Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SVCHOST.exe is infected, please help [Closed]

Started by ihatesvchost.exe , Aug 13 2014 01:06 PM

  • This topic is locked This topic is locked

#46
ihatesvchost.exe
Posted 18 August 2014 - 04:09 PM

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Ok I think I understand how this works. So instead of using a UBS drive to run the recovery drive I will boot from CD. And then I continue at the below step?

 

 

WindowsKey.png Run Recovery Environment
 

  • When the machine boots-up, you will see the Install now window. Instead choose the Repair my computer option.
  • You will be presented with the list of operating systems (usually there will be only one). Highlight it by clicking on it and select Next.
  • In the Choose Recovery Tool menu select Command Prompt.

You will see a big black window with a blinking cursor (command prompt).

notepad.png Access the notepad and identify your USB drive

In the Command Prompt please type in:

notepad

and press Enter.

  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.

Note down the letter and close the notepad.

 

 

 

 

Another update. I said my computer started normally today. I left it on by itself for a while and when I came back it was running over 30 rundll.exe files in the task manager and using 100% CPU. I turned it off immediately.

 

Edit: I have a repair disk ready


Edited by ihatesvchost.exe, 18 August 2014 - 04:26 PM.

  • 0

Advertisements

#47
Biscuithd
Posted 18 August 2014 - 07:37 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
The multiple run32.dll are very disconcerting!

Let me know how the update roll back goes and hoe the computer is working. If you want to move directly to the passive scan, that's fine.
  • 0

#48
ihatesvchost.exe
Posted 18 August 2014 - 08:30 PM

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Let's put the update roll back on hold for now. If I understood you correctly, you speculated the Windows patch was causing the crash instead of an infection. Based on what I have seen on my computer today I think my computer still has a severe malware problem, and am not sure pursuing the rollback makes sense.

 

I experimented with running the computer normally without being connected to the internet and didn't have any issues, which also seems consistent with smart malware behavior.

 

My latest scan is below.

 

