also @ TechSpot: Google quietly adds conversational search to Chrome 27

Malwarebytes Anti-Malware successfully blocked access to a potentially malicious site

Discussion in 'Virus and Malware Removal' started by Parkor, Jan 13, 2013.

Post New Reply
Page 3 of 4

  1. Parkor Newcomer, in training Posts: 43

    # AdwCleaner v2.105 - Logfile created 01/14/2013 at 00:02:33
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows 8 (64 bits)
    # User : DJ - PARKER
    # Boot Mode : Normal
    # Running from : C:\Users\DJ\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\uTorrentControl_v2
    Folder Deleted : C:\Users\DJ\AppData\Local\Conduit
    Folder Deleted : C:\Users\DJ\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\DJ\AppData\LocalLow\uTorrentControl_v2

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\uTorrentControl_v2
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
    Key Deleted : HKLM\Software\uTorrentControl_v2
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36CCDB35-EBCC-4FE4-B067-DB960FE780FD}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{683303AA-F768-430D-B852-3A125B4D1832}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16453

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468 --> hxxp://www.google.com

    -\\ Google Chrome v24.0.1312.52

    File : C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=48"[...]
    Deleted [l.3355] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=48" ]

    *************************

    AdwCleaner[S1].txt - [3949 octets] - [14/01/2013 00:02:33]

    ########## EOF - C:\AdwCleaner[S1].txt - [4009 octets] ##########
    Parkor, Jan 14, 2013
    #41

  2. Parkor Newcomer, in training Posts: 43

    JRT won't run. I open it, and a command prompt wiindow just opens and closes
    Parkor, Jan 14, 2013
    #42

  3. Parkor Newcomer, in training Posts: 43

    I already disabled AVG
    Parkor, Jan 14, 2013
    #43

  4. Parkor Newcomer, in training Posts: 43

    OTL logfile created on: 1/14/2013 12:13:44 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DJ\Downloads
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16453)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.96 Gb Total Physical Memory | 13.34 Gb Available Physical Memory | 83.60% Memory free
    18.21 Gb Paging File | 14.95 Gb Available in Paging File | 82.10% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 55.90 Gb Total Space | 13.72 Gb Free Space | 24.55% Space Free | Partition Type: NTFS
    Drive D: | 350.00 Mb Total Space | 297.25 Mb Free Space | 84.93% Space Free | Partition Type: NTFS
    Drive E: | 1396.92 Gb Total Space | 1142.41 Gb Free Space | 81.78% Space Free | Partition Type: NTFS
    Drive G: | 1.91 Gb Total Space | 0.25 Gb Free Space | 12.83% Space Free | Partition Type: FAT

    Computer Name: PARKER | User Name: DJ | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/14 00:13:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DJ\Downloads\OTL.exe
    PRC - [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2012/12/31 14:12:56 | 001,354,736 | ---- | M] (Valve Corporation) -- E:\Program Files (x86)\Steam\Steam.exe
    PRC - [2012/12/26 10:02:44 | 000,541,760 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/10/22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/14 00:03:58 | 001,169,408 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\wx._core_.pyd
    MOD - [2013/01/14 00:03:58 | 001,056,256 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\wx._controls_.pyd
    MOD - [2013/01/14 00:03:58 | 001,024,616 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\windows._cacheinvalidation.pyd
    MOD - [2013/01/14 00:03:58 | 000,807,424 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\wx._windows_.pyd
    MOD - [2013/01/14 00:03:58 | 000,792,576 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\wx._gdi_.pyd
    MOD - [2013/01/14 00:03:58 | 000,731,136 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\wx._misc_.pyd
    MOD - [2013/01/14 00:03:58 | 000,645,120 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\_ssl.pyd
    MOD - [2013/01/14 00:03:58 | 000,585,728 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\unicodedata.pyd
    MOD - [2013/01/14 00:03:58 | 000,571,392 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\pysqlite2._sqlite.pyd
    MOD - [2013/01/14 00:03:58 | 000,354,304 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\pythoncom26.dll
    MOD - [2013/01/14 00:03:58 | 000,311,808 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\_hashlib.pyd
    MOD - [2013/01/14 00:03:58 | 000,263,168 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\win32com.shell.shell.pyd
    MOD - [2013/01/14 00:03:58 | 000,153,088 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\pyexpat.pyd
    MOD - [2013/01/14 00:03:58 | 000,121,856 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\wx._wizard.pyd
    MOD - [2013/01/14 00:03:58 | 000,111,104 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\win32file.pyd
    MOD - [2013/01/14 00:03:58 | 000,110,592 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\win32security.pyd
    MOD - [2013/01/14 00:03:58 | 000,110,592 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\pywintypes26.dll
    MOD - [2013/01/14 00:03:58 | 000,096,256 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\win32api.pyd
    MOD - [2013/01/14 00:03:58 | 000,086,016 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\_elementtree.pyd
    MOD - [2013/01/14 00:03:58 | 000,073,728 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\_ctypes.pyd
    MOD - [2013/01/14 00:03:58 | 000,070,656 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\wx._html2.pyd
    MOD - [2013/01/14 00:03:58 | 000,040,448 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\_socket.pyd
    MOD - [2013/01/14 00:03:58 | 000,039,424 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\win32inet.pyd
    MOD - [2013/01/14 00:03:58 | 000,036,352 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\win32process.pyd
    MOD - [2013/01/14 00:03:58 | 000,023,040 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\win32ts.pyd
    MOD - [2013/01/14 00:03:58 | 000,022,528 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\win32pdh.pyd
    MOD - [2013/01/14 00:03:58 | 000,017,920 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\win32profile.pyd
    MOD - [2013/01/14 00:03:58 | 000,017,920 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\win32event.pyd
    MOD - [2013/01/14 00:03:58 | 000,011,776 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\win32crypt.pyd
    MOD - [2013/01/14 00:03:58 | 000,011,776 | ---- | M] () -- C:\Users\DJ\AppData\Local\Temp\_MEI43122\select.pyd
    MOD - [2013/01/07 19:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
    MOD - [2013/01/07 19:06:21 | 012,459,624 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    MOD - [2013/01/07 19:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
    MOD - [2013/01/07 19:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
    MOD - [2013/01/07 19:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libegl.dll
    MOD - [2013/01/07 19:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
    MOD - [2012/12/31 14:15:47 | 000,647,168 | ---- | M] () -- E:\Program Files (x86)\Steam\sdl.dll
    MOD - [2012/12/26 10:02:43 | 020,320,240 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2012/12/26 10:02:43 | 001,100,800 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2012/12/26 10:02:43 | 000,969,280 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2012/12/26 10:02:43 | 000,192,000 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2012/12/26 10:02:43 | 000,124,416 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
    MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
    MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/12/05 23:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
    SRV:64bit: - [2012/12/05 23:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
    SRV:64bit: - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV:64bit: - [2012/11/05 23:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2012/10/18 04:52:28 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/09/20 04:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
    SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
    SRV:64bit: - [2012/09/20 01:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
    SRV:64bit: - [2012/07/25 22:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV:64bit: - [2012/07/25 22:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
    SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
    SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
    SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
    SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
    SRV:64bit: - [2012/07/25 22:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
    SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
    SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
    SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
    SRV:64bit: - [2012/07/25 22:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
    SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
    SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
    SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
    SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
    SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
    SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV - [2013/01/08 17:39:18 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/26 10:02:44 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/11/09 14:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/11/27 02:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2012/11/26 23:36:16 | 000,208,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
    DRV:64bit: - [2012/11/26 22:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
    DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
    DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
    DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2012/11/06 02:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
    DRV:64bit: - [2012/11/06 02:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
    DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
    DRV:64bit: - [2012/10/26 04:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
    DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/10/18 04:52:18 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/10/18 04:52:16 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
    DRV:64bit: - [2012/10/11 02:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
    DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2012/09/20 02:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
    DRV:64bit: - [2012/09/20 02:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
    DRV:64bit: - [2012/09/20 02:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
    DRV:64bit: - [2012/09/20 02:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
    DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2012/09/20 02:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/08/21 11:56:38 | 000,091,648 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
    DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
    DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
    DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
    DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
    DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
    DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
    DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
    DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
    DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
    DRV:64bit: - [2012/07/25 23:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
    DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
    DRV:64bit: - [2012/07/25 23:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
    DRV:64bit: - [2012/07/25 23:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
    DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
    DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
    DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
    DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
    DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
    DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
    DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
    DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
    DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
    DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
    DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
    DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
    DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
    DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
    DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
    DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
    DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
    DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
    DRV:64bit: - [2012/06/02 09:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
    DRV:64bit: - [2012/05/22 14:53:16 | 000,694,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RTL8192su.sys -- (RTL8192su)
    DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2010/10/20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
    DRV - [2003/04/04 15:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========
    Parkor, Jan 14, 2013
    #44

  5. Parkor Newcomer, in training Posts: 43

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3044163233-2214013121-3301013928-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-3044163233-2214013121-3301013928-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
    IE - HKU\S-1-5-21-3044163233-2214013121-3301013928-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-3044163233-2214013121-3301013928-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 2A 58 E8 5A E9 CD 01 [binary data]
    IE - HKU\S-1-5-21-3044163233-2214013121-3301013928-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3044163233-2214013121-3301013928-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-3044163233-2214013121-3301013928-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\DJ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\DJ\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DJ\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DJ\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\pokki.com/PokkiDownloadHelper: C:\Users\DJ\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\RelevantKnowledge\firefox

    [2013/01/03 07:28:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DJ\AppData\Roaming\mozilla\Firefox\extensions
    [2013/01/03 07:28:28 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\DJ\AppData\Roaming\mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
    [2012/10/01 20:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\DJ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\DJ\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
    CHR - plugin: Pokki Download Helper (Enabled) = C:\Users\DJ\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - Extension: No Hulu Ads = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjcidbbokfiifpnpcglbehanlligmlh\1.3.5_0\
    CHR - Extension: Strict Pomodoro = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd\1.5.0.5_0\
    CHR - Extension: Facebook Courage Wolf = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmfejcfgfpcifgkniepcdakpiplpjgam\0.0.0.2_0\
    CHR - Extension: Facebook Friend Inviter = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\fojfflomljfbdfdcfmiihnijjfnnakdn\1.1_0\
    CHR - Extension: AdBlock = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
    CHR - Extension: Netflix Enhancements = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\glefmeoggphbdgeddmnmhfejpiipcmlf\0.2.3_0\
    CHR - Extension: Memorize! = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfiakckbklmccchjegnnojbalafebakb\1.4.5_0\
    CHR - Extension: Reddit Enhancement Suite = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.5_0\
    CHR - Extension: Edit Any Page = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbjnggcjnmmicalchfiljffebcmfgcbh\1.2_0\
    CHR - Extension: Ti\u00EBsto = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\
    CHR - Extension: Hover Zoom = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.8.3_0\
    CHR - Extension: Instagram for Chrome = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\3.5.8_0\
    CHR - Extension: Facebook Invite All Subrange = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\phlacnclhiinhhoaonnoflhaoaklmfek\0.1.1_0\

