Hi, I have a malware/virus on my removeable USB drives. It's a file named USBDriver.exe. After I delete it manually, it copies to the root path of each USB drive on the machine, only when the USB drive is inserted while Windows is running. I'm using Windows 7, the file's size is 49152 bytes. Can you please help me remove it?
I've done a scan of the file on virustotal.com
https://www.virustot...sis/1417643471/
I've had this same problem back on my older machine, which runs Win XP. I was careful not to insert my USB anywhere else, including this brand new install of Win 7. I went through Ubuntu and removed the USBDriver.exe files out of the USB drives before plugging the USB drives to the new Win 7 machine. I don't know how it came back. It's very frustrating.
One difference I've noticed between Win XP behaviour and Win 7 is that in Win XP another file called autorun.inf was created alongside USBDriver.exe. In Win 7 I've disabled the Autorun feature (using the Control Panel option to turn it off), so that might be related.
Another thing to note is that removeable devices that windows recognizes as Hard Disk Drives (in the Computer view) do not have USBDriver.exe copied to their root path.
I'm assuming some program is copying it back there every time, which has access to my whole system, and should also be removed.
Thanks,
Veg
OTL logfile created on: 12/4/2014 01:18:34 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.94 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 50.36% Memory free
7.88 Gb Paging File | 5.64 Gb Available in Paging File | 71.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 54.90 Gb Total Space | 25.92 Gb Free Space | 47.21% Space Free | Partition Type: NTFS
Drive E: | 465.73 Gb Total Space | 217.72 Gb Free Space | 46.75% Space Free | Partition Type: NTFS
Drive G: | 29.80 Gb Total Space | 29.80 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive H: | 58.43 Gb Total Space | 56.47 Gb Free Space | 96.64% Space Free | Partition Type: FAT32
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/12/04 00:39:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2014/10/07 15:36:00 | 000,782,040 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
PRC - [2014/10/07 15:35:06 | 000,843,480 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
PRC - [2014/10/07 15:33:56 | 000,388,824 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2013/07/21 22:34:12 | 000,055,808 | ---- | M] (Brian Apps Products) -- C:\Program Files\sizer_dev482\sizer.exe
PRC - [2012/05/10 08:19:42 | 000,049,152 | -H-- | M] () -- C:\Users\user\AppData\Local\wscntfy.exe
========== Modules (No Company Name) ==========
MOD - [2014/12/02 06:00:52 | 001,446,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\d93099e1faaa28fc715b4fc64e010238\HD-Agent.ni.exe
MOD - [2014/12/02 06:00:46 | 000,155,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\ed9302abc94cce786710d77fd1410886\JSON.ni.dll
MOD - [2014/11/26 21:14:00 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\99cdfef98595ed91f14936cf52a49c54\System.Management.ni.dll
MOD - [2014/11/26 21:07:07 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a229c5bed4a12b5db6ca55d223ada6df\System.ServiceProcess.ni.dll
MOD - [2014/11/26 21:07:02 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll
MOD - [2014/11/26 21:06:45 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/11/26 21:06:41 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/11/26 21:06:39 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/11/26 21:06:37 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/11/26 21:06:28 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/11/26 21:06:25 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2012/05/10 08:19:42 | 000,049,152 | -H-- | M] () -- C:\Users\user\AppData\Local\wscntfy.exe
========== Services (SafeList) ==========
SRV:64bit: - [2014/11/26 20:38:44 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/09/16 00:03:18 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/10/10 22:03:32 | 001,851,008 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/10/07 15:36:00 | 000,782,040 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2014/10/07 15:33:56 | 000,388,824 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2014/10/07 15:33:20 | 000,409,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/11/25 19:02:19 | 000,940,760 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2014/09/16 00:26:58 | 016,750,080 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/09/15 23:59:06 | 000,576,000 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2014/06/21 19:01:22 | 000,094,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/06/12 09:48:46 | 000,087,472 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi)
DRV:64bit: - [2013/06/12 09:48:46 | 000,032,688 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)
DRV:64bit: - [2013/06/12 09:48:46 | 000,032,688 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/10/07 15:33:44 | 000,122,072 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/he-il/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 63 5C B5 A0 09 D0 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Wikipedia (English)"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (English)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B4BBDD651-70CF-4821-84F8-2B918CF89CA3%7D:8.0.5
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.3
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: %7BFFA36170-80B1-4535-B0E3-A4569E497DD0%7D:3.2pre.20110705
FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:2.0.5
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B455D905A-D37C-4643-A9E2-F6FEFAA0424A%7D:0.8.16
FF - prefs.js..extensions.enabledAddons: %7B1280606b-2510-4fe0-97ef-9b5a22eafe80%7D:0.9
