent me a kik message he might have a rat on his pc. So that can't be good.

 

 

I have tried to remove it by running ESET online scanner (it still is not done).

 

The only way I could of got it was because of the image.

 

I still have the image here:

http://rghost.net/60107699

 

 

OTL:

Accidentally hit submit.

OTL logfile created on: 1/2/2015 7:06:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Evan\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.87 Gb Total Physical Memory | 3.87 Gb Available Physical Memory | 49.20% Memory free
15.87 Gb Paging File | 11.65 Gb Available in Paging File | 73.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.01 Gb Total Space | 754.69 Gb Free Space | 81.94% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.25 Gb Free Space | 62.57% Space Free | Partition Type: NTFS
Drive Y: | 7.55 Gb Total Space | 0.70 Gb Free Space | 9.30% Space Free | Partition Type: NTFS
 
Computer Name: ANONYMOUS | User Name: Evan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/02 19:06:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Evan\Downloads\OTL.exe
PRC - [2014/12/15 06:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2014/12/10 18:13:25 | 000,337,520 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/12/09 17:56:11 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
PRC - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/09/16 14:45:52 | 003,095,328 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2014/07/31 14:26:32 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/07/31 14:25:37 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/06/26 07:44:06 | 000,535,304 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2014/06/26 07:44:02 | 000,358,144 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2014/05/26 12:57:30 | 002,688,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2014/05/26 04:48:00 | 000,419,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2014/05/23 01:10:16 | 005,341,856 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2014/02/19 05:06:04 | 000,769,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2014/02/11 14:29:20 | 008,304,128 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
PRC - [2014/02/04 03:44:00 | 001,309,432 | ---- | M] (Bogdan Sharkov) -- C:\Program Files (x86)\Clownfish\Clownfish.exe
PRC - [2013/11/20 14:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/09/28 15:29:22 | 001,761,280 | ---- | M] (Don HO [email protected]) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2012/11/15 13:57:20 | 000,086,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
PRC - [2012/09/06 04:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/08/27 08:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/08/06 10:58:14 | 001,919,336 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2009/01/13 09:46:22 | 001,169,920 | ---- | M] (Huw Millington) -- C:\Program Files (x86)\Windows Grep\grep32.exe
PRC - [2002/08/14 02:33:46 | 001,130,496 | ---- | M] () -- C:\mysql\bin\mysqld-nt.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/10 18:13:21 | 003,758,192 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/12/09 17:56:09 | 016,841,392 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
MOD - [2014/07/31 14:25:46 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/31 14:25:40 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/06/26 07:44:02 | 000,358,144 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MOD - [2014/05/26 04:52:12 | 032,733,088 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
MOD - [2014/05/23 01:10:16 | 005,341,856 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2014/05/12 21:22:24 | 002,217,128 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\plugins\ExchangePlugin\ExManCoreLib\ExManZxpSign.dll
MOD - [2013/09/14 00:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 00:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/08/22 00:27:39 | 000,762,720 | ---- | M] () -- C:\Windows\SysWOW64\Speech\Engines\TTS\MSTTSEngine.dll
MOD - [2013/08/21 21:13:46 | 000,392,192 | ---- | M] () -- C:\Windows\SysWOW64\Speech\Engines\TTS\MSTTSLoc.dll
MOD - [2011/09/21 15:46:28 | 001,673,728 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
MOD - [2011/07/18 16:07:28 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
MOD - [2010/01/02 09:42:28 | 000,018,207 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\mingwm10.dll
MOD - [1997/02/27 02:00:00 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Windows Grep\cio32.dll
MOD - [1997/02/27 02:00:00 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Windows Grep\regexp32.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/10/30 23:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/06 20:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/09/21 22:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/21 22:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/15 19:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/15 19:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/08/07 08:06:38 | 000,037,176 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV:64bit: - [2014/07/31 14:25:37 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/07/24 02:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/06/12 09:02:10 | 000,064,624 | ---- | M] (CyberGhost S.R.L) [Auto | Stopped] -- C:\Program Files\CyberGhost 5\Service.exe -- (CGVPNCliService)
SRV:64bit: - [2014/03/14 01:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/08 00:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 02:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/02/22 10:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 04:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 04:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 04:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 04:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/01/17 14:01:08 | 000,187,592 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2013/12/10 02:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 06:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 06:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 04:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 04:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 04:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/12/15 06:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/12/10 18:13:23 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/09 17:56:11 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/03/14 01:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/10/03 23:43:02 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/08/21 22:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012/12/13 22:45:35 | 000,061,440 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\secpro.exe -- (SecStore)
SRV - [2012/11/15 13:57:20 | 000,086,216 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2012/09/06 04:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/08/27 08:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/08/06 10:58:14 | 001,919,336 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2002/08/14 02:33:46 | 001,130,496 | ---- | M] () [Auto | Running] -- C:\mysql\bin\mysqld-nt.exe -- (MySql)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/23 07:05:13 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/10/12 21:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/10/12 21:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/12 21:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/09 20:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/09/21 22:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/21 22:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/21 21:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/08/14 19:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/07/31 14:26:31 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/07/31 14:26:06 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/07/31 14:26:06 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/07/31 14:26:05 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/07/31 14:26:05 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/07/31 14:26:04 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/07/31 14:26:02 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/07/24 10:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/07/24 10:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/07/24 06:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/05/16 19:42:36 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2014/05/01 08:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/03/19 22:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/13 07:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/08 15:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/02/22 10:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 10:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 10:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 10:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 07:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/01/17 14:01:06 | 000,202,600 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2014/01/07 08:02:04 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2014/01/07 07:42:08 | 000,076,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/12/23 01:25:12 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/12/08 17:11:54 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/12/06 08:37:50 | 000,035,232 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2013/12/04 13:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/11/26 20:53:58 | 000,052,128 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv.sys -- (ManyCam)
DRV:64bit: - [2013/11/14 02:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/11/14 02:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/11/14 02:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/10/16 15:51:52 | 000,039,608 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapse01.sys -- (tapse01)
DRV:64bit: - [2013/10/03 23:42:44 | 004,185,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/09/26 04:08:22 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/09/26 04:08:22 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/08/31 03:02:26 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 06:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 06:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 06:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/19 17:26:04 | 000,038,760 | ---- | M] (Hide My IP) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hmip64.sys -- (hmip)
DRV:64bit: - [2013/06/18 09:46:17 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/03/18 15:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/10 06:30:12 | 000,225,144 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012/10/10 06:30:10 | 000,020,856 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012/09/14 14:49:52 | 000,099,328 | ---- | M] (Qualcomm Atheros Communications Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qca_shb.sys -- (qca_shb)
DRV:64bit: - [2012/09/14 14:49:52 | 000,039,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\leath_hid.sys -- (lehidmini)
DRV:64bit: - [2012/09/14 14:49:44 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/09/14 14:49:42 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/09/14 14:49:36 | 000,055,448 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2012/09/05 04:54:26 | 000,454,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/09/05 04:54:26 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/09/05 04:54:24 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/08/31 19:48:16 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/08/29 08:36:54 | 000,857,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012/08/06 11:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2012/07/30 09:56:14 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/07/20 10:04:30 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/07/10 04:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/09 20:19:26 | 000,035,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2012/06/15 13:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/02/29 20:46:06 | 000,031,744 | ---- | M] (Astrill) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asvpndrv.sys -- (asvpndrv)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {98CF2098-254B-4364-8F65-D3EBA5187428}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:13828
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=U162I"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2021.112
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.3
FF - prefs.js..extensions.enabledAddons: muter%40yxl.name:1.0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - prefs.js..keyword.URL: "http://www.bing.com/...ID&PC=U162I&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Evan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91 [2014/02/07 20:23:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/09/18 19:02:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{639dacdc-21ee-4f5e-8f4a-57e7c3045c72}: C:\Program Files (x86)\Re-markit Corp\158.xpi [2014/03/30 18:24:34 | 000,011,236 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/02/28 20:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evan\AppData\Roaming\mozilla\Extensions
[2014/12/09 21:27:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evan\AppData\Roaming\mozilla\Firefox\Profiles\frqdy53t.default\extensions
[2014/11/22 07:42:59 | 000,000,000 | ---D | M] (Muter) -- C:\Users\Evan\AppData\Roaming\mozilla\Firefox\Profiles\frqdy53t.default\extensions\[email protected]
[2014/12/09 21:27:43 | 002,551,632 | ---- | M] () (No name found) -- C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\frqdy53t.default\extensions\[email protected]
[2014/11/13 18:54:42 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\frqdy53t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/10/30 14:51:11 | 000,304,000 | ---- | M] () (No name found) -- C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\frqdy53t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/05/24 14:23:15 | 000,006,060 | ---- | M] () -- C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\frqdy53t.default\searchplugins\bingp.xml
[2014/11/10 18:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/10 18:13:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/09/18 19:02:30 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...U162DF&PC=U162,
CHR - homepage: http://www.bing.com/?pc=U162I
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.13.2_0\
CHR - Extension: AdBlock = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.15_0\
CHR - Extension: Avast Online Security = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: Kiipi = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgnaamaibiffknjdllmcjcdelablkca\12.6.1_0\
CHR - Extension: Binger = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihngfhjjlpneihgjggelbegdefmfapam\1.2_0\
CHR - Extension: Qmee = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde\0.9.37_0\
CHR - Extension: Qmee = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde\0.9.38_0\
CHR - Extension: Google Wallet = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/03/28 16:57:24 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [bdruninstaller] C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe (Bitdefender)
O4 - HKLM..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe ()
O4 - HKLM..\Run: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [Clownfish] C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov)
O4 - HKCU..\Run: [CyberGhost] C:\Program Files\CyberGhost 5\CyberGhost.EXE (CyberGhost S.R.L.)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms ()
O4 - HKCU..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [LightShot] C:\Users\Evan\AppData\Local\Skillbrains\lightshot\Lightshot.exe File not found
O4 - HKCU..\Run: [puush] C:\Program Files (x86)\puush\puush.exe File not found
O4 - HKCU..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKCU..\Run: [SurfEasy] C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyVPN.exe startup File not found
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1418529606 File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bitcoin.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B4ABA25-0E5D-49B1-B9DE-EE31E59269E5}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{934B62A9-8231-4FF0-9F5B-691E85A05169}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\program files (x86)\isafe\wpk.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/21 18:37:10 | 000,000,000 | -HS- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/02 16:44:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2015/01/02 14:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Grep
[2015/01/02 14:14:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Grep
[2014/12/29 19:04:56 | 000,000,000 | ---D | C] -- C:\Users\Evan\Desktop\not crap
[2014/12/28 20:30:19 | 000,000,000 | ---D | C] -- C:\Users\Evan\AppData\Roaming\GitHub
[2014/12/28 20:30:19 | 000,000,000 | ---D | C] -- C:\Users\Evan\AppData\Local\GitHub
[2014/12/28 20:30:09 | 000,000,000 | ---D | C] -- C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
[2014/12/27 18:01:24 | 000,000,000 | ---D | C] -- C:\Users\Evan\Desktop\crap
[2014/12/21 15:51:48 | 000,000,000 | ---D | C] -- C:\Users\Evan\Desktop\Tor Browser
[2014/12/18 17:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
[2014/12/17 18:42:09 | 000,000,000 | ---D | C] -- C:\Users\Evan\AppData\Roaming\AtlirVPN
[2014/12/17 18:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
[2014/12/17 18:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2014/12/17 18:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2014/12/17 18:39:30 | 000,000,000 | ---D | C] -- C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atlir
[2014/12/16 16:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin
[2014/12/16 16:07:46 | 000,000,000 | ---D | C] -- C:\cygwin64
[2014/12/12 23:21:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\appraiser
[2014/12/06 21:43:50 | 000,000,000 | -HSD | C] -- C:\Users\Evan\AppData\Local\EmieBrowserModeList
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/02 19:25:01 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\Re-markit_wd.job
[2015/01/02 19:23:13 | 004,664,932 | ---- | M] () -- C:\Users\Evan\Desktop\backup_4e907e27c7O8YnjHa4gV613vyqZC3R9M2DLILkk6ti2SwloKNphiKMhIe85S7Qtc.sql
[2015/01/02 19:14:00 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\Re-markit Update.job
[2015/01/02 19:08:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/02 18:55:05 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/01/02 17:55:02 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\update-S-1-5-21-2521666455-4266378418-2814718754-1002.job
[2015/01/02 15:52:01 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\update-sys.job
[2015/01/02 14:21:52 | 020,867,705 | ---- | M] () -- C:\Users\Evan\Desktop\backup-1.2.2015_14-19-22_alphassx.tar.gz
[2015/01/02 14:11:49 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/01/02 05:48:27 | 000,002,669 | ---- | M] () -- C:\Users\Evan\Desktop\whitelist_emails.php
[2015/01/02 04:54:02 | 001,212,566 | ---- | M] () -- C:\Users\Evan\Desktop\what.png
[2015/01/02 01:08:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/31 21:28:51 | 000,000,600 | ---- | M] () -- C:\Users\Evan\AppData\Local\PUTTY.RND
[2014/12/31 18:25:18 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 10.lnk
[2014/12/25 20:04:44 | 000,766,490 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/12/25 20:04:44 | 000,149,450 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/12/25 20:04:43 | 000,913,650 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/12/25 20:01:34 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2014/12/18 17:58:59 | 000,000,425 | ---- | M] () -- C:\Users\Evan\AppData\Local\UserProducts.xml
[2014/12/16 16:39:29 | 000,001,814 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2014/12/13 23:04:12 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/13 22:54:43 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/12/13 22:54:35 | 2467,315,711 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/11 18:26:05 | 000,000,355 | ---- | M] () -- C:\Users\Evan\Homegroup - Shortcut.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/02 14:54:19 | 000,002,669 | ---- | C] () -- C:\Users\Evan\Desktop\whitelist_emails.php
[2015/01/02 14:23:19 | 004,664,932 | ---- | C] () -- C:\Users\Evan\Desktop\backup_4e907e27c7O8YnjHa4gV613vyqZC3R9M2DLILkk6ti2SwloKNphiKMhIe85S7Qtc.sql
[2015/01/02 14:21:43 | 020,867,705 | ---- | C] () -- C:\Users\Evan\Desktop\backup-1.2.2015_14-19-22_alphassx.tar.gz
[2015/01/01 22:29:20 | 001,212,566 | ---- | C] () -- C:\Users\Evan\Desktop\what.png
[2014/12/31 18:25:18 | 000,001,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
[2014/12/31 18:25:17 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 10.lnk
[2014/12/31 17:18:53 | 000,000,600 | ---- | C] () -- C:\Users\Evan\AppData\Local\PUTTY.RND
[2014/12/25 20:01:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2014/12/11 18:26:05 | 000,000,355 | ---- | C] () -- C:\Users\Evan\Homegroup - Shortcut.lnk
[2014/10/04 18:20:45 | 000,000,731 | ---- | C] () -- C:\Users\Evan\AppData\Local\recently-used.xbel
[2014/10/04 18:20:44 | 000,005,959 | ---- | C] () -- C:\Users\Evan\secret-key-AC1814B8.asc
[2014/04/27 13:31:54 | 000,001,814 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2014/04/23 11:45:58 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/03/17 17:30:00 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/02/14 15:22:32 | 000,175,290 | ---- | C] () -- C:\Users\Evan\AppData\Local\newversion.zip
[2014/02/14 15:22:30 | 000,100,741 | ---- | C] () -- C:\Users\Evan\AppData\Local\down.htm
[2014/02/14 15:21:43 | 000,235,008 | ---- | C] () -- C:\WINDOWS\SysWow64\FltEng.dll
[2014/02/14 15:21:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\secpro.exe
[2014/02/13 15:20:20 | 000,000,136 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2014/02/10 19:39:33 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/01/24 18:05:49 | 000,003,520 | ---- | C] () -- C:\WINDOWS\SysWow64\EasyRedirect.ini
[2014/01/24 18:05:49 | 000,002,040 | ---- | C] () -- C:\WINDOWS\SysWow64\EasyRedirectOff.ini
[2014/01/24 17:59:43 | 000,007,392 | ---- | C] () -- C:\WINDOWS\SysWow64\HideMyIpSRV.ini
[2014/01/24 17:59:43 | 000,003,904 | ---- | C] () -- C:\WINDOWS\SysWow64\HideMyIpSRVOff.ini
[2014/01/16 17:15:44 | 000,000,425 | ---- | C] () -- C:\Users\Evan\AppData\Local\UserProducts.xml
[2013/12/17 21:03:50 | 000,003,799 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/11/27 22:04:49 | 000,000,192 | ---- | C] () -- C:\Users\Evan\.screenleap
[2013/10/12 15:18:46 | 000,004,608 | ---- | C] () -- C:\Users\Evan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/06 18:38:18 | 000,000,043 | ---- | C] () -- C:\Users\Evan\jagex_cl_runescape_LIVE.dat
[2013/10/06 18:38:18 | 000,000,024 | ---- | C] () -- C:\Users\Evan\random.dat
[2013/10/03 23:42:46 | 000,343,040 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/10/03 23:42:40 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/10/03 23:42:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/09/29 17:19:41 | 000,005,113 | ---- | C] () -- C:\ProgramData\auqrgqib.ttw
[2013/09/21 19:21:02 | 000,002,261 | ---- | C] () -- C:\Users\Evan\Google Chrome.lnk
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/08/13 02:26:56 | 000,000,051 | ---- | C] () -- C:\WINDOWS\smsts.ini
 
========== ZeroAccess Check ==========
 
[2014/01/21 12:53:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/30 19:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 17:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/12/26 22:27:28 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\.minecraft
[2013/09/21 20:58:34 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\.mono
[2014/12/28 17:19:32 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\.purple
[2013/10/25 15:34:54 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Acoustica
[2013/12/06 23:18:51 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Arrowhead
[2014/12/17 18:42:32 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\AtlirVPN
[2014/10/11 22:22:38 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Audacity
[2014/07/28 00:53:45 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\AVAST Software
[2014/01/27 20:45:00 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\AVG
[2013/09/22 12:03:09 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\AVG2014
[2015/01/02 19:34:00 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Bitcoin
[2015/01/02 18:58:58 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\ClassicShell
[2014/02/13 13:52:57 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\DictAddon
[2014/10/27 17:46:33 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Dogecoin
[2013/11/02 22:17:28 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Faerie Solitaire
[2015/01/02 17:01:07 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\FileZilla
[2013/09/28 20:26:02 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\FreeHideIP
[2014/12/28 20:31:01 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\GitHub
[2014/11/02 00:21:47 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\gnupg
[2014/06/23 09:25:32 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Gyazo
[2013/11/02 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Hi-Rez Studios
[2014/07/03 10:12:52 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Litecoin
[2013/11/30 18:46:18 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\LOVE
[2013/09/30 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Minecraft Skin Viewer
[2014/07/11 14:34:07 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\MonoDevelop-Unity-4.0
[2014/10/25 17:21:55 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\MultiBit
[2014/10/30 15:36:06 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\MultiDoge
[2014/11/02 21:37:00 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\MultiForce
[2014/11/02 21:35:32 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\MultiForce Backup
[2014/03/30 17:52:55 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\MusicNet
[2013/12/13 17:45:19 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Natural Selection 2
[2013/10/05 14:58:38 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Notepad++
[2013/12/30 19:18:21 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\NuGet
[2014/08/23 17:02:35 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\OmniCoin
[2013/12/14 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\openvr
[2014/03/08 23:09:13 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Opera Software
[2014/07/15 14:47:56 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\PCDr
[2013/10/12 15:20:21 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\PDAppFlex
[2014/10/14 18:23:08 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\PDF Architect 2
[2014/07/19 18:35:10 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\poclbm
[2014/12/01 16:05:47 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Publish Providers
[2014/04/25 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\puush
[2013/09/21 20:01:46 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\RoboForm
[2014/11/01 19:32:23 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Sony
[2014/02/12 16:14:08 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Sublime Text 2
[2013/10/25 15:35:07 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\SynthMaker
[2014/06/22 15:07:20 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Systweak
[2014/03/15 20:33:38 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\TeamViewer
[2013/09/25 20:36:56 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\TechSmith
[2014/11/09 15:36:07 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\TS3Client
[2013/09/22 12:02:23 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\TuneUp Software
[2014/07/11 14:22:40 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Unity
[2013/10/12 09:09:10 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Windows
[2014/07/27 10:05:27 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\Users\Evan\SkyDrive:ms-properties

< End of report >
 


Edited by PatchyIsBeast, 02 January 2015 - 06:54 PM.

  • 0

Advertisements

#2
PatchyIsBeast
Posted 02 January 2015 - 06:57 PM

PatchyIsBeast

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

otl log added


  • 0

#3
PatchyIsBeast
Posted 02 January 2015 - 10:31 PM

PatchyIsBeast

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Can anyone help?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP