Jump to content

Rootkits and browser Hijacking, oh my.


Recommended Posts

Okay... I recently did a clean reinstall of windows for this exact reason. I have a rootkit.0acces/rootkit.0access.64 infection, as well as Trojan.BCMiner or dropper, I can't remember. The reinstall eliminated the problem for a while, but yesterday I began having issues with Google-related services again. As of now I can't even navigate to the main website. ( http://puu.sh/1ct8c )

I am also experienceing problems (as before) with windows services, Bonjour and the like no longer work correctly.

I apologize for not following normal procedures (as far as checking for existing threads) but I'm freaking out about this because I need this laptop for school and work.

I'll attach anything you may need here:

GUI scan results: http://puu.sh/1ctdll (Duplicated because I didn't restart after scanning this time)

Log : http://puu.sh/1ctca

Thanks for any support. Note; TDSKiller failed to fix any of this before.

Link to post
Share on other sites

Hello Kaoruko and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Apologies for the delayed response, I have somewhat sporadic internet use. I think I may have fixed the problem, but just in case here are the logs:

This is the "OTL"

OTL logfile created on: 10/8/2012 12:34:20 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kaoruko\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.60 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 67.88% Memory free

3.21 Gb Paging File | 1.90 Gb Available in Paging File | 59.33% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 232.69 Gb Total Space | 138.67 Gb Free Space | 59.59% Space Free | Partition Type: NTFS

Drive D: | 4.38 Gb Total Space | 3.70 Gb Free Space | 84.47% Space Free | Partition Type: UDF

Computer Name: KAORUKO-PC | User Name: Kaoruko | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/07 18:08:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaoruko\Desktop\OTL.exe

PRC - [2012/10/01 20:07:52 | 000,519,024 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

PRC - [2012/09/30 13:36:23 | 001,193,176 | ---- | M] () -- C:\Users\Kaoruko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2012/09/30 08:32:05 | 000,565,480 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe

PRC - [2012/09/29 13:51:13 | 001,161,768 | ---- | M] (WiseCleaner.com) -- C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe

PRC - [2012/09/28 20:40:00 | 001,253,232 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe

PRC - [2012/09/28 17:36:04 | 000,413,040 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe

PRC - [2012/09/28 17:34:18 | 000,388,464 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

PRC - [2012/09/27 07:37:12 | 003,532,224 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe

PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/08/31 09:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012/07/25 12:57:08 | 029,357,952 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

PRC - [2012/04/26 07:33:16 | 002,743,104 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

PRC - [2010/05/25 07:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

PRC - [2008/08/06 11:02:19 | 000,274,432 | ---- | M] (Blizzard Entertainment) -- C:\Program Files (x86)\Warcraft III\Frozen Throne.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/01 21:43:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0115469cb5e9c85979779f00b5ec6804\System.Runtime.Remoting.ni.dll

MOD - [2012/10/01 21:41:52 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3bee1eb2ff37b4e44b429fb763da920d\System.Windows.Forms.ni.dll

MOD - [2012/10/01 21:39:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aadfdc0e7d9181a98d667a52c3c35601\System.Configuration.ni.dll

MOD - [2012/09/30 13:36:23 | 001,193,176 | ---- | M] () -- C:\Users\Kaoruko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

MOD - [2012/09/30 08:32:05 | 000,565,480 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe

MOD - [2012/09/28 21:03:30 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll

MOD - [2012/09/28 21:00:11 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll

MOD - [2012/09/28 20:58:47 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll

MOD - [2012/09/28 20:58:01 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll

MOD - [2012/06/23 18:18:46 | 006,307,928 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/30 07:06:40 | 000,604,728 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/03/04 14:50:26 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/03/04 12:44:40 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2010/06/17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)

SRV:64bit: - [2009/07/13 20:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)

SRV:64bit: - [1999/12/31 19:00:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV - [2012/10/07 13:17:49 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/10/01 20:07:52 | 000,519,024 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)

SRV - [2012/09/28 17:36:04 | 000,413,040 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)

SRV - [2012/09/28 17:34:18 | 000,388,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)

SRV - [2012/09/27 18:24:50 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)

SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/08/31 09:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012/07/17 15:25:28 | 000,580,648 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/07 19:02:17 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)

DRV:64bit: - [2012/09/30 07:03:24 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)

DRV:64bit: - [2012/09/29 09:18:13 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012/09/27 13:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)

DRV:64bit: - [2012/09/13 14:26:44 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/08/20 14:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)

DRV:64bit: - [2012/08/20 14:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)

DRV:64bit: - [2012/08/01 13:13:42 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)

DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/03/04 17:01:18 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/03/04 14:16:48 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/12/20 19:20:02 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/11/29 07:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2010/11/11 21:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/11/11 21:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [1999/12/31 19:00:00 | 001,145,960 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)

DRV:64bit: - [1999/12/31 19:00:00 | 000,685,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [1999/12/31 19:00:00 | 000,333,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV - [2012/10/05 08:40:22 | 000,027,744 | -HS- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-985819812-3727231822-1672301093-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ergative.com/

IE - HKU\S-1-5-21-985819812-3727231822-1672301093-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-985819812-3727231822-1672301093-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-985819812-3727231822-1672301093-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 25 B1 FD AD 9C CD 01 [binary data]

IE - HKU\S-1-5-21-985819812-3727231822-1672301093-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-985819812-3727231822-1672301093-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-985819812-3727231822-1672301093-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-985819812-3727231822-1672301093-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kaoruko\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kaoruko\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Kaoruko\AppData\Roaming\IDM\idmmzcc5 [2012/09/30 14:06:47 | 000,000,000 | ---D | M]

[2012/09/30 15:39:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaoruko\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kaoruko\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Kaoruko\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kaoruko\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll

CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Kaoruko\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: BIODIGITAL HUMAN = C:\Users\Kaoruko\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\

CHR - Extension: Google Drive = C:\Users\Kaoruko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\

CHR - Extension: YouTube = C:\Users\Kaoruko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\Kaoruko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: Google Search = C:\Users\Kaoruko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Lorem Ipsum Generator = C:\Users\Kaoruko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpfoncmmihgkooacnplecaopcefceam\2.0.6_0\

CHR - Extension: Stylish = C:\Users\Kaoruko\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\

CHR - Extension: Privacy manager = C:\Users\Kaoruko\AppData\Local\Google\Chrome\User Data\Default\Extensions\giccehglhacakcfemddmfhdkahamfcmd\2.3_0\

CHR - Extension: Huey = C:\Users\Kaoruko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcippbcjndfbpaiemdnkilmgnppiboac\1_0\

CHR - Extension: IDM Integration = C:\Users\Kaoruko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\

CHR - Extension: Redirect adf.ly = C:\Users\Kaoruko\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfffmkcdjljajeggjoecedpnepochcfm\0.1_0\

CHR - Extension: Linkclump = C:\Users\Kaoruko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj\2.3.2_0\

CHR - Extension: Into The Mist = C:\Users\Kaoruko\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh\1_1\

CHR - Extension: Pocket (formerly Read It Later) = C:\Users\Kaoruko\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.1.3_0\

CHR - Extension: Gmail = C:\Users\Kaoruko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-985819812-3727231822-1672301093-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-985819812-3727231822-1672301093-1000..\Run: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)

O4 - HKU\S-1-5-21-985819812-3727231822-1672301093-1000..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()

O4 - HKU\S-1-5-21-985819812-3727231822-1672301093-1000..\Run: [spotify Web Helper] C:\Users\Kaoruko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-985819812-3727231822-1672301093-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221

O7 - HKU\S-1-5-21-985819812-3727231822-1672301093-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()

O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()

O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D1505F9-6BC2-484D-A69C-50C8DFDC2CA3}: DhcpNameServer = 8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D646BC57-5CA5-4327-9F4D-9AA77988D96B}: DhcpNameServer = 192.168.10.7 4.2.2.2

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\osf - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{ce70a351-0848-11e2-9617-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{ce70a351-0848-11e2-9617-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/07 18:08:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kaoruko\Desktop\OTL.exe

[2012/10/07 18:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\dbg

[2012/10/07 18:06:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/10/07 17:54:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2012/10/07 17:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/10/07 17:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/10/07 17:42:59 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kaoruko\Desktop\tdsskiller.exe

[2012/10/07 13:17:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2012/10/07 13:09:55 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/10/07 12:52:37 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\Documents\My Games

[2012/10/07 12:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED

[2012/10/07 12:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Torchlight II

[2012/10/07 07:49:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Hotspot Shield

[2012/10/06 21:10:06 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2012/10/05 19:22:54 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/10/05 19:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/10/05 17:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2012/10/05 14:59:06 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Your Product

[2012/10/05 14:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

[2012/10/05 14:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment

[2012/10/05 13:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Isle

[2012/10/05 13:53:02 | 000,052,736 | ---- | C] (Interplay Productions) -- C:\Windows\ipuninst.exe

[2012/10/05 13:53:02 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black Isle

[2012/10/05 13:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\BlackIsle

[2012/10/05 12:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft.temp

[2012/10/05 12:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment.temp

[2012/10/05 11:40:33 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced ZIP Password Recovery

[2012/10/05 11:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced ZIP Password Recovery

[2012/10/05 11:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AZPR

[2012/10/05 11:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net

[2012/10/05 10:00:52 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Spotydl

[2012/10/05 10:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotydl

[2012/10/05 10:00:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spotydl

[2012/10/05 09:59:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment

[2012/10/05 09:40:50 | 000,569,344 | ---- | C] (NetiSoft) -- C:\Users\Kaoruko\Desktop\World of Warcraft Control Panel.exe

[2012/10/05 09:11:37 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Tunngle

[2012/10/05 09:11:26 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys

[2012/10/05 08:39:13 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\GarenaPlus

[2012/10/05 08:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus

[2012/10/05 08:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger

[2012/10/05 08:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcrafto

[2012/10/01 18:07:08 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\Documents\My Cheat Tables

[2012/10/01 15:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III

[2012/09/30 21:33:02 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

[2012/09/30 21:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WarRun

[2012/09/30 21:31:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WarRun

[2012/09/30 21:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICCup

[2012/09/30 21:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena

[2012/09/30 21:02:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images

[2012/09/30 18:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Abordal

[2012/09/30 18:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enterbrain

[2012/09/30 17:56:47 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT

[2012/09/30 17:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment

[2012/09/30 15:39:08 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Mozilla

[2012/09/30 15:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery

[2012/09/30 15:23:52 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker

[2012/09/30 15:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker

[2012/09/30 15:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RAR Password Cracker

[2012/09/30 13:56:41 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify Code Generator V1.0

[2012/09/30 13:36:27 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\Spotify

[2012/09/30 13:25:45 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Spotify

[2012/09/30 12:54:00 | 000,000,000 | ---D | C] -- C:\My Web Sites

[2012/09/30 12:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack

[2012/09/30 12:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack

[2012/09/30 12:25:13 | 000,054,728 | ---- | C] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys

[2012/09/30 12:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto

[2012/09/30 12:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto

[2012/09/30 12:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto

[2012/09/30 09:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 7.6

[2012/09/30 09:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 7.6

[2012/09/30 08:31:38 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\puush

[2012/09/30 08:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush

[2012/09/30 08:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\puush

[2012/09/29 21:27:05 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\SoundSpectrum

[2012/09/29 21:27:05 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\SoundSpectrum

[2012/09/29 21:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aeon

[2012/09/29 21:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoundSpectrum

[2012/09/29 13:48:35 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Wise Care 365

[2012/09/29 13:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365

[2012/09/29 12:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe

[2012/09/29 12:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2012/09/29 12:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2012/09/29 12:48:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed

[2012/09/29 12:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2012/09/29 12:33:49 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Macromedia

[2012/09/29 12:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2012/09/29 12:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2012/09/29 12:33:11 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Adobe

[2012/09/29 12:32:32 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\Adobe

[2012/09/29 10:42:43 | 000,688,128 | ---- | C] (The Windows Club) -- C:\Users\Kaoruko\Desktop\Windows 7 DreamScene Activator 1.1.exe

[2012/09/29 10:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamScene Seven

[2012/09/29 10:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DreamScene Seven

[2012/09/29 09:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro

[2012/09/29 09:18:13 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys

[2012/09/29 09:18:03 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\DAEMON Tools Pro

[2012/09/29 09:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro

[2012/09/29 08:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro

[2012/09/28 23:59:13 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\vlc

[2012/09/28 23:52:10 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux

[2012/09/28 21:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock

[2012/09/28 21:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RocketDock

[2012/09/28 21:43:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2012/09/28 21:43:01 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2012/09/28 21:43:01 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2012/09/28 21:42:55 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2012/09/28 21:42:55 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2012/09/28 21:42:55 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2012/09/28 21:42:55 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2012/09/28 21:42:55 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2012/09/28 21:42:55 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2012/09/28 21:41:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2012/09/28 21:28:14 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\IDM

[2012/09/28 21:28:13 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\DMCache

[2012/09/28 21:28:04 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager

[2012/09/28 21:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager

[2012/09/28 21:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager

[2012/09/28 21:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2012/09/28 21:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/09/28 21:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012/09/28 21:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012/09/28 20:22:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2012/09/28 20:22:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2012/09/28 16:20:38 | 000,000,000 | ---D | C] -- C:\Downloads

[2012/09/28 14:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield

[2012/09/28 14:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield

[2012/09/28 14:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield

[2012/09/28 14:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012/09/28 14:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2012/09/28 14:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3

[2012/09/28 14:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++

[2012/09/28 14:33:56 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

[2012/09/28 14:33:50 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Notepad++

[2012/09/28 14:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++

[2012/09/28 14:33:30 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\TeamViewer

[2012/09/28 14:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer

[2012/09/28 09:14:41 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Wise Game Booster

[2012/09/28 09:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Game Booster

[2012/09/28 09:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise

[2012/09/28 09:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent

[2012/09/28 09:06:13 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\uTorrent

[2012/09/28 07:44:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda

[2012/09/28 07:35:37 | 000,685,160 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys

[2012/09/28 06:45:20 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\Archives

[2012/09/27 21:17:06 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\Apple Computer

[2012/09/27 21:08:48 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\DAEMON Tools Lite

[2012/09/27 21:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite

[2012/09/27 15:17:03 | 000,000,000 | ---D | C] -- C:\SWTOOLS

[2012/09/27 15:11:15 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\SlimWare Utilities Inc

[2012/09/27 15:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers

[2012/09/27 15:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers

[2012/09/27 14:49:33 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\Documents\Website

[2012/09/27 14:45:54 | 000,000,000 | --SD | C] -- C:\Users\Kaoruko\Google Drive

[2012/09/27 14:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

[2012/09/27 10:08:37 | 000,160,992 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys

[2012/09/27 09:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recover Keys

[2012/09/27 09:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Recover Keys

[2012/09/27 09:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012/09/27 08:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Magical Jelly Bean

[2012/09/27 08:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder

[2012/09/27 07:57:45 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/09/27 07:27:36 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\Google

[2012/09/27 07:25:49 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\Deployment

[2012/09/27 07:25:49 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\Apps

[2012/09/27 07:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

[2012/09/27 07:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2012/09/27 07:08:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2012/09/27 07:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server

[2012/09/27 07:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services

[2012/09/27 07:05:12 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\Microsoft Help

[2012/09/27 07:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2012/09/27 07:04:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2012/09/27 07:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2012/09/27 07:01:30 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2012/09/27 06:41:33 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\MigWiz

[2012/09/27 06:22:41 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Malwarebytes

[2012/09/27 06:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/09/27 06:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/09/27 06:22:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/09/27 06:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/09/27 06:18:03 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\Image Files

[2012/09/27 06:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astroburn Pro

[2012/09/27 06:16:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astroburn Pro

[2012/09/27 06:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Astroburn Pro

[2012/09/26 22:12:11 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2012/09/26 21:19:45 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\AMD

[2012/09/26 21:19:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS

[2012/09/26 21:19:10 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\ATI

[2012/09/26 21:19:10 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\ATI

[2012/09/26 21:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2012/09/26 21:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD

[2012/09/26 21:15:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2012/09/26 21:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies

[2012/09/26 21:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies

[2012/09/26 21:13:40 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2012/09/26 21:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2012/09/26 21:12:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2012/09/26 21:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies

[2012/09/26 21:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies

[2012/09/26 21:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2012/09/26 21:06:31 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\Documents\Electronic Arts

[2012/09/26 20:16:10 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Apple Computer

[2012/09/26 20:16:09 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Synaptics

[2012/09/26 20:13:44 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\Documents\PSD's

[2012/09/26 20:13:41 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\Documents\School

[2012/09/26 20:09:06 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\ElevatedDiagnostics

[2012/09/26 20:05:55 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\Documents\Story

[2012/09/26 20:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/09/26 20:05:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

[2012/09/26 20:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/09/26 20:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/09/26 20:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/09/26 20:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2012/09/26 20:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2012/09/26 20:03:18 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\Apple

[2012/09/26 20:03:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2012/09/26 20:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2012/09/26 19:59:57 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\WinRAR

[2012/09/26 19:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012/09/26 19:59:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2012/09/26 19:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR

[2012/09/26 19:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2012/09/26 19:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2012/09/26 19:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics

[2012/09/26 19:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco

[2012/09/26 19:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2012/09/26 19:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2012/09/26 19:53:06 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp

[2012/09/26 19:51:16 | 000,216,360 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll

[2012/09/26 19:51:16 | 000,148,776 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll

[2012/09/26 19:51:16 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll

[2012/09/26 19:51:15 | 001,402,416 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys

[2012/09/26 19:51:07 | 000,273,704 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll

[2012/09/26 19:51:07 | 000,218,408 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll

[2012/09/26 19:51:06 | 000,404,776 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll

[2012/09/26 19:51:06 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll

[2012/09/26 19:50:09 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll

[2012/09/26 19:50:07 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll

[2012/09/26 19:50:03 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll

[2012/09/26 19:50:01 | 000,480,256 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe

[2012/09/26 19:50:01 | 000,203,776 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe

[2012/09/26 19:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2012/09/26 19:47:40 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2012/09/26 19:44:27 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\Diagnostics

[2012/09/26 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\Documents\Phtooshop Crack

[2012/09/26 19:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts

[2012/09/26 19:34:44 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information

[2012/09/26 19:24:20 | 000,000,000 | R--D | C] -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012/09/26 19:24:20 | 000,000,000 | R--D | C] -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012/09/26 19:24:19 | 000,000,000 | R--D | C] -- C:\Users\Kaoruko\Searches

[2012/09/26 19:24:19 | 000,000,000 | -H-D | C] -- C:\Users\Kaoruko\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2012/09/26 19:24:08 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Identities

[2012/09/26 19:24:05 | 000,000,000 | R--D | C] -- C:\Users\Kaoruko\Contacts

[2012/09/26 19:24:02 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\VirtualStore

[2012/09/26 19:23:51 | 000,000,000 | -HSD | C] -- C:\Users\Kaoruko\AppData\Local\Temporary Internet Files

[2012/09/26 19:23:51 | 000,000,000 | -HSD | C] -- C:\Users\Kaoruko\Templates

[2012/09/26 19:23:51 | 000,000,000 | -HSD | C] -- C:\Users\Kaoruko\Start Menu

[2012/09/26 19:23:51 | 000,000,000 | -HSD | C] -- C:\Users\Kaoruko\SendTo

[2012/09/26 19:23:51 | 000,000,000 | -HSD | C] -- C:\Users\Kaoruko\Recent

[2012/09/26 19:23:51 | 000,000,000 | -HSD | C] -- C:\Users\Kaoruko\PrintHood

[2012/09/26 19:23:51 | 000,000,000 | -HSD | C] -- C:\Users\Kaoruko\NetHood

[2012/09/26 19:23:51 | 000,000,000 | -HSD | C] -- C:\Users\Kaoruko\Documents\My Videos

[2012/09/26 19:23:51 | 000,000,000 | -HSD | C] -- C:\Users\Kaoruko\Documents\My Pictures

[2012/09/26 19:23:51 | 000,000,000 | -HSD | C] -- C:\Users\Kaoruko\Documents\My Music

[2012/09/26 19:23:51 | 000,000,000 | -HSD | C] -- C:\Users\Kaoruko\My Documents

[2012/09/26 19:23:51 | 000,000,000 | -HSD | C] -- C:\Users\Kaoruko\Local Settings

[2012/09/26 19:23:51 | 000,000,000 | -HSD | C] -- C:\Users\Kaoruko\AppData\Local\History

[2012/09/26 19:23:51 | 000,000,000 | -HSD | C] -- C:\Users\Kaoruko\Cookies

[2012/09/26 19:23:51 | 000,000,000 | -HSD | C] -- C:\Users\Kaoruko\Application Data

[2012/09/26 19:23:51 | 000,000,000 | -HSD | C] -- C:\Users\Kaoruko\AppData\Local\Application Data

[2012/09/26 19:23:50 | 000,000,000 | --SD | C] -- C:\Users\Kaoruko\AppData\Roaming\Microsoft

[2012/09/26 19:23:50 | 000,000,000 | R--D | C] -- C:\Users\Kaoruko\Videos

[2012/09/26 19:23:50 | 000,000,000 | R--D | C] -- C:\Users\Kaoruko\Saved Games

[2012/09/26 19:23:50 | 000,000,000 | R--D | C] -- C:\Users\Kaoruko\Pictures

[2012/09/26 19:23:50 | 000,000,000 | R--D | C] -- C:\Users\Kaoruko\Music

[2012/09/26 19:23:50 | 000,000,000 | R--D | C] -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012/09/26 19:23:50 | 000,000,000 | R--D | C] -- C:\Users\Kaoruko\Links

[2012/09/26 19:23:50 | 000,000,000 | R--D | C] -- C:\Users\Kaoruko\Favorites

[2012/09/26 19:23:50 | 000,000,000 | R--D | C] -- C:\Users\Kaoruko\Downloads

[2012/09/26 19:23:50 | 000,000,000 | R--D | C] -- C:\Users\Kaoruko\Documents

[2012/09/26 19:23:50 | 000,000,000 | R--D | C] -- C:\Users\Kaoruko\Desktop

[2012/09/26 19:23:50 | 000,000,000 | R--D | C] -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012/09/26 19:23:50 | 000,000,000 | -H-D | C] -- C:\Users\Kaoruko\AppData

[2012/09/26 19:23:50 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\Temp

[2012/09/26 19:23:50 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Local\Microsoft

[2012/09/26 19:23:50 | 000,000,000 | ---D | C] -- C:\Users\Kaoruko\AppData\Roaming\Media Center Programs

[2012/09/26 19:23:38 | 000,000,000 | -HSD | C] -- C:\Recovery

[2012/09/13 14:26:44 | 000,038,632 | ---- | C] (AnchorFree Inc) -- C:\Windows\SysNative\drivers\taphss.sys

========== Files - Modified Within 30 Days ==========

[2012/10/08 00:42:36 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/10/07 23:59:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/10/07 23:55:38 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-985819812-3727231822-1672301093-1000UA.job

[2012/10/07 23:21:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/10/07 20:32:59 | 000,778,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/10/07 20:32:59 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/10/07 20:32:59 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/10/07 19:27:06 | 000,014,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/10/07 19:27:06 | 000,014,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/10/07 19:19:14 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job

[2012/10/07 19:02:17 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys

[2012/10/07 19:02:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/10/07 19:01:59 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job

[2012/10/07 19:01:23 | 1292,034,048 | -HS- | M] () -- C:\hiberfil.sys

[2012/10/07 18:08:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaoruko\Desktop\OTL.exe

[2012/10/07 17:47:59 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/10/07 17:43:35 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kaoruko\Desktop\tdsskiller.exe

[2012/10/07 17:05:17 | 000,231,390 | ---- | M] () -- C:\Users\Kaoruko\Desktop\RootkitRevealer.zip

[2012/10/07 14:55:03 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-985819812-3727231822-1672301093-1000Core.job

[2012/10/07 12:53:15 | 000,000,850 | ---- | M] () -- C:\Users\Kaoruko\Desktop\Torchlight II.lnk

[2012/10/06 21:59:48 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics

[2012/10/06 21:53:13 | 000,007,614 | ---- | M] () -- C:\Users\Kaoruko\AppData\Local\Resmon.ResmonCfg

[2012/10/06 21:04:41 | 000,001,046 | ---- | M] () -- C:\Windows\AZPR3.INI

[2012/10/06 21:04:34 | 000,000,602 | ---- | M] () -- C:\Users\Kaoruko\Desktop\Cred gen.azr

[2012/10/06 21:02:25 | 000,000,602 | ---- | M] () -- C:\Users\Kaoruko\Desktop\~azpr.azr

[2012/10/05 14:35:41 | 000,001,294 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2012/10/05 13:53:02 | 000,052,736 | ---- | M] (Interplay Productions) -- C:\Windows\ipuninst.exe

[2012/10/05 12:50:23 | 004,992,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/10/05 12:27:12 | 000,000,000 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk.temp

[2012/10/05 10:05:24 | 000,000,032 | ---- | M] () -- C:\Windows\wowCP.ini

[2012/10/05 08:53:24 | 000,045,270 | ---- | M] () -- C:\Users\Kaoruko\AppData\Roaming\room_v3.dat

[2012/10/03 14:10:26 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job

[2012/10/01 20:40:23 | 000,001,434 | ---- | M] () -- C:\Users\Kaoruko\Desktop\Warcraft III.lnk

[2012/10/01 20:39:56 | 000,001,519 | ---- | M] () -- C:\Users\Kaoruko\Desktop\Frozen Throne.lnk

[2012/10/01 15:41:35 | 000,008,107 | ---- | M] () -- C:\Windows\w7dsd.reg

[2012/10/01 15:41:35 | 000,008,089 | ---- | M] () -- C:\Windows\w7dse.reg

[2012/10/01 14:51:02 | 000,000,022 | ---- | M] () -- C:\Windows\modules.data

[2012/09/30 18:31:04 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml

[2012/09/30 18:31:04 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml

[2012/09/30 12:53:21 | 000,000,804 | ---- | M] () -- C:\Users\Kaoruko\Application Data\Microsoft\Internet Explorer\Quick Launch\HTTrack Website Copier.lnk

[2012/09/30 12:26:02 | 000,000,098 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

[2012/09/30 07:03:24 | 000,054,728 | ---- | M] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys

[2012/09/30 01:34:40 | 000,569,344 | ---- | M] (NetiSoft) -- C:\Users\Kaoruko\Desktop\World of Warcraft Control Panel.exe

[2012/09/29 09:18:13 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys

[2012/09/28 20:04:45 | 000,772,682 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/09/28 09:06:14 | 000,000,967 | ---- | M] () -- C:\Users\Kaoruko\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

[2012/09/27 21:17:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2012/09/27 13:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys

[2012/09/27 06:40:54 | 000,000,862 | ---- | M] () -- C:\Windows\SysNative\termcap

[2012/09/26 21:17:08 | 000,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2012/09/26 21:17:08 | 000,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2012/09/26 21:15:46 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

[2012/09/26 19:57:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf

[2012/09/26 19:34:08 | 000,001,437 | ---- | M] () -- C:\Users\Kaoruko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/09/26 19:28:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2012/09/25 17:28:48 | 005,820,380 | ---- | M] () -- C:\Users\Kaoruko\Desktop\Spotify Premium Code Generator v1.5.rar

[2012/09/13 14:26:44 | 000,038,632 | ---- | M] (AnchorFree Inc) -- C:\Windows\SysNative\drivers\taphss.sys

========== Files Created - No Company Name ==========

[2012/10/07 17:47:59 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/10/07 17:47:00 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/10/07 17:05:11 | 000,231,390 | ---- | C] () -- C:\Users\Kaoruko\Desktop\RootkitRevealer.zip

[2012/10/07 13:17:55 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/10/07 12:53:15 | 000,000,850 | ---- | C] () -- C:\Users\Kaoruko\Desktop\Torchlight II.lnk

[2012/10/07 12:50:18 | 000,000,850 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight II.lnk

[2012/10/06 21:53:13 | 000,007,614 | ---- | C] () -- C:\Users\Kaoruko\AppData\Local\Resmon.ResmonCfg

[2012/10/05 19:50:38 | 000,000,602 | ---- | C] () -- C:\Users\Kaoruko\Desktop\~azpr.azr

[2012/10/05 12:27:12 | 000,000,000 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk.temp

[2012/10/05 11:47:49 | 000,000,602 | ---- | C] () -- C:\Users\Kaoruko\Desktop\Cred gen.azr

[2012/10/05 11:40:46 | 000,001,046 | ---- | C] () -- C:\Windows\AZPR3.INI

[2012/10/05 11:31:12 | 000,123,806 | ---- | C] () -- C:\Users\Kaoruko\Desktop\CCgen-V2.0.zip

[2012/10/05 10:05:24 | 000,000,032 | ---- | C] () -- C:\Windows\wowCP.ini

[2012/10/05 09:35:17 | 000,001,294 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2012/10/05 08:53:24 | 000,045,270 | ---- | C] () -- C:\Users\Kaoruko\AppData\Roaming\room_v3.dat

[2012/10/02 14:37:15 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\Wise Care 365 PC Checkup Task.job

[2012/10/01 20:40:23 | 000,001,434 | ---- | C] () -- C:\Users\Kaoruko\Desktop\Warcraft III.lnk

[2012/10/01 20:39:56 | 000,001,519 | ---- | C] () -- C:\Users\Kaoruko\Desktop\Frozen Throne.lnk

[2012/10/01 14:51:02 | 000,000,022 | ---- | C] () -- C:\Windows\modules.data

[2012/09/30 21:32:00 | 001,137,913 | ---- | C] () -- C:\icons-WAR3.bni

[2012/09/30 18:21:14 | 002,966,720 | ---- | C] () -- C:\Windows\SysNative\pwNative.exe

[2012/09/30 18:21:13 | 000,019,032 | ---- | C] () -- C:\Windows\SysNative\pwdrvio.sys

[2012/09/30 18:21:12 | 000,012,384 | ---- | C] () -- C:\Windows\SysNative\pwdspio.sys

[2012/09/30 14:46:25 | 005,820,380 | ---- | C] () -- C:\Users\Kaoruko\Desktop\Spotify Premium Code Generator v1.5.rar

[2012/09/30 13:36:24 | 000,001,763 | ---- | C] () -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

[2012/09/30 12:53:21 | 000,000,804 | ---- | C] () -- C:\Users\Kaoruko\Application Data\Microsoft\Internet Explorer\Quick Launch\HTTrack Website Copier.lnk

[2012/09/30 12:26:02 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

[2012/09/30 07:58:11 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml

[2012/09/30 07:58:11 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml

[2012/09/29 13:46:05 | 000,000,426 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job

[2012/09/29 12:57:20 | 000,001,228 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk

[2012/09/29 12:56:00 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk

[2012/09/29 12:54:31 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk

[2012/09/29 12:54:00 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk

[2012/09/29 12:50:55 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk

[2012/09/29 12:50:49 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk

[2012/09/29 10:43:05 | 000,008,107 | ---- | C] () -- C:\Windows\w7dsd.reg

[2012/09/29 10:43:05 | 000,008,089 | ---- | C] () -- C:\Windows\w7dse.reg

[2012/09/28 21:42:55 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT

[2012/09/28 14:33:25 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk

[2012/09/28 09:06:14 | 000,000,967 | ---- | C] () -- C:\Users\Kaoruko\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

[2012/09/27 21:17:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2012/09/27 15:11:22 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job

[2012/09/27 15:11:17 | 000,015,712 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys

[2012/09/27 14:49:10 | 000,229,371 | ---- | C] () -- C:\Taskbar Hider_2.exe

[2012/09/27 09:05:19 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/09/27 09:05:19 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/09/27 07:27:37 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-985819812-3727231822-1672301093-1000UA.job

[2012/09/27 07:27:37 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-985819812-3727231822-1672301093-1000Core.job

[2012/09/27 06:41:05 | 000,000,862 | ---- | C] () -- C:\Windows\SysNative\termcap

[2012/09/26 21:16:59 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2012/09/26 21:16:53 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2012/09/26 21:15:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/09/26 21:12:44 | 1292,034,048 | -HS- | C] () -- C:\hiberfil.sys

[2012/09/26 20:03:16 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2012/09/26 19:57:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf

[2012/09/26 19:54:36 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

[2012/09/26 19:53:19 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat

[2012/09/26 19:53:19 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\drivers\RTHDAEQ0.dat

[2012/09/26 19:52:28 | 000,772,682 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/09/26 19:51:17 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

[2012/09/26 19:50:08 | 000,675,584 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap

[2012/09/26 19:50:07 | 000,675,584 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap

[2012/09/26 19:50:06 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2012/09/26 19:50:06 | 000,002,975 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat

[2012/09/26 19:50:05 | 000,022,280 | ---- | C] () -- C:\Windows\atiogl.xml

[2012/09/26 19:50:02 | 000,226,857 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat

[2012/09/26 19:49:58 | 000,138,760 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb

[2012/09/26 19:34:08 | 000,001,437 | ---- | C] () -- C:\Users\Kaoruko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/09/26 19:28:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2012/09/26 19:24:47 | 000,001,409 | ---- | C] () -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2012/09/26 19:24:36 | 000,001,443 | ---- | C] () -- C:\Users\Kaoruko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012/09/26 19:23:50 | 000,000,290 | ---- | C] () -- C:\Users\Kaoruko\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2012/09/26 19:23:50 | 000,000,272 | ---- | C] () -- C:\Users\Kaoruko\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== ZeroAccess Check ==========

[2011/11/17 02:14:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{49954bfd-4b0a-c488-9986-9b242f2f4347}\@

[2012/10/07 16:35:20 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{49954bfd-4b0a-c488-9986-9b242f2f4347}\L

[2012/10/07 18:39:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{49954bfd-4b0a-c488-9986-9b242f2f4347}\U

[2012/10/07 16:49:35 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{49954bfd-4b0a-c488-9986-9b242f2f4347}\L\00000004.@

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/28 06:32:32 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\DAEMON Tools Lite

[2012/09/29 18:30:08 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\DAEMON Tools Pro

[2012/10/07 19:00:23 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\DMCache

[2012/10/05 08:39:51 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\GarenaPlus

[2012/10/05 14:58:41 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\IDM

[2012/09/28 17:16:26 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\Notepad++

[2012/09/30 08:31:39 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\puush

[2012/09/29 21:27:05 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\SoundSpectrum

[2012/10/07 10:04:44 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\Spotify

[2012/10/05 16:02:37 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\Spotydl

[2012/10/06 21:10:06 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2012/09/26 20:16:09 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\Synaptics

[2012/09/28 14:33:30 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\TeamViewer

[2012/10/05 12:46:34 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\Tunngle

[2012/10/07 18:33:42 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\uTorrent

[2012/10/07 19:02:44 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\Wise Care 365

[2012/09/28 22:59:38 | 000,000,000 | ---D | M] -- C:\Users\Kaoruko\AppData\Roaming\Wise Game Booster

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.