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2014.07.06.05
FF - prefs.js..extensions.enabledAddons: inspector%40mozilla.org:2.0.14
FF - prefs.js..extensions.enabledAddons: ClassicThemeRestorer%40ArisT2Noia4dev:1.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..extensions.enabledItems: {dc0fa13e-3db0-73ec-e852-912722c85409}:0.3.5.1
FF - prefs.js..extensions.enabledItems: {9b9d2aaa-ae26-4447-a7a1-633a32b19ddd}:2.1
FF - prefs.js..extensions.enabledItems: {767467bc-3723-4bcb-acf1-d4d311b04ffd}:0.7.1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.7
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {FFA36170-80B1-4535-B0E3-A4569E497DD0}:3.0.3
FF - prefs.js..extensions.enabledItems: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.7.2
FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.14
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.78.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.7
FF - prefs.js..network.proxy.socks_version: 4
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 33.0.2\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 33.0.2\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2014/11/26 19:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2014/12/03 16:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions
[2014/11/26 20:13:11 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2014/11/26 20:12:47 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2014/11/26 20:13:11 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2014/11/26 20:13:11 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2014/11/26 20:13:11 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2014/11/26 20:13:11 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:13:11 | 000,000,000 | ---D | M] (Stylish-Custom) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:13:11 | 000,661,655 | -H-- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:13:11 | 000,398,450 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:12:45 | 000,114,352 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:13:11 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:12:46 | 002,551,527 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:13:11 | 000,029,990 | -H-- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:12:46 | 000,005,231 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:13:11 | 000,179,297 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:13:11 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:12:46 | 000,023,913 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:13:11 | 000,108,965 | -H-- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80}.xpi
[2014/11/26 20:13:11 | 000,075,799 | -H-- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
[2014/11/26 20:13:11 | 000,293,729 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2014/11/26 20:13:11 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2014/11/26 20:13:11 | 000,081,094 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{75e19832-90c0-4553-91a0-e5d0ac5d99fd}.xpi
[2014/11/26 20:13:11 | 000,021,964 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}.xpi
[2014/11/26 20:13:11 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2014/11/26 20:13:11 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2014/11/26 20:12:46 | 000,979,610 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/11/26 20:13:11 | 000,304,000 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/11/26 20:13:11 | 000,025,134 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2014/11/26 20:13:11 | 000,042,134 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2014/11/26 20:12:48 | 000,001,362 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome\skin\xpinstallItemGeneric.png
[2011/01/27 16:57:24 | 000,001,635 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\firefox-add-ons.xml
[2011/02/26 16:15:10 | 000,001,421 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\ninjawords.xml
[2011/10/05 22:30:20 | 000,002,039 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\stack-overflow.xml
[2008/12/17 21:10:16 | 000,004,096 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\Thumbs.db
[2010/05/19 01:49:40 | 000,001,011 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\torrentz-search.xml
[2010/05/18 23:52:58 | 000,001,312 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\wikipedia.xml
[2010/05/19 01:50:01 | 000,002,057 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\youtube-video-search.xml
[2014/11/26 19:46:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/26 19:46:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\acpimoebmfjpfnbhjgdgiacjfebmmmci\2.6_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.7_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O1 HOSTS File: ([2014/12/04 00:10:41 | 000,000,844 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 q.zonja.ru
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)
O4 - HKCU..\Run: [Windows-Audio Driver] C:\Users\user\AppData\Local\wscntfy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26DD86C0-7E3E-493A-886E-B04F9DCFFB33}: NameServer = 62.219.186.7 192.117.235.237
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B488603A-8096-4686-A09C-1A000F7A8A83}: DhcpNameServer = 10.0.0.138
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/05/29 04:13:03 | 000,000,000 | ---D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2012/11/02 22:39:44 | 000,000,059 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2014/12/04 00:51:28 | 000,000,128 | -H-- | M] () - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/12/03 23:43:25 | 000,000,000 | ---D | C] -- C:\mIRC
[2014/12/02 23:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Waterfox
[2014/12/02 10:53:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Skype
[2014/12/02 10:53:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Skype