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by SYSTEM on MININT-RQJV868 on 18-08-2014 22:15:52
Running from g:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CAHS1Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [SPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => "d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-10] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-30] (Gigabyte Technology CO., LTD.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Admin -disaster only\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\GDC\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\GDC\...\Run: [SpybotSD TeaTimer] => d:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
HKU\GDC\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\GDC\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [128928 2010-12-14] (Futuremark Corporation)
S2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.)
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
S2 SBSDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-28] (Atheros Communications, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-07-30] (Emsisoft GmbH)
S3 CorsairCAHS1; C:\Windows\System32\drivers\CAHS164.sys [1308160 2011-06-16] (C-Media Electronics Inc)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-30] (DT Soft Ltd)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-30] (GFI Software)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [36456 2014-08-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\4B91.tmp [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 08:41 - 2014-08-18 08:41 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-17 01:07 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll
2014-08-17 01:07 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 01:07 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 01:07 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2014-08-17 01:07 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2014-08-17 01:07 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2014-08-17 01:07 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 01:07 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 09:13 - 2014-08-16 09:14 - 00028237 _____ () C:\zoek-results.log
2014-08-16 09:12 - 2014-08-16 09:13 - 00000000 ____D () C:\zoek_backup
2014-08-15 13:11 - 2014-07-31 15:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-08-15 13:11 - 2014-07-31 15:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 13:11 - 2014-07-25 06:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-08-15 13:11 - 2014-07-25 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-08-15 13:11 - 2014-07-25 06:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-08-15 13:11 - 2014-07-25 05:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 13:11 - 2014-07-25 05:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-08-15 13:11 - 2014-07-25 05:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-08-15 13:11 - 2014-07-25 05:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-08-15 13:11 - 2014-07-25 05:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-08-15 13:11 - 2014-07-25 05:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-08-15 13:11 - 2014-07-25 05:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-08-15 13:11 - 2014-07-25 05:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-08-15 13:11 - 2014-07-25 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 13:11 - 2014-07-25 05:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-08-15 13:11 - 2014-07-25 05:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-08-15 13:11 - 2014-07-25 05:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-08-15 13:11 - 2014-07-25 04:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-08-15 13:11 - 2014-07-25 04:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-15 13:11 - 2014-07-25 04:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-08-15 13:11 - 2014-07-25 04:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 13:11 - 2014-07-25 04:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 13:11 - 2014-07-25 04:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 13:11 - 2014-07-25 04:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 13:11 - 2014-07-25 04:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-08-15 13:11 - 2014-07-25 04:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-15 13:11 - 2014-07-25 04:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 13:11 - 2014-07-25 04:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-08-15 13:11 - 2014-07-25 04:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 13:11 - 2014-07-25 04:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-08-15 13:11 - 2014-07-25 04:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 13:11 - 2014-07-25 04:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 13:11 - 2014-07-25 04:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-08-15 13:11 - 2014-07-25 04:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 13:11 - 2014-07-25 04:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 13:11 - 2014-07-25 04:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 13:11 - 2014-07-25 03:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 13:11 - 2014-07-25 03:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-08-15 13:11 - 2014-07-25 03:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 13:11 - 2014-07-25 03:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-08-15 13:11 - 2014-07-25 03:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-08-15 13:11 - 2014-07-25 03:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-08-15 13:11 - 2014-07-25 03:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 13:11 - 2014-07-25 03:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 13:11 - 2014-07-25 03:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 13:11 - 2014-07-25 03:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-08-15 13:11 - 2014-07-25 03:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 13:11 - 2014-07-25 03:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 13:11 - 2014-07-25 03:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 13:11 - 2014-07-25 03:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 13:11 - 2014-07-25 02:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-08-15 13:11 - 2014-07-25 02:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-08-15 13:11 - 2014-07-25 02:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-08-15 13:11 - 2014-07-25 02:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 13:11 - 2014-07-25 02:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 13:11 - 2014-07-25 02:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 13:11 - 2014-07-15 19:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-08-15 13:11 - 2014-07-15 18:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 13:11 - 2014-06-24 18:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-08-15 13:11 - 2014-06-24 17:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 13:11 - 2014-06-15 18:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2014-08-15 13:11 - 2014-06-03 02:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-08-15 13:11 - 2014-06-03 02:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-08-15 13:11 - 2014-06-03 02:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll
2014-08-15 13:11 - 2014-06-03 02:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2014-08-15 13:11 - 2014-06-03 01:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 13:11 - 2014-06-03 01:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 13:11 - 2014-06-03 01:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 13:10 - 2014-07-13 18:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2014-08-15 13:10 - 2014-07-13 17:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 10:03 - 2014-08-15 10:03 - 00027492 _____ () C:\ComboFix.txt
2014-08-15 07:53 - 2014-08-15 10:03 - 00000000 ____D () C:\Qoobox
2014-08-15 07:53 - 2014-08-15 10:02 - 00000000 ____D () C:\Windows\erdnt
2014-08-15 07:53 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-15 07:53 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-15 07:53 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-15 07:53 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-15 07:53 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-15 07:53 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-15 07:53 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-15 07:53 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-15 07:51 - 2014-08-18 22:15 - 00000000 ____D () C:\FRST
2014-08-15 07:42 - 2014-08-15 07:42 - 00000000 ____D () C:\_OTL
2014-08-14 12:11 - 2014-08-14 12:11 - 514927041 _____ () C:\Windows\MEMORY.DMP
2014-08-14 12:11 - 2014-08-14 12:11 - 00572088 _____ () C:\Windows\Minidump\081414-17940-01.dmp
2014-08-13 10:20 - 2014-08-13 10:56 - 00000000 ____D () C:\Users\GDC\AppData\Local\adawarebp
2014-08-12 16:57 - 2014-08-12 16:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-12 16:57 - 2014-08-12 16:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-12 16:57 - 2014-08-12 16:57 - 00000000 ____D () C:\Users\GDC\AppData\Local\Skype
2014-08-11 20:42 - 2014-08-11 21:36 - 00044312 _____ () C:\Users\GDC\Desktop\rotational programs.odt
2014-08-06 20:26 - 2014-08-13 12:41 - 00049524 _____ () C:\Users\GDC\Desktop\Elements Walkthrough.odt
2014-08-06 17:58 - 2014-08-18 18:09 - 00048523 _____ () C:\Users\GDC\Desktop\elements walkthrough.ods
2014-08-06 17:58 - 2014-08-06 17:58 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\LibreOffice
2014-08-06 17:57 - 2014-08-06 17:57 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-08-06 17:57 - 2014-08-06 17:57 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-08-06 06:25 - 2014-08-18 08:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-03 18:52 - 2014-08-03 18:52 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-01 13:12 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
2014-08-01 12:00 - 2014-08-16 08:55 - 00000000 ____D () C:\Users\GDC\AppData\Local\CrashDumps
2014-08-01 10:32 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-08-01 10:32 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-08-01 10:32 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 10:32 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-08-01 10:32 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2014-08-01 10:32 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-08-01 10:32 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 10:32 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-08-01 10:32 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-08-01 10:32 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 10:32 - 2014-05-14 05:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-08-01 10:32 - 2014-05-14 05:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 10:32 - 2014-05-14 05:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-08-01 10:32 - 2014-05-14 05:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-31 20:58 - 2014-08-18 18:09 - 01050010 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 20:55 - 2014-08-16 22:47 - 00004288 _____ () C:\Windows\PFRO.log
2014-07-31 20:53 - 2014-08-18 15:39 - 00004088 _____ () C:\Windows\setupact.log
2014-07-31 20:53 - 2014-07-31 20:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-31 20:48 - 2014-07-31 20:49 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\vlc
2014-07-31 20:45 - 2014-07-31 20:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-31 20:44 - 2014-07-31 20:44 - 00006107 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-31 20:44 - 2014-07-10 23:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-31 20:44 - 2014-07-10 22:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-31 20:44 - 2014-07-10 22:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-31 20:44 - 2014-07-10 22:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-31 20:24 - 2014-07-31 19:19 - 00000768 _____ () C:\Windows\System32\Drivers\etc\hosts.20140801-002457.backup
2014-07-31 20:04 - 2014-07-31 20:04 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Local\CrashDumps
2014-07-31 19:44 - 2014-07-31 19:49 - 00000000 ____D () C:\Users\Admin -disaster only\Desktop\mbar
2014-07-31 19:44 - 2014-07-31 19:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 15:49 - 2014-08-16 09:01 - 00000000 ____D () C:\AdwCleaner
2014-07-31 13:50 - 2014-08-13 09:41 - 00000546 _____ () C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
2014-07-31 13:50 - 2014-08-13 09:41 - 00000000 ____D () C:\EEK
2014-07-31 13:43 - 2014-07-31 13:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-31 13:32 - 2014-08-17 08:49 - 00036456 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-07-31 13:32 - 2014-07-31 13:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-30 21:04 - 2014-08-14 12:15 - 00002958 _____ () C:\Users\Admin -disaster only\Desktop\Rkill.txt
2014-07-30 21:02 - 2014-08-17 11:50 - 00000000 ____D () C:\Users\GDC\Desktop\anti-rootkit
2014-07-30 20:59 - 2014-07-31 19:54 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-30 20:59 - 2014-07-30 20:59 - 00003229 _____ () C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
2014-07-30 20:59 - 2014-07-30 20:59 - 00000000 ____D () C:\ProgramData\Sophos
2014-07-30 16:02 - 2014-07-30 16:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-30 15:59 - 2014-07-30 15:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieUserList
2014-07-30 15:59 - 2014-07-30 15:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
2014-07-29 17:10 - 2013-08-09 22:16 - 00450636 _____ () C:\Windows\System32\Drivers\etc\hosts.20140729-211016.backup
2014-07-26 19:07 - 2014-07-26 19:07 - 00875472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2014-07-26 19:07 - 2014-07-26 19:07 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2014-07-26 19:07 - 2014-07-26 19:07 - 00252400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 22:15 - 2014-08-15 07:51 - 00000000 ____D () C:\FRST
2014-08-18 18:09 - 2014-08-06 17:58 - 00048523 _____ () C:\Users\GDC\Desktop\elements walkthrough.ods
2014-08-18 18:09 - 2014-07-31 20:58 - 01050010 _____ () C:\Windows\WindowsUpdate.log
2014-08-18 17:55 - 2014-02-13 16:39 - 00003964 _____ () C:\Users\GDC\Desktop\netflix.txt
2014-08-18 17:15 - 2013-10-29 14:40 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-18 15:41 - 2009-07-13 20:45 - 00021888 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-18 15:41 - 2009-07-13 20:45 - 00021888 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-18 15:39 - 2014-07-31 20:53 - 00004088 _____ () C:\Windows\setupact.log
2014-08-18 15:38 - 2009-07-13 21:13 - 00783400 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-18 15:35 - 2013-10-29 14:40 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-18 15:34 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-18 13:38 - 2013-12-28 00:00 - 00000000 ____D () C:\Windows\rescache
2014-08-18 08:41 - 2014-08-18 08:41 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-18 08:41 - 2014-08-06 06:25 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-18 08:41 - 2013-01-01 13:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-17 11:50 - 2014-07-30 21:02 - 00000000 ____D () C:\Users\GDC\Desktop\anti-rootkit
2014-08-17 10:30 - 2012-01-05 15:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-17 08:49 - 2014-07-31 13:32 - 00036456 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-08-17 08:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-17 01:10 - 2013-07-26 23:50 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-17 01:09 - 2011-12-29 13:49 - 99218768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-08-16 22:47 - 2014-07-31 20:55 - 00004288 _____ () C:\Windows\PFRO.log
2014-08-16 22:06 - 2012-08-20 11:30 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Skype
2014-08-16 20:00 - 2013-05-29 20:35 - 00000432 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-08-16 09:14 - 2014-08-16 09:13 - 00028237 _____ () C:\zoek-results.log
2014-08-16 09:13 - 2014-08-16 09:12 - 00000000 ____D () C:\zoek_backup
2014-08-16 09:01 - 2014-07-31 15:49 - 00000000 ____D () C:\AdwCleaner
2014-08-16 09:00 - 2013-11-29 23:29 - 00000000 ____D () C:\users\Admin -disaster only
2014-08-16 08:55 - 2014-08-01 12:00 - 00000000 ____D () C:\Users\GDC\AppData\Local\CrashDumps
2014-08-16 08:40 - 2012-01-05 16:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-15 13:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-08-15 10:03 - 2014-08-15 10:03 - 00027492 _____ () C:\ComboFix.txt
2014-08-15 10:03 - 2014-08-15 07:53 - 00000000 ____D () C:\Qoobox
2014-08-15 10:03 - 2009-07-13 19:20 - 00000000 __RHD () C:\users\Default
2014-08-15 10:02 - 2014-08-15 07:53 - 00000000 ____D () C:\Windows\erdnt
2014-08-15 10:02 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-15 07:55 - 2009-07-13 18:34 - 75497472 _____ () C:\Windows\System32\config\SOFTWARE.bak
2014-08-15 07:55 - 2009-07-13 18:34 - 17039360 _____ () C:\Windows\System32\config\SYSTEM.bak
2014-08-15 07:55 - 2009-07-13 18:34 - 05505024 _____ () C:\Windows\System32\config\DEFAULT.bak
2014-08-15 07:55 - 2009-07-13 18:34 - 00262144 _____ () C:\Windows\System32\config\SECURITY.bak
2014-08-15 07:55 - 2009-07-13 18:34 - 00262144 _____ () C:\Windows\System32\config\SAM.bak
2014-08-15 07:42 - 2014-08-15 07:42 - 00000000 ____D () C:\_OTL
2014-08-14 15:57 - 2013-11-29 23:33 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Wise Care 365
2014-08-14 12:15 - 2014-07-30 21:04 - 00002958 _____ () C:\Users\Admin -disaster only\Desktop\Rkill.txt
2014-08-14 12:11 - 2014-08-14 12:11 - 514927041 _____ () C:\Windows\MEMORY.DMP
2014-08-14 12:11 - 2014-08-14 12:11 - 00572088 _____ () C:\Windows\Minidump\081414-17940-01.dmp
2014-08-14 12:11 - 2012-12-31 14:05 - 00000000 ____D () C:\Windows\Minidump
2014-08-14 12:03 - 2013-11-08 05:35 - 00072264 _____ () C:\Users\GDC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-14 12:03 - 2009-07-13 20:45 - 00331592 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-13 21:54 - 2012-02-23 15:08 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\SoftGrid Client
2014-08-13 12:41 - 2014-08-06 20:26 - 00049524 _____ () C:\Users\GDC\Desktop\Elements Walkthrough.odt
2014-08-13 12:16 - 2013-10-29 14:41 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-13 10:56 - 2014-08-13 10:20 - 00000000 ____D () C:\Users\GDC\AppData\Local\adawarebp
2014-08-13 09:41 - 2014-07-31 13:50 - 00000546 _____ () C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
2014-08-13 09:41 - 2014-07-31 13:50 - 00000000 ____D () C:\EEK
2014-08-12 16:57 - 2014-08-12 16:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-12 16:57 - 2014-08-12 16:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-12 16:57 - 2014-08-12 16:57 - 00000000 ____D () C:\Users\GDC\AppData\Local\Skype
2014-08-12 16:57 - 2012-08-20 11:30 - 00000000 ____D () C:\ProgramData\Skype
2014-08-11 21:36 - 2014-08-11 20:42 - 00044312 _____ () C:\Users\GDC\Desktop\rotational programs.odt
2014-08-06 17:58 - 2014-08-06 17:58 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\LibreOffice
2014-08-06 17:57 - 2014-08-06 17:57 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-08-06 17:57 - 2014-08-06 17:57 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-08-06 06:25 - 2013-01-01 13:49 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 05:20 - 2010-11-20 19:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-08-04 11:43 - 2013-10-04 21:59 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\KeePass
2014-08-03 19:30 - 2014-02-08 13:22 - 00000000 ____D () C:\Program Files\WinRAR
2014-08-03 18:52 - 2014-08-03 18:52 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-03 18:40 - 2011-12-27 14:57 - 00000000 ____D () C:\users\GDC
2014-08-03 15:37 - 2014-07-03 21:48 - 00000425 _____ () C:\Users\GDC\Desktop\July to Do.txt
2014-08-02 11:54 - 2014-08-01 13:12 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
2014-07-31 20:53 - 2014-07-31 20:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-31 20:52 - 2013-10-25 12:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-31 20:52 - 2013-10-25 12:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-31 20:49 - 2014-07-31 20:48 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\vlc
2014-07-31 20:47 - 2013-07-22 20:43 - 00000773 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-31 20:45 - 2014-07-31 20:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-31 20:44 - 2014-07-31 20:44 - 00006107 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-31 20:44 - 2013-06-28 08:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-31 20:42 - 2013-05-29 20:35 - 00003130 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-07-31 20:39 - 2013-10-03 22:43 - 00002054 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-07-31 20:04 - 2014-07-31 20:04 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Local\CrashDumps
2014-07-31 19:54 - 2014-07-30 20:59 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-31 19:49 - 2014-07-31 19:44 - 00000000 ____D () C:\Users\Admin -disaster only\Desktop\mbar
2014-07-31 19:49 - 2014-07-31 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-31 19:19 - 2014-07-31 20:24 - 00000768 _____ () C:\Windows\System32\Drivers\etc\hosts.20140801-002457.backup
2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 15:56 - 2011-12-09 14:33 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-07-31 15:56 - 2011-12-09 14:33 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-07-31 15:41 - 2014-08-15 13:11 - 00348856 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-07-31 15:16 - 2014-08-15 13:11 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 13:47 - 2014-07-31 13:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-31 13:46 - 2013-11-09 21:17 - 00000000 ____D () C:\Users\GDC\Desktop\Agaresttrainer_+4
2014-07-31 13:32 - 2014-07-31 13:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-30 20:59 - 2014-07-30 20:59 - 00003229 _____ () C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
2014-07-30 20:59 - 2014-07-30 20:59 - 00000000 ____D () C:\ProgramData\Sophos
2014-07-30 16:02 - 2014-07-30 16:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-30 15:59 - 2014-07-30 15:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieUserList
2014-07-30 15:59 - 2014-07-30 15:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
2014-07-29 21:00 - 2013-11-15 23:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 06:29 - 2012-02-01 19:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 06:29 - 2012-02-01 19:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-26 19:07 - 2014-07-26 19:07 - 00875472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2014-07-26 19:07 - 2014-07-26 19:07 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2014-07-26 19:07 - 2014-07-26 19:07 - 00252400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
2014-07-25 06:52 - 2014-08-15 13:11 - 23645696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-25 06:02 - 2014-08-15 13:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-07-25 06:01 - 2014-08-15 13:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 05:51 - 2014-08-15 13:11 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 05:30 - 2014-08-15 13:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-07-25 05:28 - 2014-08-15 13:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-07-25 05:28 - 2014-08-15 13:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-07-25 05:25 - 2014-08-15 13:11 - 02774528 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-25 05:25 - 2014-08-15 13:11 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-07-25 05:11 - 2014-08-15 13:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-07-25 05:10 - 2014-08-15 13:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-07-25 05:04 - 2014-08-15 13:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 05:03 - 2014-08-15 13:11 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-07-25 05:00 - 2014-08-15 13:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-07-25 05:00 - 2014-08-15 13:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-07-25 04:59 - 2014-08-15 13:11 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-07-25 04:47 - 2014-08-15 13:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 04:40 - 2014-08-15 13:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-25 04:34 - 2014-08-15 13:11 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 04:34 - 2014-08-15 13:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 04:33 - 2014-08-15 13:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 04:30 - 2014-08-15 13:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 04:28 - 2014-08-15 13:11 - 05824512 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-25 04:28 - 2014-08-15 13:11 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 04:21 - 2014-08-15 13:11 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 04:19 - 2014-08-15 13:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-07-25 04:18 - 2014-08-15 13:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 04:17 - 2014-08-15 13:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-07-25 04:17 - 2014-08-15 13:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 04:12 - 2014-08-15 13:11 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 04:10 - 2014-08-15 13:11 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-25 04:10 - 2014-08-15 13:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 04:08 - 2014-08-15 13:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 04:06 - 2014-08-15 13:11 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 03:52 - 2014-08-15 13:11 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 03:47 - 2014-08-15 13:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-25 03:43 - 2014-08-15 13:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 03:42 - 2014-08-15 13:11 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-07-25 03:39 - 2014-08-15 13:11 - 02087936 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-25 03:39 - 2014-08-15 13:11 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-07-25 03:36 - 2014-08-15 13:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 03:34 - 2014-08-15 13:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 03:29 - 2014-08-15 13:11 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 03:23 - 2014-08-15 13:11 - 13547008 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-25 03:13 - 2014-08-15 13:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 03:07 - 2014-08-15 13:11 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 03:07 - 2014-08-15 13:11 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 03:03 - 2014-08-15 13:11 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 02:52 - 2014-08-15 13:11 - 02266624 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-25 02:26 - 2014-08-15 13:11 - 01431040 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-25 02:17 - 2014-08-15 13:11 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-07-25 02:09 - 2014-08-15 13:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 02:05 - 2014-08-15 13:11 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 02:00 - 2014-08-15 13:11 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 04:53 - 2013-05-07 07:35 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
 
Some content of TEMP:
====================
C:\Users\GDC\AppData\Local\Temp\avgnt.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2014-08-18 13:39:03
 
==================== Memory info =========================== 
 
Percentage of memory in use: 7%
Total physical RAM: 16301.12 MB
Available physical RAM: 15134.76 MB
Total Pagefile: 16299.32 MB
Available Pagefile: 15133.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:55.8 GB) (Free:8.24 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive g: (Repair disc Windows 7 64-bit) (Removable) (Total:0.49 GB) (Free:0.3 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:931.51 GB) (Free:18.65 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CE920B61)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: CE920B6D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 500 MB) (Disk ID: 004DE985)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
 
 
LastRegBack: 2014-08-18 13:31
 
==================== End Of Log ============================

Edited by ihatesvchost.exe, 18 August 2014 - 08:31 PM.

  • 0

#49
Biscuithd
Posted 18 August 2014 - 10:27 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

FYI...it's very late here, so I'm not going to try and assess the whole log tonight, but will get on it first thing tomorrow. However, one piece of good news...I absolutely found 1 piece of Malware. I'm betting on more..


  • 0

#50
Biscuithd
Posted 19 August 2014 - 10:48 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Bad news and good news. Bad news is that the malware I thought I saw last night turned out to be ok. The good new is the same...no apparent malware.