    O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Coupon Companion Plugin) - {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll (215 Apps)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [StartCCC] e:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-3044163233-2214013121-3301013928-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKU\S-1-5-21-3044163233-2214013121-3301013928-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-3044163233-2214013121-3301013928-1001..\Run: [Steam] E:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-3044163233-2214013121-3301013928-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-3044163233-2214013121-3301013928-1001..\Run: [uTorrent] e:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1517A28E-FBC3-4EDA-99E5-A32C81D05C19}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
    O29 - HKLM SecurityProviders - (credssp.dll) - File not found
    O30 - LSA: Security Packages - (livessp) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/14 01:50:10 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/01/14 00:08:09 | 000,499,023 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\DJ\Desktop\JRT (3).exe
    [2013/01/14 00:05:59 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/13 22:16:38 | 000,000,000 | ---D | C] -- C:\Users\DJ\Desktop\rkill
    [2013/01/13 21:31:43 | 000,000,000 | ---D | C] -- C:\Users\DJ\Desktop\RK_Quarantine
    [2013/01/13 15:56:09 | 000,000,000 | ---D | C] -- C:\Users\DJ\Desktop\tdsskiller
    [2013/01/13 15:32:10 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\SUPERAntiSpyware.com
    [2013/01/13 15:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2013/01/13 15:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/01/13 15:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/01/13 15:17:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2013/01/12 22:51:14 | 000,000,000 | ---D | C] -- C:\Users\DJ\Desktop\Apex Rise Trap Sample Pack 1
    [2013/01/12 22:20:14 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Malwarebytes
    [2013/01/12 22:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/12 22:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/01/12 22:20:08 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/01/12 18:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/01/12 18:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/01/12 18:12:23 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
    [2013/01/12 18:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2013/01/12 18:12:05 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Programs
    [2013/01/12 17:33:25 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\AVG2013
    [2013/01/12 17:32:25 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\TuneUp Software
    [2013/01/12 17:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/01/12 17:32:21 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2013/01/12 17:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2013/01/12 17:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2013/01/12 17:30:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2013/01/12 17:30:25 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\MFAData
    [2013/01/12 17:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2013/01/12 17:30:25 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Avg2013
    [2013/01/12 08:43:25 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2013/01/12 08:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2013/01/12 08:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/01/12 01:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
    [2013/01/11 22:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Net Tools
    [2013/01/11 22:17:50 | 000,077,824 | ---- | C] (JVSoftware) -- C:\Windows\SysWow64\nmapwin.exe
    [2013/01/11 22:17:49 | 000,114,688 | ---- | C] (Open Source Telecom) -- C:\Windows\SysWow64\CCGNU32.dll
    [2013/01/11 22:17:45 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\Windows\SysWow64\aamd532.dll
    [2013/01/11 22:17:44 | 000,939,224 | ---- | C] (Macromedia, Inc.) -- C:\Windows\SysWow64\Flash.ocx
    [2013/01/11 22:16:31 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Coupon Companion Plugin
    [2013/01/11 22:16:27 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Updater21804
    [2013/01/11 22:16:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion Plugin
    [2013/01/11 19:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKV Player
    [2013/01/10 17:39:05 | 000,000,000 | ---D | C] -- C:\Users\DJ\Documents\Custom Office Templates
    [2013/01/10 17:19:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013/01/10 16:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    [2013/01/10 16:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2013/01/10 16:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2013/01/10 16:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
    [2013/01/10 16:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/01/10 16:51:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2013/01/10 16:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
    [2013/01/10 16:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
    [2013/01/10 16:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2013/01/10 16:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2013/01/10 16:49:28 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Microsoft Help
    [2013/01/10 16:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2013/01/10 16:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2013/01/10 16:49:17 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2013/01/10 16:39:44 | 000,000,000 | --SD | C] -- C:\Users\DJ\Google Drive
    [2013/01/10 16:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    [2013/01/09 19:47:24 | 000,000,000 | R--D | C] -- C:\Users\DJ\Desktop\GLIDE Project
    [2013/01/09 16:49:53 | 000,000,000 | ---D | C] -- C:\Users\DJ\Desktop\The Official Lex Luger Sound Kit (LEWIS CITY)
    [2013/01/09 16:46:58 | 000,000,000 | ---D | C] -- C:\Users\DJ\Desktop\Free.Lex.Luger.Drum.Kits.Samples-Download.FULL.KIT.from.HexLoops.com
    [2013/01/09 07:37:25 | 000,000,000 | ---D | C] -- C:\Users\DJ\Documents\Native Instruments
    [2013/01/09 07:37:24 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Native Instruments
    [2013/01/09 07:34:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
    [2013/01/09 07:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
    [2013/01/09 07:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments
    [2013/01/09 07:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign
    [2013/01/09 07:34:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
    [2013/01/09 07:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
    [2013/01/09 07:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
    [2013/01/09 07:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
    [2013/01/08 21:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton
    [2013/01/08 21:53:02 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\CrashDumps
    [2013/01/08 21:53:01 | 000,000,000 | ---D | C] -- C:\Users\DJ\Documents\Ableton
    [2013/01/08 21:52:29 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Ableton
    [2013/01/08 21:51:54 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
    [2013/01/08 21:51:54 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
    [2013/01/08 21:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton
    [2013/01/08 19:55:40 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\logs
    [2013/01/08 19:55:40 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\.techniclauncher
    [2013/01/08 19:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2013/01/06 19:03:26 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\ATI
    [2013/01/06 19:03:26 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\ATI
    [2013/01/06 19:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2013/01/06 19:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
    [2013/01/06 19:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
    [2013/01/06 19:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
    [2013/01/06 19:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
    [2013/01/06 19:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    [2013/01/06 19:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2013/01/06 13:43:15 | 000,000,000 | ---D | C] -- C:\Users\DJ\jagexcache
    [2013/01/05 12:28:49 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\PAYDAY