[2014/12/02 10:53:14 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/12/02 10:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/12/02 10:53:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/12/02 10:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/12/02 06:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2014/12/02 06:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2014/12/02 06:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks
[2014/12/02 06:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2014/12/02 06:00:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Bluestacks
[2014/12/01 04:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2014/12/01 04:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoHotkey
[2014/12/01 02:10:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Sizer
[2014/12/01 02:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\sizer_dev482
[2014/12/01 01:00:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Atropa
[2014/12/01 01:00:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Atropa
[2014/12/01 00:55:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Mylau
[2014/12/01 00:55:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Mylau
[2014/12/01 00:44:49 | 000,000,000 | ---D | C] -- C:\xulrunner
[2014/12/01 00:22:21 | 000,000,000 | ---D | C] -- C:\Users\user\.idlerc
[2014/12/01 00:21:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4
[2014/12/01 00:21:14 | 000,000,000 | ---D | C] -- C:\Python34
[2014/12/01 00:03:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\nw-test
[2014/12/01 00:00:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\node-webkit
[2014/11/30 23:03:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/11/30 22:59:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Locktime
[2014/11/30 22:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 3
[2014/11/30 22:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\NetLimiter 3
[2014/11/30 22:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Locktime
[2014/11/30 22:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/11/30 22:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/11/30 22:57:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Google
[2014/11/30 22:49:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ElevatedDiagnostics
[2014/11/30 22:42:13 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2014/11/30 22:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Chrome
[2014/11/28 02:18:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2014/11/28 02:18:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\he-IL
[2014/11/28 02:18:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\he
[2014/11/28 02:18:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2014/11/28 02:18:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\he
[2014/11/28 02:18:36 | 000,000,000 | ---D | C] -- C:\Windows\he-IL
[2014/11/28 02:17:29 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\he-IL\pscr.sys.mui
[2014/11/28 02:17:27 | 000,008,704 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrSerId.sys.mui
[2014/11/28 02:17:27 | 000,008,704 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrSerIb.sys.mui
[2014/11/28 02:17:27 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrParwdm.sys.mui
[2014/11/27 16:57:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\ColorCop
[2014/11/27 15:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
[2014/11/27 15:40:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Chromium
[2014/11/27 15:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SRWare Iron
[2014/11/27 15:39:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2014/11/27 03:47:24 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2014/11/27 03:47:17 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014/11/27 03:46:59 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2014/11/27 03:43:36 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\EmieUserList
[2014/11/27 03:43:36 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\EmieSiteList
[2014/11/27 03:43:36 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\EmieBrowserModeList
[2014/11/27 03:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/11/27 03:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/11/27 01:35:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/11/27 01:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/11/27 01:35:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Notepad++
[2014/11/27 01:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2014/11/27 01:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASIS
[2014/11/27 01:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASIS
[2014/11/27 00:50:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Macromedia
[2014/11/27 00:50:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Macromedia
[2014/11/27 00:46:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2014/11/27 00:46:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014/11/27 00:46:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe
[2014/11/26 21:02:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Adobe
[2014/11/26 20:27:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\vlc
[2014/11/26 20:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/11/26 20:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/11/26 20:07:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/11/26 19:51:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Files Finder
[2014/11/26 19:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Files Finder
[2014/11/26 19:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duplicate Files Finder
[2014/11/26 19:46:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Mozilla
[2014/11/26 19:46:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Mozilla
[2014/11/26 19:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/11/26 19:44:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Diagnostics
[2014/11/26 19:41:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\ATI
[2014/11/26 19:41:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ATI
[2014/11/26 19:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/11/26 19:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2014/11/26 19:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2014/11/26 19:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2014/11/26 19:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014/11/26 19:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2014/11/26 19:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014/11/26 19:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2014/11/26 19:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/11/26 19:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014/11/26 19:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2014/11/26 19:37:23 | 000,000,000 | ---D | C] -- C:\AMD
[2014/11/26 19:37:00 | 000,000,000 | ---D | C] -- C:\Intel
[2014/11/26 19:35:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/11/26 19:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/11/26 19:35:17 | 002,162,992 | ---- | C] (Yamaha Corporation) -- C:\Windows\SysNative\YamahaAE.dll
[2014/11/26 19:35:17 | 002,101,848 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2014/11/26 19:35:17 | 001,411,096 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SRRPTR64.dll
[2014/11/26 19:35:17 | 001,048,824 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2014/11/26 19:35:17 | 000,724,728 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2014/11/26 19:35:17 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/11/26 19:35:17 | 000,451,096 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SRAPO64.dll
[2014/11/26 19:35:17 | 000,366,104 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SRCOM64.dll
[2014/11/26 19:35:17 | 000,326,680 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysWow64\SRCOM.dll
[2014/11/26 19:35:17 | 000,326,680 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SRCOM.dll
[2014/11/26 19:35:17 | 000,246,008 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll
[2014/11/26 19:35:17 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/11/26 19:35:17 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/11/26 19:35:17 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/11/26 19:35:16 | 000,889,592 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2014/11/26 19:35:16 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2014/11/26 19:35:16 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2014/11/26 19:35:16 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2014/11/26 19:35:16 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/11/26 19:35:15 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/11/26 19:35:15 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/11/26 19:35:15 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/11/26 19:35:15 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/11/26 19:35:15 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/11/26 19:35:15 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/11/26 19:35:12 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/11/26 19:35:12 | 005,751,560 | ---- | C] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOlfx.dll
[2014/11/26 19:35:12 | 000,942,384 | ---- | C] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOSettingsIPC.dll
[2014/11/26 19:35:12 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/11/26 19:35:12 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/11/26 19:35:12 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/11/26 19:35:12 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/11/26 19:35:11 | 012,967,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO3064.dll
[2014/11/26 19:35:11 | 001,313,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxSpeechAPO64.dll
[2014/11/26 19:35:11 | 000,979,280 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll
[2014/11/26 19:35:11 | 000,662,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/11/26 19:35:10 | 014,048,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2014/11/26 19:35:10 | 002,041,432 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2014/11/26 19:35:10 | 001,499,984 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2014/11/26 19:35:10 | 001,353,472 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO6064.dll
[2014/11/26 19:35:10 | 001,136,728 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll
[2014/11/26 19:35:10 | 000,922,880 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2014/11/26 19:35:10 | 000,663,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/11/26 19:35:10 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/11/26 19:35:09 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2014/11/26 19:35:09 | 000,300,704 | ---- | C] (ICEpower a/s) -- C:\Windows\SysNative\ICEsoundAPO64.dll
[2014/11/26 19:35:08 | 002,770,976 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/11/26 19:35:08 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/11/26 19:35:08 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/11/26 19:35:08 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/11/26 19:35:08 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/11/26 19:35:08 | 000,501,184 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2014/11/26 19:35:08 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/11/26 19:35:08 | 000,487,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2014/11/26 19:35:08 | 000,415,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2014/11/26 19:35:07 | 006,218,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPP64A.dll
[2014/11/26 19:35:07 | 001,939,800 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPD64A.dll
[2014/11/26 19:35:07 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/11/26 19:35:07 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/11/26 19:35:07 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/11/26 19:35:07 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/11/26 19:35:07 | 000,315,736 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPO64A.dll
[2014/11/26 19:35:07 | 000,261,464 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPA64.dll
[2014/11/26 19:35:07 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/11/26 19:35:07 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/11/26 19:35:07 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/11/26 19:35:07 | 000,113,576 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014/11/26 19:34:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2014/11/26 19:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2014/11/26 19:32:10 | 000,940,760 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014/11/26 19:32:06 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/11/26 19:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2014/11/26 19:30:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apps
[2014/11/26 17:51:50 | 000,000,000 | ---D | C] -- C:\inetpub
[2014/11/26 17:51:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2014/11/26 17:50:43 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2014/11/26 17:49:32 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/11/26 17:49:32 | 000,000,000 | R--D | C] -- C:\Users\user\Searches
[2014/11/26 17:49:32 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/11/26 17:49:32 | 000,000,000 | -H-D | C] -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/11/26 17:49:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Identities
[2014/11/26 17:49:26 | 000,000,000 | R--D | C] -- C:\Users\user\Contacts
[2014/11/26 17:49:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\VirtualStore
[2014/11/26 17:49:24 | 000,000,000 | --SD | C] -- C:\Users\user\AppData\Roaming\Microsoft
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Videos
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Saved Games
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Pictures
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Music
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Links
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Favorites
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Downloads
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Documents
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Desktop
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\Temporary Internet Files
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Templates
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Start Menu
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\SendTo
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Recent
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\PrintHood
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\NetHood
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Videos
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Pictures
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Music
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\My Documents
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Local Settings
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\History
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Cookies
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Application Data
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\Application Data
[2014/11/26 17:49:24 | 000,000,000 | -H-D | C] -- C:\Users\user\AppData
[2014/11/26 17:49:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Temp
[2014/11/26 17:49:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Microsoft
[2014/11/26 17:49:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Media Center Programs
[2014/11/26 17:49:22 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014/11/26 17:49:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
========== Files - Modified Within 30 Days ==========
[2014/12/04 01:04:45 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/04 00:33:27 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/04 00:33:27 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/04 00:32:50 | 000,505,536 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\user\Desktop\autorunsc.exe
[2014/12/04 00:32:49 | 000,593,080 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\user\Desktop\autoruns.exe
[2014/12/04 00:32:40 | 002,480,312 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\user\Desktop\procexp.exe
[2014/12/03 23:02:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/03 10:33:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/02 23:16:01 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2014/12/01 05:08:25 | 000,000,517 | ---- | M] () -- C:\Users\user\Documents\a.ahk
[2014/11/30 23:04:53 | 001,247,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/30 23:04:53 | 000,662,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/30 23:04:53 | 000,392,068 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2014/11/30 23:04:53 | 000,121,928 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/30 23:04:53 | 000,084,542 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2014/11/30 22:59:48 | 000,002,279 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/30 22:58:58 | 3173,376,000 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/30 22:57:49 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/28 02:18:34 | 000,229,316 | ---- | M] () -- C:\Windows\SysNative\perfi00D.dat
[2014/11/28 02:18:34 | 000,032,166 | ---- | M] () -- C:\Windows\SysNative\perfd00D.dat
[2014/11/27 03:48:10 | 000,116,385 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/11/27 03:48:10 | 000,116,385 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/11/27 03:47:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/11/26 21:36:59 | 000,000,000 | -H-- | M] () -- C:\Users\user\Documents\Default.rdp
[2014/11/26 20:59:31 | 000,265,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/26 20:49:29 | 000,773,568 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/11/26 20:38:45 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/11/26 20:38:44 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/11/26 20:11:13 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/11/26 19:45:02 | 000,001,437 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/11/26 19:41:04 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2014/11/26 19:35:31 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2014/11/26 19:32:01 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2014/11/25 19:02:44 | 002,162,992 | ---- | M] (Yamaha Corporation) -- C:\Windows\SysNative\YamahaAE.dll
[2014/11/25 19:02:43 | 002,121,008 | ---- | M] () -- C:\Windows\SysNative\SStudio.dll
[2014/11/25 19:02:43 | 002,101,848 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2014/11/25 19:02:43 | 001,411,096 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SRRPTR64.dll
[2014/11/25 19:02:43 | 000,518,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/11/25 19:02:43 | 000,451,096 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SRAPO64.dll
[2014/11/25 19:02:43 | 000,366,104 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SRCOM64.dll
[2014/11/25 19:02:43 | 000,326,680 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysWow64\SRCOM.dll
[2014/11/25 19:02:43 | 000,326,680 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SRCOM.dll
[2014/11/25 19:02:43 | 000,211,184 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/11/25 19:02:43 | 000,198,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/11/25 19:02:43 | 000,155,888 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/11/25 19:02:42 | 005,804,772 | ---- | M] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2014/11/25 19:02:42 | 001,048,824 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2014/11/25 19:02:42 | 000,889,592 | ---- | M] (DTS, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2014/11/25 19:02:42 | 000,724,728 | ---- | M] (DTS, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2014/11/25 19:02:42 | 000,246,008 | ---- | M] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll
[2014/11/25 19:02:42 | 000,221,024 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2014/11/25 19:02:42 | 000,081,248 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2014/11/25 19:02:42 | 000,078,688 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2014/11/25 19:02:42 | 000,074,064 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/11/25 19:02:41 | 001,372,153 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/11/25 19:02:41 | 000,375,128 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/11/25 19:02:41 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/11/25 19:02:41 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/11/25 19:02:41 | 000,204,120 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/11/25 19:02:41 | 000,101,208 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/11/25 19:02:41 | 000,078,680 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/11/25 19:02:40 | 007,164,176 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/11/25 19:02:40 | 005,751,560 | ---- | M] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOlfx.dll
[2014/11/25 19:02:40 | 000,942,384 | ---- | M] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOSettingsIPC.dll
[2014/11/25 19:02:40 | 000,434,960 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/11/25 19:02:40 | 000,141,584 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/11/25 19:02:40 | 000,124,176 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/11/25 19:02:40 | 000,075,024 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/11/25 19:02:39 | 014,048,512 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2014/11/25 19:02:39 | 012,967,680 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO3064.dll
[2014/11/25 19:02:39 | 001,313,904 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxSpeechAPO64.dll
[2014/11/25 19:02:39 | 000,979,280 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll
[2014/11/25 19:02:39 | 000,662,784 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/11/25 19:02:38 | 002,041,432 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2014/11/25 19:02:38 | 001,499,984 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2014/11/25 19:02:38 | 001,353,472 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO6064.dll
[2014/11/25 19:02:38 | 001,136,728 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll
[2014/11/25 19:02:38 | 000,922,880 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2014/11/25 19:02:38 | 000,663,296 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/11/25 19:02:38 | 000,603,984 | ---- | M] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2014/11/25 19:02:38 | 000,318,808 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/11/25 19:02:37 | 002,770,976 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/11/25 19:02:37 | 000,712,296 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/11/25 19:02:37 | 000,693,352 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/11/25 19:02:37 | 000,501,184 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2014/11/25 19:02:37 | 000,487,360 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2014/11/25 19:02:37 | 000,415,680 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2014/11/25 19:02:37 | 000,300,704 | ---- | M] (ICEpower a/s) -- C:\Windows\SysNative\ICEsoundAPO64.dll