 

Next step is to do a Startup Repair...three times in a row, regardless of what the report tells you! Once you've done the repair three times, then try to boot normally. If you can, then give me a fresh FRST scan. Below are instructions for running Windows Repair incase you don't have them.

 

Run Windows 7 SRD:

Boot from the Windows 7 SRD disc.
 

  • If not sure how to, a very good tutorial can be read here.
  • You will have to answer a few basic questions then select the option Repair your computer
  • At the the System Recovery Options screen click Windows 7 to highlight then Next>
  • Now click on/select Startup Repair
  • If prompted to use System Restore, select Cancel.
  • The same if prompted to Send information about this problem (recommended), select Don't send.
  • Click Finish when Startup Repair has completed. Repeat this three times!

  • 0

#51
ihatesvchost.exe
Posted 19 August 2014 - 12:29 PM

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Ok thanks. It sounds almost too good to be true, but we can hope. I ran the start-up repair multiple times without incident. I will try running the computer normally the rest of the afternoon and let you know if I see any suspicious activity.

 

Latest log is below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Admin -disaster only (administrator) on GDC-PC on 19-08-2014 14:25:40
Running from C:\Users\GDC\Desktop\anti-rootkit
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CAHS1Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [SPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-30] (Gigabyte Technology CO., LTD.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Run: [SpybotSD TeaTimer] => d:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1520015183-56102371-4256460016-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> d:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: No Name -> {45d30484-7ded-43d9-957a-d2fd1f046511} ->  No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> d:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> d:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-27]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - d:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-12-29] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [128928 2010-12-14] (Futuremark Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 SBSDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-28] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-07-31] (Emsisoft GmbH)
S3 CorsairCAHS1; C:\Windows\System32\drivers\CAHS164.sys [1308160 2011-06-16] (C-Media Electronics Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-30] (DT Soft Ltd)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-31] (GFI Software)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [36456 2014-08-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\4B91.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 12:41 - 2014-08-18 12:41 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-17 05:07 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 05:07 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 05:07 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 05:07 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 05:07 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 05:07 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 05:07 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 05:07 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 13:13 - 2014-08-16 13:14 - 00028237 _____ () C:\zoek-results.log
2014-08-16 13:12 - 2014-08-16 13:13 - 00000000 ____D () C:\zoek_backup
2014-08-15 17:11 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 17:11 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 17:11 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 17:11 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 17:11 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 17:11 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 17:11 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 17:11 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 17:11 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 17:11 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 17:11 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 17:11 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 17:11 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 17:11 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 17:11 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 17:11 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 17:11 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 17:11 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 17:11 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 17:11 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 17:11 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 17:11 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 17:11 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 17:11 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 17:11 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 17:11 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 17:11 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 17:11 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 17:11 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 17:11 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 17:11 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 17:11 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 17:11 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 17:11 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 17:11 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 17:11 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 17:11 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 17:11 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 17:11 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 17:11 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 17:11 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 17:11 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 17:11 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 17:11 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 17:11 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 17:11 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 17:11 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 17:11 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 17:11 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 17:11 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 17:11 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 17:11 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 17:11 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 17:11 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 17:11 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 17:11 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 17:11 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 17:11 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 17:11 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 17:11 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 17:11 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 17:11 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 17:11 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 17:11 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 17:11 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 17:11 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 17:11 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 17:11 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 17:10 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 17:10 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 14:03 - 2014-08-15 14:03 - 00027492 _____ () C:\ComboFix.txt
2014-08-15 11:53 - 2014-08-15 14:03 - 00000000 ____D () C:\Qoobox
2014-08-15 11:53 - 2014-08-15 14:02 - 00000000 ____D () C:\Windows\erdnt
2014-08-15 11:53 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-15 11:53 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-15 11:53 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-15 11:51 - 2014-08-19 14:25 - 00000000 ____D () C:\FRST
2014-08-15 11:42 - 2014-08-15 11:42 - 00000000 ____D () C:\_OTL
2014-08-14 16:11 - 2014-08-14 16:11 - 514927041 _____ () C:\Windows\MEMORY.DMP
2014-08-14 16:11 - 2014-08-14 16:11 - 00572088 _____ () C:\Windows\Minidump\081414-17940-01.dmp
2014-08-13 14:20 - 2014-08-13 14:56 - 00000000 ____D () C:\Users\GDC\AppData\Local\adawarebp
2014-08-12 20:57 - 2014-08-12 20:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\Users\GDC\AppData\Local\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-12 00:42 - 2014-08-12 01:36 - 00044312 _____ () C:\Users\GDC\Desktop\rotational programs.odt
2014-08-07 00:26 - 2014-08-13 16:41 - 00049524 _____ () C:\Users\GDC\Desktop\Elements Walkthrough.odt
2014-08-06 21:58 - 2014-08-19 01:27 - 00049043 _____ () C:\Users\GDC\Desktop\elements walkthrough.ods
2014-08-06 21:58 - 2014-08-06 21:58 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\LibreOffice
2014-08-06 21:57 - 2014-08-06 21:57 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-08-06 10:25 - 2014-08-18 12:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-01 17:12 - 2014-08-02 15:54 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
2014-08-01 16:00 - 2014-08-16 12:55 - 00000000 ____D () C:\Users\GDC\AppData\Local\CrashDumps
2014-08-01 14:32 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 14:32 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 14:32 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 14:32 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 14:32 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 14:32 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 14:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 14:32 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 14:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 00:58 - 2014-08-19 02:05 - 01055544 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 00:55 - 2014-08-17 02:47 - 00004288 _____ () C:\Windows\PFRO.log
2014-08-01 00:53 - 2014-08-19 14:22 - 00004312 _____ () C:\Windows\setupact.log
2014-08-01 00:53 - 2014-08-01 00:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 00:48 - 2014-08-19 01:47 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\vlc
2014-08-01 00:45 - 2014-08-01 00:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 00:44 - 2014-08-01 00:44 - 00006107 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-01 00:44 - 2014-08-01 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 00:44 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 00:44 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-01 00:44 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-01 00:44 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 00:24 - 2014-07-31 23:19 - 00000768 _____ () C:\Windows\system32\Drivers\etc\hosts.20140801-002457.backup
2014-08-01 00:04 - 2014-08-01 00:04 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Local\CrashDumps
2014-07-31 23:44 - 2014-07-31 23:49 - 00000000 ____D () C:\Users\Admin -disaster only\Desktop\mbar
2014-07-31 23:44 - 2014-07-31 23:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-31 20:04 - 2014-07-31 20:04 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 19:49 - 2014-08-16 13:01 - 00000000 ____D () C:\AdwCleaner
2014-07-31 17:50 - 2014-08-13 13:41 - 00000546 _____ () C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
2014-07-31 17:50 - 2014-08-13 13:41 - 00000000 ____D () C:\EEK
2014-07-31 17:43 - 2014-07-31 17:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-31 17:32 - 2014-08-17 12:49 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-31 01:04 - 2014-08-14 16:15 - 00002958 _____ () C:\Users\Admin -disaster only\Desktop\Rkill.txt
2014-07-31 01:02 - 2014-08-19 14:25 - 00000000 ____D () C:\Users\GDC\Desktop\anti-rootkit
2014-07-31 00:59 - 2014-07-31 23:54 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-31 00:59 - 2014-07-31 00:59 - 00003229 _____ () C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\ProgramData\Sophos
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieUserList
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
2014-07-29 21:10 - 2013-08-10 02:16 - 00450636 _____ () C:\Windows\system32\Drivers\etc\hosts.20140729-211016.backup
2014-07-26 23:07 - 2014-07-26 23:07 - 00875472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00252400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 14:25 - 2014-08-15 11:51 - 00000000 ____D () C:\FRST
2014-08-19 14:25 - 2014-07-31 01:02 - 00000000 ____D () C:\Users\GDC\Desktop\anti-rootkit
2014-08-19 14:23 - 2013-10-29 18:40 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 14:22 - 2014-08-01 00:53 - 00004312 _____ () C:\Windows\setupact.log
2014-08-19 14:22 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 02:05 - 2014-08-01 00:58 - 01055544 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 01:47 - 2014-08-01 00:48 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\vlc
2014-08-19 01:27 - 2014-08-06 21:58 - 00049043 _____ () C:\Users\GDC\Desktop\elements walkthrough.ods
2014-08-19 01:14 - 2013-10-29 18:40 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 00:04 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 00:04 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 00:03 - 2009-07-14 01:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 00:00 - 2013-05-30 00:35 - 00000432 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-08-18 21:55 - 2014-02-13 20:39 - 00003964 _____ () C:\Users\GDC\Desktop\netflix.txt
2014-08-18 17:38 - 2013-12-28 04:00 - 00000000 ____D () C:\Windows\rescache
2014-08-18 12:41 - 2014-08-18 12:41 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-18 12:41 - 2014-08-06 10:25 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-18 12:41 - 2013-01-01 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-18 12:41 - 2013-01-01 17:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-17 14:30 - 2012-01-05 19:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-17 12:49 - 2014-07-31 17:32 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-17 12:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-17 05:10 - 2013-07-27 03:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-17 05:09 - 2011-12-29 17:49 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-17 02:47 - 2014-08-01 00:55 - 00004288 _____ () C:\Windows\PFRO.log
2014-08-17 02:06 - 2012-08-20 15:30 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Skype
2014-08-16 13:14 - 2014-08-16 13:13 - 00028237 _____ () C:\zoek-results.log
2014-08-16 13:13 - 2014-08-16 13:12 - 00000000 ____D () C:\zoek_backup
2014-08-16 13:01 - 2014-07-31 19:49 - 00000000 ____D () C:\AdwCleaner
2014-08-16 13:00 - 2013-11-30 03:29 - 00000000 ____D () C:\Users\Admin -disaster only
2014-08-16 12:55 - 2014-08-01 16:00 - 00000000 ____D () C:\Users\GDC\AppData\Local\CrashDumps
2014-08-16 12:40 - 2012-01-05 20:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-15 17:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-15 14:03 - 2014-08-15 14:03 - 00027492 _____ () C:\ComboFix.txt
2014-08-15 14:03 - 2014-08-15 11:53 - 00000000 ____D () C:\Qoobox
2014-08-15 14:03 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-08-15 14:02 - 2014-08-15 11:53 - 00000000 ____D () C:\Windows\erdnt
2014-08-15 14:02 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-15 11:55 - 2009-07-13 22:34 - 75497472 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-15 11:55 - 2009-07-13 22:34 - 17039360 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-15 11:55 - 2009-07-13 22:34 - 05505024 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-15 11:55 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-15 11:55 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-15 11:42 - 2014-08-15 11:42 - 00000000 ____D () C:\_OTL
2014-08-14 19:57 - 2013-11-30 03:33 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Wise Care 365
2014-08-14 16:15 - 2014-07-31 01:04 - 00002958 _____ () C:\Users\Admin -disaster only\Desktop\Rkill.txt
2014-08-14 16:11 - 2014-08-14 16:11 - 514927041 _____ () C:\Windows\MEMORY.DMP
2014-08-14 16:11 - 2014-08-14 16:11 - 00572088 _____ () C:\Windows\Minidump\081414-17940-01.dmp
2014-08-14 16:11 - 2012-12-31 18:05 - 00000000 ____D () C:\Windows\Minidump
2014-08-14 16:03 - 2013-11-08 09:35 - 00072264 _____ () C:\Users\GDC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-14 16:03 - 2009-07-14 00:45 - 00331592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-14 01:54 - 2012-02-23 19:08 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\SoftGrid Client
2014-08-13 16:41 - 2014-08-07 00:26 - 00049524 _____ () C:\Users\GDC\Desktop\Elements Walkthrough.odt
2014-08-13 16:16 - 2013-10-29 18:41 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-13 14:56 - 2014-08-13 14:20 - 00000000 ____D () C:\Users\GDC\AppData\Local\adawarebp
2014-08-13 13:41 - 2014-07-31 17:50 - 00000546 _____ () C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
2014-08-13 13:41 - 2014-07-31 17:50 - 00000000 ____D () C:\EEK
2014-08-12 20:57 - 2014-08-12 20:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\Users\GDC\AppData\Local\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-12 20:57 - 2012-08-20 15:30 - 00000000 ____D () C:\ProgramData\Skype
2014-08-12 01:36 - 2014-08-12 00:42 - 00044312 _____ () C:\Users\GDC\Desktop\rotational programs.odt
2014-08-06 21:58 - 2014-08-06 21:58 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\LibreOffice
2014-08-06 21:57 - 2014-08-06 21:57 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-08-06 10:25 - 2013-01-01 17:49 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 15:43 - 2013-10-05 01:59 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\KeePass
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 23:30 - 2014-02-08 17:22 - 00000000 ____D () C:\Program Files\WinRAR
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-03 22:40 - 2011-12-27 18:57 - 00000000 ____D () C:\Users\GDC
2014-08-03 19:37 - 2014-07-04 01:48 - 00000425 _____ () C:\Users\GDC\Desktop\July to Do.txt
2014-08-02 15:54 - 2014-08-01 17:12 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
2014-08-01 00:53 - 2014-08-01 00:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 00:52 - 2013-10-25 16:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 00:52 - 2013-10-25 16:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 00:47 - 2013-07-23 00:43 - 00000773 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-01 00:47 - 2013-07-23 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-01 00:45 - 2014-08-01 00:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 00:44 - 2014-08-01 00:44 - 00006107 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-01 00:44 - 2014-08-01 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 00:44 - 2013-06-28 12:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 00:42 - 2013-05-30 00:35 - 00003130 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-08-01 00:39 - 2013-10-04 02:43 - 00002054 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-08-01 00:39 - 2013-10-04 02:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2014-08-01 00:04 - 2014-08-01 00:04 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Local\CrashDumps
2014-07-31 23:54 - 2014-07-31 00:59 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-31 23:49 - 2014-07-31 23:44 - 00000000 ____D () C:\Users\Admin -disaster only\Desktop\mbar
2014-07-31 23:49 - 2014-07-31 23:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-31 23:19 - 2014-08-01 00:24 - 00000768 _____ () C:\Windows\system32\Drivers\etc\hosts.20140801-002457.backup
2014-07-31 20:04 - 2014-07-31 20:04 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 19:56 - 2011-12-09 18:33 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-07-31 19:56 - 2011-12-09 18:33 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-07-31 19:41 - 2014-08-15 17:11 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-15 17:11 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 17:47 - 2014-07-31 17:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-31 17:46 - 2013-11-10 01:17 - 00000000 ____D () C:\Users\GDC\Desktop\Agaresttrainer_+4
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-31 00:59 - 2014-07-31 00:59 - 00003229 _____ () C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\ProgramData\Sophos
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieUserList
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
2014-07-30 01:00 - 2013-11-16 03:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 10:29 - 2012-02-01 23:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 10:29 - 2012-02-01 23:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 01:11 - 2012-02-01 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 23:07 - 2014-07-26 23:07 - 00875472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00252400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
2014-07-25 10:52 - 2014-08-15 17:11 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 10:02 - 2014-08-15 17:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 10:01 - 2014-08-15 17:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 09:51 - 2014-08-15 17:11 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 09:30 - 2014-08-15 17:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 09:28 - 2014-08-15 17:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 09:28 - 2014-08-15 17:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 09:25 - 2014-08-15 17:11 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-15 17:11 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 09:11 - 2014-08-15 17:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 09:10 - 2014-08-15 17:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 09:04 - 2014-08-15 17:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 09:03 - 2014-08-15 17:11 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 09:00 - 2014-08-15 17:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 09:00 - 2014-08-15 17:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 08:59 - 2014-08-15 17:11 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 08:47 - 2014-08-15 17:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 08:40 - 2014-08-15 17:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-15 17:11 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 08:34 - 2014-08-15 17:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 08:33 - 2014-08-15 17:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 08:30 - 2014-08-15 17:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-15 17:11 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-15 17:11 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-15 17:11 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 08:19 - 2014-08-15 17:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 08:18 - 2014-08-15 17:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 08:17 - 2014-08-15 17:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 08:17 - 2014-08-15 17:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 08:12 - 2014-08-15 17:11 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 08:10 - 2014-08-15 17:11 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 08:10 - 2014-08-15 17:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 08:08 - 2014-08-15 17:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-15 17:11 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-15 17:11 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-15 17:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-15 17:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-15 17:11 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-15 17:11 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 07:39 - 2014-08-15 17:11 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 07:36 - 2014-08-15 17:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 07:34 - 2014-08-15 17:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 07:29 - 2014-08-15 17:11 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 07:23 - 2014-08-15 17:11 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-15 17:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 07:07 - 2014-08-15 17:11 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 07:07 - 2014-08-15 17:11 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 07:03 - 2014-08-15 17:11 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-15 17:11 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 06:26 - 2014-08-15 17:11 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-15 17:11 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-15 17:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-15 17:11 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-15 17:11 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 08:53 - 2013-05-07 11:35 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