    [2013/01/05 12:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2013/01/05 12:01:43 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Awesomium
    [2013/01/05 12:00:14 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Uber_Entertainment
    [2013/01/05 12:00:13 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\UberLauncher
    [2013/01/05 12:00:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
    [2013/01/05 01:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
    [2013/01/05 00:50:18 | 000,000,000 | ---D | C] -- C:\Users\DJ\Documents\Shiner
    [2013/01/04 20:48:07 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\ArmA 2 OA
    [2013/01/04 20:47:16 | 000,000,000 | ---D | C] -- C:\Users\DJ\Documents\ArmA 2
    [2013/01/04 20:47:16 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\ArmA 2
    [2013/01/04 20:47:13 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
    [2013/01/04 20:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
    [2013/01/04 20:46:24 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\DayZCommander
    [2013/01/04 20:23:15 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunt 1.0
    [2013/01/04 16:59:26 | 000,000,000 | ---D | C] -- C:\Users\DJ\Documents\My Games
    [2013/01/04 16:12:49 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\LolClient
    [2013/01/04 15:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2013/01/04 15:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2013/01/04 15:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
    [2013/01/04 15:38:40 | 000,000,000 | ---D | C] -- C:\Users\DJ\.swt
    [2013/01/04 15:36:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2013/01/04 15:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
    [2013/01/03 21:50:46 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Pokki
    [2013/01/03 18:34:29 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    [2013/01/03 16:47:07 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\TechSmith
    [2013/01/03 16:47:01 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\TechSmith
    [2013/01/03 16:46:58 | 000,000,000 | ---D | C] -- C:\Users\DJ\Documents\Camtasia Studio
    [2013/01/03 16:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
    [2013/01/03 16:46:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2013/01/03 16:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
    [2013/01/03 16:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
    [2013/01/03 16:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
    [2013/01/03 16:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
    [2013/01/03 16:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2013/01/03 16:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
    [2013/01/03 16:36:02 | 000,000,000 | ---D | C] -- C:\Users\DJ\Documents\telltale games
    [2013/01/03 07:28:30 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\CRE
    [2013/01/03 07:28:27 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Mozilla
    [2013/01/03 07:27:40 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\uTorrent
    [2013/01/03 00:29:54 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2013/01/03 00:29:45 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2013/01/03 00:29:24 | 000,000,000 | -HSD | C] -- C:\Boot
    [2013/01/02 22:17:11 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\.minecraft
    [2013/01/02 21:59:30 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\WinRAR
    [2013/01/02 21:59:30 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2013/01/02 21:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2013/01/02 21:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2013/01/02 21:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
    [2013/01/02 21:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2013/01/02 21:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2013/01/02 21:42:39 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Macromedia
    [2013/01/02 21:40:47 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Skype
    [2013/01/02 21:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/01/02 21:40:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2013/01/02 21:40:43 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2013/01/02 21:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2013/01/02 21:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
    [2013/01/02 21:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013/01/02 21:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
    [2013/01/02 21:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2013/01/02 21:35:10 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Google
    [2013/01/02 21:32:17 | 000,000,000 | R--D | C] -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2013/01/02 21:32:17 | 000,000,000 | R--D | C] -- C:\Users\DJ\Searches
    [2013/01/02 21:32:17 | 000,000,000 | R--D | C] -- C:\Users\DJ\Contacts
    [2013/01/02 21:32:17 | 000,000,000 | R--D | C] -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2013/01/02 21:32:17 | 000,000,000 | -H-D | C] -- C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2013/01/02 21:32:17 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Adobe
    [2013/01/02 21:32:05 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\VirtualStore
    [2013/01/02 21:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache
    [2013/01/02 21:32:04 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Packages
    [2013/01/02 21:32:01 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2013/01/02 21:31:56 | 000,000,000 | --SD | C] -- C:\Users\DJ\AppData\Roaming\Microsoft
    [2013/01/02 21:31:56 | 000,000,000 | R--D | C] -- C:\Users\DJ\Videos
    [2013/01/02 21:31:56 | 000,000,000 | R--D | C] -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    [2013/01/02 21:31:56 | 000,000,000 | R--D | C] -- C:\Users\DJ\Saved Games
    [2013/01/02 21:31:56 | 000,000,000 | R--D | C] -- C:\Users\DJ\Pictures
    [2013/01/02 21:31:56 | 000,000,000 | R--D | C] -- C:\Users\DJ\Music
    [2013/01/02 21:31:56 | 000,000,000 | R--D | C] -- C:\Users\DJ\Links
    [2013/01/02 21:31:56 | 000,000,000 | R--D | C] -- C:\Users\DJ\Favorites
    [2013/01/02 21:31:56 | 000,000,000 | R--D | C] -- C:\Users\DJ\Downloads
    [2013/01/02 21:31:56 | 000,000,000 | R--D | C] -- C:\Users\DJ\Documents
    [2013/01/02 21:31:56 | 000,000,000 | R--D | C] -- C:\Users\DJ\Desktop
    [2013/01/02 21:31:56 | 000,000,000 | R--D | C] -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2013/01/02 21:31:56 | 000,000,000 | R--D | C] -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    [2013/01/02 21:31:56 | 000,000,000 | -HSD | C] -- C:\Users\DJ\AppData\Local\Temporary Internet Files
    [2013/01/02 21:31:56 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Templates
    [2013/01/02 21:31:56 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Start Menu
    [2013/01/02 21:31:56 | 000,000,000 | -HSD | C] -- C:\Users\DJ\SendTo
    [2013/01/02 21:31:56 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Recent
    [2013/01/02 21:31:56 | 000,000,000 | -HSD | C] -- C:\Users\DJ\PrintHood
    [2013/01/02 21:31:56 | 000,000,000 | -HSD | C] -- C:\Users\DJ\NetHood
    [2013/01/02 21:31:56 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Documents\My Videos
    [2013/01/02 21:31:56 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Documents\My Pictures
    [2013/01/02 21:31:56 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Documents\My Music
    [2013/01/02 21:31:56 | 000,000,000 | -HSD | C] -- C:\Users\DJ\My Documents
    [2013/01/02 21:31:56 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Local Settings
    [2013/01/02 21:31:56 | 000,000,000 | -HSD | C] -- C:\Users\DJ\AppData\Local\History
    [2013/01/02 21:31:56 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Cookies
    [2013/01/02 21:31:56 | 000,000,000 | -HSD | C] -- C:\Users\DJ\Application Data
    [2013/01/02 21:31:56 | 000,000,000 | -HSD | C] -- C:\Users\DJ\AppData\Local\Application Data
    [2013/01/02 21:31:56 | 000,000,000 | -H-D | C] -- C:\Users\DJ\AppData
    [2013/01/02 21:31:56 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Temp
    [2013/01/02 21:31:56 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Local\Microsoft
    [2013/01/02 21:31:56 | 000,000,000 | ---D | C] -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2012/12/26 08:50:21 | 000,000,000 | -HSD | C] -- C:\Recovery
    [2012/12/26 08:49:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    Parkor, Jan 14, 2013
    #45

