Jump to content

Cannot remove bitcoin miner


tommybc

Recommended Posts

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

thansk for rhe fast reply, 

dds.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.45.2
Run by inn at 22:17:22 on 2013-12-13
Microsoft Windows 8 Pro  6.2.9200.0.1252.353.1033.18.8109.5989 [GMT 0:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWow64\WinFLService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\CyberGhost 5\Service.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
 
 
 
attach.txt
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume4
Install Date: 13/02/2013 23:23:54
System Uptime: 13/12/2013 22:09:29 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | Z68X-UD3H-B3
Processor: Intel® Core i7-2600K CPU @ 3.40GHz | Socket 1155 | 3701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 39.501 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 56.638 GiB free.
E: is FIXED (NTFS) - 0 GiB total, 0.068 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 289.267 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: PCI Input Device
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_03\5&18651FE6&0&0900E3
Manufacturer: 
Name: PCI Input Device
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_03\5&18651FE6&0&0900E3
Service: 
.
==== System Restore Points ===================
.
RP56: 29/11/2013 03:11:45 - Scheduled Checkpoint
RP57: 03/12/2013 16:54:54 - Installed DirectX
RP58: 07/12/2013 20:49:07 - Installed DirectX
RP59: 09/12/2013 14:34:15 - TrueCrypt installation
RP60: 12/12/2013 21:11:47 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
Back to the Future: Ep 1 - It's About Time
Battlelog Web Plugins
BioShock Infinite Burial at Sea - Episode 1
Bonjour
BOSS
Content Manager Assistant for PlayStation®
CostMin
CyberGhost 5
Dead Island
Deus Ex: Human Revolution
ESN Sonar
Folder Lock
Free M4a to MP3 Converter 7.2
Google Chrome
Google Update Helper
GPU Monitor
Helium
Hideman
Intel® Processor Graphics
Internet Download Manager
iTunes
Java 7 Update 45
Java Auto Updater
JDownloader 0.9
Logitech Gaming Software
Logitech Gaming Software 8.46
Malwarebytes Anti-Malware version 1.75.0.1300
Mass Effect™ 3
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Office 64-bit Components 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MotioninJoy Gamepad tool 0.7.1001
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSI Afterburner 2.3.1
Music Manager
Nexus Mod Manager
NVIDIA 3D Vision Controller Driver 310.90
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Open Broadcaster Software
OpenAL
Origin
Picasa 3
PowerISO
PunkBuster Services
QuickTime
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 
Steam
TAP-Windows 9.9.2
TeamViewer 8
The Elder Scrolls V: Skyrim
The KMPlayer (remove only)
TrueCrypt
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Uplay
URL Snooper v2.32.01
Vampire: The Masquerade - Bloodlines
Video Download Capture V4.3.0
Virtua Tennis 4
VLC media player 2.0.7
WinPcap 4.1.3
.
==== Event Viewer Messages From Past Week ========
.
13/12/2013 22:11:41, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  The password for this account has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
13/12/2013 22:11:41, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
13/12/2013 22:09:38, Error: Service Control Manager [7000]  - The sbapifs service failed to start due to the following error:  The system cannot find the file specified.
13/12/2013 22:08:55, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
13/12/2013 21:58:59, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
13/12/2013 17:43:46, Error: Service Control Manager [7034]  - The Torch Crash Handler service terminated unexpectedly.  It has done this 1 time(s).
13/12/2013 01:27:43, Error: Service Control Manager [7034]  - The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).
13/12/2013 01:27:43, Error: Service Control Manager [7034]  - The FLService service terminated unexpectedly.  It has done this 1 time(s).
13/12/2013 01:09:34, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SplashtopRemoteService service.
13/12/2013 01:06:28, Error: Application Popup [1060]  - 
11/12/2013 03:20:25, Error: disk [11]  - The driver detected a controller error on \Device\Harddisk3\DR8.
11/12/2013 03:20:11, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.
11/12/2013 03:20:11, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
10/12/2013 22:58:39, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume J:. A corruption was found in a file system index structure.  The file reference number is 0x1000000008e17.  The name of the file is "\Corrupted\Games\games\PC\Games\Backups\Vampire the masquarade bloodlines\Vampire The Masquerade - Bloodlines\Vampire\materials\models\character\npc\unique\malkavian_mansion\jenny".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
10/12/2013 22:58:39, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume J:. A corruption was found in a file system index structure.  The file reference number is 0x1000000008819.  The name of the file is "\Corrupted\Games\games\PC\Games\Backups\Vampire the masquarade bloodlines\Vampire The Masquerade - Bloodlines\Extras\Python 2.7.2 Update\Bin\python\Lib\test\decimaltestdata".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
10/12/2013 22:58:30, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume J:. A corruption was found in a file system index structure.  The file reference number is 0x1000000006122.  The name of the file is "\Corrupted\Games\games\PC\Games\Backups\Vampire the masquarade bloodlines\Vampire\sound\character\dlg\hollywood\vv".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
10/12/2013 22:57:09, Error: Microsoft-Windows-Ntfs [98]  - Volume J: (\Device\HarddiskVolume18) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
10/12/2013 16:47:23, Error: Microsoft-Windows-Ntfs [98]  - Volume J: (\Device\HarddiskVolume15) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
09/12/2013 14:47:56, Error: Microsoft-Windows-Ntfs [98]  - Volume J: (\Device\HarddiskVolume11) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
08/12/2013 19:09:21, Error: Microsoft-Windows-Ntfs [98]  - Volume J: (\Device\HarddiskVolume8) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
08/12/2013 17:03:56, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume J:. A corruption was found in a file system index structure.  The file reference number is 0x1000000006122.  The name of the file is "\Games\games\PC\Games\Backups\Vampire the masquarade bloodlines\Vampire\sound\character\dlg\hollywood\vv".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
08/12/2013 17:03:32, Error: Microsoft-Windows-Ntfs [98]  - Volume J: (\Device\HarddiskVolume5) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
08/12/2013 12:47:55, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the CyberGhost VPN 5 Client Service service to connect.
08/12/2013 12:47:55, Error: Service Control Manager [7000]  - The CyberGhost VPN 5 Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
08/12/2013 01:54:28, Error: Microsoft-Windows-Ntfs [98]  - Volume J: (\Device\HarddiskVolume9) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
08/12/2013 00:42:17, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume J:. A corruption was found in a file system index structure.  The file reference number is 0x1000000008819.  The name of the file is "\Games\games\PC\Games\Backups\Vampire the masquarade bloodlines\Vampire The Masquerade - Bloodlines\Extras\Python 2.7.2 Update\Bin\python\Lib\test\decimaltestdata".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
07/12/2013 20:16:24, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume J:. A corruption was found in a file system index structure.  The file reference number is 0x1000000008e17.  The name of the file is "\Games\games\PC\Games\Backups\Vampire the masquarade bloodlines\Vampire The Masquerade - Bloodlines\Vampire\materials\models\character\npc\unique\malkavian_mansion\jenny".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
07/12/2013 20:03:55, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume J:. The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
07/12/2013 19:45:34, Error: Microsoft-Windows-Ntfs [98]  - Volume J: (\Device\HarddiskVolume7) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
.
==== End Of File ===========================
 
Link to post
Share on other sites

It may be, you can try it.

If not we have to use a different scanner being you're using W8:

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume4

Install Date: 13/02/2013 23:23:54

System Uptime: 13/12/2013 22:09:29 (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. |  | Z68X-UD3H-B3

Processor: Intel® Core i7-2600K CPU @ 3.40GHz | Socket 1155 | 3701/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 119 GiB total, 39.501 GiB free.

D: is FIXED (NTFS) - 466 GiB total, 56.638 GiB free.

E: is FIXED (NTFS) - 0 GiB total, 0.068 GiB free.

F: is FIXED (NTFS) - 466 GiB total, 289.267 GiB free.

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: 

Description: PCI Input Device

Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_03\5&18651FE6&0&0900E3

Manufacturer: 

Name: PCI Input Device

PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_03\5&18651FE6&0&0900E3

Service: 

.

==== System Restore Points ===================

.

RP56: 29/11/2013 03:11:45 - Scheduled Checkpoint

RP57: 03/12/2013 16:54:54 - Installed DirectX

RP58: 07/12/2013 20:49:07 - Installed DirectX

RP59: 09/12/2013 14:34:15 - TrueCrypt installation

RP60: 12/12/2013 21:11:47 - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.20

7-Zip 9.20 (x64 edition)

Adobe Flash Player 11 Plugin

Apple Application Support

Apple Mobile Device Support

Apple Software Update

µTorrent

Back to the Future: Ep 1 - It's About Time

Battlelog Web Plugins

BioShock Infinite Burial at Sea - Episode 1

Bonjour

BOSS

Content Manager Assistant for PlayStation®

CostMin

CyberGhost 5

Dead Island

Deus Ex: Human Revolution

ESN Sonar

Folder Lock

Free M4a to MP3 Converter 7.2

Google Chrome

Google Update Helper

GPU Monitor

Helium

Hideman

Intel® Processor Graphics

Internet Download Manager

iTunes

Java 7 Update 45

Java Auto Updater

JDownloader 0.9

Logitech Gaming Software

Logitech Gaming Software 8.46

Malwarebytes Anti-Malware version 1.75.0.1300

Mass Effect™ 3

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Office 64-bit Components 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

MotioninJoy Gamepad tool 0.7.1001

Mozilla Firefox 24.0 (x86 en-US)

Mozilla Maintenance Service

MSI Afterburner 2.3.1

Music Manager

Nexus Mod Manager

NVIDIA 3D Vision Controller Driver 310.90

NVIDIA 3D Vision Driver 311.06

NVIDIA Control Panel 311.06

NVIDIA Graphics Driver 311.06

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

Open Broadcaster Software

OpenAL

Origin

Picasa 3

PowerISO

PunkBuster Services

QuickTime

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 

Steam

TAP-Windows 9.9.2

TeamViewer 8

The Elder Scrolls V: Skyrim

The KMPlayer (remove only)

TrueCrypt

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Uplay

URL Snooper v2.32.01

Vampire: The Masquerade - Bloodlines

Video Download Capture V4.3.0

Virtua Tennis 4

VLC media player 2.0.7

WinPcap 4.1.3

.

==== Event Viewer Messages From Past Week ========

.

13/12/2013 22:11:41, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  The password for this account has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

13/12/2013 22:11:41, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.

13/12/2013 22:09:38, Error: Service Control Manager [7000]  - The sbapifs service failed to start due to the following error:  The system cannot find the file specified.

13/12/2013 22:08:55, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

13/12/2013 21:58:59, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

13/12/2013 17:43:46, Error: Service Control Manager [7034]  - The Torch Crash Handler service terminated unexpectedly.  It has done this 1 time(s).

13/12/2013 01:27:43, Error: Service Control Manager [7034]  - The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).

13/12/2013 01:27:43, Error: Service Control Manager [7034]  - The FLService service terminated unexpectedly.  It has done this 1 time(s).

13/12/2013 01:09:34, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SplashtopRemoteService service.

13/12/2013 01:06:28, Error: Application Popup [1060]  - 

11/12/2013 03:20:25, Error: disk [11]  - The driver detected a controller error on \Device\Harddisk3\DR8.

11/12/2013 03:20:11, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.

11/12/2013 03:20:11, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

10/12/2013 22:58:39, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume J:. A corruption was found in a file system index structure.  The file reference number is 0x1000000008e17.  The name of the file is "\Corrupted\Games\games\PC\Games\Backups\Vampire the masquarade bloodlines\Vampire The Masquerade - Bloodlines\Vampire\materials\models\character\npc\unique\malkavian_mansion\jenny".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

10/12/2013 22:58:39, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume J:. A corruption was found in a file system index structure.  The file reference number is 0x1000000008819.  The name of the file is "\Corrupted\Games\games\PC\Games\Backups\Vampire the masquarade bloodlines\Vampire The Masquerade - Bloodlines\Extras\Python 2.7.2 Update\Bin\python\Lib\test\decimaltestdata".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

10/12/2013 22:58:30, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume J:. A corruption was found in a file system index structure.  The file reference number is 0x1000000006122.  The name of the file is "\Corrupted\Games\games\PC\Games\Backups\Vampire the masquarade bloodlines\Vampire\sound\character\dlg\hollywood\vv".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

10/12/2013 22:57:09, Error: Microsoft-Windows-Ntfs [98]  - Volume J: (\Device\HarddiskVolume18) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.

10/12/2013 16:47:23, Error: Microsoft-Windows-Ntfs [98]  - Volume J: (\Device\HarddiskVolume15) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.

09/12/2013 14:47:56, Error: Microsoft-Windows-Ntfs [98]  - Volume J: (\Device\HarddiskVolume11) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.

08/12/2013 19:09:21, Error: Microsoft-Windows-Ntfs [98]  - Volume J: (\Device\HarddiskVolume8) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.

08/12/2013 17:03:56, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume J:. A corruption was found in a file system index structure.  The file reference number is 0x1000000006122.  The name of the file is "\Games\games\PC\Games\Backups\Vampire the masquarade bloodlines\Vampire\sound\character\dlg\hollywood\vv".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

08/12/2013 17:03:32, Error: Microsoft-Windows-Ntfs [98]  - Volume J: (\Device\HarddiskVolume5) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.

08/12/2013 12:47:55, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the CyberGhost VPN 5 Client Service service to connect.

08/12/2013 12:47:55, Error: Service Control Manager [7000]  - The CyberGhost VPN 5 Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

08/12/2013 01:54:28, Error: Microsoft-Windows-Ntfs [98]  - Volume J: (\Device\HarddiskVolume9) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.

08/12/2013 00:42:17, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume J:. A corruption was found in a file system index structure.  The file reference number is 0x1000000008819.  The name of the file is "\Games\games\PC\Games\Backups\Vampire the masquarade bloodlines\Vampire The Masquerade - Bloodlines\Extras\Python 2.7.2 Update\Bin\python\Lib\test\decimaltestdata".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

07/12/2013 20:16:24, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume J:. A corruption was found in a file system index structure.  The file reference number is 0x1000000008e17.  The name of the file is "\Games\games\PC\Games\Backups\Vampire the masquarade bloodlines\Vampire The Masquerade - Bloodlines\Vampire\materials\models\character\npc\unique\malkavian_mansion\jenny".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

07/12/2013 20:03:55, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume J:. The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

07/12/2013 19:45:34, Error: Microsoft-Windows-Ntfs [98]  - Volume J: (\Device\HarddiskVolume7) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.

.

==== End Of File ===========================
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01

Ran by inn (administrator) on COMPUTER on 13-12-2013 22:41:59

Running from C:\Users\inn\Downloads

Windows 8 Pro (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe

(New Softwares.net) C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe

( New Softwares.net) C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe

(Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

() C:\Program Files (x86)\VLC Player GPU+\GPULog.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

() C:\Program Files (x86)\VLC Player GPU+\GPUMonitor.exe

(Microsoft Corporation) C:\Windows\System32\SystemPropertiesProtection.exe

(Microsoft Corporation) C:\Windows\System32\wbengine.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [AsioReg] - REGSVR32.EXE /S CTASIO.DLL

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [MusicManager] - C:\Users\inn\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7380992 2013-11-12] (Google Inc.)

HKCU\...\Run: [PCPeregrinato] - "C:\Program Files (x86)\PC Peregrinato\PCPeregrinato\PCPeregrinato.exe" \startup

HKCU\...\Run: [GoogleChromeAutoLaunch_5AD31E5953B8F47374AC4E4B03FE4C4E] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-04] (Google Inc.)

HKCU\...\Run: [WinFLTray] - C:\Windows\SysWOW64\WinFLTray.exe [321736 2013-10-14] ( New Softwares.net)

HKCU\...\Run: [FLBackup] - C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe [275656 2013-10-14] (New Softwares.net)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [AsioThk32Reg] - REGSVR32.EXE /S CTASIO.DLL

HKLM-x32\...\Run: [CTHelper] - C:\Windows\\SysWOW64\CTHELPER.EXE [19456 2007-04-09] (Creative Technology Ltd)

HKLM-x32\...\Run: [CTxfiHlp] - C:\Windows\\SysWOW64\CTXFIHLP.EXE [19968 2007-04-09] (Creative Technology Ltd)

HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [GPULoader] - C:\Program Files (x86)\VLC Player GPU+\GPULog.exe [1305824 2013-11-28] ()

AppInit_DLLs: C:\Windows\System32\nvinitx.dll [245872 2013-02-25] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-25] (NVIDIA Corporation)

BootExecute: autocheck autochk /m /P \Device\HarddiskVolume9autocheck autochk * 

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?win=99&clid=2052585

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear

BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)

BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

BHO-x32: CostMin - {406ED673-C619-D9AB-AB97-963DF9329027} - C:\Program Files (x86)\CostMin\N3rbuBud.dll No File

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: No Name - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -  No File

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

 

FireFox:

========

FF ProfilePath: C:\Users\inn\AppData\Roaming\Mozilla\Firefox\Profiles\mkq3q51g.default

FF SelectedSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\inn\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\inn\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF SearchPlugin: C:\Users\inn\AppData\Roaming\Mozilla\Firefox\Profiles\mkq3q51g.default\searchplugins\yandex.ru-020430.xml

FF SearchPlugin: C:\Users\inn\AppData\Roaming\Mozilla\Firefox\Profiles\mkq3q51g.default\searchplugins\yqs-barff-yandex.xml

FF Extension: prefs - C:\Users\inn\AppData\Roaming\Mozilla\Firefox\Profiles\mkq3q51g.default\Extensions\{D394D188-BAC7-4e03-8FAF-389A4D7EC6F4}.xpi

FF Extension: dta - C:\Users\inn\AppData\Roaming\Mozilla\Firefox\Profiles\mkq3q51g.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com

FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\inn\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\inn\AppData\Roaming\IDM\idmmzcc5

FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\inn\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\inn\AppData\Roaming\IDM\idmmzcc5

 

Chrome: 

=======

CHR HomePage: 

CHR DefaultSearchKeyword: google.ie

CHR DefaultSearchProvider: Google

CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Google Update) - C:\Users\inn\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File

CHR Extension: (Google Translate) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0

CHR Extension: (Torrent Search) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee\1.2.0.3_0

CHR Extension: (Radio) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh\1.0.56_0

CHR Extension: (Chrome Refresh) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aifhnlnghddfdaccgbbpbhjfkmncekmn\1.7_0

CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5.2_0

CHR Extension: (Google Docs) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1

CHR Extension: (Tutnedorogo.ru) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonedlchkbicmhepimiahfalheedjgbh\2.9.3_0

CHR Extension: (Google Drive) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1

CHR Extension: (YouTube Options) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.147_0

CHR Extension: (TV) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0

CHR Extension: (Turn Off the Lights) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.30_0

CHR Extension: (YouTube) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1

CHR Extension: (Adblock Plus) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0

CHR Extension: (YouTube\u2122 Ratings Preview) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\3.1.1_0

CHR Extension: (Add to Amazon Wish List) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0

CHR Extension: (Webpage Screenshot Bar) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.6_0

CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0

CHR Extension: (Image Downloader) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj\1.3_0

CHR Extension: (Google Search) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1

CHR Extension: (Tabs Backup & Restore) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dehocbglhkaogiljpihicakmlockmlgd\0.2.1_0

CHR Extension: (Tampermonkey) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.77_0

CHR Extension: (MightyText - Send/Receive SMS Text Messages) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\10.0_0

CHR Extension: (Google+) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0

CHR Extension: (Proxy SwitchySharp) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.10.2_0

CHR Extension: (Nice Translator) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\echdnikijbegadnenjfmhfjflclkjcbp\3_0

CHR Extension: (Session Buddy) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.2_0

CHR Extension: (Shopping Suggestion) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbpjlaagejfakeobljhgplbgklgemll\1.0.0_0

CHR Extension: (Google Calendar) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0

CHR Extension: (Box - 10GB of FREE storage) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.7_0

CHR Extension: (Photo Zoom for Facebook) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0

CHR Extension: (Clock for Google Chrome\u2122) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg\2.1.1.4_1

CHR Extension: (PanicButton) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0

CHR Extension: (Panic Button Plus) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifhdbcbihllaneapjoabnoaoejhieok\1.1.4_0

CHR Extension: (Chrome Remote Desktop) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\30.0.1599.86_0

CHR Extension: (The QR Code Generator) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.4_0

CHR Extension: (The Camelizer - Amazon Price Tracker) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo\2.4.1_0

CHR Extension: (AdBlock) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0

CHR Extension: (Hola Better Internet) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.2.105_0

CHR Extension: (Google Keep) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\0.1.13432.1019_0

CHR Extension: (Allow Right-Click) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo\1.2.16_0

CHR Extension: (Incognito This!) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\icnaplnkjfjncegmphmlfpggildllbho\5.1_0

CHR Extension: (Google Play Music) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.2_0

CHR Extension: (Dropbox) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.8_0

CHR Extension: (+1 Button) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.2.0.329_0

CHR Extension: (Google Forms) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg\0.5_0

CHR Extension: (uTorrent for Google Chrome) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjhaafelbmbpohgmabippkndaaikgdih\3.9.2_0

CHR Extension: (Auto Replay for YouTube) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.28_0

CHR Extension: (Panic Button Plus) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmjcfmmkkmnmlfkfpcdkfpodinlkmdd\1.0.0_0

CHR Extension: (Cookie Manager) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck\1.1_0

CHR Extension: (Google Voice (by Google)) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.3_0

CHR Extension: (Google Play) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0

CHR Extension: (Save as PDF) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc\1.7_0

CHR Extension: (Zoom) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd\1.1.0.6_0

CHR Extension: (FVD Video Downloader) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.5.8_0

CHR Extension: (TV for Google Chrome\u2122) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\2.1.1_0

CHR Extension: (Google Maps) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0

CHR Extension: (Phone 2 Google Chrome\u2122) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlgojabfogikedjanecphloghlegpdm\4.3_0

CHR Extension: (Boomerang for Gmail) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.2_0

CHR Extension: (Google Dictionary (by Google)) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0

CHR Extension: (Google Mail Checker) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0

CHR Extension: (FastestFox for Chrome) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\8.0.6_0

CHR Extension: (Youtube\u2122 Preview - Is it worth watching?) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nacgopecogaedhhjdfondlcobjofdhap\1.3.6_0

CHR Extension: (SkyDrive) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk\1.0.3_0

CHR Extension: (3Dnator) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgjpfdjhlimkkdgnecbgnefdafbcncc\3.0.4_0

CHR Extension: (Google Wallet) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0

CHR Extension: (TabCloud) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof\1.17_0

CHR Extension: (Chrome to Phone) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0

CHR Extension: (My Chrome Theme) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0

CHR Extension: (Auto Refresh Plus) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.22_0

CHR Extension: (LogMeIn) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0

CHR Extension: (Speak to Search) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\peldinpdedgdcbdehomnpfndejpoibeb\1.0.4_0

CHR Extension: (SpeakIt!) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak\0.2.6_0

CHR Extension: (Gmail) - C:\Users\inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx

 

==================== Services (Whitelisted) =================

 

R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [26600 2013-10-08] (CyberGhost S.R.L)

R2 FLService; C:\Windows\SysWow64\WinFLService.exe [92360 2013-10-14] (New Softwares.net)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-12-07] ()

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)

R3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [151296 2007-04-12] (Creative Technology Ltd)

S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.)

R3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [700200 2007-04-10] (Creative Technology Ltd)

S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd)

S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd)

S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd)

S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd)

S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [142120 2007-04-10] (Creative Technology Ltd)

S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.)

S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.)

R3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [681256 2007-04-10] (Creative Technology Ltd)

R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2013-11-13] (AnchorFree Inc.)

R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)

R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)

R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-08-28] (Splashtop Inc.)

R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)

R1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [34816 2013-10-14] ()

R2 WinVDEDrv; C:\Windows\SysWow64\WinVDEdrv.sys [225680 2013-10-14] (NewSoftwares.net, Inc.)

S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-12-13 22:41 - 2013-12-13 22:42 - 00028501 _____ C:\Users\inn\Downloads\FRST.txt

2013-12-13 22:41 - 2013-12-13 22:41 - 00000000 ____D C:\FRST

2013-12-13 22:38 - 2013-12-13 22:40 - 01927462 _____ (Farbar) C:\Users\inn\Downloads\FRST64.exe

2013-12-13 22:23 - 2013-12-13 22:26 - 04166144 _____ C:\Users\inn\Downloads\RogueKillerX64.exe

2013-12-13 22:16 - 2013-12-13 22:17 - 00688992 ____R (Swearware) C:\Users\inn\Downloads\dds.scr

2013-12-13 22:00 - 2013-12-13 22:00 - 00020943 _____ C:\ComboFix.txt

2013-12-13 20:32 - 2013-12-13 20:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-12-13 20:31 - 2013-12-13 20:31 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-12-13 20:26 - 2013-12-13 20:26 - 00891200 _____ C:\Users\inn\Downloads\SecurityCheck.exe

2013-12-13 20:25 - 2013-12-13 20:27 - 12582688 _____ (Malwarebytes Corp.) C:\Users\inn\Downloads\mbar-1.07.0.1008.exe

2013-12-13 18:34 - 2013-12-13 18:34 - 00000000 ____D C:\Windows\ERUNT

2013-12-13 18:32 - 2013-12-13 18:34 - 00000000 ____D C:\AdwCleaner

2013-12-13 15:53 - 2013-12-13 15:53 - 00000835 _____ C:\Users\Public\Desktop\BioShock Infinite.lnk

2013-12-13 14:17 - 2013-12-13 14:17 - 00010113 _____ C:\Users\inn\Downloads\Yoga Girls AbbyWinters.5748875.TPB.torrent

2013-12-13 01:34 - 2013-12-13 01:58 - 00001176 _____ C:\Windows\system32\Drivers\kgpcpy.cfg

2013-12-13 01:34 - 2013-12-13 01:34 - 00000352 _____ C:\Windows\SysWOW64\Drivers\kgpfr2.cfg

2013-12-13 01:01 - 2013-12-13 22:00 - 00000000 ____D C:\Qoobox

2013-12-13 01:01 - 2013-12-13 01:09 - 00000000 ____D C:\Windows\erdnt

2013-12-13 01:01 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe

2013-12-13 01:01 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe

2013-12-13 01:01 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-12-13 01:01 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-12-13 01:01 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-12-13 01:01 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe

2013-12-13 01:01 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe

2013-12-13 01:01 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe

2013-12-13 01:01 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe

2013-12-13 00:47 - 2013-12-13 00:49 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner

2013-12-13 00:47 - 2013-12-13 00:47 - 00001086 _____ C:\Users\inn\Desktop\MSI Afterburner.lnk

2013-12-13 00:47 - 2013-12-13 00:47 - 00000000 ____D C:\Users\inn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner

2013-12-13 00:46 - 2013-10-25 06:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-12-13 00:46 - 2013-10-25 06:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-12-13 00:46 - 2013-10-25 06:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2013-12-13 00:46 - 2013-10-25 06:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-12-13 00:46 - 2013-10-25 06:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-12-13 00:46 - 2013-10-25 06:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-12-13 00:46 - 2013-10-25 06:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-12-13 00:46 - 2013-10-25 06:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-12-13 00:46 - 2013-10-25 06:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-12-13 00:46 - 2013-10-25 06:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-12-13 00:46 - 2013-10-25 04:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-12-13 00:46 - 2013-10-25 04:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-12-13 00:46 - 2013-10-25 04:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-12-13 00:46 - 2013-10-25 04:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-12-13 00:46 - 2013-10-25 04:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-12-13 00:46 - 2013-10-25 04:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-12-13 00:46 - 2013-10-25 04:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-12-13 00:46 - 2013-10-25 04:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-12-12 23:10 - 2013-12-12 23:10 - 00311992 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-12 21:20 - 2013-10-19 05:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2013-12-12 21:20 - 2013-10-19 04:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2013-12-12 21:20 - 2013-10-09 01:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2013-12-12 21:20 - 2013-10-08 22:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2013-12-12 21:20 - 2013-10-08 22:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2013-12-12 21:20 - 2013-10-08 22:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2013-12-12 21:20 - 2013-10-08 22:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2013-12-12 21:20 - 2013-10-08 22:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2013-12-12 21:20 - 2013-10-08 22:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2013-12-12 21:20 - 2013-10-08 22:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2013-12-12 21:20 - 2013-10-08 22:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2013-12-12 21:20 - 2013-10-08 22:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll

2013-12-12 21:20 - 2013-10-08 22:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll

2013-12-12 21:20 - 2013-10-08 22:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2013-12-12 21:20 - 2013-10-08 22:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2013-12-12 21:20 - 2013-10-05 06:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys

2013-12-12 21:20 - 2013-10-03 22:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml

2013-12-12 21:20 - 2013-10-02 02:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS

2013-12-12 21:20 - 2013-09-28 05:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2013-12-12 21:20 - 2013-09-28 03:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2013-12-12 21:20 - 2013-09-19 07:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-12-12 21:20 - 2013-08-30 05:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll

2013-12-12 21:20 - 2013-08-30 05:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll

2013-12-12 21:20 - 2013-08-29 23:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll

2013-12-12 21:20 - 2013-08-29 23:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll

2013-12-12 21:18 - 2013-11-23 06:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-12-12 21:18 - 2013-11-23 05:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-12-12 21:18 - 2013-11-06 23:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-12-12 21:18 - 2013-10-10 09:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

2013-12-12 21:18 - 2013-10-10 09:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll

2013-12-12 21:18 - 2013-10-10 09:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll

2013-12-12 21:18 - 2013-10-10 09:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2013-12-12 21:18 - 2013-10-10 09:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2013-12-12 21:18 - 2013-10-10 09:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll

2013-12-12 21:18 - 2013-10-10 09:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2013-12-12 21:17 - 2013-11-01 05:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2013-12-12 21:17 - 2013-11-01 03:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll

2013-12-12 21:17 - 2013-09-28 03:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2013-12-12 17:33 - 2013-12-12 17:33 - 00219088 _____ (Deposit Files) C:\Users\inn\Downloads\dfdownloader_Da48sp_.exe

2013-12-12 17:33 - 2013-12-12 17:33 - 00219088 _____ (Deposit Files) C:\Users\inn\Downloads\dfdownloader_aXMmUN_.exe

2013-12-12 14:05 - 2013-12-12 14:05 - 00219088 _____ (Deposit Files) C:\Users\inn\Downloads\dfdownloader_bICDPZ_ (1).exe

2013-12-12 12:51 - 2013-12-12 12:51 - 00219088 _____ (Deposit Files) C:\Users\inn\Downloads\dfdownloader_yRPu4R_ (1).exe

2013-12-12 11:29 - 2012-10-09 02:27 - 00000000 ____D C:\Users\inn\Downloads\2646_Z D- G E

2013-12-09 23:42 - 2013-12-09 23:42 - 00000000 ____D C:\Program Files (x86)\VLC Player GPU+

2013-12-09 23:42 - 2013-12-09 23:42 - 00000000 ____D C:\Program Files (x86)\Shopping Suggestion

2013-12-09 14:34 - 2013-12-09 15:49 - 00000000 ____D C:\Users\inn\AppData\Roaming\TrueCrypt

2013-12-09 00:21 - 2013-12-09 00:34 - 101829440 _____ C:\Users\inn\Downloads\Top 5 Amazing Football Skills To Learn #Tutorial #Thursday Vol.1 - freekickerz.mp4

2013-12-07 20:51 - 2013-12-07 20:55 - 00000000 ____D C:\Users\inn\Documents\Battlefield 3

2013-12-07 14:02 - 2013-12-07 14:02 - 00000000 ____D C:\Program Files\TAP-Windows

2013-12-07 12:59 - 2013-11-13 10:49 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys

2013-12-03 17:36 - 2013-12-03 20:48 - 00000000 ____D C:\Users\inn\AppData\Local\ESN Sonar

2013-12-03 17:36 - 2013-12-03 17:36 - 00000000 ____D C:\Users\inn\AppData\Local\ESN

2013-12-03 17:36 - 2013-12-03 17:36 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins

2013-12-03 17:23 - 2013-12-03 17:23 - 00000000 ____D C:\ProgramData\EA Core

2013-11-24 19:58 - 2013-11-24 19:58 - 00000000 ____D C:\ProgramData\Steam

2013-11-23 16:32 - 2013-11-23 16:33 - 00000000 ____D C:\ProgramData\5821b8e9d54aaa51

2013-11-21 02:04 - 2013-11-30 14:17 - 00000000 ____D C:\Users\inn\AppData\Roaming\Yandex

2013-11-21 02:04 - 2013-11-21 11:37 - 00000000 ____D C:\Users\inn\AppData\Local\Yandex

2013-11-21 02:04 - 2013-11-21 02:04 - 00000000 ____D C:\Users\inn\AppData\Roaming\Opera Software

2013-11-21 02:04 - 2013-11-21 02:04 - 00000000 ____D C:\Users\inn\AppData\Roaming\Opera

2013-11-21 02:04 - 2013-11-21 02:04 - 00000000 ____D C:\Users\inn\AppData\Local\Opera

2013-11-21 02:04 - 2013-11-21 02:04 - 00000000 ____D C:\Users\inn\AppData\Local\Chromium

2013-11-21 01:56 - 2013-11-21 11:40 - 00000000 ____D C:\Users\inn\AppData\Roaming\HamsterSoft

2013-11-21 01:56 - 2013-11-21 01:56 - 00002986 _____ C:\shopping.log

2013-11-21 01:56 - 2013-11-21 01:56 - 00000000 ____D C:\Program Files (x86)\Hamster Soft

2013-11-20 20:26 - 2013-12-07 14:11 - 00000000 ____D C:\Users\inn\AppData\Local\CyberGhost

2013-11-20 20:26 - 2013-11-20 20:26 - 00001728 _____ C:\Users\inn\Desktop\CyberGhost 5.lnk

2013-11-20 20:26 - 2013-11-20 20:26 - 00000000 ____D C:\Program Files\CyberGhost 5

2013-11-18 18:14 - 2013-11-18 18:14 - 00000098 _____ C:\Users\inn\AppData\Roaming\WB.CFG

2013-11-18 17:16 - 2013-11-18 17:18 - 11118992 _____ C:\Users\inn\Downloads\tixati-1.96-1.win64-install.exe

2013-11-18 17:14 - 2013-11-18 17:14 - 00001092 _____ C:\Users\UpdatusUser\Desktop\Continue Zip Opener Installation.lnk

2013-11-18 17:14 - 2013-11-18 17:14 - 00001092 _____ C:\Users\fbwuser\Desktop\Continue Zip Opener Installation.lnk

2013-11-18 17:14 - 2013-11-18 17:14 - 00001092 _____ C:\Users\Administrator\Desktop\Continue Zip Opener Installation.lnk

2013-11-18 17:13 - 2013-11-18 17:14 - 00663768 _____ C:\Users\inn\Downloads\ZipOpenerSetup.exe

2013-11-16 12:10 - 2013-12-04 00:53 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-11-16 12:10 - 2013-12-04 00:53 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-11-15 17:09 - 2013-11-15 17:14 - 72043743 _____ C:\Users\inn\Downloads\Nike- Take It To The Next Level - [Directors Cut].mp4

2013-11-14 23:03 - 2013-09-13 22:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll

2013-11-14 23:03 - 2013-09-13 22:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2013-11-14 23:03 - 2013-08-30 05:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys

2013-11-14 23:03 - 2013-08-30 05:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll

2013-11-14 23:03 - 2013-08-29 23:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll

2013-11-14 23:03 - 2013-08-21 06:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys

2013-11-14 23:03 - 2013-08-10 06:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys

2013-11-14 23:03 - 2013-08-10 05:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2013-11-14 23:03 - 2013-08-10 03:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2013-11-14 23:03 - 2013-07-24 23:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll

2013-11-14 23:03 - 2013-07-24 23:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll

2013-11-14 23:03 - 2013-07-12 01:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll

2013-11-14 23:03 - 2013-07-12 01:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll

2013-11-14 22:59 - 2013-10-10 11:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys

2013-11-14 22:59 - 2013-10-10 09:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2013-11-14 22:59 - 2013-10-10 09:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL

2013-11-14 22:59 - 2013-10-02 23:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2013-11-14 22:59 - 2013-10-01 22:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2013-11-14 22:59 - 2013-09-04 03:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-11-14 22:58 - 2013-10-01 23:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-11-14 22:58 - 2013-10-01 23:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-11-14 22:58 - 2013-09-23 22:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2013-11-14 22:58 - 2013-09-23 22:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-11-14 22:53 - 2013-08-23 07:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll

2013-11-14 22:53 - 2013-08-23 01:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-11-14 22:48 - 2013-10-01 23:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-11-14 22:48 - 2013-10-01 23:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

 

==================== One Month Modified Files and Folders =======

 

2013-12-13 22:42 - 2013-12-13 22:41 - 00028501 _____ C:\Users\inn\Downloads\FRST.txt

2013-12-13 22:41 - 2013-12-13 22:41 - 00000000 ____D C:\FRST

2013-12-13 22:40 - 2013-12-13 22:38 - 01927462 _____ (Farbar) C:\Users\inn\Downloads\FRST64.exe

2013-12-13 22:39 - 2013-04-02 22:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-12-13 22:39 - 2013-02-13 23:31 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2493394738-697243134-2269069893-1001

2013-12-13 22:38 - 2013-02-13 23:20 - 01052083 _____ C:\Windows\WindowsUpdate.log

2013-12-13 22:26 - 2013-12-13 22:23 - 04166144 _____ C:\Users\inn\Downloads\RogueKillerX64.exe

2013-12-13 22:24 - 2013-02-13 23:51 - 00000000 ____D C:\Users\inn\AppData\Roaming\uTorrent

2013-12-13 22:17 - 2013-12-13 22:16 - 00688992 ____R (Swearware) C:\Users\inn\Downloads\dds.scr

2013-12-13 22:15 - 2012-07-26 07:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-13 22:09 - 2013-07-21 14:36 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-13 22:09 - 2013-02-13 23:48 - 00000000 ____D C:\ProgramData\NVIDIA

2013-12-13 22:09 - 2013-02-13 23:14 - 00054410 _____ C:\Windows\PFRO.log

2013-12-13 22:09 - 2012-07-26 07:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-13 22:05 - 2013-03-17 01:39 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2493394738-697243134-2269069893-1001UA.job

2013-12-13 22:01 - 2013-09-30 16:45 - 00000000 ____D C:\Users\inn\AppData\Local\CrashDumps

2013-12-13 22:00 - 2013-12-13 22:00 - 00020943 _____ C:\ComboFix.txt

2013-12-13 22:00 - 2013-12-13 01:01 - 00000000 ____D C:\Qoobox

2013-12-13 22:00 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\system32\sru

2013-12-13 21:59 - 2012-07-26 05:26 - 00000215 _____ C:\Windows\system.ini

2013-12-13 21:51 - 2013-07-21 14:36 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-13 20:38 - 2013-12-13 20:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-12-13 20:31 - 2013-12-13 20:31 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-12-13 20:28 - 2013-09-24 21:34 - 00000000 ____D C:\Users\inn\AppData\Roaming\DMCache

2013-12-13 20:27 - 2013-12-13 20:25 - 12582688 _____ (Malwarebytes Corp.) C:\Users\inn\Downloads\mbar-1.07.0.1008.exe

2013-12-13 20:26 - 2013-12-13 20:26 - 00891200 _____ C:\Users\inn\Downloads\SecurityCheck.exe

2013-12-13 18:34 - 2013-12-13 18:34 - 00000000 ____D C:\Windows\ERUNT

2013-12-13 18:34 - 2013-12-13 18:32 - 00000000 ____D C:\AdwCleaner

2013-12-13 16:31 - 2013-09-17 10:49 - 00000000 ____D C:\Users\inn\AppData\Roaming\Copy

2013-12-13 16:22 - 2012-07-26 05:26 - 00262144 ___SH C:\Windows\system32\config\BBI

2013-12-13 15:53 - 2013-12-13 15:53 - 00000835 _____ C:\Users\Public\Desktop\BioShock Infinite.lnk

2013-12-13 14:17 - 2013-12-13 14:17 - 00010113 _____ C:\Users\inn\Downloads\Yoga Girls AbbyWinters.5748875.TPB.torrent

2013-12-13 14:13 - 2013-02-14 15:22 - 00000000 ____D C:\Users\inn\AppData\Roaming\vlc

2013-12-13 02:55 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\rescache

2013-12-13 01:58 - 2013-12-13 01:34 - 00001176 _____ C:\Windows\system32\Drivers\kgpcpy.cfg

2013-12-13 01:52 - 2013-04-06 10:59 - 00000000 ____D C:\Windows\Minidump

2013-12-13 01:34 - 2013-12-13 01:34 - 00000352 _____ C:\Windows\SysWOW64\Drivers\kgpfr2.cfg

2013-12-13 01:13 - 2012-07-26 05:37 - 00000000 __RHD C:\Users\Default

2013-12-13 01:09 - 2013-12-13 01:01 - 00000000 ____D C:\Windows\erdnt

2013-12-13 01:07 - 2012-07-26 05:26 - 65798144 _____ C:\Windows\system32\config\SOFTWARE.bak

2013-12-13 01:07 - 2012-07-26 05:26 - 16252928 _____ C:\Windows\system32\config\SYSTEM.bak

2013-12-13 01:07 - 2012-07-26 05:26 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak

2013-12-13 01:07 - 2012-07-26 05:26 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak

2013-12-13 01:07 - 2012-07-26 05:26 - 00262144 _____ C:\Windows\system32\config\SAM.bak

2013-12-13 00:59 - 2013-09-22 13:43 - 00000000 ____D C:\ProgramData\TechSmith

2013-12-13 00:49 - 2013-12-13 00:47 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner

2013-12-13 00:49 - 2012-07-26 08:08 - 04931584 _____ C:\Windows\system32\config\DRIVERS.bak

2013-12-13 00:48 - 2013-03-29 20:49 - 00000000 ____D C:\Windows\SysWOW64\directx

2013-12-13 00:47 - 2013-12-13 00:47 - 00001086 _____ C:\Users\inn\Desktop\MSI Afterburner.lnk

2013-12-13 00:47 - 2013-12-13 00:47 - 00000000 ____D C:\Users\inn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner

2013-12-13 00:46 - 2012-07-26 07:21 - 00037672 _____ C:\Windows\setupact.log

2013-12-12 23:10 - 2013-12-12 23:10 - 00311992 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-12 23:05 - 2013-03-17 01:39 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2493394738-697243134-2269069893-1001Core.job

2013-12-12 22:52 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates

2013-12-12 22:52 - 2012-07-26 05:38 - 00000000 ____D C:\Windows\system32\oobe

2013-12-12 21:19 - 2013-09-24 21:34 - 00000000 ____D C:\Users\inn\Downloads\Compressed

2013-12-12 21:12 - 2013-03-05 18:32 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-12-12 17:33 - 2013-12-12 17:33 - 00219088 _____ (Deposit Files) C:\Users\inn\Downloads\dfdownloader_Da48sp_.exe

2013-12-12 17:33 - 2013-12-12 17:33 - 00219088 _____ (Deposit Files) C:\Users\inn\Downloads\dfdownloader_aXMmUN_.exe

2013-12-12 14:05 - 2013-12-12 14:05 - 00219088 _____ (Deposit Files) C:\Users\inn\Downloads\dfdownloader_bICDPZ_ (1).exe

2013-12-12 12:51 - 2013-12-12 12:51 - 00219088 _____ (Deposit Files) C:\Users\inn\Downloads\dfdownloader_yRPu4R_ (1).exe

2013-12-12 12:47 - 2013-02-15 17:10 - 00000000 ____D C:\Windows\SysWOW64\NV

2013-12-12 12:47 - 2013-02-15 17:10 - 00000000 ____D C:\Windows\system32\NV

2013-12-10 22:43 - 2013-04-02 22:12 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-12-10 18:21 - 2013-02-13 23:41 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys

2013-12-10 18:21 - 2013-02-13 23:41 - 00003880 _____ C:\Windows\LkmdfCoInst.log

2013-12-10 12:33 - 2013-02-28 19:22 - 00000000 ____D C:\Users\inn\AppData\Roaming\Dropbox

2013-12-10 12:33 - 2013-02-13 23:25 - 00000000 ___RD C:\Users\inn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-12-10 02:50 - 2013-02-13 23:52 - 00000000 ____D C:\Program Files (x86)\Steam

2013-12-09 23:42 - 2013-12-09 23:42 - 00000000 ____D C:\Program Files (x86)\VLC Player GPU+

2013-12-09 23:42 - 2013-12-09 23:42 - 00000000 ____D C:\Program Files (x86)\Shopping Suggestion

2013-12-09 23:27 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\AUInstallAgent

2013-12-09 15:49 - 2013-12-09 14:34 - 00000000 ____D C:\Users\inn\AppData\Roaming\TrueCrypt

2013-12-09 14:34 - 2013-11-08 23:46 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys

2013-12-09 14:34 - 2013-11-08 23:46 - 00000875 _____ C:\Users\Public\Desktop\TrueCrypt.lnk

2013-12-09 00:34 - 2013-12-09 00:21 - 101829440 _____ C:\Users\inn\Downloads\Top 5 Amazing Football Skills To Learn #Tutorial #Thursday Vol.1 - freekickerz.mp4

2013-12-08 18:18 - 2013-09-12 14:20 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe

2013-12-08 18:18 - 2013-08-11 09:49 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr

2013-12-08 18:17 - 2013-08-11 09:46 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0

2013-12-08 17:14 - 2013-08-14 21:31 - 00000000 ____D C:\Program Files (x86)\Origin

2013-12-07 20:56 - 2013-09-12 14:20 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe

2013-12-07 20:55 - 2013-12-07 20:51 - 00000000 ____D C:\Users\inn\Documents\Battlefield 3

2013-12-07 20:49 - 2013-02-14 00:42 - 00691693 _____ C:\Windows\DirectX.log

2013-12-07 14:11 - 2013-11-20 20:26 - 00000000 ____D C:\Users\inn\AppData\Local\CyberGhost

2013-12-07 14:02 - 2013-12-07 14:02 - 00000000 ____D C:\Program Files\TAP-Windows

2013-12-07 12:59 - 2013-08-31 23:06 - 00001048 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk

2013-12-05 21:54 - 2013-09-07 20:40 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-12-04 00:53 - 2013-11-16 12:10 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-12-04 00:53 - 2013-11-16 12:10 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-03 23:46 - 2013-07-21 14:36 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-03 23:46 - 2013-07-21 14:36 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-12-03 23:00 - 2013-03-17 01:39 - 00003862 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2493394738-697243134-2269069893-1001UA

2013-12-03 23:00 - 2013-03-17 01:39 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2493394738-697243134-2269069893-1001Core

2013-12-03 20:48 - 2013-12-03 17:36 - 00000000 ____D C:\Users\inn\AppData\Local\ESN Sonar

2013-12-03 17:36 - 2013-12-03 17:36 - 00000000 ____D C:\Users\inn\AppData\Local\ESN

2013-12-03 17:36 - 2013-12-03 17:36 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins

2013-12-03 17:36 - 2013-08-11 09:48 - 00000000 ____D C:\Users\inn\AppData\Local\PunkBuster

2013-12-03 17:23 - 2013-12-03 17:23 - 00000000 ____D C:\ProgramData\EA Core

2013-12-03 17:23 - 2013-08-14 21:31 - 00000000 ____D C:\ProgramData\Electronic Arts

2013-11-30 21:31 - 2013-09-26 21:47 - 00000000 ____D C:\Users\inn\AppData\Roaming\IDM

2013-11-30 14:57 - 2013-09-24 20:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-11-30 14:57 - 2013-08-19 12:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-11-30 14:17 - 2013-11-21 02:04 - 00000000 ____D C:\Users\inn\AppData\Roaming\Yandex

2013-11-30 14:07 - 2013-04-02 22:02 - 00000000 ____D C:\Users\inn\AppData\Local\Mozilla

2013-11-29 21:14 - 2013-08-14 21:36 - 00000000 ____D C:\Users\inn\AppData\Local\Origin

2013-11-29 11:53 - 2013-08-14 21:36 - 00000000 ____D C:\Users\inn\AppData\Roaming\Origin

2013-11-29 11:53 - 2013-08-14 21:31 - 00000000 ____D C:\ProgramData\Origin

2013-11-24 20:28 - 2013-02-13 23:20 - 00000000 ____D C:\Users\inn

2013-11-24 19:58 - 2013-11-24 19:58 - 00000000 ____D C:\ProgramData\Steam

2013-11-24 19:58 - 2013-02-13 23:54 - 00000000 ____D C:\Users\inn\Documents\WB Games

2013-11-23 16:33 - 2013-11-23 16:32 - 00000000 ____D C:\ProgramData\5821b8e9d54aaa51

2013-11-23 13:23 - 2013-10-21 14:57 - 00000000 ____D C:\Users\inn\Downloads\RemoteDll

2013-11-23 06:43 - 2013-12-12 21:18 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-11-23 05:05 - 2013-12-12 21:18 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-11-21 11:40 - 2013-11-21 01:56 - 00000000 ____D C:\Users\inn\AppData\Roaming\HamsterSoft

2013-11-21 11:37 - 2013-11-21 02:04 - 00000000 ____D C:\Users\inn\AppData\Local\Yandex

2013-11-21 02:04 - 2013-11-21 02:04 - 00000000 ____D C:\Users\inn\AppData\Roaming\Opera Software

2013-11-21 02:04 - 2013-11-21 02:04 - 00000000 ____D C:\Users\inn\AppData\Roaming\Opera

2013-11-21 02:04 - 2013-11-21 02:04 - 00000000 ____D C:\Users\inn\AppData\Local\Opera

2013-11-21 02:04 - 2013-11-21 02:04 - 00000000 ____D C:\Users\inn\AppData\Local\Chromium

2013-11-21 01:56 - 2013-11-21 01:56 - 00002986 _____ C:\shopping.log

2013-11-21 01:56 - 2013-11-21 01:56 - 00000000 ____D C:\Program Files (x86)\Hamster Soft

2013-11-20 20:36 - 2013-02-13 23:23 - 00000000 ____D C:\Users\inn\AppData\Local\VirtualStore

2013-11-20 20:26 - 2013-11-20 20:26 - 00001728 _____ C:\Users\inn\Desktop\CyberGhost 5.lnk

2013-11-20 20:26 - 2013-11-20 20:26 - 00000000 ____D C:\Program Files\CyberGhost 5

2013-11-20 20:03 - 2013-10-29 15:34 - 00000000 ____D C:\Users\inn\AppData\Roaming\Hideman

2013-11-19 10:21 - 2013-02-16 15:28 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2013-11-18 18:14 - 2013-11-18 18:14 - 00000098 _____ C:\Users\inn\AppData\Roaming\WB.CFG

2013-11-18 17:18 - 2013-11-18 17:16 - 11118992 _____ C:\Users\inn\Downloads\tixati-1.96-1.win64-install.exe

2013-11-18 17:14 - 2013-11-18 17:14 - 00001092 _____ C:\Users\UpdatusUser\Desktop\Continue Zip Opener Installation.lnk

2013-11-18 17:14 - 2013-11-18 17:14 - 00001092 _____ C:\Users\fbwuser\Desktop\Continue Zip Opener Installation.lnk

2013-11-18 17:14 - 2013-11-18 17:14 - 00001092 _____ C:\Users\Administrator\Desktop\Continue Zip Opener Installation.lnk

2013-11-18 17:14 - 2013-11-18 17:13 - 00663768 _____ C:\Users\inn\Downloads\ZipOpenerSetup.exe

2013-11-16 12:08 - 2012-07-26 08:12 - 00000000 ___RD C:\Windows\ToastData

2013-11-16 12:08 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\WinStore

2013-11-16 12:08 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-11-15 17:14 - 2013-11-15 17:09 - 72043743 _____ C:\Users\inn\Downloads\Nike- Take It To The Next Level - [Directors Cut].mp4

2013-11-15 03:01 - 2013-08-15 12:03 - 00000000 ____D C:\Windows\system32\MRT

2013-11-15 03:00 - 2013-02-15 13:04 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-11-13 10:49 - 2013-12-07 12:59 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys

 

Files to move or delete:

====================

C:\ProgramData\win_mpwd_sys.dat

 

 

Some content of TEMP:

====================

C:\Users\inn\AppData\Local\temp\ntdll_dump.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-12-08 13:02

 

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2013 01

Ran by inn at 2013-12-13 22:42:20

Running from C:\Users\inn\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

7-Zip 9.20 (x32)

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)

Apple Application Support (x32 Version: 2.3.4)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (x32 Version: 2.1.3.127)

Back to the Future: Ep 1 - It's About Time (x32)

Battlelog Web Plugins (x32 Version: 2.3.2)

BioShock Infinite Burial at Sea - Episode 1 (x32 Version: 1)

Bonjour (Version: 3.0.0.10)

BOSS (x32 Version: 2.1.1)

Content Manager Assistant for PlayStation® (x32 Version: 2.00.5976.25)

CostMin (x32 Version: 1.1.0.1101)

CyberGhost 5

Dead Island (x32)

Deus Ex: Human Revolution (x32)

ESN Sonar (x32 Version: 0.70.4)

Folder Lock (x32)

Free M4a to MP3 Converter 7.2 (x32)

Google Chrome (x32 Version: 31.0.1650.63)

Google Update Helper (x32 Version: 1.3.22.3)

GPU Monitor (x32 Version: 11.041.44)

Helium (x32 Version: 1.0.0)

Hideman (x32)

Intel® Processor Graphics (x32 Version: 9.17.10.2932)

Internet Download Manager (x32)

iTunes (Version: 11.0.4.4)

Java 7 Update 45 (x32 Version: 7.0.450)

Java Auto Updater (x32 Version: 2.1.9.8)

JDownloader 0.9 (x32 Version: 0.9)

Logitech Gaming Software (Version: 8.45.88)

Logitech Gaming Software 8.46 (Version: 8.46.27)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Mass Effect™ 3 (x32 Version: 1.01.0.0)

Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)

Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)

Microsoft Office 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Word 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001)

Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)

Mozilla Maintenance Service (x32 Version: 24.0)

MSI Afterburner 2.3.1 (x32 Version: 2.3.1)

Music Manager (HKCU)

Nexus Mod Manager (Version: 0.44.15)

NVIDIA 3D Vision Controller Driver 310.90 (Version: 310.90)

NVIDIA 3D Vision Driver 311.06 (Version: 311.06)

NVIDIA Control Panel 311.06 (Version: 311.06)

NVIDIA Graphics Driver 311.06 (Version: 311.06)

NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)

NVIDIA Install Application (Version: 2.1002.108.688)

NVIDIA PhysX (x32 Version: 9.12.1031)

NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)

NVIDIA Update 1.11.3 (Version: 1.11.3)

NVIDIA Update Components (Version: 1.11.3)

Open Broadcaster Software (x32)

OpenAL (x32)

Origin (x32 Version: 9.3.1.4482)

Picasa 3 (x32 Version: 3.9)

PowerISO (x32 Version: 4.7)

PunkBuster Services (x32 Version: 0.991)

QuickTime (x32 Version: 7.55.90.70)

Steam (x32 Version: 1.0.0.0)

TAP-Windows 9.9.2 (Version: 9.9.2)

TeamViewer 8 (x32 Version: 8.0.22298)

The Elder Scrolls V: Skyrim (x32)

The KMPlayer (remove only) (x32 Version: 3.5.0.77)

TrueCrypt (x32 Version: 7.1a)

Update for 2007 Microsoft Office System (KB967642) (x32)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)

Update for Microsoft Office Script Editor Help (KB963671) (x32)

Update for Microsoft Office Word 2007 Help (KB963665) (x32)

Uplay (x32 Version: 2.0)

URL Snooper v2.32.01 (x32)

Vampire: The Masquerade - Bloodlines (x32)

Video Download Capture V4.3.0 (x32 Version: 4.3.0)

Virtua Tennis 4 (x32)

VLC media player 2.0.7 (x32 Version: 2.0.7)

WinPcap 4.1.3 (x32 Version: 4.1.0.2980)

 

==================== Restore Points  =========================

 

29-11-2013 03:11:45 Scheduled Checkpoint

03-12-2013 16:54:54 Installed DirectX

07-12-2013 20:49:07 Installed DirectX

09-12-2013 14:34:15 TrueCrypt installation

12-12-2013 21:11:47 Windows Update

 

==================== Hosts content: ==========================

 

2013-08-31 23:00 - 2013-12-13 01:33 - 00000042 ____A C:\Windows\system32\Drivers\etc\hosts

::1 localhost

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {17998A65-D78A-4B5A-8949-7F9A72CBEE7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.)

Task: {3B82169B-798A-42FB-AA01-B8B1A7C640CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {474AA565-162A-4A3F-A952-FB5AF9CC0557} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2493394738-697243134-2269069893-1001UA => C:\Users\inn\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-17] (Google Inc.)

Task: {5923BA99-306A-466A-9D40-BCE949F040E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)

Task: {5D36D43A-69DC-4B94-A602-83C816CFDEA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-07] (Google Inc.)

Task: {5EF7212D-DAF1-4B52-B321-FA7D595C785D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2493394738-697243134-2269069893-1001Core => C:\Users\inn\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-17] (Google Inc.)

Task: {800131B7-ED4A-4F31-B956-8F32D4D0A1BA} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2493394738-697243134-2269069893-1001Core.job => C:\Users\inn\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2493394738-697243134-2269069893-1001UA.job => C:\Users\inn\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-07-26 07:58 - 2012-07-26 07:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll

2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-11-28 06:28 - 2010-03-30 14:29 - 00279955 _____ () C:\Program Files (x86)\VLC Player GPU+\libidn-11.dll

2013-11-28 06:28 - 2013-03-17 08:42 - 00084992 _____ () C:\Program Files (x86)\VLC Player GPU+\zlib1.dll

2013-11-28 06:28 - 2010-06-11 08:48 - 00148760 _____ () C:\Program Files (x86)\VLC Player GPU+\libpdcurses.dll

2013-12-05 21:54 - 2013-12-04 02:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

2013-12-05 21:54 - 2013-12-04 02:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

2013-12-05 21:54 - 2013-12-04 02:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-05 21:54 - 2013-12-04 02:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-05 21:54 - 2013-12-04 02:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

2013-12-09 11:38 - 2013-12-09 11:38 - 00358400 _____ () C:\Users\inn\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5.8_0\plugins\screen_capture.dll

2013-12-05 21:54 - 2013-12-04 02:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Faulty Device Manager Devices =============

 

Name: PCI Input Device

Description: PCI Input Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/13/2013 10:01:11 PM) (Source: Application Error) (User: )

Description: Faulting application name: wwahost.exe, version: 6.2.9200.16420, time stamp: 0x505a9152

Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988aa6

Exception code: 0x00000004

Fault offset: 0x000000000003811c

Faulting process id: 0xee4

Faulting application start time: 0xwwahost.exe0

Faulting application path: wwahost.exe1

Faulting module path: wwahost.exe2

Report Id: wwahost.exe3

Faulting package full name: wwahost.exe4

Faulting package-relative application ID: wwahost.exe5

 

Error: (12/13/2013 04:46:31 PM) (Source: Application Error) (User: )

Description: Faulting application name: SRFeature.exe, version: 2.45.5.1949, time stamp: 0x52240a67

Faulting module name: SRFeature.exe, version: 2.45.5.1949, time stamp: 0x52240a67

Exception code: 0xc0000005

Fault offset: 0x000b9a72

Faulting process id: 0x85c

Faulting application start time: 0xSRFeature.exe0

Faulting application path: SRFeature.exe1

Faulting module path: SRFeature.exe2

Report Id: SRFeature.exe3

Faulting package full name: SRFeature.exe4

Faulting package-relative application ID: SRFeature.exe5

 

Error: (12/13/2013 00:10:52 PM) (Source: Application Error) (User: )

Description: Faulting application name: DllHost.exe, version: 6.2.9200.16384, time stamp: 0x50108850

Faulting module name: tsccvid64.dll, version: 3.0.0.0, time stamp: 0x4c44a8a8

Exception code: 0xc0000005

Fault offset: 0x0000000000005def

Faulting process id: 0x22e0

Faulting application start time: 0xDllHost.exe0

Faulting application path: DllHost.exe1

Faulting module path: DllHost.exe2

Report Id: DllHost.exe3

Faulting package full name: DllHost.exe4

Faulting package-relative application ID: DllHost.exe5

 

Error: (12/13/2013 00:10:50 PM) (Source: Application Error) (User: )

Description: Faulting application name: DllHost.exe, version: 6.2.9200.16384, time stamp: 0x50108850

Faulting module name: tsccvid64.dll, version: 3.0.0.0, time stamp: 0x4c44a8a8

Exception code: 0xc0000005

Fault offset: 0x0000000000005def

Faulting process id: 0x2678

Faulting application start time: 0xDllHost.exe0

Faulting application path: DllHost.exe1

Faulting module path: DllHost.exe2

Report Id: DllHost.exe3

Faulting package full name: DllHost.exe4

Faulting package-relative application ID: DllHost.exe5

 

Error: (12/13/2013 01:14:26 AM) (Source: Application Error) (User: )

Description: Faulting application name: nvtray.exe, version: 7.17.13.1106, time stamp: 0x50f957dd

Faulting module name: nvtray.exe, version: 7.17.13.1106, time stamp: 0x50f957dd

Exception code: 0x40000015

Fault offset: 0x0000000000155149

Faulting process id: 0xf5c

Faulting application start time: 0xnvtray.exe0

Faulting application path: nvtray.exe1

Faulting module path: nvtray.exe2

Report Id: nvtray.exe3

Faulting package full name: nvtray.exe4

Faulting package-relative application ID: nvtray.exe5

 

Error: (12/12/2013 10:49:26 PM) (Source: Application Hang) (User: )

Description: The program explorer.exe version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1dc8

 

Start Time: 01cef437584bfa99

 

Termination Time: 4294967295

 

Application Path: C:\Windows\explorer.exe

 

Report Id: b89ca971-637e-11e3-bf9c-9cfd0e0fea9e

 

Faulting package full name: 

 

Faulting package-relative application ID:

 

Error: (12/12/2013 07:07:40 PM) (Source: Application Hang) (User: )

Description: The program dfdownloader_aXMmUN_.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 7f0

 

Start Time: 01cef76044894f19

 

Termination Time: 60000

 

Application Path: C:\Users\inn\Downloads\dfdownloader_aXMmUN_.exe

 

Report Id: 7aa9866d-635c-11e3-bf9c-9cfd0e0fea9e

 

Faulting package full name: 

 

Faulting package-relative application ID:

 

Error: (12/09/2013 09:06:05 PM) (Source: Winlogon) (User: )

Description: The Windows logon process has unexpectedly terminated.

 

Error: (12/08/2013 05:03:28 PM) (Source: Application Hang) (User: )

Description: The program DllHost.exe version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1ecc

 

Start Time: 01cef41558a9ea78

 

Termination Time: 4294967295

 

Application Path: C:\Windows\system32\DllHost.exe

 

Report Id: a80d1270-602a-11e3-bf9c-9cfd0e0fea9e

 

Faulting package full name: 

 

Faulting package-relative application ID:

 

Error: (12/08/2013 00:18:38 AM) (Source: Winlogon) (User: )

Description: The Windows logon process has unexpectedly terminated.

 

 

System errors:

=============

Error: (12/13/2013 10:11:41 PM) (Source: Service Control Manager) (User: )

Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 

%%1069

 

Error: (12/13/2013 10:11:41 PM) (Source: Service Control Manager) (User: )

Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 

%%1330

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

 

Error: (12/13/2013 10:09:38 PM) (Source: Service Control Manager) (User: )

Description: The sbapifs service failed to start due to the following error: 

%%2

 

Error: (12/13/2013 10:08:55 PM) (Source: Service Control Manager) (User: )

Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

 

Error: (12/13/2013 09:58:59 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (12/13/2013 09:57:23 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (12/13/2013 09:48:09 PM) (Source: Service Control Manager) (User: )

Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 

%%1069

 

Error: (12/13/2013 09:48:09 PM) (Source: Service Control Manager) (User: )

Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 

%%1330

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

 

Error: (12/13/2013 09:46:06 PM) (Source: Service Control Manager) (User: )

Description: The sbapifs service failed to start due to the following error: 

%%2

 

Error: (12/13/2013 08:49:34 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2013-12-13 10:58:08.693

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-13 10:52:00.093

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-13 09:53:03.577

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-13 09:18:14.253

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-13 02:42:08.647

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-13 02:12:50.254

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-13 02:02:43.012

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-13 01:49:43.667

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-13 01:24:30.110

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-12-13 01:06:28.328

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 28%

Total physical RAM: 8109.11 MB

Available physical RAM: 5775.2 MB

Total Pagefile: 16301.11 MB

Available Pagefile: 13208.61 MB

Total Virtual: 8192 MB

Available Virtual: 8191.75 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:119.24 GB) (Free:39.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Secondary Hard Drive) (Fixed) (Total:465.76 GB) (Free:56.64 GB) NTFS

Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: (Tertiary hdd) (Fixed) (Total:465.66 GB) (Free:289.27 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D2B4E6B9)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4BBCA89A)

Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

 

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: FFDC78B1)

Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

RKREPORT

 

 

 

 

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : inn [Admin rights]
Mode : Scan -- Date : 12/13/2013 22:47:49
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
::1 localhost
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS ATA Device +++++
--- User ---
[MBR] e4dc3751d6d2d95f3be6a4d7ff23a03e
[bSP] f43b9e0956deea4c1fc4f021171688ab : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST9500325AS ATA Device +++++
--- User ---
[MBR] 3b23509b0dcb0a7ad5c46f46fe1d8dd6
[bSP] 70a6692d8d939ab0bdd756a538bda666 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] 3b7a96aae3d2e015640182295afd8859
[bSP] cb2811f042c80e31673bf6abb870bdb3 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_12132013_224749.txt >>
Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.