Some content of TEMP:
====================
C:\Users\GDC\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-18 17:31

==================== End Of Log ============================


  • 0

#52
Biscuithd
Posted 19 August 2014 - 12:41 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok thanks.

 

Your welcome :thumbsup:

 

It sounds almost too good to be true, but we can hope. I ran the start-up repair multiple times without incident. I will try running the computer normally the rest of the afternoon and let you know if I see any suspicious activity.

 

Yes, let's see how it goes.

 

This most recent log (as the few before it) is clean, so if there are issues, it's either Hardware or the Operating System. We have experts in both areas here on G2G and you could open a topic in either place.


  • 0

#53
ihatesvchost.exe
Posted 19 August 2014 - 04:01 PM

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

One suspicious file flagged by Avira while I left computer attended. I have reports like

 

Begin scan in 'C:\Users\GDC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PLJ5G2Q4\nbmile[1].htm'
C:\Users\GDC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PLJ5G2Q4\nbmile[1].htm
  [DETECTION] Contains recognition pattern of the HTML/Rce.Gen5 HTML script virus
 

And from yesterday:

 

Begin scan in 'C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\oev0.dll'
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\oev0.dll
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5148ec8e.qua'!

 

It flagged this before I came back and saw the CPU @100% with all the rundll processes.

 

 

Another location it has flagged several times over the last couple of weeks (this was from 7/31)

 

Begin scan in 'C:\Users\GDC\AppData\Roaming\fcbbze.dll'
C:\Users\GDC\AppData\Roaming\fcbbze.dll
  [DETECTION] Is the TR/Zusy.100510.1 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '57c7db9e.qua'!

 

 

It has consistently noticed things in temp files and appdata.


  • 0

#54
Biscuithd
Posted 20 August 2014 - 06:04 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Honestly, I don't know what those things are. They could be tracking cookies, false positives, tmp files, etc. I can tell you that I don't see active malware in your scans. I do see a lot of users with those types of complaints when using Avira. When they switch to Avast, MSE, Defender, those flags disappear. You could opine that Avira is catching things that the others arn't. Maybe. Or, maybe Avira's Heuristic engine is firing on things that do look a little untoward, but fall into the acceptable range with other a/v's. Don't forget, it's not always black and white. There is a rainbow of gray when it comes to malware.

 

As for the CPU being at 100%, I can't really speak to that. It's a question for the Hardware group here if you're inclined to persue it. My opinion is...stop using Task Manager, you'll make yourself crazy. Task Manager itself will peg the CPU while it figures out what's pegging the CPU. It's a vicious circle.

 

All of that said, how the machine doing?


  • 0

#55
ihatesvchost.exe
Posted 20 August 2014 - 09:24 PM

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

My computer is functioning a lot better, thanks to your help Biscuit. I think we fixed the SVChost file sucesfully, but it seems like lower-grade malware is lingering somewhere else.

 

Examine the sequence of events that happened tonight:

 

1. Avira trigged a notice about a detection in AppData/Local/Temp Internet files.

 

2. Google chrome opened windows by itself immediately after and reopened them when I closed them. (Google chrome was not open nor is it the default browser)

 

3. When I checked the task manager I saw multiple rundll 32.exe files running, but I could see the location was the Appdata folder for some of them.

 

4. I manual ended the process for the rundll files in the app data folder and google chrome stopped opening itself.

 

 

The computer seems to be operating normally now but I am very concerned that it is still in a very vulnerable state.


Edited by ihatesvchost.exe, 20 August 2014 - 09:25 PM.

  • 0

Advertisements

#56
Biscuithd
Posted 21 August 2014 - 09:17 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

There are a couple of things that we can handle. First is HitMan Pro. It is utter dross and has caused a myriad of issues for us is recent memory. How about uninstalling that.

 

Next, I should have noticed earlier, but you have some things installed from the D: drive and we've not scanned that drive. I need to research how to specifically scan that drive as most of our tools want to only scan the Boot drive.

 

Last, there a couple of things we can try in FRST.

 

FRST.gif Fix with Farbar Recovery Scan Tool



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start

CHR HKLM\SOFTWARE\Policies\Google: Policy restrictionEMPTYTEMP:end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!


  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

 

Then re-run FRST and put checks in the following Optional Scan boxes, Drivers MD5, Shortcut.txt, and Addition.txt and post the resulting logs.

 


  • 0

#57
ihatesvchost.exe
Posted 21 August 2014 - 09:54 PM

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

I uninstalled Hitman a few days ago. I hope its not still showing up somehow. Thanks again for sticking with me.

 

Logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by Admin -disaster only at 2014-08-21 12:29:22 Run:1
Running from C:\Users\GDC\Desktop\anti-rootkit
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CHR HKLM\SOFTWARE\Policies\Google: Policy restrictionEMPTYTEMP:end
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

==== End of Fixlog ====

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Admin -disaster only (administrator) on GDC-PC on 21-08-2014 23:51:48
Running from C:\Users\GDC\Desktop\anti-rootkit
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files\Corsair USB Headset\Customapp\Program\CAHS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
() C:\Program Files\Corsair USB Headset\Customapp\Program\CAHS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CAHS1Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [SPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-30] (Gigabyte Technology CO., LTD.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Run: [SpybotSD TeaTimer] => d:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1520015183-56102371-4256460016-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> d:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: No Name -> {45d30484-7ded-43d9-957a-d2fd1f046511} ->  No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> d:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> d:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-27]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - d:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-12-29] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [128928 2010-12-14] (Futuremark Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 SBSDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-28] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-07-31] (Emsisoft GmbH)
R3 CorsairCAHS1; C:\Windows\System32\drivers\CAHS164.sys [1308160 2011-06-16] (C-Media Electronics Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-30] (DT Soft Ltd)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-31] (GFI Software)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\4B91.tmp [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 22A14DF59FB8D0BE918C597988AF4296
C:\Windows\System32\DRIVERS\atikmpag.sys EE22D3ED6D55A855E709F811CCCA97ED
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AppleCharger.sys 6BE11AD81D4527D299F0CB5F3731AABC
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrxusb.sys 788914C42AD8318F1DD7A565EAFFB049
C:\Windows\System32\drivers\AtihdW76.sys 437F55435623D4D54D36197F5AD8B435
C:\Windows\System32\DRIVERS\atikmdag.sys 22A14DF59FB8D0BE918C597988AF4296
C:\Windows\System32\DRIVERS\avgntflt.sys 4663C5AD76FE8E19592DE808156FA07D
C:\Windows\System32\DRIVERS\avipbb.sys 8902AEC2382A37E9E99A4E0D52DBD42B
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwlhigh664.sys 44E6E51AEDBF3E0B38A6CD5432649E57
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\EEK\Run\cleanhlp64.sys B794DCF38C965FA2F93C45A7C3D582C5
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\drivers\CAHS164.sys 984CC82169360EA26076A77949254A1B
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 400582B09E0BB557D0EC28A945150EEB
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\EtronHub3.sys 72ECCB2F5C9CFC32A9B2A60933832501
C:\Windows\System32\Drivers\EtronXHCI.sys 7BB310F6FB9E1B9D21DD2CE7EB0D5464
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\gfibto.sys 14908F4F9005C29DE8F5587E271390EE
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 348214F96642FD4FEF630DE021BA3540
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys DD81FBC57AB9134CDDC5CE90880BFD80
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys E50CFB92986DCAB49DE93788FD695813
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scmndisp.sys 2A50BE713FAF033420466C25979C028E
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\t3.sys 6B153E518DBE6EF59191152E1ECF7ED4
C:\Windows\System32\DRIVERS\taphss6.sys 83C57F165F0216E5CE40D7E4E00DC76D
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\drivers\WmBEnum.sys 680A7846370000D20D7E74917D5B7936
C:\Windows\System32\drivers\WmFilter.sys 14C35BA8189C6F65D839163AA285E954
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\WmVirHid.sys 8488DD91A3EE54A8E29F02AD7BB8201E
C:\Windows\System32\drivers\WmXlCore.sys 14802B3A30AA849C97CB968CCC813BF3
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xnacc.sys 4A5CE13408945E525503B5F73D29B9C5
C:\Windows\System32\DRIVERS\xusb21.sys 38F55D07B1D3391065C40EC065F984E2
C:\Windows\System32\DRIVERS\yk62x64.sys B3EEACF62445E24FBB2CD4B0FB4DB026

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 12:41 - 2014-08-18 12:41 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-17 05:07 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 05:07 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 05:07 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 05:07 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 05:07 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 05:07 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 05:07 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 05:07 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 13:13 - 2014-08-16 13:14 - 00028237 _____ () C:\zoek-results.log
2014-08-16 13:12 - 2014-08-16 13:13 - 00000000 ____D () C:\zoek_backup
2014-08-15 17:11 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 17:11 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 17:11 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 17:11 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 17:11 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 17:11 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 17:11 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 17:11 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 17:11 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 17:11 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 17:11 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 17:11 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 17:11 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 17:11 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 17:11 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 17:11 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 17:11 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 17:11 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 17:11 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 17:11 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 17:11 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 17:11 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 17:11 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 17:11 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 17:11 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 17:11 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 17:11 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 17:11 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 17:11 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 17:11 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 17:11 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 17:11 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 17:11 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 17:11 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 17:11 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 17:11 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 17:11 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 17:11 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 17:11 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 17:11 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 17:11 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 17:11 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 17:11 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 17:11 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 17:11 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 17:11 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 17:11 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 17:11 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 17:11 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 17:11 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 17:11 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 17:11 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 17:11 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 17:11 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 17:11 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 17:11 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 17:11 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 17:11 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 17:11 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 17:11 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 17:11 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 17:11 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 17:11 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 17:11 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 17:11 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 17:11 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 17:11 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 17:11 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 17:10 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 17:10 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 14:03 - 2014-08-15 14:03 - 00027492 _____ () C:\ComboFix.txt
2014-08-15 11:53 - 2014-08-15 14:03 - 00000000 ____D () C:\Qoobox
2014-08-15 11:53 - 2014-08-15 14:02 - 00000000 ____D () C:\Windows\erdnt
2014-08-15 11:53 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-15 11:53 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-15 11:53 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-15 11:51 - 2014-08-21 23:51 - 00000000 ____D () C:\FRST
2014-08-15 11:42 - 2014-08-15 11:42 - 00000000 ____D () C:\_OTL
2014-08-14 16:11 - 2014-08-14 16:11 - 514927041 _____ () C:\Windows\MEMORY.DMP
2014-08-14 16:11 - 2014-08-14 16:11 - 00572088 _____ () C:\Windows\Minidump\081414-17940-01.dmp
2014-08-13 14:20 - 2014-08-13 14:56 - 00000000 ____D () C:\Users\GDC\AppData\Local\adawarebp
2014-08-12 20:57 - 2014-08-12 20:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\Users\GDC\AppData\Local\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-06 21:58 - 2014-08-06 21:58 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\LibreOffice
2014-08-06 21:57 - 2014-08-06 21:57 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-08-06 10:25 - 2014-08-18 12:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-01 17:12 - 2014-08-02 15:54 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
2014-08-01 16:00 - 2014-08-21 12:29 - 00000000 ____D () C:\Users\GDC\AppData\Local\CrashDumps
2014-08-01 14:32 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 14:32 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 14:32 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 14:32 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 14:32 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 14:32 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 14:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 14:32 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 14:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 00:58 - 2014-08-21 23:11 - 01143265 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 00:55 - 2014-08-17 02:47 - 00004288 _____ () C:\Windows\PFRO.log
2014-08-01 00:53 - 2014-08-21 12:16 - 00004704 _____ () C:\Windows\setupact.log
2014-08-01 00:53 - 2014-08-01 00:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 00:48 - 2014-08-19 01:47 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\vlc
2014-08-01 00:45 - 2014-08-01 00:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 00:44 - 2014-08-01 00:44 - 00006107 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-01 00:44 - 2014-08-01 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 00:44 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 00:44 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-01 00:44 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-01 00:44 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 00:24 - 2014-07-31 23:19 - 00000768 _____ () C:\Windows\system32\Drivers\etc\hosts.20140801-002457.backup
2014-08-01 00:04 - 2014-08-01 00:04 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Local\CrashDumps
2014-07-31 23:44 - 2014-07-31 23:49 - 00000000 ____D () C:\Users\Admin -disaster only\Desktop\mbar
2014-07-31 23:44 - 2014-07-31 23:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-31 20:04 - 2014-07-31 20:04 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 19:49 - 2014-08-16 13:01 - 00000000 ____D () C:\AdwCleaner
2014-07-31 17:50 - 2014-08-13 13:41 - 00000546 _____ () C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
2014-07-31 17:50 - 2014-08-13 13:41 - 00000000 ____D () C:\EEK
2014-07-31 17:43 - 2014-07-31 17:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-31 17:32 - 2014-08-20 23:14 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-31 01:04 - 2014-08-14 16:15 - 00002958 _____ () C:\Users\Admin -disaster only\Desktop\Rkill.txt
2014-07-31 01:02 - 2014-08-21 23:51 - 00000000 ____D () C:\Users\GDC\Desktop\anti-rootkit
2014-07-31 00:59 - 2014-07-31 23:54 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-31 00:59 - 2014-07-31 00:59 - 00003229 _____ () C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\ProgramData\Sophos
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieUserList
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
2014-07-29 21:10 - 2013-08-10 02:16 - 00450636 _____ () C:\Windows\system32\Drivers\etc\hosts.20140729-211016.backup
2014-07-26 23:07 - 2014-07-26 23:07 - 00875472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00252400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 23:51 - 2014-08-15 11:51 - 00000000 ____D () C:\FRST
2014-08-21 23:51 - 2014-07-31 01:02 - 00000000 ____D () C:\Users\GDC\Desktop\anti-rootkit
2014-08-21 23:45 - 2012-01-05 19:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-21 23:14 - 2013-10-29 18:40 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-21 23:11 - 2014-08-01 00:58 - 01143265 _____ () C:\Windows\WindowsUpdate.log
2014-08-21 12:29 - 2014-08-01 16:00 - 00000000 ____D () C:\Users\GDC\AppData\Local\CrashDumps
2014-08-21 12:16 - 2014-08-01 00:53 - 00004704 _____ () C:\Windows\setupact.log
2014-08-21 09:14 - 2013-10-29 18:40 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 00:00 - 2013-05-30 00:35 - 00000432 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-08-20 23:14 - 2014-07-31 17:32 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-20 23:04 - 2012-01-05 20:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-20 23:00 - 2013-11-30 03:29 - 00000000 ____D () C:\Users\Admin -disaster only
2014-08-20 16:42 - 2009-07-14 01:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-20 15:59 - 2014-02-13 20:39 - 00004101 _____ () C:\Users\GDC\Desktop\netflix.txt
2014-08-20 15:14 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-20 15:14 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-20 15:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-20 14:51 - 2014-05-06 14:50 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Double Dummy Solver
2014-08-19 01:47 - 2014-08-01 00:48 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\vlc
2014-08-18 17:38 - 2013-12-28 04:00 - 00000000 ____D () C:\Windows\rescache
2014-08-18 12:41 - 2014-08-18 12:41 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-18 12:41 - 2014-08-06 10:25 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-18 12:41 - 2013-01-01 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-18 12:41 - 2013-01-01 17:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-17 12:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-17 05:10 - 2013-07-27 03:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-17 05:09 - 2011-12-29 17:49 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-17 02:47 - 2014-08-01 00:55 - 00004288 _____ () C:\Windows\PFRO.log
2014-08-17 02:06 - 2012-08-20 15:30 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Skype
2014-08-16 13:14 - 2014-08-16 13:13 - 00028237 _____ () C:\zoek-results.log
2014-08-16 13:13 - 2014-08-16 13:12 - 00000000 ____D () C:\zoek_backup
2014-08-16 13:01 - 2014-07-31 19:49 - 00000000 ____D () C:\AdwCleaner
2014-08-15 17:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-15 14:03 - 2014-08-15 14:03 - 00027492 _____ () C:\ComboFix.txt
2014-08-15 14:03 - 2014-08-15 11:53 - 00000000 ____D () C:\Qoobox
2014-08-15 14:03 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-08-15 14:02 - 2014-08-15 11:53 - 00000000 ____D () C:\Windows\erdnt
2014-08-15 14:02 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-15 11:55 - 2009-07-13 22:34 - 75497472 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-15 11:55 - 2009-07-13 22:34 - 17039360 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-15 11:55 - 2009-07-13 22:34 - 05505024 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-15 11:55 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-15 11:55 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-15 11:42 - 2014-08-15 11:42 - 00000000 ____D () C:\_OTL
2014-08-14 19:57 - 2013-11-30 03:33 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Wise Care 365
2014-08-14 16:15 - 2014-07-31 01:04 - 00002958 _____ () C:\Users\Admin -disaster only\Desktop\Rkill.txt
2014-08-14 16:11 - 2014-08-14 16:11 - 514927041 _____ () C:\Windows\MEMORY.DMP
2014-08-14 16:11 - 2014-08-14 16:11 - 00572088 _____ () C:\Windows\Minidump\081414-17940-01.dmp
2014-08-14 16:11 - 2012-12-31 18:05 - 00000000 ____D () C:\Windows\Minidump
2014-08-14 16:03 - 2013-11-08 09:35 - 00072264 _____ () C:\Users\GDC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-14 16:03 - 2009-07-14 00:45 - 00331592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-14 01:54 - 2012-02-23 19:08 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\SoftGrid Client
2014-08-13 16:16 - 2013-10-29 18:41 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-13 14:56 - 2014-08-13 14:20 - 00000000 ____D () C:\Users\GDC\AppData\Local\adawarebp
2014-08-13 13:41 - 2014-07-31 17:50 - 00000546 _____ () C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
2014-08-13 13:41 - 2014-07-31 17:50 - 00000000 ____D () C:\EEK
2014-08-12 20:57 - 2014-08-12 20:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\Users\GDC\AppData\Local\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-12 20:57 - 2012-08-20 15:30 - 00000000 ____D () C:\ProgramData\Skype
2014-08-06 21:58 - 2014-08-06 21:58 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\LibreOffice
2014-08-06 21:57 - 2014-08-06 21:57 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-08-06 10:25 - 2013-01-01 17:49 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 15:43 - 2013-10-05 01:59 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\KeePass
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 23:30 - 2014-02-08 17:22 - 00000000 ____D () C:\Program Files\WinRAR
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-03 22:40 - 2011-12-27 18:57 - 00000000 ____D () C:\Users\GDC
2014-08-03 19:37 - 2014-07-04 01:48 - 00000425 _____ () C:\Users\GDC\Desktop\July to Do.txt
2014-08-02 15:54 - 2014-08-01 17:12 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
2014-08-01 00:53 - 2014-08-01 00:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 00:52 - 2013-10-25 16:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 00:52 - 2013-10-25 16:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 00:47 - 2013-07-23 00:43 - 00000773 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-01 00:47 - 2013-07-23 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-01 00:45 - 2014-08-01 00:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 00:44 - 2014-08-01 00:44 - 00006107 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-01 00:44 - 2014-08-01 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 00:44 - 2013-06-28 12:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 00:42 - 2013-05-30 00:35 - 00003130 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-08-01 00:39 - 2013-10-04 02:43 - 00002054 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-08-01 00:39 - 2013-10-04 02:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2014-08-01 00:04 - 2014-08-01 00:04 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Local\CrashDumps
2014-07-31 23:54 - 2014-07-31 00:59 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-31 23:49 - 2014-07-31 23:44 - 00000000 ____D () C:\Users\Admin -disaster only\Desktop\mbar
2014-07-31 23:49 - 2014-07-31 23:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-31 23:19 - 2014-08-01 00:24 - 00000768 _____ () C:\Windows\system32\Drivers\etc\hosts.20140801-002457.backup
2014-07-31 20:04 - 2014-07-31 20:04 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 19:56 - 2011-12-09 18:33 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-07-31 19:56 - 2011-12-09 18:33 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-07-31 19:41 - 2014-08-15 17:11 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-15 17:11 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 17:47 - 2014-07-31 17:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-31 00:59 - 2014-07-31 00:59 - 00003229 _____ () C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\ProgramData\Sophos
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieUserList
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
2014-07-30 01:00 - 2013-11-16 03:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 10:29 - 2012-02-01 23:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 10:29 - 2012-02-01 23:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 01:11 - 2012-02-01 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 23:07 - 2014-07-26 23:07 - 00875472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00252400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
2014-07-25 10:52 - 2014-08-15 17:11 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 10:02 - 2014-08-15 17:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 10:01 - 2014-08-15 17:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 09:51 - 2014-08-15 17:11 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 09:30 - 2014-08-15 17:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 09:28 - 2014-08-15 17:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 09:28 - 2014-08-15 17:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 09:25 - 2014-08-15 17:11 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-15 17:11 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 09:11 - 2014-08-15 17:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 09:10 - 2014-08-15 17:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 09:04 - 2014-08-15 17:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 09:03 - 2014-08-15 17:11 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 09:00 - 2014-08-15 17:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 09:00 - 2014-08-15 17:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 08:59 - 2014-08-15 17:11 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 08:47 - 2014-08-15 17:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 08:40 - 2014-08-15 17:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-15 17:11 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 08:34 - 2014-08-15 17:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 08:33 - 2014-08-15 17:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 08:30 - 2014-08-15 17:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-15 17:11 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-15 17:11 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-15 17:11 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 08:19 - 2014-08-15 17:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 08:18 - 2014-08-15 17:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 08:17 - 2014-08-15 17:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 08:17 - 2014-08-15 17:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 08:12 - 2014-08-15 17:11 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 08:10 - 2014-08-15 17:11 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 08:10 - 2014-08-15 17:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 08:08 - 2014-08-15 17:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-15 17:11 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-15 17:11 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-15 17:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-15 17:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-15 17:11 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-15 17:11 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 07:39 - 2014-08-15 17:11 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 07:36 - 2014-08-15 17:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 07:34 - 2014-08-15 17:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 07:29 - 2014-08-15 17:11 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 07:23 - 2014-08-15 17:11 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-15 17:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 07:07 - 2014-08-15 17:11 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 07:07 - 2014-08-15 17:11 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 07:03 - 2014-08-15 17:11 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-15 17:11 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 06:26 - 2014-08-15 17:11 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-15 17:11 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-15 17:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-15 17:11 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-15 17:11 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 08:53 - 2013-05-07 11:35 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