[2014/11/25 19:02:36 | 006,218,072 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\DDPP64A.dll
[2014/11/25 19:02:36 | 001,939,800 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\DDPD64A.dll
[2014/11/25 19:02:36 | 001,756,264 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/11/25 19:02:36 | 001,568,360 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/11/25 19:02:36 | 001,486,952 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/11/25 19:02:36 | 000,728,680 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/11/25 19:02:36 | 000,491,112 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/11/25 19:02:36 | 000,432,744 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/11/25 19:02:36 | 000,428,648 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/11/25 19:02:36 | 000,315,736 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\DDPO64A.dll
[2014/11/25 19:02:36 | 000,261,464 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\DDPA64.dll
[2014/11/25 19:02:36 | 000,242,792 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/11/25 19:02:36 | 000,242,792 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/11/25 19:02:36 | 000,241,768 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/11/25 19:02:36 | 000,113,576 | ---- | M] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014/11/25 19:02:35 | 000,109,848 | ---- | M] () -- C:\Windows\SysNative\AcpiServiceVnA64.dll
[2014/11/25 19:02:35 | 000,096,568 | ---- | M] () -- C:\Windows\SysNative\audioLibVc.dll
[2014/11/25 19:02:26 | 000,003,008 | ---- | M] () -- C:\Windows\SysNative\drivers\DTSU2P.DAT
[2014/11/25 19:02:19 | 000,940,760 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
========== Files Created - No Company Name ==========
[2014/12/02 23:13:11 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2014/12/02 23:13:11 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
[2014/12/01 04:48:58 | 000,000,517 | ---- | C] () -- C:\Users\user\Documents\a.ahk
[2014/11/30 22:57:49 | 000,002,279 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/30 22:57:49 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/30 22:57:17 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/30 22:57:17 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/28 02:18:48 | 000,392,068 | ---- | C] () -- C:\Windows\SysNative\perfh00D.dat
[2014/11/28 02:18:48 | 000,229,316 | ---- | C] () -- C:\Windows\SysNative\perfi00D.dat
[2014/11/28 02:18:48 | 000,084,542 | ---- | C] () -- C:\Windows\SysNative\perfc00D.dat
[2014/11/28 02:18:48 | 000,032,166 | ---- | C] () -- C:\Windows\SysNative\perfd00D.dat
[2014/11/27 03:49:25 | 000,049,152 | -H-- | C] () -- C:\Users\user\AppData\Local\wscntfy.exe
[2014/11/27 03:49:25 | 000,049,152 | -H-- | C] () -- C:\Users\user\AppData\Roaming\lsmass.exe
[2014/11/27 03:48:08 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2014/11/27 03:48:07 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2014/11/27 03:47:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/11/27 03:47:17 | 3173,376,000 | -HS- | C] () -- C:\hiberfil.sys
[2014/11/26 21:36:59 | 000,000,000 | -H-- | C] () -- C:\Users\user\Documents\Default.rdp
[2014/11/26 20:38:45 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/11/26 20:38:44 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/11/26 20:02:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/11/26 19:46:23 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/11/26 19:46:22 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/11/26 19:45:02 | 000,001,437 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/11/26 19:41:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/11/26 19:35:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/11/26 19:35:19 | 000,003,008 | ---- | C] () -- C:\Windows\SysNative\drivers\DTSU2P.DAT
[2014/11/26 19:35:17 | 002,121,008 | ---- | C] () -- C:\Windows\SysNative\SStudio.dll
[2014/11/26 19:35:16 | 005,804,772 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2014/11/26 19:35:15 | 001,372,153 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/11/26 19:35:07 | 000,096,568 | ---- | C] () -- C:\Windows\SysNative\audioLibVc.dll
[2014/11/26 19:35:06 | 000,109,848 | ---- | C] () -- C:\Windows\SysNative\AcpiServiceVnA64.dll
[2014/11/26 19:34:32 | 000,773,568 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/11/26 19:32:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2014/11/26 17:49:32 | 000,001,413 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/11/26 17:49:24 | 000,000,290 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/11/26 17:49:24 | 000,000,272 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/09/16 00:18:02 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2014/09/16 00:18:02 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2014/09/16 00:06:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014/09/16 00:06:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2014/09/15 18:19:58 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
========== ZeroAccess Check ==========
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/12/01 01:00:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Atropa
[2014/11/27 17:15:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ColorCop
[2014/12/01 00:55:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mylau
[2014/11/27 03:49:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Notepad++
[2014/12/01 02:10:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sizer
========== Purity Check ==========
< End of report >