  6. Parkor Newcomer, in training Posts: 43

    ========== Files - Modified Within 30 Days ==========

    [2013/01/14 00:09:29 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/14 00:09:29 | 000,718,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/14 00:09:29 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/14 00:08:13 | 000,499,023 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\DJ\Desktop\JRT (3).exe
    [2013/01/14 00:05:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/14 00:03:47 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/14 00:03:24 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
    [2013/01/14 00:03:19 | 826,941,437 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/14 00:01:30 | 000,554,087 | ---- | M] () -- C:\Users\DJ\Desktop\adwcleaner.exe
    [2013/01/13 23:46:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3044163233-2214013121-3301013928-1001UA.job
    [2013/01/13 23:40:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/13 23:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/13 23:32:00 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f80611e4-a410-4fd3-b7c0-1c618bc4f252.job
    [2013/01/13 22:53:20 | 000,002,259 | ---- | M] () -- C:\Users\DJ\Desktop\Google Chrome.lnk
    [2013/01/13 22:42:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
    [2013/01/13 21:31:34 | 000,764,416 | ---- | M] () -- C:\Users\DJ\Desktop\RogueKiller.exe
    [2013/01/13 20:46:00 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3044163233-2214013121-3301013928-1001Core.job
    [2013/01/13 15:55:40 | 002,195,061 | ---- | M] () -- C:\Users\DJ\Desktop\tdsskiller.zip
    [2013/01/13 15:51:07 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 31b9111b-1432-484b-927c-d61581e72c2d.job
    [2013/01/13 15:32:09 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/01/12 22:47:02 | 000,422,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/12 22:45:20 | 000,001,938 | ---- | M] () -- C:\Windows\wininit.ini
    [2013/01/12 22:20:09 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/12 18:12:36 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/01/12 17:34:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2013/01/12 17:32:25 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2013/01/11 22:17:53 | 000,000,730 | ---- | M] () -- C:\Users\DJ\Desktop\NetTools.lnk
    [2013/01/11 19:33:10 | 008,141,967 | ---- | M] ( ) -- C:\Users\DJ\Desktop\MKVPlayerSetupD.exe
    [2013/01/10 17:26:16 | 000,000,953 | ---- | M] () -- C:\Users\DJ\Desktop\Apex Rise Trap Sample Pack 1.lnk
    [2013/01/10 16:39:45 | 000,001,694 | ---- | M] () -- C:\Users\DJ\Desktop\Google Drive.lnk
    [2013/01/09 22:29:21 | 000,329,315 | ---- | M] () -- C:\Users\DJ\Desktop\Parkor - Glide.wav.asd
    [2013/01/09 22:29:04 | 043,446,902 | ---- | M] () -- C:\Users\DJ\Desktop\Parkor - Glide.wav
    [2013/01/09 22:25:51 | 157,686,659 | ---- | M] () -- C:\Users\DJ\Desktop\GLIDEe.rar
    [2013/01/09 22:08:39 | 000,329,305 | ---- | M] () -- C:\Users\DJ\Desktop\GLIDEe320.wav.asd
    [2013/01/09 22:07:41 | 231,716,620 | ---- | M] () -- C:\Users\DJ\Desktop\GLIDEe320.wav
    [2013/01/09 22:00:02 | 000,305,581 | ---- | M] () -- C:\Users\DJ\Desktop\GLIDEe160.wav.asd
    [2013/01/09 21:59:50 | 026,611,244 | ---- | M] () -- C:\Users\DJ\Desktop\GLIDEe160.wav
    [2013/01/09 21:49:55 | 000,305,425 | ---- | M] () -- C:\Users\DJ\Desktop\GLIDEe240.wav.asd
    [2013/01/09 21:34:53 | 000,329,419 | ---- | M] () -- C:\Users\DJ\Desktop\GLIDEe.wav.asd
    [2013/01/09 21:33:52 | 231,716,620 | ---- | M] () -- C:\Users\DJ\Desktop\GLIDEe.wav
    [2013/01/09 21:23:17 | 000,332,829 | ---- | M] () -- C:\Users\DJ\Desktop\GLIDE.wav.asd
    [2013/01/09 21:23:02 | 029,030,444 | ---- | M] () -- C:\Users\DJ\Desktop\GLIDE.wav
    [2013/01/09 17:49:18 | 000,305,237 | ---- | M] () -- C:\Users\DJ\Desktop\trap1.wav.asd
    [2013/01/09 17:49:04 | 026,611,244 | ---- | M] () -- C:\Users\DJ\Desktop\trap1.wav
    [2013/01/09 07:34:48 | 000,000,624 | ---- | M] () -- C:\Users\Public\Desktop\Massive.lnk
    [2013/01/09 07:34:38 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk
    [2013/01/08 19:55:41 | 000,582,227 | ---- | M] () -- C:\Users\DJ\AppData\Roaming\technic-launcher.jar
    [2013/01/07 20:53:03 | 000,005,632 | ---- | M] () -- C:\Users\DJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/01/06 15:49:01 | 000,000,221 | ---- | M] () -- C:\Users\DJ\Desktop\Mass Effect.url
    [2013/01/06 15:48:27 | 000,000,221 | ---- | M] () -- C:\Users\DJ\Desktop\Prototype.url
    [2013/01/06 15:48:13 | 000,000,220 | ---- | M] () -- C:\Users\DJ\Desktop\BioShock.url
    [2013/01/06 15:47:58 | 000,000,221 | ---- | M] () -- C:\Users\DJ\Desktop\Dead Space.url
    [2013/01/06 15:33:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    [2013/01/06 13:49:12 | 000,000,024 | ---- | M] () -- C:\Users\DJ\random.dat
    [2013/01/06 13:43:15 | 000,000,041 | ---- | M] () -- C:\Users\DJ\jagex_cl_runescape_LIVE.dat
    [2013/01/05 01:21:12 | 000,000,222 | ---- | M] () -- C:\Users\DJ\Desktop\ARMA 2 Operation Arrowhead Beta.url
    [2013/01/04 20:55:17 | 000,001,089 | ---- | M] () -- C:\Users\DJ\Desktop\Steam - Shortcut (2).lnk
    [2013/01/04 20:46:09 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
    [2013/01/04 20:23:15 | 000,001,029 | ---- | M] () -- C:\Users\DJ\Desktop\Haunt 64bit Shortcut.lnk
    [2013/01/04 15:45:11 | 000,000,641 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
    [2013/01/04 15:31:37 | 000,000,221 | ---- | M] () -- C:\Users\DJ\Desktop\Amnesia The Dark Descent.url
    [2013/01/04 15:31:34 | 000,000,221 | ---- | M] () -- C:\Users\DJ\Desktop\ARMA 2.url
    [2013/01/04 15:31:22 | 000,000,221 | ---- | M] () -- C:\Users\DJ\Desktop\ARMA 2 Operation Arrowhead.url
    [2013/01/04 15:31:18 | 000,000,221 | ---- | M] () -- C:\Users\DJ\Desktop\Batman Arkham Asylum GOTY Edition.url
    [2013/01/04 15:31:14 | 000,000,219 | ---- | M] () -- C:\Users\DJ\Desktop\Counter-Strike Source.url
    [2013/01/04 15:31:11 | 000,000,221 | ---- | M] () -- C:\Users\DJ\Desktop\Dungeon Defenders.url
    [2013/01/04 15:31:07 | 000,000,220 | ---- | M] () -- C:\Users\DJ\Desktop\Garry's Mod.url
    [2013/01/04 15:31:04 | 000,000,218 | ---- | M] () -- C:\Users\DJ\Desktop\Half-Life.url
    [2013/01/04 15:30:55 | 000,000,222 | ---- | M] () -- C:\Users\DJ\Desktop\Hitman Absolution.url
    [2013/01/04 15:30:51 | 000,000,220 | ---- | M] () -- C:\Users\DJ\Desktop\Killing Floor.url
    [2013/01/04 15:30:45 | 000,000,222 | ---- | M] () -- C:\Users\DJ\Desktop\Orcs Must Die! 2.url
    [2013/01/04 15:30:42 | 000,000,221 | ---- | M] () -- C:\Users\DJ\Desktop\PAYDAY The Heist.url
    [2013/01/04 15:30:21 | 000,000,219 | ---- | M] () -- C:\Users\DJ\Desktop\Portal 2.url
    [2013/01/04 15:30:06 | 000,000,222 | ---- | M] () -- C:\Users\DJ\Desktop\Super Monday Night Combat.url
    [2013/01/04 15:30:00 | 000,000,219 | ---- | M] () -- C:\Users\DJ\Desktop\Team Fortress 2.url
    [2013/01/04 15:29:47 | 000,000,222 | ---- | M] () -- C:\Users\DJ\Desktop\Terraria.url
    [2013/01/04 15:29:37 | 000,000,222 | ---- | M] () -- C:\Users\DJ\Desktop\The Walking Dead.url
    [2013/01/03 18:34:45 | 000,000,221 | ---- | M] () -- C:\Users\DJ\Desktop\Mass Effect 2.url
    [2013/01/03 18:34:29 | 000,000,222 | ---- | M] () -- C:\Users\DJ\Desktop\Torchlight II.url
    [2013/01/03 16:46:42 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
    [2013/01/03 15:11:42 | 015,512,472 | ---- | M] () -- C:\Users\DJ\Documents\****ingdopeasstrapshit.wav
    [2013/01/03 07:28:21 | 000,000,658 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2013/01/03 07:28:21 | 000,000,658 | ---- | M] () -- C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2013/01/03 00:30:00 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
    [2013/01/02 21:40:45 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/01/02 21:34:51 | 000,001,428 | ---- | M] () -- C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

    ========== Files Created - No Company Name ==========

    [2013/01/14 00:01:43 | 000,554,087 | ---- | C] () -- C:\Users\DJ\Desktop\adwcleaner.exe
    [2013/01/13 22:42:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
    [2013/01/13 21:31:37 | 000,764,416 | ---- | C] () -- C:\Users\DJ\Desktop\RogueKiller.exe
    [2013/01/13 15:55:51 | 002,195,061 | ---- | C] () -- C:\Users\DJ\Desktop\tdsskiller.zip
    [2013/01/13 15:32:16 | 000,000,518 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f80611e4-a410-4fd3-b7c0-1c618bc4f252.job
    [2013/01/13 15:32:16 | 000,000,518 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 31b9111b-1432-484b-927c-d61581e72c2d.job
    [2013/01/13 15:32:09 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/01/12 22:47:00 | 000,422,160 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/12 22:30:00 | 000,001,938 | ---- | C] () -- C:\Windows\wininit.ini
    [2013/01/12 22:20:09 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/12 18:12:36 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/01/12 18:12:36 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/01/12 17:32:25 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2013/01/12 08:43:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2013/01/11 22:17:53 | 000,000,730 | ---- | C] () -- C:\Users\DJ\Desktop\NetTools.lnk
    [2013/01/11 22:17:50 | 000,809,345 | ---- | C] () -- C:\Windows\SysWow64\nmap-os-fingerprints
    [2013/01/11 22:17:50 | 000,557,444 | ---- | C] () -- C:\Windows\SysWow64\nmap-service-probes
    [2013/01/11 22:17:50 | 000,482,123 | ---- | C] () -- C:\Windows\SysWow64\nmapwin.chm
    [2013/01/11 22:17:50 | 000,452,096 | ---- | C] () -- C:\Windows\SysWow64\nmap.exe
    [2013/01/11 22:17:50 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\nmapserv.exe
    [2013/01/11 22:17:50 | 000,225,546 | ---- | C] () -- C:\Windows\SysWow64\nmap-mac-prefixes
    [2013/01/11 22:17:50 | 000,192,007 | ---- | C] () -- C:\Windows\SysWow64\CHANGELOG
    [2013/01/11 22:17:50 | 000,108,536 | ---- | C] () -- C:\Windows\SysWow64\nmap-services
    [2013/01/11 22:17:50 | 000,025,611 | ---- | C] () -- C:\Windows\SysWow64\COPYING
    [2013/01/11 22:17:50 | 000,021,552 | ---- | C] () -- C:\Windows\SysWow64\nmap.xsl
    [2013/01/11 22:17:50 | 000,017,955 | ---- | C] () -- C:\Windows\SysWow64\nmap-rpc
    [2013/01/11 22:17:50 | 000,006,318 | ---- | C] () -- C:\Windows\SysWow64\nmap-protocols
    [2013/01/11 22:17:50 | 000,000,192 | ---- | C] () -- C:\Windows\SysWow64\nmap_performance.reg
    [2013/01/11 22:17:44 | 000,010,348 | ---- | C] () -- C:\Windows\SysWow64\SubclassingSink.tlb
    [2013/01/11 19:33:05 | 008,141,967 | ---- | C] ( ) -- C:\Users\DJ\Desktop\MKVPlayerSetupD.exe
    [2013/01/10 17:26:16 | 000,000,953 | ---- | C] () -- C:\Users\DJ\Desktop\Apex Rise Trap Sample Pack 1.lnk
    [2013/01/10 16:39:45 | 000,001,694 | ---- | C] () -- C:\Users\DJ\Desktop\Google Drive.lnk
    [2013/01/09 22:29:21 | 000,329,315 | ---- | C] () -- C:\Users\DJ\Desktop\Parkor - Glide.wav.asd
    [2013/01/09 22:26:29 | 043,446,902 | ---- | C] () -- C:\Users\DJ\Desktop\Parkor - Glide.wav
    [2013/01/09 22:25:34 | 157,686,659 | ---- | C] () -- C:\Users\DJ\Desktop\GLIDEe.rar
    [2013/01/09 22:08:39 | 000,329,305 | ---- | C] () -- C:\Users\DJ\Desktop\GLIDEe320.wav.asd
    [2013/01/09 22:07:41 | 231,716,620 | ---- | C] () -- C:\Users\DJ\Desktop\GLIDEe320.wav
    [2013/01/09 21:59:50 | 026,611,244 | ---- | C] () -- C:\Users\DJ\Desktop\GLIDEe160.wav
    [2013/01/09 21:59:50 | 000,305,581 | ---- | C] () -- C:\Users\DJ\Desktop\GLIDEe160.wav.asd
    [2013/01/09 21:49:55 | 000,305,425 | ---- | C] () -- C:\Users\DJ\Desktop\GLIDEe240.wav.asd
    [2013/01/09 21:34:53 | 000,329,419 | ---- | C] () -- C:\Users\DJ\Desktop\GLIDEe.wav.asd
    [2013/01/09 21:32:28 | 231,716,620 | ---- | C] () -- C:\Users\DJ\Desktop\GLIDEe.wav
    [2013/01/09 21:23:02 | 029,030,444 | ---- | C] () -- C:\Users\DJ\Desktop\GLIDE.wav
    [2013/01/09 21:23:02 | 000,332,829 | ---- | C] () -- C:\Users\DJ\Desktop\GLIDE.wav.asd
    [2013/01/09 17:48:36 | 000,305,237 | ---- | C] () -- C:\Users\DJ\Desktop\trap1.wav.asd
    [2013/01/09 16:41:09 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
    [2013/01/09 16:41:09 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
    [2013/01/09 16:28:00 | 026,611,244 | ---- | C] () -- C:\Users\DJ\Desktop\trap1.wav
    [2013/01/09 07:34:48 | 000,000,624 | ---- | C] () -- C:\Users\Public\Desktop\Massive.lnk
    [2013/01/09 07:34:38 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk
    [2013/01/08 20:41:10 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3044163233-2214013121-3301013928-1001UA.job
    [2013/01/08 20:41:10 | 000,000,858 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3044163233-2214013121-3301013928-1001Core.job
    [2013/01/08 19:55:40 | 000,582,227 | ---- | C] () -- C:\Users\DJ\AppData\Roaming\technic-launcher.jar
    [2013/01/06 15:49:01 | 000,000,221 | ---- | C] () -- C:\Users\DJ\Desktop\Mass Effect.url
    [2013/01/06 15:48:27 | 000,000,221 | ---- | C] () -- C:\Users\DJ\Desktop\Prototype.url
    [2013/01/06 15:48:13 | 000,000,220 | ---- | C] () -- C:\Users\DJ\Desktop\BioShock.url
    [2013/01/06 15:47:58 | 000,000,221 | ---- | C] () -- C:\Users\DJ\Desktop\Dead Space.url
    [2013/01/06 15:33:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    [2013/01/06 13:43:15 | 000,000,041 | ---- | C] () -- C:\Users\DJ\jagex_cl_runescape_LIVE.dat
    [2013/01/06 13:43:15 | 000,000,024 | ---- | C] () -- C:\Users\DJ\random.dat
    [2013/01/05 01:21:12 | 000,000,222 | ---- | C] () -- C:\Users\DJ\Desktop\ARMA 2 Operation Arrowhead Beta.url
    [2013/01/04 20:55:20 | 000,001,089 | ---- | C] () -- C:\Users\DJ\Desktop\Steam - Shortcut (2).lnk
    [2013/01/04 20:46:09 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
    [2013/01/04 20:23:15 | 000,001,029 | ---- | C] () -- C:\Users\DJ\Desktop\Haunt 64bit Shortcut.lnk
    [2013/01/04 17:20:00 | 000,385,604 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
    [2013/01/04 15:56:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/04 15:45:11 | 000,000,641 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
    [2013/01/04 15:31:37 | 000,000,221 | ---- | C] () -- C:\Users\DJ\Desktop\Amnesia The Dark Descent.url
    [2013/01/04 15:31:34 | 000,000,221 | ---- | C] () -- C:\Users\DJ\Desktop\ARMA 2.url
    [2013/01/04 15:31:22 | 000,000,221 | ---- | C] () -- C:\Users\DJ\Desktop\ARMA 2 Operation Arrowhead.url
    [2013/01/04 15:31:14 | 000,000,219 | ---- | C] () -- C:\Users\DJ\Desktop\Counter-Strike Source.url
    [2013/01/04 15:31:11 | 000,000,221 | ---- | C] () -- C:\Users\DJ\Desktop\Dungeon Defenders.url
    [2013/01/04 15:31:07 | 000,000,220 | ---- | C] () -- C:\Users\DJ\Desktop\Garry's Mod.url
    [2013/01/04 15:31:04 | 000,000,218 | ---- | C] () -- C:\Users\DJ\Desktop\Half-Life.url
    [2013/01/04 15:30:55 | 000,000,222 | ---- | C] () -- C:\Users\DJ\Desktop\Hitman Absolution.url
    [2013/01/04 15:30:51 | 000,000,220 | ---- | C] () -- C:\Users\DJ\Desktop\Killing Floor.url
    [2013/01/04 15:30:45 | 000,000,222 | ---- | C] () -- C:\Users\DJ\Desktop\Orcs Must Die! 2.url
    [2013/01/04 15:30:42 | 000,000,221 | ---- | C] () -- C:\Users\DJ\Desktop\PAYDAY The Heist.url
    [2013/01/04 15:30:12 | 000,000,219 | ---- | C] () -- C:\Users\DJ\Desktop\Portal 2.url
    [2013/01/04 15:30:06 | 000,000,222 | ---- | C] () -- C:\Users\DJ\Desktop\Super Monday Night Combat.url
    [2013/01/04 15:30:00 | 000,000,219 | ---- | C] () -- C:\Users\DJ\Desktop\Team Fortress 2.url
    [2013/01/04 15:29:47 | 000,000,222 | ---- | C] () -- C:\Users\DJ\Desktop\Terraria.url
    [2013/01/04 15:29:37 | 000,000,222 | ---- | C] () -- C:\Users\DJ\Desktop\The Walking Dead.url
    [2013/01/03 18:34:58 | 000,000,221 | ---- | C] () -- C:\Users\DJ\Desktop\Batman Arkham Asylum GOTY Edition.url
    [2013/01/03 18:34:45 | 000,000,221 | ---- | C] () -- C:\Users\DJ\Desktop\Mass Effect 2.url
    [2013/01/03 18:34:29 | 000,000,222 | ---- | C] () -- C:\Users\DJ\Desktop\Torchlight II.url
    [2013/01/03 16:58:44 | 000,005,632 | ---- | C] () -- C:\Users\DJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/01/03 16:46:42 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
    [2013/01/03 15:09:32 | 015,512,472 | ---- | C] () -- C:\Users\DJ\Documents\****ingdopeasstrapshit.wav
    [2013/01/03 07:28:21 | 000,000,658 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2013/01/03 07:28:21 | 000,000,658 | ---- | C] () -- C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2013/01/03 00:30:31 | 826,941,437 | -HS- | C] () -- C:\hiberfil.sys
    [2013/01/03 00:30:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2013/01/03 00:29:45 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
    [2013/01/02 21:40:45 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/01/02 21:36:09 | 000,002,259 | ---- | C] () -- C:\Users\DJ\Desktop\Google Chrome.lnk
    [2013/01/02 21:35:13 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/02 21:35:13 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/02 21:34:51 | 000,001,428 | ---- | C] () -- C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/01/02 21:32:17 | 000,001,434 | ---- | C] () -- C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2013/01/02 21:31:56 | 000,000,352 | ---- | C] () -- C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2013/01/02 21:31:56 | 000,000,334 | ---- | C] () -- C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2012/10/18 04:52:18 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/10/18 04:52:10 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/10/18 04:52:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

    ========== ZeroAccess Check ==========

    [2013/01/04 16:58:57 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/11/05 23:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/11/05 23:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/01/02 22:36:38 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\.minecraft
    [2013/01/08 19:59:48 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\.techniclauncher
    [2013/01/08 21:53:01 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Ableton
    [2013/01/12 17:33:25 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\AVG2013
    [2013/01/05 12:27:59 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\Awesomium
    [2013/01/08 19:59:43 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\logs
    [2013/01/04 16:12:49 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\LolClient
    [2013/01/03 16:47:01 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\TechSmith
    [2013/01/12 17:32:25 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\TuneUp Software
    [2013/01/13 22:47:06 | 000,000,000 | ---D | M] -- C:\Users\DJ\AppData\Roaming\uTorrent

    ========== Purity Check ==========


    < End of report >
    Parkor, Jan 14, 2013
    #46
     

  7. Broni Malware Annihilator Posts: 39,324   +175

    Re-run OTL.
    Use the following settings:

    • Click the NONE button
    • Under Custom Scans/Fixes paste:
    Code:
    /md5start
userinit.exe
winlogon.exe
explorer.exe
/md5stop
    • Finally hit Run Scan and wait for the log to open.
    • Please post the content of the log into your next reply.
    Broni, Jan 14, 2013
    #47

  8. Parkor Newcomer, in training Posts: 43

    OTL logfile created on: 1/14/2013 3:11:16 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DJ\Downloads
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16453)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.96 Gb Total Physical Memory | 13.17 Gb Available Physical Memory | 82.51% Memory free
    18.21 Gb Paging File | 14.76 Gb Available in Paging File | 81.04% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 55.90 Gb Total Space | 13.17 Gb Free Space | 23.56% Space Free | Partition Type: NTFS
    Drive D: | 350.00 Mb Total Space | 297.25 Mb Free Space | 84.93% Space Free | Partition Type: NTFS
    Drive E: | 1396.92 Gb Total Space | 1141.91 Gb Free Space | 81.74% Space Free | Partition Type: NTFS
    Drive G: | 1.91 Gb Total Space | 0.25 Gb Free Space | 12.83% Space Free | Partition Type: FAT

    Computer Name: PARKER | User Name: DJ | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Custom Scans ==========

    < MD5 for: EXPLORER.EXE >
    [2012/10/11 00:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
    [2012/10/11 03:09:58 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
    [2012/07/25 22:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
    [2012/07/25 23:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
    [2012/10/11 00:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\SysWOW64\explorer.exe
    [2012/10/11 00:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
    [2012/10/11 02:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\explorer.exe
    [2012/10/11 02:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
    [2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2012/07/25 22:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
    [2012/07/25 22:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
    [2012/07/25 22:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
    [2012/07/25 22:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2012/09/20 01:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
    [2012/09/20 01:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
    [2012/07/25 22:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
    [2012/10/11 00:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
    [2012/10/11 00:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
    [2012/10/11 00:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe

    < End of report >
    Parkor, Jan 14, 2013
    #48

  9. Broni Malware Annihilator Posts: 39,324   +175

    Is MBAM still complaining?
    Broni, Jan 14, 2013
    #49

  10. Parkor Newcomer, in training Posts: 43

    Not as often, and now it's just one ip it's blocking. 213.186.33.87
    Parkor, Jan 14, 2013
    #50

  11. Broni Malware Annihilator Posts: 39,324   +175

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
    Broni, Jan 14, 2013
    #51

  12. Parkor Newcomer, in training Posts: 43

    Farbar Service Scanner Version: 05-01-2013
    Ran by DJ (administrator) on 14-01-2013 at 15:58:21
    Running from "C:\Users\DJ\Desktop"
    Windows 8 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    RpcSs Service is not running. Checking service configuration:
    The start type of RpcSs service is OK.
    The ImagePath of RpcSs service is OK.


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2013-01-04 17:19] - [2012-11-05 22:53] - 0560640 ____A (Microsoft Corporation) 36D6A3201721558A8AFBCC09C2DA4C2C

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll
    [2013-01-09 16:41] - [2012-09-20 01:31] - 0210432 ____A (Microsoft Corporation) 066B9710B36AB550E01EEFCA52155968

    C:\Windows\System32\mpssvc.dll
    [2013-01-04 17:20] - [2012-10-11 00:44] - 0904192 ____A (Microsoft Corporation) 3031573A739DBEE8923851929D0AF423

    C:\Windows\System32\bfe.dll
    [2013-01-12 00:54] - [2012-11-26 23:17] - 0718848 ____A (Microsoft Corporation) 9E6A544F465C582AB42444A217CF04DC

    C:\Windows\System32\drivers\mpsdrv.sys
    [2013-01-04 17:20] - [2012-10-11 00:15] - 0074752 ____A (Microsoft Corporation) 0D1609DD82C7440F5D5BF21A9D4D5C0C

    C:\Windows\System32\SDRSVC.dll
    [2012-07-25 20:08] - [2012-07-25 22:07] - 0148480 ____A (Microsoft Corporation) 92968277ED491E4B3DDA361E3952361E

    C:\Windows\System32\vssvc.exe
    [2012-07-25 18:36] - [2012-07-25 22:08] - 1482752 ____A (Microsoft Corporation) EA658570314042C914964FC72AB50E6B

    C:\Windows\System32\wscsvc.dll
    [2012-07-25 18:31] - [2012-07-25 22:08] - 0099840 ____A (Microsoft Corporation) FB0C1B7F94FA08E72F19F6F2CE7210E1

    C:\Windows\System32\wbem\WMIsvc.dll
    [2012-07-25 18:55] - [2012-07-25 22:08] - 0219648 ____A (Microsoft Corporation) 3D6B518B71C75C8FA4115A33615C107A

    C:\Windows\System32\wuaueng.dll
    [2013-01-12 00:54] - [2012-11-26 23:19] - 3345920 ____A (Microsoft Corporation) A8484C0CB54DB48180FB7CA00F1C3F8F

    C:\Windows\System32\qmgr.dll
    [2012-07-25 19:18] - [2012-07-25 22:07] - 0826368 ____A (Microsoft Corporation) D598C44A7072D3108D8D8102EC5E07F7

    C:\Windows\System32\es.dll
    [2012-07-25 18:50] - [2012-07-25 22:05] - 0507904 ____A (Microsoft Corporation) F9E01C2D9F8BC049E04CF5DC24A5F638

    C:\Windows\System32\cryptsvc.dll
    [2012-07-25 19:05] - [2012-07-25 22:05] - 0067584 ____A (Microsoft Corporation) F0E78B119D12BA81F163D48C0FF30B9A

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
    Parkor, Jan 14, 2013
    #52

  13. Parkor Newcomer, in training Posts: 43

    Farbar Service Scanner Version: 05-01-2013
    Ran by DJ (administrator) on 14-01-2013 at 15:58:21
    Running from "C:\Users\DJ\Desktop"
    Windows 8 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    RpcSs Service is not running. Checking service configuration:
    The start type of RpcSs service is OK.
    The ImagePath of RpcSs service is OK.


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2013-01-04 17:19] - [2012-11-05 22:53] - 0560640 ____A (Microsoft Corporation) 36D6A3201721558A8AFBCC09C2DA4C2C

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll
    [2013-01-09 16:41] - [2012-09-20 01:31] - 0210432 ____A (Microsoft Corporation) 066B9710B36AB550E01EEFCA52155968

    C:\Windows\System32\mpssvc.dll
    [2013-01-04 17:20] - [2012-10-11 00:44] - 0904192 ____A (Microsoft Corporation) 3031573A739DBEE8923851929D0AF423

    C:\Windows\System32\bfe.dll
    [2013-01-12 00:54] - [2012-11-26 23:17] - 0718848 ____A (Microsoft Corporation) 9E6A544F465C582AB42444A217CF04DC

    C:\Windows\System32\drivers\mpsdrv.sys
    [2013-01-04 17:20] - [2012-10-11 00:15] - 0074752 ____A (Microsoft Corporation) 0D1609DD82C7440F5D5BF21A9D4D5C0C

    C:\Windows\System32\SDRSVC.dll
    [2012-07-25 20:08] - [2012-07-25 22:07] - 0148480 ____A (Microsoft Corporation) 92968277ED491E4B3DDA361E3952361E

    C:\Windows\System32\vssvc.exe
    [2012-07-25 18:36] - [2012-07-25 22:08] - 1482752 ____A (Microsoft Corporation) EA658570314042C914964FC72AB50E6B

    C:\Windows\System32\wscsvc.dll
    [2012-07-25 18:31] - [2012-07-25 22:08] - 0099840 ____A (Microsoft Corporation) FB0C1B7F94FA08E72F19F6F2CE7210E1

    C:\Windows\System32\wbem\WMIsvc.dll
    [2012-07-25 18:55] - [2012-07-25 22:08] - 0219648 ____A (Microsoft Corporation) 3D6B518B71C75C8FA4115A33615C107A

    C:\Windows\System32\wuaueng.dll
    [2013-01-12 00:54] - [2012-11-26 23:19] - 3345920 ____A (Microsoft Corporation) A8484C0CB54DB48180FB7CA00F1C3F8F

    C:\Windows\System32\qmgr.dll
    [2012-07-25 19:18] - [2012-07-25 22:07] - 0826368 ____A (Microsoft Corporation) D598C44A7072D3108D8D8102EC5E07F7

    C:\Windows\System32\es.dll
    [2012-07-25 18:50] - [2012-07-25 22:05] - 0507904 ____A (Microsoft Corporation) F9E01C2D9F8BC049E04CF5DC24A5F638

    C:\Windows\System32\cryptsvc.dll
    [2012-07-25 19:05] - [2012-07-25 22:05] - 0067584 ____A (Microsoft Corporation) F0E78B119D12BA81F163D48C0FF30B9A

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
    Parkor, Jan 14, 2013
    #53

  14. Broni Malware Annihilator Posts: 39,324   +175

    You posted FSS log twice.
    I still need Security Check log.
    Broni, Jan 14, 2013
    #54

  15. Parkor Newcomer, in training Posts: 43

    It wouldn't let me export, but it deleted 5 threats.
    Parkor, Jan 14, 2013
    #55

  16. Broni Malware Annihilator Posts: 39,324   +175

    Broni, Jan 14, 2013
    #56

  17. Parkor Newcomer, in training Posts: 43

    I did the security check, and it removed 5 files. It wouldn't let me export, but I'm not seeing the messages from MBAM anymore.
    Parkor, Jan 14, 2013
    #57

  18. Broni Malware Annihilator Posts: 39,324   +175

    Security Check doesn't remove anything.
    Are you talking about Eset scan?
    If so I still need Security Check log.
    Re-read my original instructions.
    Broni, Jan 14, 2013
    #58

  19. Parkor Newcomer, in training Posts: 43

    Just got the message again. I did the ESET scan and it removed 5 things but I couldn't figure out how to export and I figured now its too late since you said you can only creates logs if it finds threats.
    Parkor, Jan 15, 2013
    #59

  20. Parkor Newcomer, in training Posts: 43

    And security check won't open on my computer. a command prompt window comes up, but it just closes right away.
    Parkor, Jan 15, 2013
    #60
Page 3 of 4

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.