Some content of TEMP:
====================
C:\Users\GDC\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-18 17:31

==================== End Of Log ============================

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Admin -disaster only at 2014-08-21 23:52:06
Running from C:\Users\GDC\Desktop\anti-rootkit
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.12 - GIGABYTE)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Agarest Generations of War Zero (HKLM-x32\...\QWdhcmVzdEdlbmVyYXRpb25zb2ZXYXJaZXJv_is1) (Version: 1 - )
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Black Shell Games - SanctuaryRPG -  (HKLM-x32\...\Black Shell Games SanctuaryRPG) (Version: "1.1.0.1.1.0.1.1.0" - "Black Shell Games")
Bog's Adventures in the Underworld v2.0 (HKLM-x32\...\Bog's Adventures in the Underworld_is1) (Version:  - Alpha72 Games)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Common RTP 1.0 (HKLM-x32\...\RPGAdvocates_RTP_1.0) (Version:  - )
Corsair USB Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB7}) (Version: 1.00.0007 - )
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - Creative Technology Limited)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Double Dummy Solver 10 (HKLM-x32\...\Double Dummy Solver_is1) (Version:  - Bob Richardson & Bo Haglund)
DROD 5: The Second Sky 5.0.0 (HKLM-x32\...\DROD 5: The Second Sky_is1) (Version: 5.0.0 - Caravel Games)
DROD: Journey to Rooted Hold 2.0.16 (HKLM-x32\...\DROD: Journey to Rooted Hold_is1) (Version: 2.0.16 - Caravel Games)
DROD: The City Beneath 3.0.0 (HKLM-x32\...\DROD: The City Beneath_is1) (Version: 3.0.0 - Caravel Games)
Easy Tune 6 B11.0630.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.0630.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Elements - Soul of Fire (HKLM-x32\...\Elements - Soul of Fire) (Version:  - )
Etron USB3.0 Host Controller (x32 Version: 0.101 - Etron Technology) Hidden
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.54.1.1 - Futuremark Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Heroes of Might and Magic V - Collectors Edition (HKLM-x32\...\Heroes of Might and Magic V - Collectors Edition3.1) (Version: 3.1 - Ubisoft)
Heroine's Quest 1.1 (HKLM-x32\...\{204D4EF9-7415-4927-8B42-99D2F88F1149}_is1) (Version: 1.0 - Crystal Shard)
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 1.00 - Creative Technology Limited)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KeePass Password Safe 2.23 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
LibreOffice 4.3.0.4 (HKLM-x32\...\{5C005E2A-AEAE-4DF7-B7CA-1E6DCDD2AEA4}) (Version: 4.3.0.4 - The Document Foundation)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (x32 Version: 8.0.56405 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
ProPokerTools Odds Oracle 2.2.1 (HKLM-x32\...\5992-1726-3179-3433) (Version: 2.2.1 - ProPokerTools)
Quest for Infamy  (HKLM-x32\...\Quest for Infamy) (Version:  - Infamous Quests)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Smart 6 B11.0512.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.2 - Sophos Limited)
Sound Blaster X-Fi (HKLM-x32\...\{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}) (Version: 1.0 - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Undefeated (HKLM-x32\...\Undefeated) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wise Care 365 3.18 (HKLM-x32\...\Wise Care 365_is1) (Version: 3.18 - WiseCleaner.com, Inc.)
Wise Care 365 version 2.83 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.83 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-08-2014 08:39:05 Scheduled Checkpoint
22-08-2014 03:51:10 Removed The Book of Legends

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-08-16 12:58 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0955D8BE-9ED5-44F6-A83A-75A53444BFB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-29] (Google Inc.)
Task: {4B839122-4438-4EAC-8CE7-BD1589B62CD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-29] (Google Inc.)
Task: {D87DF6D0-B287-434D-9B1D-23B02DA81DA7} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2014-07-07] (WiseCleaner.COM)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

==================== Loaded Modules (whitelisted) =============

2011-12-09 18:05 - 2011-06-09 22:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-02 23:33 - 2011-12-14 18:55 - 08453376 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2012-01-02 16:31 - 2011-09-28 17:29 - 00905216 ____N () C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-02-02 23:33 - 2011-12-14 11:43 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2011-12-09 18:55 - 2009-02-06 19:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2011-12-09 18:55 - 2009-03-26 15:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2009-08-26 06:29 - 2009-08-26 06:29 - 00150016 _____ () C:\Windows\SysWOW64\OemSpiE.dll
2014-08-16 12:59 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\GDC\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2012-01-02 16:31 - 2011-04-19 15:56 - 00143360 ____N () C:\Program Files\Corsair USB Headset\customapp\program\VmixHS.dll
2013-11-16 03:25 - 2014-07-30 01:00 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-01 00:52 - 2014-08-01 00:52 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\GDC:gs5sys
AlternateDataStreams: C:\ProgramData\TEMP:321156F2
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:7B532EF3
AlternateDataStreams: C:\ProgramData\TEMP:8EBE034C
AlternateDataStreams: C:\ProgramData\TEMP:D169FA00
AlternateDataStreams: C:\ProgramData\TEMP:DD5042D8
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\GDC\Application Data:gs5sys
AlternateDataStreams: C:\Users\GDC\Cookies:gs5sys
AlternateDataStreams: C:\Users\GDC\Local Settings:gs5sys
AlternateDataStreams: C:\Users\GDC\Templates:gs5sys
AlternateDataStreams: C:\Users\GDC\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\GDC\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\GDC\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\GDC\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\GDC\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\GDC\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: DivXMediaServer => d:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/21/2014 00:29:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 31.0.0.5310, time stamp: 0x53c75e91
Faulting module name: mozalloc.dll, version: 31.0.0.5310, time stamp: 0x53c72e91
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x2f88
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/21/2014 04:34:20 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (08/21/2014 04:34:14 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/20/2014 03:09:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (08/20/2014 03:08:58 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (08/20/2014 03:07:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2014 05:09:36 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (08/19/2014 05:09:29 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/19/2014 05:04:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17239, time stamp: 0x53d22946
Faulting module name: Flash32_11_9_900_117.ocx, version: 11.9.900.117, time stamp: 0x5244d34f
Exception code: 0xc0000005
Fault offset: 0x005a5a2f
Faulting process id: 0x13c8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (08/19/2014 02:24:53 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed


System errors:
=============
Error: (08/21/2014 03:07:41 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6}

Error: (08/20/2014 10:51:44 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/20/2014 03:07:40 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6}

Error: (08/20/2014 03:07:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:01:49 PM on ‎8/‎20/‎2014 was unexpected.

Error: (08/20/2014 02:23:07 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6}

Error: (08/20/2014 01:30:21 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/19/2014 02:23:05 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6}

Error: (08/18/2014 11:58:00 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6}

Error: (08/18/2014 07:35:01 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6}

Error: (08/18/2014 06:20:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (08/21/2014 00:29:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b2f8801cfbd5c05980423C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll4f4f811a-2950-11e4-a253-50e549488a59

Error: (08/21/2014 04:34:20 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*d:\program files (x86)\spybot - search & destroy\DelZip179.dlld:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (08/21/2014 04:34:14 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (08/20/2014 03:09:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (08/20/2014 03:08:58 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2

Error: (08/20/2014 03:07:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2014 05:09:36 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*d:\program files (x86)\spybot - search & destroy\DelZip179.dlld:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (08/19/2014 05:09:29 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (08/19/2014 05:04:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1723953d22946Flash32_11_9_900_117.ocx11.9.900.1175244d34fc0000005005a5a2f13c801cfbbde5bbefdc6C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_11_9_900_117.ocx5c4fea66-27e4-11e4-8521-50e549488a59

Error: (08/19/2014 02:24:53 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed


CodeIntegrity Errors:
===================================
  Date: 2014-08-15 11:55:19.439
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-15 11:55:19.423
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-01 02:32:51.914
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\4B91.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-01 02:32:51.889
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\4B91.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-31 23:59:27.007
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FB.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-31 23:59:26.983
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FB.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-31 23:55:12.757
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FB.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-31 23:55:12.732
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FB.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-31 23:54:55.075
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\BBDF.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-31 23:54:55.049
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\BBDF.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 33%
Total physical RAM: 16301.12 MB
Available physical RAM: 10892.55 MB
Total Pagefile: 32600.41 MB
Available Pagefile: 27610.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.8 GB) (Free:9.25 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:16.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CE920B61)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: CE920B6D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Shortcut:

 

Users shortcut scan result (x64) Version: 17-08-2014 01
Ran by Admin -disaster only at 2014-08-21 23:52:22
Running from C:\Users\GDC\Desktop\anti-rootkit
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)



