Jump to content

abc36608

Honorary Members
 View Profile  See their activity

  • Posts

    33

  • Joined

  • Last visited

Reputation

0 Neutral
  1. abc36608
    Kevin, I managed to download firefox and it seems to work now. SOmething is not right with IE seems like it. Thank you so much for your help.
  2. abc36608
    Log from reply #43 was the second run (window repair log). I ran all the steps above, still not working. Problem is, when I go to youtube page, all the vids do not have the picture, they are boxes with solid black image. Then I try to reinstall the latest flash, clicked on download now, the download should pop up but it's not. I enable the scripting, still not working. Same with www.download.com, any application that I click, the download window should pop up but it doesnt. I tried microsoft fixit, it doesnt
  3. abc36608
    Problem still unresolved. Can't play Youtube file, tried download Flash, clicked on download now, no reaction at all.
  4. abc36608
    C:\Windows\avastSS.scr - CreateFile Error : 5 Access is denied. C:\Windows\System32\aswBoot.exe - CreateFile Error : 5 Access is denied. C:\Windows\System32\config\systemprofile\My Documents - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\System32\config\systemprofile\NetHood - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\System32\config\systemprofile\PrintHood - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\System32\config\systemprofile\Recent - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\System32\config\systemprofile\SendTo - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\System32\config\systemprofile\Start Menu - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\System32\config\systemprofile\Templates - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\System32\config\systemprofile\Documents\My Music - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\System32\config\systemprofile\Documents\My Pictures - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\System32\config\systemprofile\Documents\My Videos - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\SysWOW64\aswBoot.exe - CreateFile Error : 5 Access is denied. C:\Windows\SysWOW64\config\systemprofile\My Documents - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\SysWOW64\config\systemprofile\NetHood - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\SysWOW64\config\systemprofile\PrintHood - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\SysWOW64\config\systemprofile\Recent - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\SysWOW64\config\systemprofile\SendTo - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\SysWOW64\config\systemprofile\Start Menu - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\SysWOW64\config\systemprofile\Templates - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\SysWOW64\config\systemprofile\Documents\My Music - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures - CreateFile Error : 2 The system cannot find the file specified. C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos - CreateFile Error : 2 The system cannot find the file specified.
  5. abc36608
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-12-2012 Ran by SYSTEM at 2013-01-07 21:03:52 Run:1 Running from K:\ ============================================== McAWFwk service deleted successfully. HipShieldK service deleted successfully. C:\Program Files (x86)\eMule moved successfully. ==== End of Fixlog ====
  6. abc36608
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2012 (ATTENTION: FRST version is 6 days old) Ran by SYSTEM at 06-01-2013 17:27:05 Running from K:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] () HKLM\...\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe [779264 2011-12-22] (SurfRight B.V.) HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x] HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation) HKLM-x32\...\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.) HKLM-x32\...\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-04-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [53248 2011-01-12] () HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.) HKLM-x32\...\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink) HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] () HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2012-02-06] () HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] () HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-23] (AVAST Software) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKU\Sebastian\...\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe [214408 2010-02-23] (PPStream Inc) HKU\Sebastian\...\Run: [spotify] "C:\Users\Sebastian\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7880664 2012-11-25] (Spotify Ltd) HKU\Sebastian\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59280 2012-09-10] (Apple Inc.) HKU\Sebastian\...\Run: [spotify Web Helper] "C:\Users\Sebastian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-11-25] (Spotify Ltd) HKU\Sebastian\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6595928 2012-05-25] (Yahoo! Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 Startup: C:\Users\All Users\Start Menu\Programs\Startup\HyperWorkswin64Desktop Quick Launch.lnk ShortcutTarget: HyperWorkswin64Desktop Quick Launch.lnk -> C:\Altairwin64\hw10.0\hw\bin\win64\hw.exe (Altair Engineering, Inc.) Startup: C:\Users\Sebastian\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Sebastian\Start Menu\Programs\Startup\PPS.lnk ShortcutTarget: PPS.lnk -> C:\Program Files (x86)\PPStream\PPStream.exe (PPStream Inc.) ==================== Services (Whitelisted) =================== 2 Altair UMT; C:\Altair\licensing10.0\security\bin\win64\umt_dist\umt_service.exe [1118208 2009-03-31] () 2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-23] (AVAST Software) 3 CaretakerAntispam; "C:\Program Files\SurfRight\Caretaker\AntispamService.exe" [575816 2012-01-23] (SurfRight B.V.) 2 CaretakerProxy; "C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe" [1416520 2011-12-22] (SurfRight B.V.) 2 CaretakerSvc; "C:\Program Files\SurfRight\Caretaker\CaretakerService.exe" [1490760 2011-12-22] (SurfRight B.V.) 2 CaretakerUpdate; "C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe" [222536 2011-12-22] (SurfRight B.V.) 2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation) 2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony) 2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) 3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [x] ==================== Drivers (Whitelisted) ===================== 2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-23] (AVAST Software) 2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-23] (AVAST Software) 1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software) 1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-23] (AVAST Software) 1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [364096 2012-10-23] (AVAST Software) 1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-23] (AVAST Software) 1 ctredr15.sys; \??\C:\Windows\system32\drivers\ctredr15.sys [22016 2008-04-11] (SurfRight B.V.) 3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) 3 catchme; \??\C:\ComboFix\catchme.sys [x] 3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-01-06 19:21 - 2013-01-06 19:21 - 00026062 ____A C:\ComboFix.txt 2013-01-06 18:38 - 2013-01-06 18:38 - 00000790 ____A C:\AdwCleaner[s1].txt 2013-01-06 18:14 - 2013-01-06 18:14 - 00000000 ____D C:\_OTL 2013-01-06 17:27 - 2013-01-06 17:27 - 00000000 ____D C:\FRST 2013-01-06 16:19 - 2013-01-06 16:19 - 00000000 ____D C:\Program Files\Dell Support Center 2013-01-06 16:14 - 2013-01-06 16:17 - 00000000 ____D C:\Users\Sebastian\Application Data\PCDr 2013-01-06 16:14 - 2013-01-06 16:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\PCDr 2013-01-06 06:28 - 2013-01-06 07:28 - 00000000 ____D C:\Users\Sebastian\Application Data\Skype 2013-01-06 06:28 - 2013-01-06 07:28 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Skype 2013-01-06 06:24 - 2013-01-06 06:25 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-01-05 21:56 - 2013-01-05 21:56 - 00000000 ____D C:\Users\Sebastian\Local Settings\Downloaded Installations 2013-01-05 21:56 - 2013-01-05 21:56 - 00000000 ____D C:\Users\Sebastian\Local Settings\Application Data\Downloaded Installations 2013-01-05 21:56 - 2013-01-05 21:56 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Downloaded Installations 2013-01-05 15:25 - 2013-01-05 15:26 - 00000000 ____D C:\Users\All Users\VirtualizedApplications 2013-01-05 15:25 - 2013-01-05 15:26 - 00000000 ____D C:\Users\All Users\Application Data\VirtualizedApplications 2013-01-05 13:17 - 2013-01-05 13:17 - 00000000 ___RD C:\MSOCache 2013-01-05 13:12 - 2013-01-06 17:17 - 00000000 ____D C:\Users\Sebastian\Application Data\SoftGrid Client 2013-01-05 13:12 - 2013-01-06 17:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\SoftGrid Client 2013-01-05 13:12 - 2013-01-06 06:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-01-05 13:12 - 2013-01-05 13:12 - 00000000 ____D C:\Users\Sebastian\Local Settings\SoftGrid Client 2013-01-05 13:12 - 2013-01-05 13:12 - 00000000 ____D C:\Users\Sebastian\Local Settings\Application Data\SoftGrid Client 2013-01-05 13:12 - 2013-01-05 13:12 - 00000000 ____D C:\Users\Sebastian\AppData\Local\SoftGrid Client 2013-01-05 13:12 - 2013-01-05 13:12 - 00000000 ____D C:\Program Files\Microsoft Office 2013-01-05 13:11 - 2013-01-05 13:12 - 00000000 ____D C:\Users\Sebastian\Application Data\TP 2013-01-05 13:11 - 2013-01-05 13:12 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\TP 2013-01-05 12:12 - 2013-01-05 12:12 - 00027472 ____A C:\Users\Sebastian\Desktop\ComboMix.txt 2013-01-05 11:57 - 2013-01-06 19:21 - 00000000 ____D C:\Qoobox 2013-01-05 11:57 - 2013-01-05 12:04 - 00000000 ____D C:\Windows\erdnt 2013-01-05 11:57 - 2011-06-26 00:45 - 00256000 ____A C:\Windows\PEV.exe 2013-01-05 11:57 - 2010-11-07 11:20 - 00208896 ____A C:\Windows\MBR.exe 2013-01-05 11:57 - 2009-04-19 22:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-01-05 11:57 - 2000-08-30 18:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-01-05 11:57 - 2000-08-30 18:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-01-05 11:57 - 2000-08-30 18:00 - 00098816 ____A C:\Windows\sed.exe 2013-01-05 11:57 - 2000-08-30 18:00 - 00080412 ____A C:\Windows\grep.exe 2013-01-05 11:57 - 2000-08-30 18:00 - 00068096 ____A C:\Windows\zip.exe 2013-01-05 11:41 - 2013-01-05 11:42 - 05019547 ____R (Swearware) C:\Users\Sebastian\Desktop\ComboFix.exe 2013-01-05 01:00 - 2013-01-05 01:00 - 00016961 ____A C:\Users\Sebastian\Desktop\dds.txt 2013-01-05 01:00 - 2013-01-05 01:00 - 00005200 ____A C:\Users\Sebastian\Desktop\attach.txt 2013-01-04 23:41 - 2013-01-04 23:41 - 00075684 ____A C:\Users\Sebastian\Desktop\TDSSKILLER.txt 2013-01-04 02:24 - 2013-01-04 02:24 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk 2013-01-04 02:24 - 2013-01-04 02:24 - 00002767 ____A C:\Users\All Users\Desktop\SyncUP.lnk 2013-01-04 01:36 - 2013-01-04 01:36 - 00000000 ____D C:\Users\All Users\SurfRight 2013-01-04 01:36 - 2013-01-04 01:36 - 00000000 ____D C:\Users\All Users\Application Data\SurfRight 2013-01-04 01:36 - 2013-01-04 01:36 - 00000000 ____D C:\Program Files\SurfRight 2013-01-04 01:36 - 2013-01-04 01:36 - 00000000 ____D C:\Program Files (x86)\SurfRight 2013-01-04 01:28 - 2013-01-04 01:27 - 00260528 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-01-04 01:27 - 2013-01-04 01:27 - 00174000 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-01-04 01:27 - 2013-01-04 01:27 - 00173992 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-01-04 01:27 - 2013-01-04 01:27 - 00095184 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-01-04 01:23 - 2013-01-04 23:46 - 01806838 ____A C:\Windows\System32\Drivers\Cat.DB 2013-01-04 01:23 - 2012-11-01 17:35 - 00253256 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys 2013-01-04 01:22 - 2013-01-05 00:48 - 00000000 ____D C:\Users\All Users\PC Tools 2013-01-04 01:22 - 2013-01-05 00:48 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools 2013-01-04 01:22 - 2013-01-04 01:22 - 00000000 ____D C:\Users\Sebastian\Application Data\TestApp 2013-01-04 01:22 - 2013-01-04 01:22 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\TestApp 2013-01-04 01:20 - 2013-01-04 01:20 - 01081320 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-01-04 01:20 - 2013-01-04 01:20 - 00308200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-01-04 01:20 - 2013-01-04 01:20 - 00188392 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-01-04 01:20 - 2013-01-04 01:20 - 00188392 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-01-04 01:20 - 2013-01-04 01:20 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2013-01-04 01:18 - 2013-01-04 01:19 - 32946152 ____A (Oracle Corporation) C:\Users\Sebastian\Downloads\jre-7u10-windows-x64.exe 2013-01-04 01:11 - 2013-01-04 01:11 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2013-01-04 01:06 - 2013-01-04 01:06 - 00000045 ___RH C:\Users\Sebastian\Downloads\stinger.opt 2013-01-02 21:45 - 2012-12-16 11:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2013-01-02 21:45 - 2012-12-16 08:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2013-01-02 21:45 - 2012-12-16 08:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-01-02 21:45 - 2012-12-16 08:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-17 05:09 - 2012-07-25 22:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2012-12-17 05:09 - 2012-07-25 22:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys 2012-12-17 05:09 - 2012-07-25 20:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll 2012-12-17 05:09 - 2012-06-02 08:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2012-12-17 05:02 - 2012-11-14 01:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-12-17 05:02 - 2012-11-14 00:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-12-17 05:02 - 2012-11-14 00:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-12-17 05:02 - 2012-11-14 00:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-12-17 05:02 - 2012-11-14 00:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-12-17 05:02 - 2012-11-14 00:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-12-17 05:02 - 2012-11-14 00:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-12-17 05:02 - 2012-11-13 23:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-12-17 05:02 - 2012-11-13 23:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-12-17 05:02 - 2012-11-13 23:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-12-17 05:02 - 2012-11-13 23:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-12-17 05:02 - 2012-11-13 23:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-12-17 05:02 - 2012-11-13 23:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-12-17 05:02 - 2012-11-13 23:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-12-17 05:02 - 2012-11-13 23:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-12-17 05:02 - 2012-11-13 23:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-12-17 05:02 - 2012-11-13 20:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-12-17 05:02 - 2012-11-13 20:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-12-17 05:02 - 2012-11-13 20:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-12-17 05:02 - 2012-11-13 19:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-12-17 05:02 - 2012-11-13 19:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-12-17 05:02 - 2012-11-13 19:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-12-17 05:02 - 2012-11-13 19:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-12-17 05:02 - 2012-11-13 19:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-12-17 05:02 - 2012-11-13 19:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-12-17 05:02 - 2012-11-13 19:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-12-17 05:02 - 2012-11-13 19:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-12-17 05:02 - 2012-11-13 19:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-12-17 05:02 - 2012-11-13 19:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-12-17 05:02 - 2012-11-13 19:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-12-17 05:02 - 2012-11-13 19:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-12-17 05:02 - 2012-11-13 19:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-12-17 05:01 - 2012-07-25 21:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll 2012-12-17 05:01 - 2012-07-25 21:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe 2012-12-17 05:01 - 2012-07-25 21:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll 2012-12-17 05:01 - 2012-07-25 21:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll 2012-12-17 05:01 - 2012-07-25 21:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll 2012-12-17 05:01 - 2012-07-25 20:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys 2012-12-17 05:01 - 2012-07-25 20:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys 2012-12-17 05:01 - 2012-06-02 08:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2012-12-17 03:05 - 2012-12-17 03:05 - 00262144 ____A C:\Windows\System32\config\ELAM 2012-12-16 23:09 - 2012-12-16 23:10 - 00004630 ____A C:\Windows\SysWOW64\jupdate-1.7.0_10-b18.log 2012-12-16 22:59 - 2013-01-04 01:11 - 00000000 ____D C:\Users\All Users\HitmanPro 2012-12-16 22:59 - 2013-01-04 01:11 - 00000000 ____D C:\Users\All Users\Application Data\HitmanPro 2012-12-16 22:58 - 2013-01-04 01:01 - 00003428 ____A C:\Users\Sebastian\Desktop\Rkill.txt 2012-12-16 22:58 - 2012-12-16 22:58 - 00000000 ____D C:\Users\Sebastian\Desktop\rkill 2012-12-16 22:43 - 2012-11-21 21:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-12-16 22:43 - 2012-11-08 23:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-12-16 22:43 - 2012-11-08 22:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2012-12-16 22:43 - 2012-10-09 12:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll 2012-12-16 22:43 - 2012-10-09 12:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll 2012-12-16 22:43 - 2012-10-09 11:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2012-12-16 22:43 - 2012-10-09 11:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2012-12-16 22:43 - 2012-08-31 12:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2012-12-16 22:43 - 2012-08-30 12:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-12-16 22:43 - 2012-08-30 11:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-12-16 22:43 - 2012-08-30 11:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-12-16 22:43 - 2012-08-22 12:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-12-16 22:43 - 2012-08-02 11:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-12-16 22:43 - 2012-08-02 10:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-12-16 22:43 - 2012-07-04 14:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys 2012-12-16 22:43 - 2012-06-01 23:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-12-16 22:43 - 2012-06-01 23:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-12-16 22:43 - 2012-06-01 23:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-12-16 22:43 - 2012-06-01 22:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-12-16 22:43 - 2012-06-01 22:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-12-16 22:43 - 2012-06-01 22:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-12-16 22:42 - 2012-11-01 23:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll 2012-12-16 22:42 - 2012-11-01 23:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll 2012-12-16 22:42 - 2012-10-04 11:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2012-12-16 22:42 - 2012-10-04 11:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2012-12-16 22:42 - 2012-10-04 11:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2012-12-16 22:42 - 2012-10-04 11:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2012-12-16 22:42 - 2012-10-04 11:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2012-12-16 22:42 - 2012-10-04 11:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2012-12-16 22:42 - 2012-10-04 11:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 11:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2012-12-16 22:42 - 2012-10-04 10:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2012-12-16 22:42 - 2012-10-04 10:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 10:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 09:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2012-12-16 22:42 - 2012-10-04 08:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2012-12-16 22:42 - 2012-10-04 08:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2012-12-16 22:42 - 2012-10-04 08:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2012-12-16 22:42 - 2012-10-04 08:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2012-12-16 22:42 - 2012-10-04 08:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 08:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 08:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2012-12-16 22:42 - 2012-10-04 08:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2012-12-16 22:42 - 2012-10-03 11:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-12-16 22:42 - 2012-10-03 11:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll 2012-12-16 22:42 - 2012-10-03 11:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll 2012-12-16 22:42 - 2012-10-03 11:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll 2012-12-16 22:42 - 2012-10-03 11:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll 2012-12-16 22:42 - 2012-10-03 11:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll 2012-12-16 22:42 - 2012-10-03 11:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll 2012-12-16 22:42 - 2012-10-03 10:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2012-12-16 22:42 - 2012-10-03 10:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2012-12-16 22:42 - 2012-10-03 10:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2012-12-16 22:42 - 2012-10-03 10:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2012-12-16 22:42 - 2012-09-25 16:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll 2012-12-16 22:42 - 2012-09-25 16:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll 2012-12-16 22:42 - 2012-08-24 12:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-12-16 22:42 - 2012-08-24 10:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2012-12-16 22:42 - 2012-08-22 12:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-12-16 22:42 - 2012-08-22 12:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-12-16 22:42 - 2012-08-21 15:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe 2012-12-16 22:42 - 2012-08-10 18:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2012-12-16 22:42 - 2012-08-10 17:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2012-12-16 22:42 - 2012-01-13 01:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2012-12-16 22:18 - 2013-01-06 19:15 - 00000000 ____D C:\rootkitremover 2012-12-16 21:58 - 2012-12-16 21:58 - 00001669 ____A C:\Users\Sebastian\Desktop\Desktop.rar 2012-12-16 21:57 - 2012-12-16 21:57 - 00000555 ____A C:\Users\Sebastian\Desktop\MBR.rar 2012-12-16 02:44 - 2013-01-04 23:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-16 02:44 - 2012-12-14 18:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-12-10 23:21 - 2012-12-10 23:21 - 00000288 ____A C:\Users\Sebastian\Desktop\CL.txt ==================== One Month Modified Files and Folders ======= 2013-01-06 19:22 - 2012-02-24 18:35 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-01-06 19:22 - 2010-11-20 21:47 - 00120834 ____A C:\Windows\PFRO.log 2013-01-06 19:22 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-01-06 19:22 - 2009-07-13 22:51 - 00077831 ____A C:\Windows\setupact.log 2013-01-06 19:21 - 2013-01-06 19:21 - 00026062 ____A C:\ComboFix.txt 2013-01-06 19:21 - 2013-01-05 11:57 - 00000000 ____D C:\Qoobox 2013-01-06 19:21 - 2012-03-03 23:33 - 00000000 ____D C:\Users\Sebastian\Local Settings\Nero 2013-01-06 19:21 - 2012-03-03 23:33 - 00000000 ____D C:\Users\Sebastian\Local Settings\Application Data\Nero 2013-01-06 19:21 - 2012-03-03 23:33 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Nero 2013-01-06 19:21 - 2012-02-24 18:17 - 01888921 ____A C:\Windows\WindowsUpdate.log 2013-01-06 19:20 - 2009-07-13 20:34 - 00000215 ____A C:\Windows\system.ini 2013-01-06 19:15 - 2012-12-16 22:18 - 00000000 ____D C:\rootkitremover 2013-01-06 19:14 - 2012-06-06 22:21 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-01-06 19:07 - 2012-07-09 00:41 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-591801800-512401281-386040104-1000UA.job 2013-01-06 19:07 - 2012-07-09 00:41 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-591801800-512401281-386040104-1000Core.job 2013-01-06 18:47 - 2009-07-13 22:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-01-06 18:47 - 2009-07-13 22:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-01-06 18:44 - 2012-09-22 10:56 - 00000000 ____D C:\Users\Sebastian\Local Settings\Spotify 2013-01-06 18:44 - 2012-09-22 10:56 - 00000000 ____D C:\Users\Sebastian\Local Settings\Application Data\Spotify 2013-01-06 18:44 - 2012-09-22 10:56 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Spotify 2013-01-06 18:44 - 2012-09-22 10:55 - 00000000 ____D C:\Users\Sebastian\Application Data\Spotify 2013-01-06 18:44 - 2012-09-22 10:55 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Spotify 2013-01-06 18:44 - 2009-07-13 23:13 - 00779788 ____A C:\Windows\System32\PerfStringBackup.INI 2013-01-06 18:41 - 2012-07-23 23:26 - 00000000 ___RD C:\Users\Sebastian\Dropbox 2013-01-06 18:41 - 2012-07-23 23:23 - 00000000 ____D C:\Users\Sebastian\Application Data\Dropbox 2013-01-06 18:41 - 2012-07-23 23:23 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Dropbox 2013-01-06 18:41 - 2012-03-03 23:48 - 00000000 ____D C:\ppsvodcache 2013-01-06 18:40 - 2012-02-24 18:56 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks 2013-01-06 18:40 - 2012-02-24 18:56 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks 2013-01-06 18:40 - 2012-02-24 18:56 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2013-01-06 18:40 - 2012-02-24 18:56 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks 2013-01-06 18:40 - 2012-02-24 18:56 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks 2013-01-06 18:40 - 2012-02-24 18:56 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2013-01-06 18:38 - 2013-01-06 18:38 - 00000790 ____A C:\AdwCleaner[s1].txt 2013-01-06 18:30 - 2012-06-27 22:56 - 00000000 ____D C:\Program Files (x86)\eMule 2013-01-06 18:29 - 2012-03-03 23:47 - 00000000 ____D C:\Users\Sebastian\Application Data\PPStream 2013-01-06 18:29 - 2012-03-03 23:47 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\PPStream 2013-01-06 18:14 - 2013-01-06 18:14 - 00000000 ____D C:\_OTL 2013-01-06 17:27 - 2013-01-06 17:27 - 00000000 ____D C:\FRST 2013-01-06 17:27 - 2012-07-23 23:26 - 00001037 ____A C:\Users\Sebastian\Desktop\Dropbox.lnk 2013-01-06 17:17 - 2013-01-05 13:12 - 00000000 ____D C:\Users\Sebastian\Application Data\SoftGrid Client 2013-01-06 17:17 - 2013-01-05 13:12 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\SoftGrid Client 2013-01-06 16:43 - 2012-03-10 11:00 - 00000000 ____D C:\Users\All Users\PCDr 2013-01-06 16:43 - 2012-03-10 11:00 - 00000000 ____D C:\Users\All Users\Application Data\PCDr 2013-01-06 16:19 - 2013-01-06 16:19 - 00000000 ____D C:\Program Files\Dell Support Center 2013-01-06 16:17 - 2013-01-06 16:14 - 00000000 ____D C:\Users\Sebastian\Application Data\PCDr 2013-01-06 16:17 - 2013-01-06 16:14 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\PCDr 2013-01-06 07:44 - 2012-02-24 18:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-01-06 07:28 - 2013-01-06 06:28 - 00000000 ____D C:\Users\Sebastian\Application Data\Skype 2013-01-06 07:28 - 2013-01-06 06:28 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Skype 2013-01-06 06:59 - 2011-02-10 10:10 - 00795928 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-01-06 06:58 - 2013-01-05 13:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-01-06 06:28 - 2012-02-24 18:37 - 00000000 ____D C:\Users\All Users\Skype 2013-01-06 06:28 - 2012-02-24 18:37 - 00000000 ____D C:\Users\All Users\Application Data\Skype 2013-01-06 06:25 - 2013-01-06 06:24 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-01-05 21:56 - 2013-01-05 21:56 - 00000000 ____D C:\Users\Sebastian\Local Settings\Downloaded Installations 2013-01-05 21:56 - 2013-01-05 21:56 - 00000000 ____D C:\Users\Sebastian\Local Settings\Application Data\Downloaded Installations 2013-01-05 21:56 - 2013-01-05 21:56 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Downloaded Installations 2013-01-05 15:26 - 2013-01-05 15:25 - 00000000 ____D C:\Users\All Users\VirtualizedApplications 2013-01-05 15:26 - 2013-01-05 15:25 - 00000000 ____D C:\Users\All Users\Application Data\VirtualizedApplications 2013-01-05 13:17 - 2013-01-05 13:17 - 00000000 ___RD C:\MSOCache 2013-01-05 13:12 - 2013-01-05 13:12 - 00000000 ____D C:\Users\Sebastian\Local Settings\SoftGrid Client 2013-01-05 13:12 - 2013-01-05 13:12 - 00000000 ____D C:\Users\Sebastian\Local Settings\Application Data\SoftGrid Client 2013-01-05 13:12 - 2013-01-05 13:12 - 00000000 ____D C:\Users\Sebastian\AppData\Local\SoftGrid Client 2013-01-05 13:12 - 2013-01-05 13:12 - 00000000 ____D C:\Program Files\Microsoft Office 2013-01-05 13:12 - 2013-01-05 13:11 - 00000000 ____D C:\Users\Sebastian\Application Data\TP 2013-01-05 13:12 - 2013-01-05 13:11 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\TP 2013-01-05 13:12 - 2012-02-24 18:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-01-05 13:12 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-01-05 12:12 - 2013-01-05 12:12 - 00027472 ____A C:\Users\Sebastian\Desktop\ComboMix.txt 2013-01-05 12:05 - 2009-07-13 21:20 - 00000000 __RHD C:\users\Default 2013-01-05 12:04 - 2013-01-05 11:57 - 00000000 ____D C:\Windows\erdnt 2013-01-05 11:42 - 2013-01-05 11:41 - 05019547 ____R (Swearware) C:\Users\Sebastian\Desktop\ComboFix.exe 2013-01-05 01:00 - 2013-01-05 01:00 - 00016961 ____A C:\Users\Sebastian\Desktop\dds.txt 2013-01-05 01:00 - 2013-01-05 01:00 - 00005200 ____A C:\Users\Sebastian\Desktop\attach.txt 2013-01-05 00:48 - 2013-01-04 01:22 - 00000000 ____D C:\Users\All Users\PC Tools 2013-01-05 00:48 - 2013-01-04 01:22 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools 2013-01-04 23:46 - 2013-01-04 01:23 - 01806838 ____A C:\Windows\System32\Drivers\Cat.DB 2013-01-04 23:43 - 2012-12-16 02:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-04 23:41 - 2013-01-04 23:41 - 00075684 ____A C:\Users\Sebastian\Desktop\TDSSKILLER.txt 2013-01-04 03:18 - 2012-09-24 21:39 - 00000000 ____D C:\Users\Sebastian\SyncUP 2013-01-04 03:18 - 2012-03-03 23:27 - 00000000 ____D C:\users\Sebastian 2013-01-04 02:24 - 2013-01-04 02:24 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk 2013-01-04 02:24 - 2013-01-04 02:24 - 00002767 ____A C:\Users\All Users\Desktop\SyncUP.lnk 2013-01-04 02:22 - 2012-02-24 18:57 - 00000000 ____D C:\Program Files (x86)\Nero 2013-01-04 02:22 - 2012-02-24 18:56 - 00000000 ____D C:\Users\All Users\Nero 2013-01-04 02:22 - 2012-02-24 18:56 - 00000000 ____D C:\Users\All Users\Application Data\Nero 2013-01-04 01:36 - 2013-01-04 01:36 - 00000000 ____D C:\Users\All Users\SurfRight 2013-01-04 01:36 - 2013-01-04 01:36 - 00000000 ____D C:\Users\All Users\Application Data\SurfRight 2013-01-04 01:36 - 2013-01-04 01:36 - 00000000 ____D C:\Program Files\SurfRight 2013-01-04 01:36 - 2013-01-04 01:36 - 00000000 ____D C:\Program Files (x86)\SurfRight 2013-01-04 01:27 - 2013-01-04 01:28 - 00260528 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-01-04 01:27 - 2013-01-04 01:27 - 00174000 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-01-04 01:27 - 2013-01-04 01:27 - 00173992 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-01-04 01:27 - 2013-01-04 01:27 - 00095184 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-01-04 01:27 - 2012-07-23 23:29 - 00859072 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-01-04 01:27 - 2012-07-23 23:29 - 00000000 ____D C:\Program Files (x86)\Java 2013-01-04 01:27 - 2012-02-24 18:30 - 00779704 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-01-04 01:22 - 2013-01-04 01:22 - 00000000 ____D C:\Users\Sebastian\Application Data\TestApp 2013-01-04 01:22 - 2013-01-04 01:22 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\TestApp 2013-01-04 01:20 - 2013-01-04 01:20 - 01081320 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-01-04 01:20 - 2013-01-04 01:20 - 00308200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-01-04 01:20 - 2013-01-04 01:20 - 00188392 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-01-04 01:20 - 2013-01-04 01:20 - 00188392 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-01-04 01:20 - 2013-01-04 01:20 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2013-01-04 01:20 - 2012-02-24 18:31 - 00959976 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-01-04 01:19 - 2013-01-04 01:18 - 32946152 ____A (Oracle Corporation) C:\Users\Sebastian\Downloads\jre-7u10-windows-x64.exe 2013-01-04 01:11 - 2013-01-04 01:11 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2013-01-04 01:11 - 2012-12-16 22:59 - 00000000 ____D C:\Users\All Users\HitmanPro 2013-01-04 01:11 - 2012-12-16 22:59 - 00000000 ____D C:\Users\All Users\Application Data\HitmanPro 2013-01-04 01:06 - 2013-01-04 01:06 - 00000045 ___RH C:\Users\Sebastian\Downloads\stinger.opt 2013-01-04 01:01 - 2012-12-16 22:58 - 00003428 ____A C:\Users\Sebastian\Desktop\Rkill.txt 2013-01-02 21:52 - 2009-07-13 22:45 - 00322280 ____A C:\Windows\System32\FNTCACHE.DAT 2012-12-18 00:19 - 2012-03-03 23:28 - 00074856 ____A C:\Users\Sebastian\Local Settings\GDIPFONTCACHEV1.DAT 2012-12-18 00:19 - 2012-03-03 23:28 - 00074856 ____A C:\Users\Sebastian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-12-18 00:19 - 2012-03-03 23:28 - 00074856 ____A C:\Users\Sebastian\AppData\Local\GDIPFONTCACHEV1.DAT 2012-12-17 09:00 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache 2012-12-17 03:05 - 2012-12-17 03:05 - 00262144 ____A C:\Windows\System32\config\ELAM 2012-12-16 23:10 - 2012-12-16 23:09 - 00004630 ____A C:\Windows\SysWOW64\jupdate-1.7.0_10-b18.log 2012-12-16 22:58 - 2012-12-16 22:58 - 00000000 ____D C:\Users\Sebastian\Desktop\rkill 2012-12-16 21:58 - 2012-12-16 21:58 - 00001669 ____A C:\Users\Sebastian\Desktop\Desktop.rar 2012-12-16 21:57 - 2012-12-16 21:57 - 00000555 ____A C:\Users\Sebastian\Desktop\MBR.rar 2012-12-16 11:11 - 2013-01-02 21:45 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-16 08:45 - 2013-01-02 21:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-16 08:13 - 2013-01-02 21:45 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-16 08:13 - 2013-01-02 21:45 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-14 18:49 - 2012-12-16 02:44 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-12-12 05:02 - 2012-07-09 00:42 - 00002507 ____A C:\Users\Sebastian\Desktop\Google Chrome.lnk 2012-12-11 22:53 - 2012-08-15 21:06 - 15728568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2012-12-11 22:53 - 2012-06-06 22:21 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-12-11 22:53 - 2012-02-24 18:19 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-12-10 23:21 - 2012-12-10 23:21 - 00000288 ____A C:\Users\Sebastian\Desktop\CL.txt ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-01-04 01:26:32 Restore point made on: 2013-01-04 01:27:25 Restore point made on: 2013-01-04 01:36:06 Restore point made on: 2013-01-05 21:56:38 Restore point made on: 2013-01-06 05:00:47 Restore point made on: 2013-01-06 16:44:12 Restore point made on: 2013-01-06 18:46:43 ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16366.45 MB Available physical RAM: 15210.98 MB Total Pagefile: 16364.64 MB Available Pagefile: 15199.52 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:918.22 GB) (Free:738.92 GB) NTFS 2 Drive d: (RECOVERY) (Fixed) (Total:13.25 GB) (Free:5.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] 8 Drive k: (HP v165w) (Removable) (Total:30.22 GB) (Free:4.94 GB) FAT32 9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 Online 30 GB 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 13 GB 40 MB Partition 3 Primary 918 GB 13 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 8 FAT Partition 39 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 D RECOVERY NTFS Partition 13 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 918 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 30 GB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 K HP v165w FAT32 Removable 30 GB Healthy ========================================================= Last Boot: 2013-01-04 05:54 ==================== End Of Log =============================
  7. abc36608
    runs normal but i still cant upload file or cant play file in youtbe
  8. abc36608
    # AdwCleaner v2.104 - Logfile created 01/06/2013 at 16:38:20 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Sebastian - SEBASTIAN-PC # Boot Mode : Normal # Running from : C:\rootkitremover\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [663 octets] - [06/01/2013 16:38:20] ########## EOF - C:\AdwCleaner[s1].txt - [722 octets] ##########
  9. abc36608
    All processes killed ========== OTL ========== No active process named emule.exe was found! Service gfiark stopped successfully! Service gfiark deleted successfully! C:\Windows\SysNative\drivers\gfiark.sys moved successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/MSC,version=10\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\ not found. File C:\Program Files (x86)\Common Files\McAfee\SystemCore not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-591801800-512401281-386040104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\eMuleAutoStart deleted successfully. C:\Program Files (x86)\eMule\emule.exe moved successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cozi\ deleted successfully. File Protocol\Handler\cozi - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. File Protocol\Handler\livecall - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. File Protocol\Handler\msnim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully. File Protocol\Handler\skype4com - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. File Protocol\Handler\wlmailhtml - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. File Protocol\Handler\wlpg - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. File C:\Windows\SysNative\drivers\gfiark.sys not found. C:\Users\Sebastian\AppData\Roaming\Ad-Aware Antivirus\Logs\20130106T224432.271464PID12372 folder moved successfully. C:\Users\Sebastian\AppData\Roaming\Ad-Aware Antivirus\Logs\20130106T213224.471900PID4276 folder moved successfully. C:\Users\Sebastian\AppData\Roaming\Ad-Aware Antivirus\Logs\20130106T213221.786692PID4012 folder moved successfully. C:\Users\Sebastian\AppData\Roaming\Ad-Aware Antivirus\Logs\20130106T190940.147963PID368 folder moved successfully. C:\Users\Sebastian\AppData\Roaming\Ad-Aware Antivirus\Logs\20130106T190940.054363PID380 folder moved successfully. C:\Users\Sebastian\AppData\Roaming\Ad-Aware Antivirus\Logs\20130106T041630.181110PID3484 folder moved successfully. C:\Users\Sebastian\AppData\Roaming\Ad-Aware Antivirus\Logs\20130106T041616.884349PID7892 folder moved successfully. C:\Users\Sebastian\AppData\Roaming\Ad-Aware Antivirus\Logs\20130106T035753.587810PID9900 folder moved successfully. C:\Users\Sebastian\AppData\Roaming\Ad-Aware Antivirus\Logs\20130106T035753.275810PID9596 folder moved successfully. C:\Users\Sebastian\AppData\Roaming\Ad-Aware Antivirus\Logs folder moved successfully. C:\Users\Sebastian\AppData\Roaming\Ad-Aware Antivirus folder moved successfully. C:\ProgramData\Ad-Aware Antivirus\Logs\20130106T213200.929455PID2288 folder moved successfully. C:\ProgramData\Ad-Aware Antivirus\Logs\20130106T190252.425647PID976 folder moved successfully. C:\ProgramData\Ad-Aware Antivirus\Logs\20130106T134518.597647PID2092 folder moved successfully. C:\ProgramData\Ad-Aware Antivirus\Logs\20130106T035753.541010PID9436 folder moved successfully. C:\ProgramData\Ad-Aware Antivirus\Logs folder moved successfully. C:\ProgramData\Ad-Aware Antivirus folder moved successfully. C:\ProgramData\Lavasoft\AntiMalware\Quarantine folder moved successfully. C:\ProgramData\Lavasoft\AntiMalware\Logs folder moved successfully. C:\ProgramData\Lavasoft\AntiMalware\History folder moved successfully. C:\ProgramData\Lavasoft\AntiMalware\Events folder moved successfully. C:\ProgramData\Lavasoft\AntiMalware\Downloads folder moved successfully. C:\ProgramData\Lavasoft\AntiMalware folder moved successfully. C:\ProgramData\Lavasoft folder moved successfully. C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\WDBF folder moved successfully. C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\Staging folder moved successfully. C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\LKGD folder moved successfully. C:\Program Files (x86)\Ad-Aware Antivirus\Definitions folder moved successfully. C:\Program Files (x86)\Ad-Aware Antivirus folder moved successfully. C:\Users\Sebastian\AppData\Roaming\PC Cleaners folder moved successfully. C:\Windows\uninst.exe moved successfully. C:\Users\Sebastian\AppData\Roaming\PCPro\phone folder moved successfully. C:\Users\Sebastian\AppData\Roaming\PCPro folder moved successfully. C:\ProgramData\PC1Data folder moved successfully. C:\Windows\stinger.sys moved successfully. C:\Program Files (x86)\stinger folder moved successfully. C:\Windows\SysNative\drivers\mfetdi2k.sys moved successfully. File C:\Windows\uninst.exe not found. ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully. ADS C:\ProgramData\Temp:430C6D84 deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\rootkitremover\cmd.bat deleted successfully. C:\rootkitremover\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Sebastian ->Temp folder emptied: 512064314 bytes ->Temporary Internet Files folder emptied: 212525033 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 29186047 bytes ->Flash cache emptied: 1602 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2867918 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 639 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 722.00 mb System Restore Service not available. OTL by OldTimer - Version 3.2.69.0 log created on 01062013_163056 Files\Folders moved on Reboot... C:\Users\Sebastian\AppData\Local\Temp\Low\REG5437.tmp moved successfully. C:\Users\Sebastian\AppData\Local\Temp\Low\REG642E.tmp moved successfully. C:\Users\Sebastian\AppData\Local\Temp\Low\REG642F.tmp moved successfully. C:\Users\Sebastian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Sebastian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZT7R9RQQ\google_com[1].htm moved successfully. C:\Users\Sebastian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LF6F1ZPG\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully. C:\Users\Sebastian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LF6F1ZPG\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Users\Sebastian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\59GJFJXB\index[9].htm moved successfully. C:\Users\Sebastian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1R2AF5DT\m4m[3].htm moved successfully. C:\Users\Sebastian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  10. abc36608
    That's my problem on the computer, I cannot upload file, so wont get the file to scan. It wont upload file, or click on link, it doesnt react.
  11. abc36608
    yes, just did and removed the McAfee, i have posted the OTL log file above
  12. abc36608
    OTL logfile created on: 1/6/2013 3:28:09 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\rootkitremover 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.98 Gb Total Physical Memory | 13.68 Gb Available Physical Memory | 85.57% Memory free 31.96 Gb Paging File | 29.32 Gb Available in Paging File | 91.72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918.22 Gb Total Space | 738.33 Gb Free Space | 80.41% Space Free | Partition Type: NTFS Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/06 02:14:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\rootkitremover\OTL.exe PRC - [2012/11/25 21:18:49 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Sebastian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012/10/23 02:17:40 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/10/23 02:17:40 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/04/03 21:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/02/06 18:26:08 | 000,066,872 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe PRC - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe PRC - [2012/02/01 11:50:04 | 001,850,224 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe PRC - [2012/02/01 11:50:02 | 002,195,824 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/09/22 08:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe PRC - [2011/09/22 08:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2011/09/21 08:30:12 | 004,109,312 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe PRC - [2011/08/11 17:48:08 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe PRC - [2011/05/20 08:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2011/04/01 15:08:30 | 000,660,480 | ---- | M] (DELL) -- C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe PRC - [2011/01/12 17:17:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe PRC - [2010/12/01 13:07:46 | 000,176,128 | ---- | M] (Chicony) -- C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe PRC - [2010/11/17 08:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe PRC - [2010/10/01 14:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe PRC - [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\a-squared Free\a2service.exe PRC - [2010/04/07 05:00:04 | 005,758,976 | ---- | M] (http://www.emule-project.net) -- C:\Program Files (x86)\eMule\emule.exe PRC - [2010/03/10 14:26:30 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe PRC - [2010/03/05 12:08:06 | 000,024,064 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe PRC - [2010/03/05 12:03:10 | 001,233,920 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe PRC - [2010/02/23 19:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- C:\Program Files (x86)\PPStream\PPSAP.exe PRC - [2010/01/27 14:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2009/07/13 17:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe PRC - [2009/03/31 13:04:02 | 001,118,208 | ---- | M] () -- C:\Altair\licensing10.0\security\bin\win64\umt_dist\umt_service.exe PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2012/12/17 03:27:45 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\0cb48ee4524d818a38028e44d6ba2968\System.WorkflowServices.ni.dll MOD - [2012/12/17 03:27:32 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\30f9318fcf980a0ac504421c663d24e5\System.ServiceModel.Web.ni.dll MOD - [2012/12/17 03:27:29 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\526e535175775d4c3880f59d6a1463b7\System.Xml.Linq.ni.dll MOD - [2012/12/17 03:26:54 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll MOD - [2012/12/17 03:26:34 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\40267c1bec60c4b94be794a65a4a8a49\System.IdentityModel.ni.dll MOD - [2012/12/17 03:26:33 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fecb0ca59057e9d190318551d40feb22\System.Runtime.Serialization.ni.dll MOD - [2012/12/17 03:26:32 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8cdf7f9bde2b780692428f439f0f5a08\System.ServiceModel.ni.dll MOD - [2012/12/17 03:26:32 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\3d3f043f645c0afeee0f7ed04c5e26e7\SMDiagnostics.ni.dll MOD - [2012/12/17 03:26:06 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c5653b035f5e272c8cac8b851e6fcc67\IAStorUtil.ni.dll MOD - [2012/12/17 03:19:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll MOD - [2012/12/17 03:19:04 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll MOD - [2012/12/17 03:19:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012/12/17 03:18:54 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll MOD - [2012/12/17 03:18:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012/12/17 03:18:40 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012/12/17 03:18:38 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll MOD - [2012/12/17 03:18:32 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012/12/17 03:18:30 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012/12/17 03:18:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012/12/17 03:18:27 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012/12/17 03:18:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/02/06 18:26:08 | 000,066,872 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe MOD - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe MOD - [2012/02/01 11:50:04 | 001,850,224 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe MOD - [2012/02/01 11:50:02 | 002,195,824 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe MOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll MOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll MOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll MOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll MOD - [2011/09/22 08:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe MOD - [2011/01/12 17:17:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe MOD - [2010/11/24 20:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll MOD - [2010/11/17 08:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe MOD - [2010/01/27 12:34:00 | 000,178,688 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL ========== Services (SafeList) ========== SRV:64bit: - [2012/10/23 02:17:40 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2012/01/23 11:21:46 | 000,575,816 | --S- | M] (SurfRight B.V.) [On_Demand | Stopped] -- C:\Program Files\SurfRight\Caretaker\AntispamService.exe -- (CaretakerAntispam) SRV:64bit: - [2011/12/22 16:39:36 | 001,416,520 | --S- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe -- (CaretakerProxy) SRV:64bit: - [2011/12/22 16:37:44 | 000,222,536 | --S- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe -- (CaretakerUpdate) SRV:64bit: - [2011/12/22 16:37:24 | 001,490,760 | --S- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\SurfRight\Caretaker\CaretakerService.exe -- (CaretakerSvc) SRV:64bit: - [2011/04/19 17:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/12/11 20:53:51 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/06/19 13:33:06 | 000,173,056 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery) SRV - [2012/04/03 21:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/02/24 16:15:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/09/22 08:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2011/08/11 15:48:06 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2011/05/20 08:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/12/01 13:07:46 | 000,176,128 | ---- | M] (Chicony) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe -- (OSDSvc) SRV - [2010/11/25 03:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010/11/25 03:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010/08/25 18:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\a-squared Free\a2service.exe -- (a2free) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/27 14:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/31 13:04:02 | 001,118,208 | ---- | M] () [Auto | Running] -- C:\Altair\licensing10.0\security\bin\win64\umt_dist\umt_service.exe -- (Altair UMT) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- c:\program files\dell support center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) DRV:64bit: - [2012/12/17 06:43:13 | 000,038,096 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark) DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/10/23 02:18:31 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012/10/23 02:18:31 | 000,364,096 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012/10/23 02:18:31 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012/10/23 02:18:30 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/10/23 02:18:30 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/10/15 08:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/04/20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/24 18:07:31 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012/02/24 18:07:31 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/04/19 17:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/04/19 16:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/17 02:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010/09/21 19:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/06/08 04:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2010/05/20 15:42:44 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010/03/19 01:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/03/05 13:48:42 | 001,623,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k) DRV:64bit: - [2010/03/05 13:48:18 | 001,578,072 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2010/03/05 13:47:48 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2010/03/05 13:47:30 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2010/03/05 13:47:16 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2010/03/05 13:46:54 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2010/03/05 13:46:22 | 000,699,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) DRV:64bit: - [2010/03/05 13:45:48 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2010/03/05 13:45:12 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2010/03/05 13:45:12 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2010/03/05 13:44:36 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2010/03/05 13:44:36 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2010/03/05 13:44:04 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2010/03/05 13:44:04 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2009/10/26 23:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009/10/26 23:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/04/11 08:58:48 | 000,022,016 | --S- | M] (SurfRight B.V.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctredr15.sys -- (ctredr15.sys) DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-591801800-512401281-386040104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-591801800-512401281-386040104-1000\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKU\S-1-5-21-591801800-512401281-386040104-1000\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://findgala.com/?&uid=3259&q={searchTerms} IE - HKU\S-1-5-21-591801800-512401281-386040104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-591801800-512401281-386040104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL File not found FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sebastian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sebastian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Sebastian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: avast! WebRep = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1473_0\ O1 HOSTS File: ([2013/01/05 10:03:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe (SurfRight B.V.) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Chicony_OSD] C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe () O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-591801800-512401281-386040104-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-591801800-512401281-386040104-1000..\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe (http://www.emule-project.net) O4 - HKU\S-1-5-21-591801800-512401281-386040104-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-591801800-512401281-386040104-1000..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe (PPStream Inc) O4 - HKU\S-1-5-21-591801800-512401281-386040104-1000..\Run: [spotify] C:\Users\Sebastian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-591801800-512401281-386040104-1000..\Run: [spotify Web Helper] C:\Users\Sebastian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\.DEFAULT..\RunOnce: [CTAutoUpdate] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd) O4 - HKU\S-1-5-18..\RunOnce: [CTAutoUpdate] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd) O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk = C:\Program Files (x86)\PPStream\PPStream.exe (PPStream Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-591801800-512401281-386040104-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-591801800-512401281-386040104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CAC5A20-872D-458C-8D66-6C58F50B3872}: DhcpNameServer = 192.168.0.1 205.171.3.25 O18:64bit: - Protocol\Handler\cozi - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/06 14:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\a-squared Free [2013/01/06 14:21:56 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\a-squared Free [2013/01/06 14:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\a-squared Free [2013/01/06 14:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center [2013/01/06 14:14:29 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\PCDr [2013/01/06 10:49:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/01/06 04:28:52 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Skype [2013/01/06 04:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/01/06 04:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/01/06 04:24:47 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013/01/05 20:04:25 | 000,038,096 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfiark.sys [2013/01/05 19:57:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Ad-Aware Antivirus [2013/01/05 19:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2013/01/05 19:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2013/01/05 19:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2013/01/05 19:56:18 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\Downloaded Installations [2013/01/05 13:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2013/01/05 11:17:49 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013/01/05 11:12:44 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\SoftGrid Client [2013/01/05 11:12:43 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\SoftGrid Client [2013/01/05 11:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English) [2013/01/05 11:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013/01/05 11:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client [2013/01/05 11:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013/01/05 11:11:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\TP [2013/01/05 09:57:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/01/05 09:57:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/01/05 09:57:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/01/05 09:57:25 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/01/05 09:57:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/01/05 09:41:53 | 005,019,547 | R--- | C] (Swearware) -- C:\Users\Sebastian\Desktop\ComboFix.exe [2013/01/04 21:41:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\Programs [2013/01/04 00:48:39 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\PC Cleaners [2013/01/04 00:48:32 | 004,728,200 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe [2013/01/04 00:48:31 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\PCPro [2013/01/04 00:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data [2013/01/03 23:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SurfRight [2013/01/03 23:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\SurfRight [2013/01/03 23:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SurfRight [2013/01/03 23:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Caretaker [2013/01/03 23:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/01/03 23:28:37 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/01/03 23:27:54 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/01/03 23:27:54 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/01/03 23:27:54 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/01/03 23:23:14 | 000,253,256 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys [2013/01/03 23:23:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2013/01/03 23:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2013/01/03 23:22:15 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\TestApp [2013/01/03 23:20:48 | 001,081,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013/01/03 23:20:48 | 000,308,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013/01/03 23:20:45 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013/01/03 23:20:45 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013/01/03 23:20:45 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013/01/03 23:11:25 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe [2013/01/03 22:59:06 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2013/01/02 19:45:47 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013/01/02 19:45:47 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013/01/02 19:45:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013/01/02 19:45:45 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/17 03:09:20 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012/12/17 03:09:20 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012/12/17 03:02:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/12/17 03:02:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/12/17 03:02:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/12/17 03:02:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/12/17 03:02:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/12/17 03:02:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/12/17 03:02:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/12/17 03:02:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/12/17 03:02:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/12/17 03:02:18 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/12/17 03:02:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/12/17 03:02:18 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/12/17 03:02:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/12/17 03:02:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/12/17 03:02:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/12/17 03:01:46 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012/12/17 03:01:45 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012/12/17 03:01:45 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012/12/17 03:01:45 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012/12/16 20:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012/12/16 20:58:13 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\rkill [2012/12/16 20:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012/12/16 20:43:33 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/12/16 20:43:33 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012/12/16 20:43:29 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012/12/16 20:43:29 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012/12/16 20:43:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012/12/16 20:43:07 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/12/16 20:43:07 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/12/16 20:43:07 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/12/16 20:43:03 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012/12/16 20:43:01 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012/12/16 20:42:57 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012/12/16 20:42:57 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012/12/16 20:42:57 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012/12/16 20:42:56 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012/12/16 20:42:56 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012/12/16 20:42:56 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012/12/16 20:42:56 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012/12/16 20:42:56 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012/12/16 20:42:49 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012/12/16 20:42:48 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/12/16 20:42:48 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012/12/16 20:42:48 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012/12/16 20:42:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012/12/16 20:42:47 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012/12/16 20:42:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/12/16 20:42:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012/12/16 20:42:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/12/16 20:42:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012/12/16 20:42:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/12/16 20:42:47 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/12/16 20:42:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/12/16 20:42:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/12/16 20:42:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/12/16 20:42:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/16 20:42:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/16 20:42:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/16 20:42:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/16 20:42:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/12/16 20:42:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/12/16 20:42:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/12/16 20:42:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/12/16 20:42:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/12/16 20:42:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/16 20:42:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/16 20:42:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/12/16 20:42:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/12/16 20:42:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/16 20:42:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/16 20:42:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/12/16 20:42:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/12/16 20:42:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/12/16 20:42:39 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012/12/16 20:42:39 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012/12/16 20:42:38 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/12/16 20:42:37 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012/12/16 20:42:19 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012/12/16 20:42:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/12/16 20:18:10 | 000,000,000 | ---D | C] -- C:\rootkitremover [2012/12/16 00:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/16 00:44:09 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/16 00:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/12/15 02:24:08 | 000,118,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfetdi2k.sys ========== Files - Modified Within 30 Days ========== [2013/01/06 15:27:20 | 000,001,061 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/01/06 15:27:11 | 000,001,037 | ---- | M] () -- C:\Users\Sebastian\Desktop\Dropbox.lnk [2013/01/06 15:25:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/06 15:24:49 | 4281,159,678 | -HS- | M] () -- C:\hiberfil.sys [2013/01/06 15:24:23 | 000,063,640 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00441102}.rfx [2013/01/06 15:24:23 | 000,063,640 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00441102}.rfx [2013/01/06 15:24:23 | 000,001,376 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00441102}.rfx [2013/01/06 15:21:24 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/06 15:21:24 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/06 15:20:51 | 000,779,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/06 15:20:51 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/06 15:20:51 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/06 15:14:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/06 15:07:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-591801800-512401281-386040104-1000UA.job [2013/01/06 04:59:57 | 000,795,928 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/01/05 19:03:52 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-591801800-512401281-386040104-1000Core.job [2013/01/05 10:03:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/01/05 09:42:28 | 005,019,547 | R--- | M] (Swearware) -- C:\Users\Sebastian\Desktop\ComboFix.exe [2013/01/04 21:46:00 | 001,806,838 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2013/01/04 00:53:09 | 004,728,200 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe [2013/01/04 00:24:02 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\SyncUP.lnk [2013/01/03 23:27:51 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/01/03 23:27:42 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/01/03 23:27:42 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/01/03 23:27:41 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/01/03 23:27:39 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013/01/03 23:27:39 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013/01/03 23:20:42 | 001,081,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013/01/03 23:20:42 | 000,959,976 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013/01/03 23:20:42 | 000,308,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013/01/03 23:20:42 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013/01/03 23:20:42 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013/01/03 23:20:42 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013/01/03 23:11:25 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe [2013/01/03 22:59:06 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2013/01/02 19:52:40 | 000,322,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/17 06:43:13 | 000,038,096 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfiark.sys [2012/12/16 19:58:22 | 000,001,669 | ---- | M] () -- C:\Users\Sebastian\Desktop\Desktop.rar [2012/12/16 19:57:11 | 000,000,555 | ---- | M] () -- C:\Users\Sebastian\Desktop\MBR.rar [2012/12/16 09:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/16 06:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/16 06:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/16 06:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/12 03:02:08 | 000,002,507 | ---- | M] () -- C:\Users\Sebastian\Desktop\Google Chrome.lnk [2012/12/11 20:53:50 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/11 20:53:50 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/12/11 20:53:43 | 015,728,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe ========== Files Created - No Company Name ========== [2013/01/05 09:57:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/01/05 09:57:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/01/05 09:57:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/01/05 09:57:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/01/05 09:57:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/01/04 00:24:02 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\SyncUP.lnk [2013/01/03 23:23:19 | 001,806,838 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2012/12/17 03:09:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/12/17 03:01:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/12/16 19:58:22 | 000,001,669 | ---- | C] () -- C:\Users\Sebastian\Desktop\Desktop.rar [2012/12/16 19:57:11 | 000,000,555 | ---- | C] () -- C:\Users\Sebastian\Desktop\MBR.rar [2012/07/22 13:46:21 | 067,817,370 | ---- | C] () -- C:\Users\Sebastian\P90X 12 - Ab Ripper X.mp4 [2012/07/22 13:46:17 | 177,323,321 | ---- | C] () -- C:\Users\Sebastian\P90X 11 - Cardio X.mp4 [2012/07/22 13:46:15 | 282,987,030 | ---- | C] () -- C:\Users\Sebastian\P90X 10 - Back & Biceps.mp4 [2012/07/22 13:46:12 | 303,599,084 | ---- | C] () -- C:\Users\Sebastian\P90X 09 - Chest & Shoulders & Triceps.mp4 [2012/07/22 13:46:08 | 241,288,538 | ---- | C] () -- C:\Users\Sebastian\P90X 08 - Core Synergistics.mp4 [2012/07/22 13:46:05 | 241,728,168 | ---- | C] () -- C:\Users\Sebastian\P90X 07 - X Stretch.mp4 [2012/07/22 13:46:02 | 248,433,499 | ---- | C] () -- C:\Users\Sebastian\P90X 06 - Kenpo X.mp4 [2012/07/22 13:46:01 | 314,455,103 | ---- | C] () -- C:\Users\Sebastian\P90X 05 - Legs & Back.mp4 [2012/07/22 13:45:57 | 379,152,421 | ---- | C] () -- C:\Users\Sebastian\P90X 04 - Yoga X.mp4 [2012/07/22 13:45:54 | 321,005,498 | ---- | C] () -- C:\Users\Sebastian\P90X 03 - Shoulders & Arms.mp4 [2012/07/22 13:45:47 | 248,628,523 | ---- | C] () -- C:\Users\Sebastian\P90X 02 - Plyometrics.mp4 [2012/07/22 13:45:44 | 285,558,879 | ---- | C] () -- C:\Users\Sebastian\P90X 01 - Chest & Back.mp4 [2012/07/17 20:41:46 | 484,393,492 | ---- | C] () -- C:\Users\Sebastian\P90X Beachbody - Hip Hop Abs.avi [2012/07/15 22:13:57 | 011,474,436 | ---- | C] () -- C:\Users\Sebastian\P90x Diet Guide - Beachbody.pdf [2012/07/15 22:13:49 | 2634,411,960 | ---- | C] () -- C:\Users\Sebastian\p90x_all_videos_hi_quality.zip [2012/03/05 22:18:47 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat [2012/02/24 18:12:09 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012/02/24 18:12:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012/02/24 17:57:39 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012/02/24 17:55:59 | 000,386,451 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2012/02/24 17:55:59 | 000,051,902 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2012/02/24 17:55:59 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2012/02/24 17:55:58 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe [2012/02/24 17:55:58 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2012/02/24 17:55:56 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2012/02/24 17:55:55 | 000,030,299 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2012/02/24 17:55:55 | 000,000,287 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2012/02/24 17:55:55 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2012/02/24 16:56:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/04/19 20:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/02/10 08:10:51 | 000,795,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/01/06 05:44:15 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Ad-Aware Antivirus [2013/01/06 15:27:22 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Dropbox [2012/03/03 21:44:02 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Fingertapps [2013/01/04 00:48:39 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PC Cleaners [2013/01/06 14:17:59 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PCDr [2013/01/04 00:53:37 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PCPro [2013/01/06 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PPStream [2013/01/06 15:17:28 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\SoftGrid Client [2013/01/06 15:27:22 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Spotify [2013/01/03 23:22:15 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TestApp [2013/01/05 11:12:49 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TP [2012/09/10 18:21:09 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Ufasoft [2012/07/30 19:23:43 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\youku ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012/07/23 09:20:48 | 005,295,666 | ---- | M] ()(C:\Users\Sebastian\??? - ???.mp3) -- C:\Users\Sebastian\韋禮安 - 因為愛.mp3 [2012/07/22 13:13:51 | 005,295,666 | ---- | C] ()(C:\Users\Sebastian\??? - ???.mp3) -- C:\Users\Sebastian\韋禮安 - 因為愛.mp3 ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 < End of report >
  13. abc36608
    Kevin, I cant uninstall McAfee, is it a must to uninstall it?
  14. abc36608
    Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.70.0.1100 PC Cleaners JavaFX 2.1.1 Java 7 Update 10 Java version out of Date! Adobe Reader 10.1.3 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Ad-Aware Antivirus AdAwareService.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  15. abc36608
    MxAfee, Avast, Lavasoft. Malwarebytes, i donwload many to scan and hope to solve the problem :-) running Emsisoft now
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.