Shortcut: C:\Users\Admin -disaster only\Links\Desktop.lnk -> C:\Users\Admin -disaster only\Desktop ()
Shortcut: C:\Users\Admin -disaster only\Links\Downloads.lnk -> C:\Users\Admin -disaster only\Downloads ()
Shortcut: C:\Users\Admin -disaster only\Desktop\Aldorlea Games.lnk -> D:\games\undefeated\Aldorlea Games.url ()
Shortcut: C:\Users\Admin -disaster only\Desktop\Double Dummy Solver.lnk -> D:\downloads\Bridge\DDSolver\Double Dummy Solver\DDS.exe ()
Shortcut: C:\Users\Admin -disaster only\Desktop\DROD - Journey to Rooted Hold.lnk -> D:\Program Files (x86)\DROD - Journey to Rooted Hold\drod.exe ()
Shortcut: C:\Users\Admin -disaster only\Desktop\DROD - King Dugan's Dungeon.lnk -> D:\Program Files (x86)\DROD - King Dugan's Dungeon\drod.exe ()
Shortcut: C:\Users\Admin -disaster only\Desktop\DROD - The City Beneath.lnk -> D:\Program Files (x86)\DROD - The City Beneath\drod.exe ()
Shortcut: C:\Users\Admin -disaster only\Desktop\DROD 5 - The Second Sky.lnk -> D:\Program Files (x86)\DROD 5 - The Second Sky\drod.exe ()
Shortcut: C:\Users\Admin -disaster only\Desktop\Elements - Soul of Fire.lnk -> D:\Program Files (x86)\Elements - Soul of Fire\E1.exe ()
Shortcut: C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk -> C:\EEK\start.exe (Emsisoft GmbH)
Shortcut: C:\Users\Admin -disaster only\Desktop\Play Undefeated.lnk -> D:\games\undefeated\Game.exe ()
Shortcut: C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk -> C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe (Macrovision Corporation)
Shortcut: C:\Users\Admin -disaster only\Desktop\WinDirStat.lnk -> D:\Program Files (x86)\WinDirStat\windirstat.exe (Seifert)
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Virus Removal Tool\Sophos Virus Removal Tool.lnk -> C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe (Macrovision Corporation)
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elements - Soul of Fire\Elements - Soul of Fire.lnk -> D:\Program Files (x86)\Elements - Soul of Fire\E1.exe ()
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elements - Soul of Fire\Readme.lnk -> D:\Program Files (x86)\Elements - Soul of Fire\Readme.txt ()
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elements - Soul of Fire\Uninstall.lnk -> D:\Program Files (x86)\Elements - Soul of Fire\uninstall.exe ()
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Creative MediaSource Go!.lnk -> C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk -> C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agarest Zero.lnk -> D:\downloads\Installation Zone\Agarest.Generations.of.War.Zero-RELOADED\Agarest Zero\AgarestZero.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk -> D:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365\Wise Care 365.lnk -> C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe (WiseCleaner.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Call.lnk -> C:\Program Files (x86)\Windows Live\Messenger\wlcstart.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Messenger .lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat\Help (ENG).lnk -> D:\Program Files (x86)\WinDirStat\windirstat.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat\Uninstall WinDirStat.lnk -> D:\Program Files (x86)\WinDirStat\Uninstall.exe (WDS Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat\WinDirStat.lnk -> D:\Program Files (x86)\WinDirStat\windirstat.exe (Seifert)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> D:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> D:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> D:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> D:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Undefeated Full\1. Play Undefeated.lnk -> D:\games\undefeated\Game.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Undefeated Full\2. Aldorlea Website.lnk -> D:\games\undefeated\Aldorlea Games.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Undefeated Full\3. Guide Sample.lnk -> D:\games\undefeated\Download Guide Sample.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Undefeated Full\4. Buy Guide.lnk -> D:\games\undefeated\Buy Undefeated Guide.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Undefeated Full\5. Uninstall Game.lnk -> D:\games\undefeated\Uninstal.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.lnk -> C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C92.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster\SpywareBlaster Help.lnk -> C:\Program Files (x86)\SpywareBlaster\sbhelp.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster\SpywareBlaster.lnk -> C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\File Shredder.lnk -> D:\Program Files (x86)\Spybot - Search & Destroy\SDShred.exe (Safer Networking Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk -> D:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Tutorial.lnk -> D:\Program Files (x86)\Spybot - Search & Destroy\Help\English.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk -> D:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Update Spybot-S&D.lnk -> D:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe (Safer Networking Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProPokerTools Odds Oracle\ProPokerTools Odds Oracle Uninstaller.lnk -> D:\Program Files (x86)\PPTOddsOracle\uninstall.exe (ProPokerTools)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProPokerTools Odds Oracle\ProPokerTools Odds Oracle.lnk -> D:\Program Files (x86)\PPTOddsOracle\PPT Odds Oracle.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100v2 Genie\NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Logitech Gaming Software.lnk -> C:\Windows\Installer\{1444D2EE-C7AD-44A8-844F-2634B49353D1}\NewShortcut1_7E69263C626D4C569CA13522D79FEB7F.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Base.lnk -> C:\Program Files (x86)\LibreOffice 4\program\sbase.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Calc.lnk -> C:\Program Files (x86)\LibreOffice 4\program\scalc.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Draw.lnk -> C:\Program Files (x86)\LibreOffice 4\program\sdraw.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Impress.lnk -> C:\Program Files (x86)\LibreOffice 4\program\simpress.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Math.lnk -> C:\Program Files (x86)\LibreOffice 4\program\smath.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice Writer.lnk -> C:\Program Files (x86)\LibreOffice 4\program\swriter.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3\LibreOffice.lnk -> C:\Program Files (x86)\LibreOffice 4\program\soffice.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infamous Quests\Infamous Quests Website.lnk -> D:\Program Files (x86)\Infamous Quests\Infamous Quests.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infamous Quests\Quest for Infamy\Configure .lnk -> D:\Program Files (x86)\Infamous Quests\Quest for Infamy\winsetupQFI.exe (Infamous Quests)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infamous Quests\Quest for Infamy\Quest for Infamy License.lnk -> D:\Program Files (x86)\Infamous Quests\Quest for Infamy\QFI-EULA.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infamous Quests\Quest for Infamy\Quest for Infamy Manual.lnk -> D:\Program Files (x86)\Infamous Quests\Quest for Infamy\qfi-booklet.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infamous Quests\Quest for Infamy\Quest for Infamy.lnk -> D:\Program Files (x86)\Infamous Quests\Quest for Infamy\QFI.exe (Infamous Quests               )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infamous Quests\Quest for Infamy\Uninstall .lnk -> D:\Program Files (x86)\Infamous Quests\Quest for Infamy\uninst.exe (Infamous Quests)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroine's Quest\Configuration options.lnk -> D:\Program Files (x86)\Heroine's Quest\winsetup.exe (Chris Jones)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroine's Quest\Heroine's Quest manual.lnk -> D:\Program Files (x86)\Heroine's Quest\Heroine's Quest manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroine's Quest\Heroine's Quest.lnk -> D:\Program Files (x86)\Heroine's Quest\Heroine's Quest.exe (Crystal Shard                 )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroine's Quest\Uninstall Heroine's Quest.lnk -> D:\Program Files (x86)\Heroine's Quest\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\@BIOS.lnk -> C:\Program Files (x86)\GIGABYTE\@BIOS\BIOS_Run.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\Smart 6\smart6.lnk -> C:\Program Files (x86)\GIGABYTE\smart6\Smart6.exe (GIGABYTE)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\ET6\ET6.lnk -> C:\Windows\Installer\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}\ET6SC.exe_457D7505D6654F9591C3ECB8C56E9ACA.exe (InstallShield Software Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\ET6\Help.lnk -> C:\Program Files (x86)\GIGABYTE\ET6\et6help.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DROD 5 - The Second Sky\DROD 5 - The Second Sky.lnk -> D:\Program Files (x86)\DROD 5 - The Second Sky\drod.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DROD 5 - The Second Sky\Help.lnk -> D:\Program Files (x86)\DROD 5 - The Second Sky\Data\Help\1\contents.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DROD 5 - The Second Sky\Uninstall DROD 5 - The Second Sky.lnk -> D:\Program Files (x86)\DROD 5 - The Second Sky\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DROD - The City Beneath\DROD - The City Beneath.lnk -> D:\Program Files (x86)\DROD - The City Beneath\drod.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DROD - The City Beneath\Help.lnk -> D:\Program Files (x86)\DROD - The City Beneath\Data\Help\1\contents.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DROD - The City Beneath\Uninstall DROD - The City Beneath.lnk -> D:\Program Files (x86)\DROD - The City Beneath\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DROD - King Dugan's Dungeon\DROD - King Dugan's Dungeon.lnk -> D:\Program Files (x86)\DROD - King Dugan's Dungeon\drod.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DROD - King Dugan's Dungeon\Help.lnk -> D:\Program Files (x86)\DROD - King Dugan's Dungeon\Data\Help\1\contents.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DROD - King Dugan's Dungeon\Uninstall DROD - King Dugan's Dungeon.lnk -> D:\Program Files (x86)\DROD - King Dugan's Dungeon\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DROD - Journey to Rooted Hold\DROD - Journey to Rooted Hold.lnk -> D:\Program Files (x86)\DROD - Journey to Rooted Hold\drod.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DROD - Journey to Rooted Hold\Help.lnk -> D:\Program Files (x86)\DROD - Journey to Rooted Hold\Data\Help\1\contents.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DROD - Journey to Rooted Hold\Uninstall DROD - Journey to Rooted Hold.lnk -> D:\Program Files (x86)\DROD - Journey to Rooted Hold\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Double Dummy Solver\Double Dummy Solver.lnk -> D:\downloads\Bridge\DDSolver\Double Dummy Solver\DDS.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Double Dummy Solver\Uninstall Double Dummy Solver.lnk -> D:\downloads\Bridge\DDSolver\Double Dummy Solver\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\DivX Plus Converter.lnk -> D:\Program Files (x86)\DivX\DivX Plus Converter\DivXConverterLauncher.exe (DivX, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\DivX Plus Player.lnk -> D:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk -> D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk -> D:\Program Files (x86)\DAEMON Tools Lite\SPTDinst-x64.exe (Duplex Secure Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Creative Audio Control Panel.lnk -> C:\Program Files (x86)\Creative\AudioCS\CTAudCS.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Creative Software AutoUpdate.lnk -> C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Creative MediaSource 5\Creative MediaSource 5 Audio Converter.lnk -> C:\Program Files (x86)\Creative\MediaSource5\AudCvtu.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Creative MediaSource 5\Creative MediaSource Go!.lnk -> C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Catalyst Control Center.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bog's Adventures in the Underworld\Bog's Adventures in the Underworld.lnk -> D:\Program Files (x86)\Bog's Adventures in the Underworld\BogsAdventure.exe (Chris Jones)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bog's Adventures in the Underworld\Manual.lnk -> D:\Program Files (x86)\Bog's Adventures in the Underworld\Manual.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bog's Adventures in the Underworld\More Alpha72 Adventure Games on the Web.lnk -> D:\Program Files (x86)\Bog's Adventures in the Underworld\BogsAdventure.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bog's Adventures in the Underworld\Setup.lnk -> D:\Program Files (x86)\Bog's Adventures in the Underworld\winsetup.exe (Chris Jones)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bog's Adventures in the Underworld\Uninstall Bog's Adventures in the Underworld.lnk -> D:\Program Files (x86)\Bog's Adventures in the Underworld\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bog's Adventures in the Underworld\Walkthrough.lnk -> D:\Program Files (x86)\Bog's Adventures in the Underworld\WalkThrough.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus Help.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avwin.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira on the Internet.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Display readme.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Start Avira Free Antivirus.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{1A6AEAE7-0104-43BE-9CA2-C60F9FB2FC7E}\PlayTasks\0\Heroine's Quest 1.1.lnk -> D:\Program Files (x86)\Heroine's Quest\Heroine's Quest.exe (Crystal Shard                 )
Shortcut: C:\ProgramData\Intel\ExtremeGraphics\CUI\Resource\Intel® HD Graphics.lnk -> C:\Windows\System32\GfxUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Intel\ExtremeGraphics\CUI\Resource\インテル® HD グラフィックス.lnk -> C:\Windows\System32\GfxUI.exe (Intel Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\GDC\Links\Desktop.lnk -> C:\Users\Admin -disaster only\Desktop ()
Shortcut: C:\Users\GDC\Links\Downloads.lnk -> C:\Users\Admin -disaster only\Downloads ()
Shortcut: C:\Users\GDC\Desktop\Bog's Adventures in the Underworld.lnk -> D:\Program Files (x86)\Bog's Adventures in the Underworld\BogsAdventure.exe (Chris Jones)
Shortcut: C:\Users\GDC\Desktop\Bridge - Shortcut.lnk -> D:\downloads\Bridge ()
Shortcut: C:\Users\GDC\Desktop\downloads - Shortcut.lnk -> D:\downloads ()
Shortcut: C:\Users\GDC\Desktop\DROD - Journey to Rooted Hold.lnk -> D:\Program Files (x86)\DROD - Journey to Rooted Hold\drod.exe ()
Shortcut: C:\Users\GDC\Desktop\DROD - King Dugan's Dungeon.lnk -> D:\Program Files (x86)\DROD - King Dugan's Dungeon\drod.exe ()
Shortcut: C:\Users\GDC\Desktop\DROD - The City Beneath.lnk -> D:\Program Files (x86)\DROD - The City Beneath\drod.exe ()
Shortcut: C:\Users\GDC\Desktop\DROD 5 - The Second Sky.lnk -> D:\Program Files (x86)\DROD 5 - The Second Sky\drod.exe ()
Shortcut: C:\Users\GDC\Desktop\DROD RPG - Tendry's Tale.lnk -> D:\Program Files (x86)\DROD RPG - Tendry's Tale\drod.exe ()
Shortcut: C:\Users\GDC\Desktop\E1 - Shortcut.lnk -> D:\Program Files (x86)\Elements - Soul of Fire\E1.exe ()
Shortcut: C:\Users\GDC\Desktop\Hammers of Fate.lnk -> D:\Heroes of Might and Magic V - Collectors Edition\HMM5\bina1\H5_Game.exe ()
Shortcut: C:\Users\GDC\Desktop\Heroes of Might and Magic V.lnk -> D:\Heroes of Might and Magic V - Collectors Edition\HMM5\bin\H5_Game.exe ()
Shortcut: C:\Users\GDC\Desktop\KeePass 2.lnk -> D:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
Shortcut: C:\Users\GDC\Desktop\LaxiusForceIII - Shortcut.lnk -> D:\downloads\LaxF3\Laxius Force III\LaxiusForceIII.exe (No File)
Shortcut: C:\Users\GDC\Desktop\Moonchild - Shortcut.lnk -> D:\games\Moonchild Full\Moonchild.exe (VELOCITY)
Shortcut: C:\Users\GDC\Desktop\Play Undefeated.lnk -> D:\games\undefeated\Game.exe ()
Shortcut: C:\Users\GDC\Desktop\PSE - Shortcut.lnk -> D:\PSE ()
Shortcut: C:\Users\GDC\Desktop\Spybot - Search & Destroy.lnk -> D:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\Users\GDC\Desktop\Tribes of the East.lnk -> D:\Heroes of Might and Magic V - Collectors Edition\HMM5\bina2\bin\H5_Game.exe ()
Shortcut: C:\Users\GDC\Desktop\WinDirStat.lnk -> D:\Program Files (x86)\WinDirStat\windirstat.exe (Seifert)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\Admin -disaster only\AppData\Roaming\uTorrent\uTorrent.exe (No File)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> D:\Program Files\WinRAR\Rar.txt (No File)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> D:\Program Files\WinRAR\WinRAR.chm (No File)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Might and Magic V - Collectors Edition\Dark Messiah.lnk -> D:\Heroes of Might and Magic V - Collectors Edition\HMM5\bina2\binDM\H5_Game.exe ()
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Might and Magic V - Collectors Edition\Hammers of Fate.lnk -> D:\Heroes of Might and Magic V - Collectors Edition\HMM5\bina1\H5_Game.exe ()
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Might and Magic V - Collectors Edition\Heroes of Might and Magic V.lnk -> D:\Heroes of Might and Magic V - Collectors Edition\HMM5\bin\H5_Game.exe ()
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Might and Magic V - Collectors Edition\Map Editor.lnk -> D:\Heroes of Might and Magic V - Collectors Edition\HMM5\bina2\bin\H5_MapEditor.exe ()
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Might and Magic V - Collectors Edition\Tribes of the East.lnk -> D:\Heroes of Might and Magic V - Collectors Edition\HMM5\bina2\bin\H5_Game.exe ()
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DROD RPG - Tendry's Tale\DROD RPG - Tendry's Tale.lnk -> D:\Program Files (x86)\DROD RPG - Tendry's Tale\drod.exe ()
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DROD RPG - Tendry's Tale\Help.lnk -> D:\Program Files (x86)\DROD RPG - Tendry's Tale\Data\Help\1\contents.html ()
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DROD RPG - Tendry's Tale\Uninstall DROD RPG - Tendry's Tale.lnk -> D:\Program Files (x86)\DROD RPG - Tendry's Tale\unins000.exe ()
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\Admin -disaster only\AppData\Roaming\uTorrent\uTorrent.exe (No File)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\GDC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b15f30ab853b7d31\Diablo III.lnk -> D:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (No File)
Shortcut: C:\Users\GDC\AppData\Local\Microsoft\Windows\GameExplorer\{A883C3F0-E84F-4DFE-AC7E-347778A59B30}\PlayTasks\0\Play.lnk -> D:\Heroes of Might and Magic V - Collectors Edition\HMM5\bin\H5_Game.exe ()
Shortcut: C:\Users\GDC\AppData\Local\Microsoft\Windows\GameExplorer\{78F547BC-9A45-499A-A456-5C05413863C8}\PlayTasks\0\Play.lnk -> D:\Heroes of Might and Magic V - Collectors Edition\HMM5\bina2\binDM\H5_Game.exe ()
Shortcut: C:\Users\Public\Desktop\Agarest Zero.lnk -> D:\downloads\Installation Zone\Agarest.Generations.of.War.Zero-RELOADED\Agarest Zero\AgarestZero.exe ()
Shortcut: C:\Users\Public\Desktop\Avira Control Center.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\Users\Public\Desktop\DAEMON Tools Lite.lnk -> D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
Shortcut: C:\Users\Public\Desktop\ET6.lnk -> C:\Program Files (x86)\GIGABYTE\ET6\ET6SC.exe ()
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Heroine's Quest.lnk -> D:\Program Files (x86)\Heroine's Quest\Heroine's Quest.exe (Crystal Shard                 )
Shortcut: C:\Users\Public\Desktop\LibreOffice 4.3.lnk -> C:\Program Files (x86)\LibreOffice 4\program\soffice.exe (The Document Foundation)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Shortcut: C:\Users\Public\Desktop\Quest for Infamy.lnk -> D:\Program Files (x86)\Infamous Quests\Quest for Infamy\QFI.exe (Infamous Quests               )
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\smart6.lnk -> C:\Program Files (x86)\GIGABYTE\smart6\Smart6.exe (GIGABYTE)
Shortcut: C:\Users\Public\Desktop\SpywareBlaster.lnk -> C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe ()
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> D:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\Public\Desktop\Wise Care 365.lnk -> C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe (WiseCleaner.com)




ShortcutWithArgument: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk -> D:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> D:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> D:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RTP\Uninstall Common RTP.lnk -> C:\Windows\iun506.exe (Indigo Rose Corporation) -> d:\Program Files (x86)\Enterbrain\RPG2003\RTP\\irunin.ini
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100v2 Genie\Uninstall NETGEAR WNDA3100v2 Software.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\Uninstall.exe () -> -GUID {3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0} -L -z "-Remove"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Excel Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Excel Starter 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Clip Organizer 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office 2010 Upload Center 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Picture Manager 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Starter To-Go Device Manager 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Starter To-Go Device Manager 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroine's Quest\Heroine's Quest fullscreen.lnk -> D:\Program Files (x86)\Heroine's Quest\Heroine's Quest.exe (Crystal Shard                 ) -> -fullscreen
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\Smart 6\Uninstall.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{3B35725F-C623-4A1E-B5CC-99C0868679E3}\setup.exe (Macrovision Corporation) -> /UNINST
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\ET6\UnInstall.lnk -> C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe (Macrovision Corporation) -> /M{457D7505-D665-4F95-91C3-ECB8C56E9ACA}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\Check for Updates.lnk -> D:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe (DivX, Inc.) -> /start=update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\Codec Settings.lnk -> D:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe (DivX, Inc.) -> /start=decoder
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\Register.lnk -> D:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe (DivX, Inc.) -> /start=registration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Product Registration.lnk -> C:\Program Files (x86)\Creative\Product Registration\English\InetReg.exe (Creative Technology Ltd) -> /PreProcess=RegFlash.exe
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Creative MediaSource 5\Creative MediaSource 5 Organizer.lnk -> C:\Program Files (x86)\Creative\MediaSource5\CTCMSU.exe (Creative Technology Ltd) -> /Organizer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Creative MediaSource 5\Creative MediaSource 5 Player.lnk -> C:\Program Files (x86)\Creative\MediaSource5\CTCMSU.exe (Creative Technology Ltd) -> /Player
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair\Corsair USB Headset.lnk -> C:\Windows\SysWOW64\control.exe (Microsoft Corporation) -> C:\Windows\syswow64\CAHS1.dll
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Help.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bridge Base Inc\Remove Bridge Master 2000.lnk -> C:\Windows\iun3401.exe () -> d:\downloads\bm2000
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\My Avira\Avira.lnk -> C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) -> /showMiniGui
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{1A6AEAE7-0104-43BE-9CA2-C60F9FB2FC7E}\PlayTasks\1\Setup game.lnk -> D:\Program Files (x86)\Heroine's Quest\Heroine's Quest.exe (Crystal Shard                 ) -> --setup
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Might and Magic V - Collectors Edition\Uninstall Heroes of Might and Magic V - Collectors Edition.lnk -> D:\Heroes of Might and Magic V - Collectors Edition\uninstall.exe (Indigo Rose Corporation) -> "/U:d:\Heroes of Might and Magic V - Collectors Edition\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Public\Desktop\Avira.lnk -> C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) -> /showMiniGui


InternetURL: C:\Users\Admin -disaster only\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Admin -disaster only\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Admin -disaster only\Favorites\Links\Suggested Sites.url -> https://ieonline.mic...ft.com/#ieslice
InternetURL: C:\Users\Admin -disaster only\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroine's Quest\Crystal Shard website.url -> hxxp://crystalshard.net/hq.htm
InternetURL: C:\Users\GDC\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\GDC\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\GDC\Favorites\Links\Bridge Base Online.url -> hxxp://www.bridgebase.com/
InternetURL: C:\Users\GDC\Favorites\Links\Netflix.url -> hxxp://movies.netflix.com/WiPlayer?movieid=70120167&trkid=13464538
InternetURL: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth\Create Account.url -> https://www.heroesofnewerth.com/
InternetURL: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth\Match Replays.url -> hxxp://replays.heroesofnewerth.com/
InternetURL: C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth\Player Rankings.url -> hxxp://www.heroesofnewerth.com/players/

==================== End of log =============================
 


Edited by ihatesvchost.exe, 21 August 2014 - 09:55 PM.

  • 0

#58
Biscuithd
Posted 22 August 2014 - 10:31 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I uninstalled Hitman a few days ago. I hope its not still showing up somehow.

It is gone. :)

 

It's odd how some of this stuff reacts. I don't want Hitman near my machine or the folks that I'm helping. I can't tell you how many known issues it has caused, yet some Helpers here and on other sites have nothing from praise for it, so go figure. One of the Helpers I know tells her users to remove McAfee. For McAfee is just slow and clunky.

 

Thanks again for sticking with me.

You bet! I'm here for the long haul :thumbsup:

 

I see you traded Defender for Avira. I'm a fan of Defender :thumbsup:  I see a lot of false positives with Avira

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

Ok, keep it running and let me know how it goes. BTW...scan was clean.


  • 0

#59
Biscuithd
Posted 24 August 2014 - 07:48 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

How is the machine behaving?


  • 0

#60
ihatesvchost.exe
Posted 24 August 2014 - 12:07 PM

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

It is still behaving very erratically. Often it will not boot up in normal mode. Sometimes it will boot up in normal mode without internet and become dysfunctional after I reconnect the internet. Safe mode is fine.

 

Do you still think the problems are likely to be the result of the Windows patch and not malware?

 

 

Summary of disturbing behaviors I have observed:

Various screen distortions including, the right half of the screen displaying on the wrong side, intermitent gray lines and fuzziness, various blue screens. 

Mouse cursor changes size and function (for example mouse scroll becomes mouse zoom).

Suspicious flickering, folders sometimes size oddly on opening (for example to maximum when last opened it was far smaller).

Immediate drop in functionality after connecting to Internet (but not always immediate).

Suspicious behavior from rundllfiles, including more than normal running visibly and sometimes from unsafe location (such as app data).

And though I haven't seen it since last time I mentioned it, unsolicited browser windows opening.

 

I really appreciate all the time you have spent trying to solve this problem with me Biscuithd.

 

Depending on what I am able to accomplish in the next few days, I may ultimately opt for a system reset.


Edited by ihatesvchost.exe, 24 August 2014 - 12:09 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP