VIRY.CZ

Zdravim, chcel by som Vas poprosit o pomoc:
pred dvomi dnami sa na mojom PC objavil "policajny virus" (mam WIN 7 64bit). Pomocou Malwarebytes a RogueKiller sa mi ho podarilo odstranit (ale pravdepodobne nie uplne).
Neskor mi zacal stale dokola crashovat a restartovat explorer. Stale padal aj v nudzovom rezime. Chcel som skusit Clean Boot, ci sa to nebije s nejakym softverom pri spusteni, no explorer pada stale.
Skusil som vo Windows vytvorit nove pouzivatelske konto, kde explorer taktiez pada, ale iba obcas, nie stale dokola (obcas padne, ked prechadzam data v exploreri).
Dakujem za pomoc!



Prikladam log z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by repair at 2013-07-04 11:16:21
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 12 GB (4%) free of 286 GB
Total RAM: 6049 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:27, on 4. 7. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\repair.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7602 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 26414224
\??\C:\Windows\system32\conhost.exe "-407610418143452458447454383216333227261142962507-62604189410610308-1036840147
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1852
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
"taskhost.exe"
taskeng.exe {24D13555-E77F-43D6-8466-9CBE5D40E499}
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
taskeng.exe {19DB97EE-C1B3-42F0-B511-87801192B7B6}
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="480.0.880607750\1633880941" --supports-dual-gpus=false --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2405 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="480.5.1976417348\2008053527" --lang=en-US --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --channel="480.13.2070386118\1192979642" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --channel="480.45.901008350\477596123" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --channel="480.47.1307053813\2066124681" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --channel="480.49.1599903363\943185786" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --channel="480.50.222336601\707173708" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --channel="480.52.657476431\711381775" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --channel="480.53.498040442\1735272145" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --channel="480.54.1738715779\1672264584" /prefetch:673131151
"C:\Windows\System32\explorer.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --channel="480.55.1378084380\917155761" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --channel="480.56.1665542462\1606308885" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --channel="480.58.1934667286\1180363444" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --channel="480.62.1203714540\739122321" /prefetch:673131151
"C:\Program Files (x86)\Winamp\winamp.exe" -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/17/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --channel="480.63.30048776\1478139946" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe9_ Global\UsGthrCtrlFltPipeMssGthrPipe9 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"C:\Users\repair\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-25 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-12-01 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-12-01 155384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 4035152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmIcoSinglun64]
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2010-08-11 324096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-01-28 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2011-11-23 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSPRP]
C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2011-04-01 2018032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]
C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [2011-02-23 731472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-08 170624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18 5732992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-03 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
C:\Program Files\Elantech\ETDCtrl.exe [2010-06-10 649608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLxHCIm]
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [2011-02-25 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2011-06-01 391960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2011-06-01 168216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelTBRunOnce]
wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-07-20 1931024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-02-20 152392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KORG USB-MIDI Driver]
C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe [2012-10-05 393656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2011-06-01 419096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVBg]
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-03-21 2207848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-03-18 11785832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowBatteryBar]
C:\Program Files\BatteryBar\ShowBatteryBar.exe [2013-04-11 89600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]
C:\Windows\vsnp2uvc.exe [2010-01-21 909824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonicMasterTray]
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [2010-07-10 984400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [2010-11-25 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAWinAgent]
C:\ExpressGateUtil\VAWinAgent.exe [2010-08-13 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2011-12-09 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 3]
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-09-24 1601536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk]
C:\PROGRA~2\ASUS\AsusVibe\ASUSVI~2.EXE [2010-12-31 548528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2010-03-12 1083680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-11-23 12862]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^r0hlik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^regmonstd.lnk]
C:\Users\r0hlik\AppData\Local\Temp\xemrpbqkaeejvrfkshd.bfg,XFG00 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^repair^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Intel(R) Turbo Boost Technology Monitor 2.0.lnk]
C:\PROGRA~1\Intel\TURBOB~1\SIGNAL~1.EXE [2010-11-30 204288]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2011-12-09 74752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-05-24 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-07-04 11:16:21 ----D---- C:\rsit
2013-07-04 11:16:21 ----D---- C:\Program Files\trend micro
2013-07-04 09:43:08 ----D---- C:\Users\repair\AppData\Roaming\Winamp
2013-07-04 09:39:29 ----D---- C:\Users\repair\AppData\Roaming\Macromedia
2013-07-04 09:39:05 ----D---- C:\Users\repair\AppData\Roaming\Opera
2013-07-03 19:47:31 ----D---- C:\Users\repair\AppData\Roaming\CDisplayEx
2013-07-03 19:47:13 ----D---- C:\Users\repair\AppData\Roaming\OpenOffice.org
2013-07-03 19:46:35 ----D---- C:\Users\repair\AppData\Roaming\WinRAR
2013-07-03 19:23:09 ----A---- C:\Windows\system32\explorer.exe
2013-07-03 16:51:49 ----D---- C:\Users\repair\AppData\Roaming\Intel
2013-07-03 16:51:47 ----D---- C:\Users\repair\AppData\Roaming\ESET
2013-07-03 16:50:40 ----D---- C:\Users\repair\AppData\Roaming\Adobe
2013-07-03 16:50:12 ----D---- C:\Users\repair\AppData\Roaming\Identities
2013-07-03 16:49:18 ----SD---- C:\Users\repair\AppData\Roaming\Microsoft
2013-07-03 16:49:18 ----D---- C:\Users\repair\AppData\Roaming\Media Center Programs
2013-07-03 16:47:01 ----A---- C:\Windows\ntbtlog.txt
2013-07-03 13:23:26 ----D---- C:\ProgramData\HitmanPro
2013-07-02 21:44:28 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-07-02 14:22:02 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2013-06-26 12:39:40 ----D---- C:\Program Files (x86)\AGEIA Technologies
2013-06-26 12:26:47 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2013-06-26 12:26:47 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2013-06-26 12:26:47 ----A---- C:\Windows\system32\xactengine2_7.dll
2013-06-26 12:26:47 ----A---- C:\Windows\system32\x3daudio1_1.dll
2013-06-26 12:26:46 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2013-06-26 12:26:46 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2013-06-26 12:26:46 ----A---- C:\Windows\system32\d3dx10_33.dll
2013-06-26 12:26:46 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2013-06-26 12:26:45 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2013-06-26 12:26:45 ----A---- C:\Windows\system32\d3dx9_33.dll
2013-06-26 12:24:34 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2013-06-26 12:24:34 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2013-06-26 12:24:34 ----A---- C:\Windows\system32\xactengine3_6.dll
2013-06-26 12:24:34 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2013-06-26 12:19:56 ----D---- C:\ProgramData\BitRaider
2013-06-22 01:26:19 ----A---- C:\Windows\system32\glut32.dll
2013-06-21 20:27:23 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-06-21 20:16:56 ----D---- C:\Program Files\Microsoft SDKs
2013-06-21 20:16:49 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2013-06-17 20:19:59 ----D---- C:\Windows\pss
2013-06-16 10:45:04 ----D---- C:\ProgramData\Malwarebytes
2013-06-16 10:45:03 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-16 10:45:03 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-06-16 01:28:07 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-06-16 01:28:07 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-06-16 01:28:07 ----A---- C:\Windows\system32\urlmon.dll
2013-06-16 01:28:06 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-06-16 01:28:06 ----A---- C:\Windows\system32\iertutil.dll
2013-06-16 01:28:05 ----A---- C:\Windows\system32\ieui.dll
2013-06-16 01:28:02 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-06-16 01:28:01 ----A---- C:\Windows\system32\ieframe.dll
2013-06-16 01:27:58 ----A---- C:\Windows\system32\mshtml.dll
2013-06-16 01:27:53 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-06-15 10:42:25 ----A---- C:\ProgramData\as98213.txt
2013-06-12 23:16:07 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-06-12 23:16:07 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-06-12 23:16:07 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-06-12 23:16:07 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-06-12 23:16:07 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-12 23:16:07 ----A---- C:\Windows\system32\iesetup.dll
2013-06-12 23:16:07 ----A---- C:\Windows\system32\iernonce.dll
2013-06-12 23:16:07 ----A---- C:\Windows\system32\ie4uinit.exe
2013-06-12 23:16:06 ----A---- C:\Windows\system32\iesysprep.dll
2013-06-12 23:16:05 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-06-12 23:16:05 ----A---- C:\Windows\system32\msfeeds.dll
2013-06-12 23:16:04 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-06-12 23:16:04 ----A---- C:\Windows\system32\jscript9.dll
2013-06-12 23:16:04 ----A---- C:\Windows\system32\jscript.dll
2013-06-12 23:16:03 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-06-12 23:16:00 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-06-12 23:16:00 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-06-12 23:16:00 ----A---- C:\Windows\system32\jsproxy.dll
2013-06-12 23:15:59 ----A---- C:\Windows\system32\wininet.dll
2013-06-12 14:57:54 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-06-12 14:57:53 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-06-12 14:57:53 ----A---- C:\Windows\system32\win32spl.dll
2013-06-12 14:57:46 ----A---- C:\Windows\SYSWOW64\cryptdlg.dll
2013-06-12 14:57:46 ----A---- C:\Windows\system32\cryptdlg.dll
2013-06-12 14:57:34 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-06-12 14:57:33 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2013-06-12 14:57:31 ----A---- C:\Windows\SYSWOW64\certutil.exe
2013-06-12 14:57:31 ----A---- C:\Windows\system32\crypt32.dll
2013-06-12 14:57:31 ----A---- C:\Windows\system32\certutil.exe
2013-06-12 14:57:30 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2013-06-12 14:57:30 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2013-06-12 14:57:30 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-06-12 14:57:30 ----A---- C:\Windows\system32\cryptsvc.dll
2013-06-12 14:57:30 ----A---- C:\Windows\system32\cryptnet.dll
2013-06-12 14:57:29 ----A---- C:\Windows\SYSWOW64\certenc.dll
2013-06-12 14:57:29 ----A---- C:\Windows\system32\certenc.dll
2013-06-12 14:57:22 ----A---- C:\Windows\system32\d3d11.dll
2013-06-12 14:57:21 ----A---- C:\Windows\SYSWOW64\d3d11.dll
2013-06-12 09:34:17 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 months======

2013-07-04 11:16:23 ----D---- C:\Windows\Temp
2013-07-04 11:16:21 ----RD---- C:\Program Files
2013-07-04 09:56:42 ----D---- C:\Windows\system32\config
2013-07-04 09:38:31 ----D---- C:\Windows\system32\Tasks
2013-07-04 09:38:30 ----A---- C:\Windows\system32\acovcnt.exe
2013-07-04 09:37:45 ----D---- C:\Windows\Prefetch
2013-07-03 19:25:34 ----SHD---- C:\Windows\Installer
2013-07-03 19:25:34 ----SD---- C:\ProgramData\Microsoft
2013-07-03 19:25:30 ----RD---- C:\Program Files (x86)
2013-07-03 19:24:54 ----SHD---- C:\System Volume Information
2013-07-03 19:23:09 ----D---- C:\Windows\System32
2013-07-03 16:54:39 ----A---- C:\Windows\SYSWOW64\log.txt
2013-07-03 16:53:26 ----D---- C:\Windows\inf
2013-07-03 16:53:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-07-03 16:51:56 ----HD---- C:\ASUS.DAT
2013-07-03 16:50:08 ----SHD---- C:\$Recycle.Bin
2013-07-03 16:49:26 ----D---- C:\ProgramData\Embarcadero
2013-07-03 16:49:17 ----RD---- C:\Users
2013-07-03 16:47:01 ----D---- C:\Windows
2013-07-03 15:47:29 ----D---- C:\Program Files (x86)\Team Meat
2013-07-03 15:18:06 ----D---- C:\Program Files (x86)\Opera
2013-07-03 13:28:11 ----D---- C:\Windows\system32\drivers
2013-07-03 13:23:26 ----HD---- C:\ProgramData
2013-07-03 12:48:55 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 11:33:08 ----D---- C:\Windows\Logs
2013-07-02 14:48:49 ----RSD---- C:\Windows\assembly
2013-07-02 14:47:54 ----D---- C:\Windows\system32\catroot2
2013-07-02 14:22:03 ----D---- C:\Windows\SysWOW64
2013-06-26 21:39:32 ----A---- C:\Windows\system32\ServiceFilter.ini
2013-06-26 12:39:40 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2013-06-23 09:59:24 ----D---- C:\ProgramData\Skype
2013-06-23 09:59:22 ----RD---- C:\Program Files (x86)\Skype
2013-06-22 11:58:24 ----D---- C:\Windows\Microsoft.NET
2013-06-22 11:08:41 ----D---- C:\Windows\winsxs
2013-06-22 11:06:20 ----D---- C:\ProgramData\Microsoft Help
2013-06-22 10:58:25 ----D---- C:\Program Files (x86)\Common Files
2013-06-21 20:27:30 ----D---- C:\Program Files (x86)\Microsoft.NET
2013-06-21 15:29:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-06-20 11:17:12 ----D---- C:\Windows\system32\catroot
2013-06-19 11:06:54 ----D---- C:\Program Files (x86)\Google
2013-06-19 11:01:35 ----D---- C:\Windows\Tasks
2013-06-16 09:30:42 ----D---- C:\Program Files (x86)\Internet Explorer
2013-06-16 09:30:41 ----D---- C:\Program Files\Internet Explorer
2013-06-16 01:33:30 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-06-15 15:49:47 ----D---- C:\Windows\Panther
2013-06-15 15:49:45 ----D---- C:\Windows\debug
2013-06-13 17:54:55 ----D---- C:\Windows\rescache
2013-06-13 15:49:40 ----D---- C:\Program Files (x86)\Vuze
2013-06-13 06:53:20 ----D---- C:\Windows\SYSWOW64\sk-SK
2013-06-13 06:53:18 ----D---- C:\Windows\SYSWOW64\en-US
2013-06-13 06:53:17 ----D---- C:\Windows\system32\sk-SK
2013-06-13 06:53:16 ----D---- C:\Windows\system32\en-US
2013-06-12 23:16:51 ----A---- C:\Windows\system32\MRT.exe
2013-06-12 09:34:24 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-06-07 12:11:08 ----D---- C:\Windows\system32\wfp
2013-06-07 12:11:06 ----D---- C:\Windows\system32\wbem
2013-06-07 12:10:20 ----D---- C:\Windows\system32\DriverStore
2013-06-07 12:10:17 ----D---- C:\ProgramData\P4G
2013-06-07 12:10:10 ----D---- C:\Program Files (x86)\The KMPlayer
2013-06-07 12:10:02 ----HD---- C:\ExpressGateUtil
2013-06-07 12:09:48 ----D---- C:\Windows\registration
2013-06-06 19:43:47 ----D---- C:\Counter-Strike Source

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-03-08 25960]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-03 283200]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2012-04-12 224048]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-12 130864]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-30 16120]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2009-12-14 53800]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-01-15 98344]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2010-01-15 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-15 21288]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver; C:\Windows\system32\DRIVERS\FLxHCIc.sys [2011-02-25 302592]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver; C:\Windows\system32\DRIVERS\FLxHCIh.sys [2011-02-25 81920]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-05-24 12259712]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-03-22 2815976]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2010-09-07 1800832]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-12 147248]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-12 166192]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2011-03-24 42392]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
S3 BRDriver64;BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [2013-06-27 75048]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2013-02-13 76648]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2013-02-13 85864]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2011-03-24 34200]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows; C:\Windows\System32\Drivers\KORGUM64.SYS [2012-10-05 33696]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-07-09 52736]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2009-07-14 10240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 BRSptSvc;BitRaider Mini-Support Service; C:\ProgramData\BitRaider\BRSptSvc.exe [2013-07-03 915736]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S4 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2011-01-26 379520]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
S4 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
S4 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-03-12 873248]
S4 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-07-20 1429776]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 116648]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 116648]
S4 IBG_gds_db;InterBase XE3 64 Guardian gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe [2012-08-08 630272]
S4 IBS_gds_db;InterBase XE3 64 Server gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe [2012-08-08 4868608]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-02-20 641352]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-21 325656]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-07-02 117144]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-07 4466688]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-03-06 993896]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-14 2009704]
S4 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-07-20 838928]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-17 247152]
S4 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-03 162408]
S4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S4 VideAceWindowsService;VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [2010-08-21 77312]
S4 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe [2011-09-26 21504]
S4 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe [2012-01-25 9690112]

-----------------EOF-----------------

ahoj,
nuz lepsie by bolo keby si bol prisiel hned po zavireni ,,,
vloz log FRST http://forum.viry.cz/viewtopic.php?f=13&t=130781

Ja len pre istotu, ten policajny virus sa mi uz nezobrazuje, teraz "len" pada explorer.. Neviem, ci vobec pada kvoli tomu, ale vy si s tym snad viete rady
Kazdopadne, tu je log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by repair (administrator) on 04-07-2013 20:22:54
Running from C:\Users\repair\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: 041B
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\explorer.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-12-09] (Nullsoft, Inc.)
HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [x]
HKU\UpdatusUser\...\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show [89600 2013-04-11] ()
HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3674320 2013-01-08] (DT Soft Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-03-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [192616 2011-03-08] (NVIDIA Corporation)
Startup: C:\Users\mr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

SearchScopes: HKCU - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\repair\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\repair\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\repair\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\repair\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\repair\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-07-03] (BitRaider, LLC)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-09-22] (ESET)
S4 IBG_gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe [630272 2012-08-08] (Embarcadero Technologies, Inc.)
S4 IBS_gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe [4868608 2012-08-08] (Embarcadero Technologies, Inc.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-20] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
S4 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-21] ()
S4 wampapache; c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe [21504 2011-09-26] (Apache Software Foundation)
S4 wampmysqld; c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe [9690112 2012-01-25] ()

==================== Drivers (Whitelisted) ====================

R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-06-27] (BitRaider)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-06-27] (BitRaider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-03] (DT Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81920 2011-02-25] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [33696 2012-10-05] (KORG INC.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\drivers\AmUStor.SYS 9C7F164B49CADC658D1B3C575782F346
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 0ACC06FCF46F64ED4F11E57EE461C1F4
C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 1F7238A37389ED92E9D8EEE975CABD54
C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 1F7238A37389ED92E9D8EEE975CABD54
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\ProgramData\BitRaider\BRDriver64.sys CF28EFF2D423A6B7529046C639F3EC56
C:\ProgramData\BitRaider\BRDriver64.sys CF28EFF2D423A6B7529046C639F3EC56
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\drivers\btusbflt.sys D3466F77C2C49C6E393BA5FBA963A33E
C:\Windows\System32\drivers\btwaudio.sys A72A9101F9730DB7332714E566614E4D
C:\Windows\System32\drivers\btwavdt.sys 5CEEC634B617525F2B6AD29F871033F7
C:\Windows\System32\DRIVERS\btwl2cap.sys 6149301DC3F81D6F9667A3FBAC410975
C:\Windows\System32\DRIVERS\btwrchid.sys 2AF5604D28BEF77B7CF4B9D232FE7CD3
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\System32\DRIVERS\eamonm.sys 13533557D01B88C83110D5CF749F14D7
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys E097728129E7B79BF1089D7AEF42332B
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfw.sys 198C6FBC30BBD9632EA051203DCCF204
C:\Windows\System32\DRIVERS\EpfwLWF.sys 56DE463F517710A8AA44EEF82C35B3C9
C:\Windows\System32\DRIVERS\epfwwfp.sys 710B0442BB2F99278D7B8E02A8849C11
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 05B0DCDA418E297A1B4CD8D7B8ADE403
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\FLxHCIc.sys 10B5AB16C34D4E316EDB825386F57DA6
C:\Windows\System32\DRIVERS\FLxHCIh.sys 66DE264C2DEFE746CB2E71F3A5EB5C2C
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 6C06701BF1DB05405804D7EB610991CE
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\drivers\ftdibus.sys F16370F37CCA72ED2C21C230333C2C11
C:\Windows\System32\drivers\ftser2k.sys 787BBE2466C36B2E36B4A41BB788E2A2
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D7921D5A870B11CC1ADAB198A519D50A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys E15A809273EA164A7479D2FA64D18988
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelaud.sys CADDF0927DAC63EDAE48F5C35A61D87D
C:\Windows\System32\drivers\RTKVHD64.sys 177B4E48C7A288E70779B42AB81D2D06
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iwdbus.sys 716F66336F10885D935B08174DC54242
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
C:\Windows\System32\Drivers\KORGUM64.SYS 9D6EE705370851C583A193B4C7668810
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 033B4AED2C5519072C0D81E00804D003
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETwNs64.sys EB43840BABF5589E33186D094DE7381D
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\nmwcdnsux64.sys 9573223E205907247AE6D948E3453770
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 7328528DAF9B8A486E16595A35043DB0
C:\Windows\System32\DRIVERS\nvpciflt.sys 8AE5A124F3B65C3EC531D251A3E9C87F
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ED5873F7DFB2F96D37F13322211B6BDC
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snp2uvc.sys C98375D19F9E9966F6201BAE65FB3728
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\DRIVERS\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TurboB.sys FD24F98D2898BE093FE926604BE7DB99
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys AF1B9474D67897D0C2CFF58E0ACEACCC
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbser.sys 4ACEE387FA8FD39F83564FCD2FC234F2
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\DRIVERS\VBoxDrv.sys 780B472A8392771EF31031BA6238BF9E
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys E705A3A384E7569FA2F1A3A29BDC5240
C:\Windows\System32\DRIVERS\VBoxNetFlt.sys D00756D69EFCFBF90F759D338E4B16EB
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys 508CFD271CFDD2B686A0FC5D370070E6
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\WDKMD.sys 63CE387483E74A0BD79EE4E5EBA1FD2E
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-04 20:22 - 2013-07-04 20:22 - 00000000 ____D C:\FRST
2013-07-04 20:20 - 2013-07-04 20:20 - 01934636 ____A (Farbar) C:\Users\repair\Downloads\FRST64 (1).exe
2013-07-04 20:19 - 2013-07-04 20:19 - 01934636 ____A (Farbar) C:\Users\repair\Downloads\FRST64.exe
2013-07-04 11:16 - 2013-07-04 11:16 - 00000000 ____D C:\rsit
2013-07-04 11:16 - 2013-07-04 11:16 - 00000000 ____D C:\Program Files\trend micro
2013-07-04 11:14 - 2013-07-04 11:14 - 00832273 ____A C:\Users\repair\Downloads\RSITx64.exe
2013-07-04 09:43 - 2013-07-04 10:58 - 00000000 ____D C:\Users\repair\AppData\Roaming\Winamp
2013-07-04 09:39 - 2013-07-04 20:17 - 00000000 ____D C:\Users\repair\AppData\Local\Last.fm
2013-07-04 09:39 - 2013-07-04 09:39 - 00000000 ____D C:\Users\repair\AppData\Roaming\Opera
2013-07-04 09:39 - 2013-07-04 09:39 - 00000000 ____D C:\Users\repair\AppData\Roaming\Macromedia
2013-07-04 09:39 - 2013-07-04 09:39 - 00000000 ____D C:\Users\repair\AppData\Local\Opera
2013-07-03 19:52 - 2013-07-03 19:52 - 00000000 ____D C:\Users\repair\Documents\The KMPlayer
2013-07-03 19:47 - 2013-07-03 19:51 - 00000000 ____D C:\Users\repair\AppData\Roaming\CDisplayEx
2013-07-03 19:47 - 2013-07-03 19:47 - 00069000 ____A C:\Users\repair\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-03 19:47 - 2013-07-03 19:47 - 00000000 ____D C:\Users\repair\AppData\Roaming\OpenOffice.org
2013-07-03 19:46 - 2013-07-03 19:46 - 00000000 ____D C:\Users\repair\AppData\Roaming\WinRAR
2013-07-03 19:31 - 2013-07-03 19:02 - 03660981 ____A C:\Users\repair\Desktop\CBS.log
2013-07-03 19:23 - 2011-02-25 08:19 - 02871808 ____A (Microsoft Corporation) C:\Windows\System32\explorer.exe
2013-07-03 16:52 - 2013-07-03 16:52 - 00000000 ____D C:\Users\repair\AppData\Local\Google
2013-07-03 16:51 - 2013-07-03 16:51 - 00000000 ____D C:\Users\repair\AppData\Roaming\Intel
2013-07-03 16:51 - 2013-07-03 16:51 - 00000000 ____D C:\Users\repair\AppData\Roaming\ESET
2013-07-03 16:51 - 2013-07-03 16:51 - 00000000 ____D C:\Users\repair\AppData\Local\ESET
2013-07-03 16:50 - 2013-07-03 16:52 - 00002261 ____A C:\Users\repair\Desktop\Google Chrome.lnk
2013-07-03 16:50 - 2013-07-03 16:50 - 00000000 ____D C:\Users\repair\AppData\Roaming\Adobe
2013-07-03 16:49 - 2013-07-03 16:50 - 00000000 ____D C:\users\repair
2013-07-03 16:49 - 2013-07-03 16:49 - 00000020 ___SH C:\Users\repair\ntuser.ini
2013-07-03 16:49 - 2013-07-03 16:49 - 00000000 ____D C:\Users\repair\AppData\Local\VirtualStore
2013-07-03 16:49 - 2013-07-03 16:49 - 00000000 ____D C:\Users\repair\AppData\Local\Power2Go
2013-07-03 15:44 - 2013-07-03 15:46 - 00000000 ____D C:\Users\mr\Desktop\SKOLA
2013-07-03 15:16 - 2013-07-03 15:16 - 13168216 ____A (Opera Software ASA) C:\Users\mr\Downloads\Opera_1215_int_Setup.exe
2013-07-03 14:52 - 2013-07-03 14:52 - 00000000 ____D C:\Users\mr\AppData\Roaming\Opera Software
2013-07-03 14:52 - 2013-07-03 14:52 - 00000000 ____D C:\Users\mr\AppData\Local\Opera Software
2013-07-03 14:38 - 2013-07-03 14:45 - 31126536 ____A (Opera Software ASA) C:\Users\mr\Downloads\Opera_15.0.1147.130_Setup.exe
2013-07-03 14:22 - 2013-07-03 14:22 - 00098819 ____A C:\Users\mr\Documents\rohlik opera bookmarks.adr
2013-07-03 13:23 - 2013-07-03 13:23 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-03 12:49 - 2013-07-03 19:04 - 00001349 ____A C:\Windows\setupact.log
2013-07-03 12:49 - 2013-07-03 12:49 - 00000000 ____A C:\Windows\setuperr.log
2013-07-03 12:48 - 2013-07-03 12:48 - 00000410 ____A C:\Windows\PFRO.log
2013-07-02 21:44 - 2013-07-02 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 14:22 - 2009-03-09 15:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-06-30 18:25 - 2013-06-30 18:25 - 00000000 ____D C:\Users\mr\Documents\My Weblog Posts
2013-06-30 18:25 - 2013-06-30 18:25 - 00000000 ____D C:\Users\mr\AppData\Local\{53C633EF-AC12-453D-B198-D0BFC5AB28A2}
2013-06-27 23:48 - 2013-07-03 14:38 - 00000000 ____D C:\Users\mr\AppData\Roaming\Awesomium
2013-06-27 23:48 - 2013-07-02 14:23 - 00000000 ____D C:\Users\mr\Documents\My Games
2013-06-26 12:44 - 2013-07-03 18:28 - 00001787 ____A C:\Users\Public\Desktop\Marvel Heroes.lnk
2013-06-26 12:39 - 2013-06-26 12:39 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-06-26 12:26 - 2007-04-04 18:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2013-06-26 12:26 - 2007-04-04 18:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-06-26 12:26 - 2007-03-15 16:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2013-06-26 12:26 - 2007-03-15 16:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-06-26 12:26 - 2007-03-12 16:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2013-06-26 12:26 - 2007-03-12 16:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-06-26 12:26 - 2007-03-12 16:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2013-06-26 12:26 - 2007-03-12 16:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-06-26 12:26 - 2007-03-05 12:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2013-06-26 12:26 - 2007-03-05 12:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-06-26 12:24 - 2010-02-04 10:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-06-26 12:24 - 2010-02-04 10:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-06-26 12:24 - 2010-02-04 10:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-06-26 12:24 - 2010-02-04 10:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-06-26 12:20 - 2013-06-26 12:20 - 00000895 ____A C:\Users\mr\Downloads\default.bitraid
2013-06-26 12:19 - 2013-07-03 18:28 - 00000000 ____D C:\ProgramData\BitRaider
2013-06-26 12:19 - 2013-06-26 12:20 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-06-26 12:11 - 2013-06-26 12:13 - 04691232 ____A (BitRaider, LLC) C:\Users\mr\Downloads\marvelheroesclientinstaller.exe
2013-06-22 14:23 - 2013-06-22 14:24 - 10455548 ____A C:\Users\mr\Downloads\projekt.rar
2013-06-22 01:26 - 2001-11-08 02:27 - 00237568 ____A C:\Windows\System32\glut32.dll
2013-06-21 21:30 - 2013-06-21 21:30 - 00000000 ____D C:\Users\mr\AppData\Local\{C4FC24AC-5246-4ABC-85C8-83AAEB359222}
2013-06-21 20:28 - 2013-06-22 00:14 - 00000000 ____D C:\Users\mr\Documents\Visual Studio 2008
2013-06-21 20:27 - 2013-06-21 20:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-06-21 20:16 - 2013-06-21 20:16 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2013-06-21 20:16 - 2013-06-21 20:16 - 00000000 ____D C:\Program Files\Microsoft SDKs
2013-06-21 15:31 - 2013-06-21 19:25 - 00000000 ____D C:\Users\mr\Documents\Visual Studio 2005
2013-06-21 15:22 - 2013-06-21 15:22 - 00000000 ____D C:\Users\mr\Downloads\Visual C++ 2005 Express Edition (English)
2013-06-21 12:32 - 2013-06-21 12:32 - 00000000 ____D C:\Users\mr\AppData\Roaming\e-academy Inc
2013-06-21 12:32 - 2013-06-21 12:32 - 00000000 ____D C:\Users\mr\AppData\Local\e-academy Inc
2013-06-20 11:26 - 2013-06-20 11:26 - 00004601 ____A C:\Users\mr\AppData\Local\recently-used.xbel
2013-06-19 11:01 - 2013-07-04 20:17 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-19 11:01 - 2013-07-04 13:33 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-19 11:01 - 2013-06-19 11:07 - 00000000 ____D C:\Users\mr\AppData\Local\Google
2013-06-18 17:47 - 2013-06-18 17:47 - 00000000 ____D C:\Users\mr\AppData\Local\{EFFE30BF-F9C2-46C0-8661-235E1019A884}
2013-06-17 20:19 - 2013-07-03 16:54 - 00000000 ____D C:\Windows\pss
2013-06-16 22:57 - 2013-06-16 23:00 - 94028491 ____A C:\Users\mr\Downloads\MRAKODRAP.ZIP
2013-06-16 10:45 - 2013-06-16 10:45 - 00000000 ____D C:\Users\mr\AppData\Roaming\Malwarebytes
2013-06-16 10:45 - 2013-06-16 10:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-16 10:45 - 2013-06-16 10:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-16 10:45 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-16 10:32 - 2013-06-16 10:32 - 00007458 ____A C:\Users\mr\Documents\cc_20130616_103235.reg
2013-06-16 10:32 - 2013-06-16 10:32 - 00000376 ____A C:\Users\mr\Documents\cc_20130616_103251.reg
2013-06-16 10:31 - 2013-06-16 10:32 - 00442680 ____A C:\Users\mr\Documents\cc_20130616_103145.reg
2013-06-16 01:28 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 01:28 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 01:28 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 01:28 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 01:28 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 01:28 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 01:28 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 01:28 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 01:28 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 01:28 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-16 01:27 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 01:27 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 10:42 - 2013-06-16 09:35 - 95023320 ___AT C:\ProgramData\4finiw.pad
2013-06-15 10:42 - 2013-06-16 09:32 - 00000000 ____A C:\ProgramData\as98213.txt
2013-06-15 10:42 - 2013-06-15 10:42 - 95023320 ___AT C:\ProgramData\blg7.pad
2013-06-15 10:42 - 2013-06-15 10:42 - 00000152 ____A C:\ProgramData\4finiw.reg
2013-06-12 23:16 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:16 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:16 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:16 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:16 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 23:16 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 23:16 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 23:16 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 23:16 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:16 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:16 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:16 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:16 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 23:16 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 23:16 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:16 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 23:16 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 23:16 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 23:15 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 14:57 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 14:57 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 14:57 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 14:57 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 14:57 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 14:57 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 14:57 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 14:57 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 14:57 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 14:57 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 14:57 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 14:57 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 14:57 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 14:57 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 14:57 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 14:57 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 14:57 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 14:57 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 14:57 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 09:34 - 2013-06-12 09:34 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-09 23:17 - 2013-06-09 23:17 - 00070057 ____A C:\Users\mr\Downloads\APL.STATISTIKAPROJEKT.zip

==================== One Month Modified Files and Folders =======

2013-07-04 20:22 - 2013-07-04 20:22 - 00000000 ____D C:\FRST
2013-07-04 20:20 - 2013-07-04 20:20 - 01934636 ____A (Farbar) C:\Users\repair\Downloads\FRST64 (1).exe
2013-07-04 20:19 - 2013-07-04 20:19 - 01934636 ____A (Farbar) C:\Users\repair\Downloads\FRST64.exe
2013-07-04 20:18 - 2011-11-23 08:57 - 01580858 ____A C:\Windows\WindowsUpdate.log
2013-07-04 20:17 - 2013-07-04 09:39 - 00000000 ____D C:\Users\repair\AppData\Local\Last.fm
2013-07-04 20:17 - 2013-06-19 11:01 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-04 20:17 - 2012-05-16 12:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-04 13:33 - 2013-06-19 11:01 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-04 11:24 - 2009-07-14 06:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 11:24 - 2009-07-14 06:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 11:16 - 2013-07-04 11:16 - 00000000 ____D C:\rsit
2013-07-04 11:16 - 2013-07-04 11:16 - 00000000 ____D C:\Program Files\trend micro
2013-07-04 11:14 - 2013-07-04 11:14 - 00832273 ____A C:\Users\repair\Downloads\RSITx64.exe
2013-07-04 10:58 - 2013-07-04 09:43 - 00000000 ____D C:\Users\repair\AppData\Roaming\Winamp
2013-07-04 09:39 - 2013-07-04 09:39 - 00000000 ____D C:\Users\repair\AppData\Roaming\Opera
2013-07-04 09:39 - 2013-07-04 09:39 - 00000000 ____D C:\Users\repair\AppData\Roaming\Macromedia
2013-07-04 09:39 - 2013-07-04 09:39 - 00000000 ____D C:\Users\repair\AppData\Local\Opera
2013-07-04 09:38 - 2012-03-08 16:26 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2013-07-03 19:52 - 2013-07-03 19:52 - 00000000 ____D C:\Users\repair\Documents\The KMPlayer
2013-07-03 19:51 - 2013-07-03 19:47 - 00000000 ____D C:\Users\repair\AppData\Roaming\CDisplayEx
2013-07-03 19:47 - 2013-07-03 19:47 - 00069000 ____A C:\Users\repair\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-03 19:47 - 2013-07-03 19:47 - 00000000 ____D C:\Users\repair\AppData\Roaming\OpenOffice.org
2013-07-03 19:46 - 2013-07-03 19:46 - 00000000 ____D C:\Users\repair\AppData\Roaming\WinRAR
2013-07-03 19:04 - 2013-07-03 12:49 - 00001349 ____A C:\Windows\setupact.log
2013-07-03 19:04 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-03 19:02 - 2013-07-03 19:31 - 03660981 ____A C:\Users\repair\Desktop\CBS.log
2013-07-03 18:39 - 2012-03-19 21:13 - 00000000 ____D C:\Users\mr\AppData\Roaming\Azureus
2013-07-03 18:28 - 2013-06-26 12:44 - 00001787 ____A C:\Users\Public\Desktop\Marvel Heroes.lnk
2013-07-03 18:28 - 2013-06-26 12:19 - 00000000 ____D C:\ProgramData\BitRaider
2013-07-03 16:54 - 2013-06-17 20:19 - 00000000 ____D C:\Windows\pss
2013-07-03 16:53 - 2009-07-14 07:13 - 00794686 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-03 16:52 - 2013-07-03 16:52 - 00000000 ____D C:\Users\repair\AppData\Local\Google
2013-07-03 16:52 - 2013-07-03 16:50 - 00002261 ____A C:\Users\repair\Desktop\Google Chrome.lnk
2013-07-03 16:51 - 2013-07-03 16:51 - 00000000 ____D C:\Users\repair\AppData\Roaming\Intel
2013-07-03 16:51 - 2013-07-03 16:51 - 00000000 ____D C:\Users\repair\AppData\Roaming\ESET
2013-07-03 16:51 - 2013-07-03 16:51 - 00000000 ____D C:\Users\repair\AppData\Local\ESET
2013-07-03 16:51 - 2012-03-08 16:25 - 00000000 ___HD C:\ASUS.DAT
2013-07-03 16:50 - 2013-07-03 16:50 - 00000000 ____D C:\Users\repair\AppData\Roaming\Adobe
2013-07-03 16:50 - 2013-07-03 16:49 - 00000000 ____D C:\users\repair
2013-07-03 16:49 - 2013-07-03 16:49 - 00000020 ___SH C:\Users\repair\ntuser.ini
2013-07-03 16:49 - 2013-07-03 16:49 - 00000000 ____D C:\Users\repair\AppData\Local\VirtualStore
2013-07-03 16:49 - 2013-07-03 16:49 - 00000000 ____D C:\Users\repair\AppData\Local\Power2Go
2013-07-03 16:49 - 2013-03-10 20:25 - 00000000 ____D C:\ProgramData\Embarcadero
2013-07-03 16:32 - 2012-03-09 17:00 - 00000000 ____D C:\Users\mr\AppData\Local\Last.fm
2013-07-03 16:21 - 2012-03-09 18:40 - 00000000 ____D C:\Users\mr\AppData\Roaming\Skype
2013-07-03 15:49 - 2012-03-08 16:25 - 00000000 __RSD C:\Users\mr\Desktop\AsusTools
2013-07-03 15:47 - 2013-02-18 16:16 - 00000000 ____D C:\Program Files (x86)\Team Meat
2013-07-03 15:46 - 2013-07-03 15:44 - 00000000 ____D C:\Users\mr\Desktop\SKOLA
2013-07-03 15:18 - 2012-03-08 16:42 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-03 15:16 - 2013-07-03 15:16 - 13168216 ____A (Opera Software ASA) C:\Users\mr\Downloads\Opera_1215_int_Setup.exe
2013-07-03 14:52 - 2013-07-03 14:52 - 00000000 ____D C:\Users\mr\AppData\Roaming\Opera Software
2013-07-03 14:52 - 2013-07-03 14:52 - 00000000 ____D C:\Users\mr\AppData\Local\Opera Software
2013-07-03 14:45 - 2013-07-03 14:38 - 31126536 ____A (Opera Software ASA) C:\Users\mr\Downloads\Opera_15.0.1147.130_Setup.exe
2013-07-03 14:38 - 2013-06-27 23:48 - 00000000 ____D C:\Users\mr\AppData\Roaming\Awesomium
2013-07-03 14:22 - 2013-07-03 14:22 - 00098819 ____A C:\Users\mr\Documents\rohlik opera bookmarks.adr
2013-07-03 13:23 - 2013-07-03 13:23 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-03 12:49 - 2013-07-03 12:49 - 00000000 ____A C:\Windows\setuperr.log
2013-07-03 12:48 - 2013-07-03 12:48 - 00000410 ____A C:\Windows\PFRO.log
2013-07-03 12:48 - 2012-05-08 23:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 12:47 - 2012-03-12 22:11 - 00000000 ____D C:\Users\mr\AppData\Roaming\Winamp
2013-07-02 21:45 - 2013-07-02 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 14:23 - 2013-06-27 23:48 - 00000000 ____D C:\Users\mr\Documents\My Games
2013-06-30 18:25 - 2013-06-30 18:25 - 00000000 ____D C:\Users\mr\Documents\My Weblog Posts
2013-06-30 18:25 - 2013-06-30 18:25 - 00000000 ____D C:\Users\mr\AppData\Local\{53C633EF-AC12-453D-B198-D0BFC5AB28A2}
2013-06-30 18:25 - 2012-08-06 00:55 - 00000000 ____D C:\Users\mr\AppData\Local\Windows Live Writer
2013-06-26 21:39 - 2011-11-23 09:21 - 00001464 ____A C:\Windows\System32\ServiceFilter.ini
2013-06-26 12:39 - 2013-06-26 12:39 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-06-26 12:39 - 2011-11-23 09:07 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-06-26 12:20 - 2013-06-26 12:20 - 00000895 ____A C:\Users\mr\Downloads\default.bitraid
2013-06-26 12:20 - 2013-06-26 12:19 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-06-26 12:13 - 2013-06-26 12:11 - 04691232 ____A (BitRaider, LLC) C:\Users\mr\Downloads\marvelheroesclientinstaller.exe
2013-06-23 13:19 - 2013-02-03 17:24 - 00000000 ____D C:\Users\mr\AppData\Roaming\DAEMON Tools Lite
2013-06-23 09:59 - 2013-01-24 13:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-23 09:59 - 2012-03-09 18:40 - 00000000 ____D C:\ProgramData\Skype
2013-06-22 14:24 - 2013-06-22 14:23 - 10455548 ____A C:\Users\mr\Downloads\projekt.rar
2013-06-22 13:33 - 2012-04-02 14:31 - 00000600 ____A C:\Users\mr\AppData\Roaming\winscp.rnd
2013-06-22 11:06 - 2012-03-19 16:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-22 00:14 - 2013-06-21 20:28 - 00000000 ____D C:\Users\mr\Documents\Visual Studio 2008
2013-06-21 21:30 - 2013-06-21 21:30 - 00000000 ____D C:\Users\mr\AppData\Local\{C4FC24AC-5246-4ABC-85C8-83AAEB359222}
2013-06-21 21:07 - 2012-03-19 16:37 - 00000000 ____D C:\Users\mr\AppData\Local\Microsoft Help
2013-06-21 20:28 - 2013-06-21 20:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-06-21 20:16 - 2013-06-21 20:16 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2013-06-21 20:16 - 2013-06-21 20:16 - 00000000 ____D C:\Program Files\Microsoft SDKs
2013-06-21 19:25 - 2013-06-21 15:31 - 00000000 ____D C:\Users\mr\Documents\Visual Studio 2005
2013-06-21 15:29 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-21 15:22 - 2013-06-21 15:22 - 00000000 ____D C:\Users\mr\Downloads\Visual C++ 2005 Express Edition (English)
2013-06-21 12:32 - 2013-06-21 12:32 - 00000000 ____D C:\Users\mr\AppData\Roaming\e-academy Inc
2013-06-21 12:32 - 2013-06-21 12:32 - 00000000 ____D C:\Users\mr\AppData\Local\e-academy Inc
2013-06-21 10:24 - 2013-04-23 21:15 - 00000349 ____A C:\Users\mr\Desktop\mfsongtitles.txt
2013-06-20 11:26 - 2013-06-20 11:26 - 00004601 ____A C:\Users\mr\AppData\Local\recently-used.xbel
2013-06-20 11:26 - 2013-06-02 12:09 - 00000000 ____D C:\Users\mr\Desktop\GOLF WANG
2013-06-20 11:26 - 2012-10-04 20:34 - 00000000 ____D C:\Users\mr\.gimp-2.8
2013-06-19 11:07 - 2013-06-19 11:01 - 00000000 ____D C:\Users\mr\AppData\Local\Google
2013-06-19 11:06 - 2011-04-01 10:58 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-19 00:32 - 2012-12-08 14:22 - 00000000 ____D C:\Users\mr\AppData\Roaming\Mp3tag
2013-06-18 19:01 - 2013-02-26 00:02 - 00000000 ____D C:\Users\mr\AppData\Roaming\SQL Developer
2013-06-18 17:47 - 2013-06-18 17:47 - 00000000 ____D C:\Users\mr\AppData\Local\{EFFE30BF-F9C2-46C0-8661-235E1019A884}
2013-06-18 17:46 - 2012-03-12 15:12 - 00000000 ____D C:\Users\mr\AppData\Local\Windows Live
2013-06-17 15:44 - 2012-10-10 23:48 - 00000000 ____D C:\Users\mr\AppData\Roaming\codeblocks
2013-06-16 23:00 - 2013-06-16 22:57 - 94028491 ____A C:\Users\mr\Downloads\MRAKODRAP.ZIP
2013-06-16 10:45 - 2013-06-16 10:45 - 00000000 ____D C:\Users\mr\AppData\Roaming\Malwarebytes
2013-06-16 10:45 - 2013-06-16 10:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-16 10:45 - 2013-06-16 10:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-16 10:32 - 2013-06-16 10:32 - 00007458 ____A C:\Users\mr\Documents\cc_20130616_103235.reg
2013-06-16 10:32 - 2013-06-16 10:32 - 00000376 ____A C:\Users\mr\Documents\cc_20130616_103251.reg
2013-06-16 10:32 - 2013-06-16 10:31 - 00442680 ____A C:\Users\mr\Documents\cc_20130616_103145.reg
2013-06-16 09:35 - 2013-06-15 10:42 - 95023320 ___AT C:\ProgramData\4finiw.pad
2013-06-16 09:32 - 2013-06-15 10:42 - 00000000 ____A C:\ProgramData\as98213.txt
2013-06-16 01:33 - 2012-03-19 16:34 - 00780598 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-15 15:49 - 2009-07-29 08:03 - 00000000 ____D C:\Windows\Panther
2013-06-15 10:42 - 2013-06-15 10:42 - 95023320 ___AT C:\ProgramData\blg7.pad
2013-06-15 10:42 - 2013-06-15 10:42 - 00000152 ____A C:\ProgramData\4finiw.reg
2013-06-13 17:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 15:49 - 2012-03-19 21:13 - 00000000 ____D C:\Program Files (x86)\Vuze
2013-06-13 09:29 - 2013-03-10 23:59 - 00037630 ____A C:\Users\mr\sanct.log
2013-06-13 06:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2013-06-13 06:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\sk-SK
2013-06-12 23:16 - 2012-03-09 17:38 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 09:34 - 2013-06-12 09:34 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 09:34 - 2012-05-16 12:36 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 09:34 - 2012-05-16 12:36 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 23:17 - 2013-06-09 23:17 - 00070057 ____A C:\Users\mr\Downloads\APL.STATISTIKAPROJEKT.zip
2013-06-08 16:08 - 2013-06-16 01:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-16 01:27 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-16 01:28 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-16 01:28 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-16 01:28 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-16 01:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-16 01:28 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-16 01:28 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-16 01:28 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-16 01:28 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:40 - 2013-06-16 01:27 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:13 - 2013-06-16 01:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 12:15 - 2012-03-08 16:25 - 00000000 ____D C:\users\mr
2013-06-07 12:10 - 2012-03-08 17:12 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2013-06-07 12:10 - 2011-11-23 09:23 - 00000000 ___HD C:\ExpressGateUtil
2013-06-07 12:10 - 2011-11-23 09:19 - 00000000 ____D C:\ProgramData\P4G
2013-06-07 12:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-06-07 11:04 - 2012-03-13 23:58 - 00000000 ____D C:\Users\mr\Documents\The KMPlayer
2013-06-06 19:43 - 2013-01-29 18:16 - 00000000 ____D C:\Counter-Strike Source

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
C:\ProgramData\4finiw.pad
C:\ProgramData\4finiw.reg
C:\ProgramData\blg7.pad

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device boot
description Windows Boot Manager
locale sk-SK
inherit {globalsettings}
default {current}
resumeobject {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device boot
path \Windows\system32\winload.exe
description Windows 7
locale sk-SK
inherit {bootloadersettings}
recoverysequence {8cb2d9b4-7c05-11de-842e-b4611d44fefa}
recoveryenabled Yes
osdevice boot
systemroot \Windows
resumeobject {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
nx OptIn

Windows Boot Loader
-------------------
identifier {8cb2d9b4-7c05-11de-842e-b4611d44fefa}
device ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
device boot
path \Windows\system32\winresume.exe
description Windows Resume Application
locale sk-SK
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale sk-SK
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {8cb2d9b5-7c05-11de-842e-b4611d44fefa}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\boot.sdi



LastRegBack: 2013-07-03 00:49

==================== End Of Log ============================

zdravim, JaRon asi odcestoval, alebo neviem co.. mohol by sa ma ujat niekto iny? dakujem

mal som dovolenku ,,, krasnu
ak je to este aktualne, pouzi Avenger - jeho script:
Files to delete:
C:\ProgramData\FullRemove.exe
C:\ProgramData\4finiw.pad
C:\ProgramData\4finiw.reg
C:\ProgramData\blg7.pad

zdravim.
skript som spustil, no po restarte sa mi neotvoril subor avenger.txt, ani sa nenachadza nikde v PC..
explorer stale pada, ked prechadzam subory.. prilozim aktualne logy z RSIT aj FRST

RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by repair at 2013-07-15 14:30:55
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 8 GB (3%) free of 286 GB
Total RAM: 6049 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:30:59, on 15. 7. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\repair.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7683 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 28151504
\??\C:\Windows\system32\conhost.exe "1876080859-1239268244-1365409657923407820-66452898514302471381220905047-1707990228
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1880
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
"taskhost.exe"
taskeng.exe {3BC9F194-D447-42F0-9011-A93B17CB2B4F}
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
taskeng.exe {1DBDEE41-6B0E-4E67-8D00-3333D8ACE681}
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3840.0.2025028592\1428811572" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,20 --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2405 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3840.2.1065957751\445717976" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3840.4.72223560\1364482529" --lang=en-US --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3840.5.1118039319\1223469453" /prefetch:673131151
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3840.7.1167837293\1364265442" /prefetch:673131151
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3840.8.2117093497\705196704" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3840.9.122761916\2081277281" /prefetch:673131151
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\explorer.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3840.11.208221931\1642335420" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3840.12.2063796643\1518876266" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding2 channel:stable/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SendFeedbackLinkLocation/default/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3840.13.182130098\731807226" /prefetch:673131151
"C:\Users\repair\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-25 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-12-01 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-12-01 155384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 4035152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmIcoSinglun64]
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2010-08-11 324096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-01-28 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2011-11-23 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSPRP]
C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2011-04-01 2018032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]
C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [2011-02-23 731472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-08 170624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18 5732992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-03 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
C:\Program Files\Elantech\ETDCtrl.exe [2010-06-10 649608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLxHCIm]
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [2011-02-25 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2011-06-01 391960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2011-06-01 168216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelTBRunOnce]
wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2010-07-20 1931024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-02-20 152392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KORG USB-MIDI Driver]
C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe [2012-10-05 393656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2011-06-01 419096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVBg]
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-03-21 2207848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-03-18 11785832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowBatteryBar]
C:\Program Files\BatteryBar\ShowBatteryBar.exe [2013-04-11 89600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]
C:\Windows\vsnp2uvc.exe [2010-01-21 909824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonicMasterTray]
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [2010-07-10 984400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [2010-11-25 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAWinAgent]
C:\ExpressGateUtil\VAWinAgent.exe [2010-08-13 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2011-12-09 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 3]
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-09-24 1601536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk]
C:\PROGRA~2\ASUS\AsusVibe\ASUSVI~2.EXE [2010-12-31 548528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2010-03-12 1083680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-11-23 12862]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^regmonstd.lnk]
C:\Users\mr\AppData\Local\Temp\xemrpbqkaeejvrfkshd.bfg,XFG00 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^repair^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Intel(R) Turbo Boost Technology Monitor 2.0.lnk]
C:\PROGRA~1\Intel\TURBOB~1\SIGNAL~1.EXE [2010-11-30 204288]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2011-12-09 74752]

C:\Users\repair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-05-24 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-07-15 14:19:46 ----A---- C:\Windows\SYSWOW64\drivers\altbdl.sys
2013-07-15 14:19:46 ----A---- C:\Windows\dgrxh.txt
2013-07-15 14:12:34 ----A---- C:\Windows\SYSWOW64\jqgrtnsr.txt
2013-07-15 14:12:34 ----A---- C:\Windows\SYSWOW64\drivers\oeyjpzb.sys
2013-07-14 15:16:08 ----A---- C:\Windows\SYSWOW64\qedit.dll
2013-07-14 15:16:08 ----A---- C:\Windows\system32\qedit.dll
2013-07-14 15:08:41 ----A---- C:\Windows\system32\win32k.sys
2013-07-14 15:07:38 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2013-07-14 15:07:38 ----A---- C:\Windows\system32\DWrite.dll
2013-07-08 21:14:09 ----D---- C:\Users\repair\AppData\Roaming\Mp3tag
2013-07-06 12:33:00 ----D---- C:\Users\repair\AppData\Roaming\Skype
2013-07-06 00:04:11 ----D---- C:\Users\repair\AppData\Roaming\GHISLER
2013-07-05 22:21:25 ----D---- C:\Users\repair\AppData\Roaming\cYo
2013-07-05 11:36:49 ----D---- C:\Users\repair\AppData\Roaming\Azureus
2013-07-04 20:29:34 ----D---- C:\Users\repair\AppData\Roaming\Sublime Text 2
2013-07-04 20:22:43 ----D---- C:\FRST
2013-07-04 11:16:21 ----D---- C:\rsit
2013-07-04 11:16:21 ----D---- C:\Program Files\trend micro
2013-07-04 09:43:08 ----D---- C:\Users\repair\AppData\Roaming\Winamp
2013-07-04 09:39:29 ----D---- C:\Users\repair\AppData\Roaming\Macromedia
2013-07-04 09:39:05 ----D---- C:\Users\repair\AppData\Roaming\Opera
2013-07-03 19:47:31 ----D---- C:\Users\repair\AppData\Roaming\CDisplayEx
2013-07-03 19:47:13 ----D---- C:\Users\repair\AppData\Roaming\OpenOffice.org
2013-07-03 19:46:35 ----D---- C:\Users\repair\AppData\Roaming\WinRAR
2013-07-03 19:23:09 ----A---- C:\Windows\system32\explorer.exe
2013-07-03 16:51:49 ----D---- C:\Users\repair\AppData\Roaming\Intel
2013-07-03 16:51:47 ----D---- C:\Users\repair\AppData\Roaming\ESET
2013-07-03 16:50:40 ----D---- C:\Users\repair\AppData\Roaming\Adobe
2013-07-03 16:50:12 ----D---- C:\Users\repair\AppData\Roaming\Identities
2013-07-03 16:49:18 ----SD---- C:\Users\repair\AppData\Roaming\Microsoft
2013-07-03 16:49:18 ----D---- C:\Users\repair\AppData\Roaming\Media Center Programs
2013-07-03 16:47:01 ----A---- C:\Windows\ntbtlog.txt
2013-07-03 13:23:26 ----D---- C:\ProgramData\HitmanPro
2013-07-02 21:44:28 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-07-02 14:22:02 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2013-06-26 12:39:40 ----D---- C:\Program Files (x86)\AGEIA Technologies
2013-06-26 12:26:47 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2013-06-26 12:26:47 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2013-06-26 12:26:47 ----A---- C:\Windows\system32\xactengine2_7.dll
2013-06-26 12:26:47 ----A---- C:\Windows\system32\x3daudio1_1.dll
2013-06-26 12:26:46 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2013-06-26 12:26:46 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2013-06-26 12:26:46 ----A---- C:\Windows\system32\d3dx10_33.dll
2013-06-26 12:26:46 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2013-06-26 12:26:45 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2013-06-26 12:26:45 ----A---- C:\Windows\system32\d3dx9_33.dll
2013-06-26 12:24:34 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2013-06-26 12:24:34 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2013-06-26 12:24:34 ----A---- C:\Windows\system32\xactengine3_6.dll
2013-06-26 12:24:34 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2013-06-26 12:19:56 ----D---- C:\ProgramData\BitRaider
2013-06-22 01:26:19 ----A---- C:\Windows\system32\glut32.dll
2013-06-21 20:27:23 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-06-21 20:16:56 ----D---- C:\Program Files\Microsoft SDKs
2013-06-21 20:16:49 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2013-06-17 20:19:59 ----D---- C:\Windows\pss
2013-06-16 10:45:04 ----D---- C:\ProgramData\Malwarebytes
2013-06-16 10:45:03 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-16 10:45:03 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-06-16 01:28:07 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-06-16 01:28:07 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-06-16 01:28:07 ----A---- C:\Windows\system32\urlmon.dll
2013-06-16 01:28:06 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-06-16 01:28:06 ----A---- C:\Windows\system32\iertutil.dll
2013-06-16 01:28:05 ----A---- C:\Windows\system32\ieui.dll
2013-06-16 01:28:02 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-06-16 01:28:01 ----A---- C:\Windows\system32\ieframe.dll
2013-06-16 01:27:58 ----A---- C:\Windows\system32\mshtml.dll
2013-06-16 01:27:53 ----A---- C:\Windows\SYSWOW64\mshtml.dll

======List of files/folders modified in the last 1 months======

2013-07-15 14:30:57 ----D---- C:\Windows\Temp
2013-07-15 14:25:11 ----RSD---- C:\Windows\assembly
2013-07-15 14:25:11 ----D---- C:\Windows\Microsoft.NET
2013-07-15 14:22:08 ----D---- C:\Windows\system32\Tasks
2013-07-15 14:21:31 ----D---- C:\Windows\system32\config
2013-07-15 14:19:46 ----D---- C:\Windows\SYSWOW64\drivers
2013-07-15 14:19:46 ----D---- C:\Windows
2013-07-15 14:18:47 ----D---- C:\Windows\System32
2013-07-15 14:18:47 ----D---- C:\Windows\inf
2013-07-15 14:18:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-07-15 14:16:33 ----D---- C:\Windows\Prefetch
2013-07-15 14:16:19 ----A---- C:\Windows\system32\acovcnt.exe
2013-07-15 14:15:48 ----D---- C:\Windows\winsxs
2013-07-15 14:14:12 ----D---- C:\Program Files\Microsoft Silverlight
2013-07-15 14:14:11 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-07-15 14:13:31 ----D---- C:\Windows\system32\catroot
2013-07-15 14:13:19 ----D---- C:\Windows\SysWOW64
2013-07-15 11:22:23 ----D---- C:\Windows\system32\catroot2
2013-07-15 10:16:05 ----SHD---- C:\Windows\Installer
2013-07-15 10:10:48 ----D---- C:\Windows\debug
2013-07-15 10:10:43 ----A---- C:\Windows\system32\MRT.exe
2013-07-15 10:03:40 ----SHD---- C:\System Volume Information
2013-07-14 15:36:06 ----RD---- C:\Program Files (x86)
2013-07-05 15:08:52 ----D---- C:\Windows\system32\wdi
2013-07-04 11:16:21 ----RD---- C:\Program Files
2013-07-03 19:25:34 ----SD---- C:\ProgramData\Microsoft
2013-07-03 16:54:39 ----A---- C:\Windows\SYSWOW64\log.txt
2013-07-03 16:51:56 ----HD---- C:\ASUS.DAT
2013-07-03 16:50:08 ----SHD---- C:\$Recycle.Bin
2013-07-03 16:49:26 ----D---- C:\ProgramData\Embarcadero
2013-07-03 16:49:17 ----RD---- C:\Users
2013-07-03 15:47:29 ----D---- C:\Program Files (x86)\Team Meat
2013-07-03 15:18:06 ----D---- C:\Program Files (x86)\Opera
2013-07-03 13:28:11 ----D---- C:\Windows\system32\drivers
2013-07-03 13:23:26 ----HD---- C:\ProgramData
2013-07-03 12:48:55 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 11:33:08 ----D---- C:\Windows\Logs
2013-06-26 21:39:32 ----A---- C:\Windows\system32\ServiceFilter.ini
2013-06-26 12:39:40 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2013-06-23 09:59:24 ----D---- C:\ProgramData\Skype
2013-06-23 09:59:22 ----RD---- C:\Program Files (x86)\Skype
2013-06-22 11:06:20 ----D---- C:\ProgramData\Microsoft Help
2013-06-22 10:58:25 ----D---- C:\Program Files (x86)\Common Files
2013-06-21 20:27:30 ----D---- C:\Program Files (x86)\Microsoft.NET
2013-06-21 15:29:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-06-19 11:06:54 ----D---- C:\Program Files (x86)\Google
2013-06-19 11:01:35 ----D---- C:\Windows\Tasks
2013-06-16 09:32:06 ----A---- C:\ProgramData\as98213.txt
2013-06-16 09:30:42 ----D---- C:\Program Files (x86)\Internet Explorer
2013-06-16 09:30:41 ----D---- C:\Program Files\Internet Explorer
2013-06-16 01:33:30 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-03-08 25960]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-03 283200]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2012-04-12 224048]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-12 130864]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-30 16120]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2009-12-14 53800]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-01-15 98344]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2010-01-15 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-15 21288]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver; C:\Windows\system32\DRIVERS\FLxHCIc.sys [2011-02-25 302592]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver; C:\Windows\system32\DRIVERS\FLxHCIh.sys [2011-02-25 81920]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-05-24 12259712]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-03-22 2815976]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2010-09-07 1800832]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-12 147248]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-12 166192]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2011-03-24 42392]
S0 qiohk;qiohk; C:\Windows\system32\drivers\altbdl.sys []
S0 thefw;thefw; C:\Windows\system32\drivers\oeyjpzb.sys []
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
S3 BRDriver64;BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [2013-06-27 75048]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2013-02-13 76648]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2013-02-13 85864]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2011-03-24 34200]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows; C:\Windows\System32\Drivers\KORGUM64.SYS [2012-10-05 33696]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-07-09 52736]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2009-07-14 10240]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 116648]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 BRSptSvc;BitRaider Mini-Support Service; C:\ProgramData\BitRaider\BRSptSvc.exe [2013-07-03 915736]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 116648]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S4 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2011-01-26 379520]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
S4 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
S4 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-03-12 873248]
S4 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-07-20 1429776]
S4 IBG_gds_db;InterBase XE3 64 Guardian gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe [2012-08-08 630272]
S4 IBS_gds_db;InterBase XE3 64 Server gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe [2012-08-08 4868608]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-02-20 641352]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-21 325656]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-07-02 117144]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-07 4466688]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-03-06 993896]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-14 2009704]
S4 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-07-20 838928]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-17 247152]
S4 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-03 162408]
S4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S4 VideAceWindowsService;VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [2010-08-21 77312]
S4 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe [2011-09-26 21504]
S4 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe [2012-01-25 9690112]

-----------------EOF-----------------

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013 (ATTENTION: FRST version is 11 days old)
Ran by repair (administrator) on 15-07-2013 14:33:37
Running from C:\Users\repair\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: 041B
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-12-09] (Nullsoft, Inc.)
HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [x]
HKU\UpdatusUser\...\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show [89600 2013-04-11] ()
HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3674320 2013-01-08] (DT Soft Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-03-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [192616 2011-03-08] (NVIDIA Corporation)
Startup: C:\Users\mr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\repair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\repair\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\repair\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\repair\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\repair\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\repair\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-07-03] (BitRaider, LLC)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-09-22] (ESET)
S4 IBG_gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe [630272 2012-08-08] (Embarcadero Technologies, Inc.)
S4 IBS_gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe [4868608 2012-08-08] (Embarcadero Technologies, Inc.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-20] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
S4 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-21] ()
S4 wampapache; c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe [21504 2011-09-26] (Apache Software Foundation)
S4 wampmysqld; c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe [9690112 2012-01-25] ()

==================== Drivers (Whitelisted) ====================

R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-06-27] (BitRaider)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-06-27] (BitRaider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-03] (DT Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81920 2011-02-25] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [33696 2012-10-05] (KORG INC.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
S0 qiohk; system32\drivers\altbdl.sys [x]
S0 thefw; system32\drivers\oeyjpzb.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-15 14:25 - 2013-07-15 14:25 - 26797906 ____A C:\Users\repair\Downloads\www.NewAlbumReleases.net_True Widow - Circumambulation (2013).rar.crdownload
2013-07-15 14:19 - 2013-07-15 14:19 - 00061440 ____A C:\Windows\SysWOW64\Drivers\altbdl.sys
2013-07-15 14:19 - 2013-07-15 14:19 - 00000256 ____A C:\Windows\dgrxh.txt
2013-07-15 14:12 - 2013-07-15 14:12 - 00061440 ____A C:\Windows\SysWOW64\Drivers\oeyjpzb.sys
2013-07-15 14:12 - 2013-07-15 14:12 - 00000256 ____A C:\Windows\SysWOW64\jqgrtnsr.txt
2013-07-15 14:11 - 2013-07-15 14:12 - 00731136 ____A C:\Users\repair\Downloads\avenger.exe
2013-07-14 15:16 - 2013-06-04 08:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-14 15:16 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-14 15:08 - 2013-06-05 05:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-14 15:07 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-14 15:07 - 2013-04-03 00:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-10 15:40 - 2013-07-10 15:40 - 00013125 ____A C:\Users\repair\Desktop\Zvuk - odkaz.lnk
2013-07-10 14:01 - 2013-07-10 14:10 - 144784132 ____A C:\Users\repair\Downloads\Dobré-slohy-2-(2009).rar
2013-07-10 11:35 - 2013-07-10 12:08 - 113375425 ____A C:\Users\repair\Downloads\Dobré-slohy-2.rar
2013-07-09 12:06 - 2013-07-09 12:41 - 102090741 ____A C:\Users\repair\Downloads\www.NewAlbumReleases.net_iamamiwhoami_-_Bounty_(2013).rar
2013-07-09 11:56 - 2013-07-09 12:27 - 96283734 ____A C:\Users\repair\Downloads\www.NewAlbumReleases.net_iamamiwhoami - kin (2012).rar
2013-07-08 23:07 - 2013-07-08 23:07 - 00000000 ____D C:\Users\repair\AppData\Local\GHISLER
2013-07-08 21:14 - 2013-07-15 13:24 - 00000000 ____D C:\Users\repair\AppData\Roaming\Mp3tag
2013-07-08 12:34 - 2013-07-08 12:34 - 00000000 ____D C:\Users\repair\AppData\Local\Adobe
2013-07-06 20:53 - 2013-07-06 20:53 - 00072450 ____A C:\Users\repair\Downloads\eXistenZ(0000107041).srt
2013-07-06 20:53 - 2013-07-06 20:53 - 00072450 ____A C:\Users\repair\Downloads\eXistenZ(0000107041) (1).srt
2013-07-06 20:51 - 2013-07-06 20:52 - 00069796 ____A C:\Users\repair\Downloads\eXistenZ(0000204447).srt
2013-07-06 20:49 - 2013-07-06 20:49 - 00072446 ____A C:\Users\repair\Downloads\eXistenZ(0000197067) (1).srt
2013-07-06 20:48 - 2013-07-06 20:48 - 00072446 ____A C:\Users\repair\Downloads\eXistenZ(0000197067).srt
2013-07-06 18:34 - 2013-07-06 18:34 - 00000000 ____D C:\Users\repair\AppData\Local\Apple
2013-07-06 12:33 - 2013-07-11 11:25 - 00000000 ____D C:\Users\repair\AppData\Roaming\Skype
2013-07-06 00:04 - 2013-07-06 00:04 - 00000000 ____D C:\Users\repair\AppData\Roaming\GHISLER
2013-07-06 00:04 - 2012-12-06 16:09 - 00000652 ____A C:\Users\repair\Desktop\Total Commander.lnk
2013-07-05 22:21 - 2013-07-05 22:21 - 00000000 ____D C:\Users\repair\AppData\Roaming\cYo
2013-07-05 22:21 - 2013-07-05 22:21 - 00000000 ____D C:\Users\repair\AppData\Local\cYo
2013-07-05 22:20 - 2013-07-05 22:20 - 00001426 ____A C:\Users\repair\Desktop\Vuze Downloads - odkaz.lnk
2013-07-05 22:13 - 2013-07-09 10:27 - 00000214 ____A C:\Users\repair\Desktop\2013.txt
2013-07-05 11:36 - 2013-07-15 14:12 - 00000000 ____D C:\Users\repair\AppData\Roaming\Azureus
2013-07-05 11:36 - 2013-07-05 11:36 - 00000000 ____D C:\Users\repair\.swt
2013-07-04 20:29 - 2013-07-04 20:29 - 00000000 ____D C:\Users\repair\AppData\Roaming\Sublime Text 2
2013-07-04 20:23 - 2013-07-04 20:23 - 00026510 ____A C:\Users\repair\Downloads\Addition.txt
2013-07-04 20:22 - 2013-07-04 20:22 - 00000000 ____D C:\FRST
2013-07-04 20:20 - 2013-07-04 20:20 - 01934636 ____A (Farbar) C:\Users\repair\Downloads\FRST64 (1).exe
2013-07-04 20:19 - 2013-07-04 20:19 - 01934636 ____A (Farbar) C:\Users\repair\Downloads\FRST64.exe
2013-07-04 11:16 - 2013-07-15 14:30 - 00000000 ____D C:\Program Files\trend micro
2013-07-04 11:16 - 2013-07-04 11:16 - 00000000 ____D C:\rsit
2013-07-04 11:14 - 2013-07-04 11:14 - 00832273 ____A C:\Users\repair\Downloads\RSITx64.exe
2013-07-04 09:43 - 2013-07-05 10:34 - 00000000 ____D C:\Users\repair\AppData\Roaming\Winamp
2013-07-04 09:39 - 2013-07-15 14:11 - 00000000 ____D C:\Users\repair\AppData\Local\Last.fm
2013-07-04 09:39 - 2013-07-04 09:39 - 00000000 ____D C:\Users\repair\AppData\Roaming\Opera
2013-07-04 09:39 - 2013-07-04 09:39 - 00000000 ____D C:\Users\repair\AppData\Roaming\Macromedia
2013-07-04 09:39 - 2013-07-04 09:39 - 00000000 ____D C:\Users\repair\AppData\Local\Opera
2013-07-03 19:52 - 2013-07-03 19:52 - 00000000 ____D C:\Users\repair\Documents\The KMPlayer
2013-07-03 19:47 - 2013-07-03 19:51 - 00000000 ____D C:\Users\repair\AppData\Roaming\CDisplayEx
2013-07-03 19:47 - 2013-07-03 19:47 - 00069000 ____A C:\Users\repair\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-03 19:47 - 2013-07-03 19:47 - 00000000 ____D C:\Users\repair\AppData\Roaming\OpenOffice.org
2013-07-03 19:46 - 2013-07-03 19:46 - 00000000 ____D C:\Users\repair\AppData\Roaming\WinRAR
2013-07-03 19:31 - 2013-07-03 19:02 - 03660981 ____A C:\Users\repair\Desktop\CBS.log
2013-07-03 19:23 - 2011-02-25 08:19 - 02871808 ____A (Microsoft Corporation) C:\Windows\System32\explorer.exe
2013-07-03 16:52 - 2013-07-11 11:37 - 00000000 ____D C:\Users\repair\AppData\Local\Google
2013-07-03 16:51 - 2013-07-03 16:51 - 00000000 ____D C:\Users\repair\AppData\Roaming\Intel
2013-07-03 16:51 - 2013-07-03 16:51 - 00000000 ____D C:\Users\repair\AppData\Roaming\ESET
2013-07-03 16:51 - 2013-07-03 16:51 - 00000000 ____D C:\Users\repair\AppData\Local\ESET
2013-07-03 16:50 - 2013-07-08 12:34 - 00000000 ____D C:\Users\repair\AppData\Roaming\Adobe
2013-07-03 16:50 - 2013-07-03 16:52 - 00002261 ____A C:\Users\repair\Desktop\Google Chrome.lnk
2013-07-03 16:49 - 2013-07-05 11:36 - 00000000 ____D C:\users\repair
2013-07-03 16:49 - 2013-07-03 16:49 - 00000020 ___SH C:\Users\repair\ntuser.ini
2013-07-03 16:49 - 2013-07-03 16:49 - 00000000 ____D C:\Users\repair\AppData\Local\VirtualStore
2013-07-03 16:49 - 2013-07-03 16:49 - 00000000 ____D C:\Users\repair\AppData\Local\Power2Go
2013-07-03 15:44 - 2013-07-03 15:46 - 00000000 ____D C:\Users\mr\Desktop\SKOLA
2013-07-03 15:16 - 2013-07-03 15:16 - 13168216 ____A (Opera Software ASA) C:\Users\mr\Downloads\Opera_1215_int_Setup.exe
2013-07-03 14:52 - 2013-07-03 14:52 - 00000000 ____D C:\Users\mr\AppData\Roaming\Opera Software
2013-07-03 14:52 - 2013-07-03 14:52 - 00000000 ____D C:\Users\mr\AppData\Local\Opera Software
2013-07-03 14:38 - 2013-07-03 14:45 - 31126536 ____A (Opera Software ASA) C:\Users\mr\Downloads\Opera_15.0.1147.130_Setup.exe
2013-07-03 14:22 - 2013-07-03 14:22 - 00098819 ____A C:\Users\mr\Documents\rohlik opera bookmarks.adr
2013-07-03 13:23 - 2013-07-03 13:23 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-03 12:49 - 2013-07-15 14:26 - 00002301 ____A C:\Windows\setupact.log
2013-07-03 12:49 - 2013-07-03 12:49 - 00000000 ____A C:\Windows\setuperr.log
2013-07-03 12:48 - 2013-07-03 12:48 - 00000410 ____A C:\Windows\PFRO.log
2013-07-02 21:44 - 2013-07-02 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 14:22 - 2009-03-09 15:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-06-30 18:25 - 2013-06-30 18:25 - 00000000 ____D C:\Users\mr\Documents\My Weblog Posts
2013-06-30 18:25 - 2013-06-30 18:25 - 00000000 ____D C:\Users\mr\AppData\Local\{53C633EF-AC12-453D-B198-D0BFC5AB28A2}
2013-06-27 23:48 - 2013-07-03 14:38 - 00000000 ____D C:\Users\mr\AppData\Roaming\Awesomium
2013-06-27 23:48 - 2013-07-02 14:23 - 00000000 ____D C:\Users\mr\Documents\My Games
2013-06-26 12:39 - 2013-06-26 12:39 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-06-26 12:26 - 2007-04-04 18:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2013-06-26 12:26 - 2007-04-04 18:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-06-26 12:26 - 2007-03-15 16:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2013-06-26 12:26 - 2007-03-15 16:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-06-26 12:26 - 2007-03-12 16:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2013-06-26 12:26 - 2007-03-12 16:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-06-26 12:26 - 2007-03-12 16:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2013-06-26 12:26 - 2007-03-12 16:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-06-26 12:26 - 2007-03-05 12:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2013-06-26 12:26 - 2007-03-05 12:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-06-26 12:24 - 2010-02-04 10:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-06-26 12:24 - 2010-02-04 10:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-06-26 12:24 - 2010-02-04 10:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-06-26 12:24 - 2010-02-04 10:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-06-26 12:20 - 2013-06-26 12:20 - 00000895 ____A C:\Users\mr\Downloads\default.bitraid
2013-06-26 12:19 - 2013-07-03 18:28 - 00000000 ____D C:\ProgramData\BitRaider
2013-06-26 12:19 - 2013-06-26 12:20 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-06-26 12:11 - 2013-06-26 12:13 - 04691232 ____A (BitRaider, LLC) C:\Users\mr\Downloads\marvelheroesclientinstaller.exe
2013-06-22 14:23 - 2013-06-22 14:24 - 10455548 ____A C:\Users\mr\Downloads\projekt.rar
2013-06-22 01:26 - 2001-11-08 02:27 - 00237568 ____A C:\Windows\System32\glut32.dll
2013-06-21 21:30 - 2013-06-21 21:30 - 00000000 ____D C:\Users\mr\AppData\Local\{C4FC24AC-5246-4ABC-85C8-83AAEB359222}
2013-06-21 20:28 - 2013-06-22 00:14 - 00000000 ____D C:\Users\mr\Documents\Visual Studio 2008
2013-06-21 20:27 - 2013-06-21 20:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-06-21 20:16 - 2013-06-21 20:16 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2013-06-21 20:16 - 2013-06-21 20:16 - 00000000 ____D C:\Program Files\Microsoft SDKs
2013-06-21 15:31 - 2013-06-21 19:25 - 00000000 ____D C:\Users\mr\Documents\Visual Studio 2005
2013-06-21 15:22 - 2013-06-21 15:22 - 00000000 ____D C:\Users\mr\Downloads\Visual C++ 2005 Express Edition (English)
2013-06-21 12:32 - 2013-06-21 12:32 - 00000000 ____D C:\Users\mr\AppData\Roaming\e-academy Inc
2013-06-21 12:32 - 2013-06-21 12:32 - 00000000 ____D C:\Users\mr\AppData\Local\e-academy Inc
2013-06-20 11:26 - 2013-06-20 11:26 - 00004601 ____A C:\Users\mr\AppData\Local\recently-used.xbel
2013-06-19 11:01 - 2013-07-15 14:22 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-19 11:01 - 2013-07-15 13:41 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-19 11:01 - 2013-06-19 11:07 - 00000000 ____D C:\Users\mr\AppData\Local\Google
2013-06-18 17:47 - 2013-06-18 17:47 - 00000000 ____D C:\Users\mr\AppData\Local\{EFFE30BF-F9C2-46C0-8661-235E1019A884}
2013-06-17 20:19 - 2013-07-03 16:54 - 00000000 ____D C:\Windows\pss
2013-06-16 22:57 - 2013-06-16 23:00 - 94028491 ____A C:\Users\mr\Downloads\MRAKODRAP.ZIP
2013-06-16 10:45 - 2013-06-16 10:45 - 00000000 ____D C:\Users\mr\AppData\Roaming\Malwarebytes
2013-06-16 10:45 - 2013-06-16 10:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-16 10:45 - 2013-06-16 10:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-16 10:45 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-16 10:32 - 2013-06-16 10:32 - 00007458 ____A C:\Users\mr\Documents\cc_20130616_103235.reg
2013-06-16 10:32 - 2013-06-16 10:32 - 00000376 ____A C:\Users\mr\Documents\cc_20130616_103251.reg
2013-06-16 10:31 - 2013-06-16 10:32 - 00442680 ____A C:\Users\mr\Documents\cc_20130616_103145.reg
2013-06-16 01:28 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 01:28 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 01:28 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 01:28 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 01:28 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 01:28 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 01:28 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 01:28 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 01:28 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 01:28 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-16 01:27 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 01:27 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 10:42 - 2013-06-16 09:35 - 95023320 ___AT C:\ProgramData\4finiw.pad
2013-06-15 10:42 - 2013-06-16 09:32 - 00000000 ____A C:\ProgramData\as98213.txt
2013-06-15 10:42 - 2013-06-15 10:42 - 95023320 ___AT C:\ProgramData\blg7.pad
2013-06-15 10:42 - 2013-06-15 10:42 - 00000152 ____A C:\ProgramData\4finiw.reg

==================== One Month Modified Files and Folders =======

2013-07-15 14:34 - 2012-05-16 12:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-15 14:30 - 2013-07-04 11:16 - 00000000 ____D C:\Program Files\trend micro
2013-07-15 14:28 - 2009-07-14 06:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 14:28 - 2009-07-14 06:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 14:26 - 2013-07-03 12:49 - 00002301 ____A C:\Windows\setupact.log
2013-07-15 14:25 - 2013-07-15 14:25 - 26797906 ____A C:\Users\repair\Downloads\www.NewAlbumReleases.net_True Widow - Circumambulation (2013).rar.crdownload
2013-07-15 14:22 - 2013-06-19 11:01 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-15 14:21 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-15 14:20 - 2011-11-23 08:57 - 01398772 ____A C:\Windows\WindowsUpdate.log
2013-07-15 14:19 - 2013-07-15 14:19 - 00061440 ____A C:\Windows\SysWOW64\Drivers\altbdl.sys
2013-07-15 14:19 - 2013-07-15 14:19 - 00000256 ____A C:\Windows\dgrxh.txt
2013-07-15 14:18 - 2009-07-14 07:13 - 00794686 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-15 14:16 - 2012-03-08 16:26 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2013-07-15 14:15 - 2009-07-14 06:45 - 00302392 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-15 14:14 - 2012-05-15 07:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-15 14:14 - 2012-05-15 07:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-15 14:12 - 2013-07-15 14:12 - 00061440 ____A C:\Windows\SysWOW64\Drivers\oeyjpzb.sys
2013-07-15 14:12 - 2013-07-15 14:12 - 00000256 ____A C:\Windows\SysWOW64\jqgrtnsr.txt
2013-07-15 14:12 - 2013-07-15 14:11 - 00731136 ____A C:\Users\repair\Downloads\avenger.exe
2013-07-15 14:12 - 2013-07-05 11:36 - 00000000 ____D C:\Users\repair\AppData\Roaming\Azureus
2013-07-15 14:11 - 2013-07-04 09:39 - 00000000 ____D C:\Users\repair\AppData\Local\Last.fm
2013-07-15 13:41 - 2013-06-19 11:01 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-15 13:24 - 2013-07-08 21:14 - 00000000 ____D C:\Users\repair\AppData\Roaming\Mp3tag
2013-07-15 10:10 - 2012-03-09 17:38 - 78185248 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-11 11:37 - 2013-07-03 16:52 - 00000000 ____D C:\Users\repair\AppData\Local\Google
2013-07-11 11:25 - 2013-07-06 12:33 - 00000000 ____D C:\Users\repair\AppData\Roaming\Skype
2013-07-10 15:40 - 2013-07-10 15:40 - 00013125 ____A C:\Users\repair\Desktop\Zvuk - odkaz.lnk
2013-07-10 14:10 - 2013-07-10 14:01 - 144784132 ____A C:\Users\repair\Downloads\Dobré-slohy-2-(2009).rar
2013-07-10 12:08 - 2013-07-10 11:35 - 113375425 ____A C:\Users\repair\Downloads\Dobré-slohy-2.rar
2013-07-09 12:41 - 2013-07-09 12:06 - 102090741 ____A C:\Users\repair\Downloads\www.NewAlbumReleases.net_iamamiwhoami_-_Bounty_(2013).rar
2013-07-09 12:27 - 2013-07-09 11:56 - 96283734 ____A C:\Users\repair\Downloads\www.NewAlbumReleases.net_iamamiwhoami - kin (2012).rar
2013-07-09 10:27 - 2013-07-05 22:13 - 00000214 ____A C:\Users\repair\Desktop\2013.txt
2013-07-09 10:13 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-08 23:07 - 2013-07-08 23:07 - 00000000 ____D C:\Users\repair\AppData\Local\GHISLER
2013-07-08 12:34 - 2013-07-08 12:34 - 00000000 ____D C:\Users\repair\AppData\Local\Adobe
2013-07-08 12:34 - 2013-07-03 16:50 - 00000000 ____D C:\Users\repair\AppData\Roaming\Adobe
2013-07-06 20:53 - 2013-07-06 20:53 - 00072450 ____A C:\Users\repair\Downloads\eXistenZ(0000107041).srt
2013-07-06 20:53 - 2013-07-06 20:53 - 00072450 ____A C:\Users\repair\Downloads\eXistenZ(0000107041) (1).srt
2013-07-06 20:52 - 2013-07-06 20:51 - 00069796 ____A C:\Users\repair\Downloads\eXistenZ(0000204447).srt
2013-07-06 20:49 - 2013-07-06 20:49 - 00072446 ____A C:\Users\repair\Downloads\eXistenZ(0000197067) (1).srt
2013-07-06 20:48 - 2013-07-06 20:48 - 00072446 ____A C:\Users\repair\Downloads\eXistenZ(0000197067).srt
2013-07-06 18:34 - 2013-07-06 18:34 - 00000000 ____D C:\Users\repair\AppData\Local\Apple
2013-07-06 00:04 - 2013-07-06 00:04 - 00000000 ____D C:\Users\repair\AppData\Roaming\GHISLER
2013-07-05 22:21 - 2013-07-05 22:21 - 00000000 ____D C:\Users\repair\AppData\Roaming\cYo
2013-07-05 22:21 - 2013-07-05 22:21 - 00000000 ____D C:\Users\repair\AppData\Local\cYo
2013-07-05 22:20 - 2013-07-05 22:20 - 00001426 ____A C:\Users\repair\Desktop\Vuze Downloads - odkaz.lnk
2013-07-05 11:36 - 2013-07-05 11:36 - 00000000 ____D C:\Users\repair\.swt
2013-07-05 11:36 - 2013-07-03 16:49 - 00000000 ____D C:\users\repair
2013-07-05 10:34 - 2013-07-04 09:43 - 00000000 ____D C:\Users\repair\AppData\Roaming\Winamp
2013-07-04 20:29 - 2013-07-04 20:29 - 00000000 ____D C:\Users\repair\AppData\Roaming\Sublime Text 2
2013-07-04 20:23 - 2013-07-04 20:23 - 00026510 ____A C:\Users\repair\Downloads\Addition.txt
2013-07-04 20:22 - 2013-07-04 20:22 - 00000000 ____D C:\FRST
2013-07-04 20:20 - 2013-07-04 20:20 - 01934636 ____A (Farbar) C:\Users\repair\Downloads\FRST64 (1).exe
2013-07-04 20:19 - 2013-07-04 20:19 - 01934636 ____A (Farbar) C:\Users\repair\Downloads\FRST64.exe
2013-07-04 11:16 - 2013-07-04 11:16 - 00000000 ____D C:\rsit
2013-07-04 11:14 - 2013-07-04 11:14 - 00832273 ____A C:\Users\repair\Downloads\RSITx64.exe
2013-07-04 09:39 - 2013-07-04 09:39 - 00000000 ____D C:\Users\repair\AppData\Roaming\Opera
2013-07-04 09:39 - 2013-07-04 09:39 - 00000000 ____D C:\Users\repair\AppData\Roaming\Macromedia
2013-07-04 09:39 - 2013-07-04 09:39 - 00000000 ____D C:\Users\repair\AppData\Local\Opera
2013-07-03 19:52 - 2013-07-03 19:52 - 00000000 ____D C:\Users\repair\Documents\The KMPlayer
2013-07-03 19:51 - 2013-07-03 19:47 - 00000000 ____D C:\Users\repair\AppData\Roaming\CDisplayEx
2013-07-03 19:47 - 2013-07-03 19:47 - 00069000 ____A C:\Users\repair\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-03 19:47 - 2013-07-03 19:47 - 00000000 ____D C:\Users\repair\AppData\Roaming\OpenOffice.org
2013-07-03 19:46 - 2013-07-03 19:46 - 00000000 ____D C:\Users\repair\AppData\Roaming\WinRAR
2013-07-03 19:02 - 2013-07-03 19:31 - 03660981 ____A C:\Users\repair\Desktop\CBS.log
2013-07-03 18:39 - 2012-03-19 21:13 - 00000000 ____D C:\Users\mr\AppData\Roaming\Azureus
2013-07-03 18:28 - 2013-06-26 12:19 - 00000000 ____D C:\ProgramData\BitRaider
2013-07-03 16:54 - 2013-06-17 20:19 - 00000000 ____D C:\Windows\pss
2013-07-03 16:52 - 2013-07-03 16:50 - 00002261 ____A C:\Users\repair\Desktop\Google Chrome.lnk
2013-07-03 16:51 - 2013-07-03 16:51 - 00000000 ____D C:\Users\repair\AppData\Roaming\Intel
2013-07-03 16:51 - 2013-07-03 16:51 - 00000000 ____D C:\Users\repair\AppData\Roaming\ESET
2013-07-03 16:51 - 2013-07-03 16:51 - 00000000 ____D C:\Users\repair\AppData\Local\ESET
2013-07-03 16:51 - 2012-03-08 16:25 - 00000000 ___HD C:\ASUS.DAT
2013-07-03 16:49 - 2013-07-03 16:49 - 00000020 ___SH C:\Users\repair\ntuser.ini
2013-07-03 16:49 - 2013-07-03 16:49 - 00000000 ____D C:\Users\repair\AppData\Local\VirtualStore
2013-07-03 16:49 - 2013-07-03 16:49 - 00000000 ____D C:\Users\repair\AppData\Local\Power2Go
2013-07-03 16:49 - 2013-03-10 20:25 - 00000000 ____D C:\ProgramData\Embarcadero
2013-07-03 16:32 - 2012-03-09 17:00 - 00000000 ____D C:\Users\mr\AppData\Local\Last.fm
2013-07-03 16:21 - 2012-03-09 18:40 - 00000000 ____D C:\Users\mr\AppData\Roaming\Skype
2013-07-03 15:49 - 2012-03-08 16:25 - 00000000 __RSD C:\Users\mr\Desktop\AsusTools
2013-07-03 15:47 - 2013-02-18 16:16 - 00000000 ____D C:\Program Files (x86)\Team Meat
2013-07-03 15:46 - 2013-07-03 15:44 - 00000000 ____D C:\Users\mr\Desktop\SKOLA
2013-07-03 15:18 - 2012-03-08 16:42 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-03 15:16 - 2013-07-03 15:16 - 13168216 ____A (Opera Software ASA) C:\Users\mr\Downloads\Opera_1215_int_Setup.exe
2013-07-03 14:52 - 2013-07-03 14:52 - 00000000 ____D C:\Users\mr\AppData\Roaming\Opera Software
2013-07-03 14:52 - 2013-07-03 14:52 - 00000000 ____D C:\Users\mr\AppData\Local\Opera Software
2013-07-03 14:45 - 2013-07-03 14:38 - 31126536 ____A (Opera Software ASA) C:\Users\mr\Downloads\Opera_15.0.1147.130_Setup.exe
2013-07-03 14:38 - 2013-06-27 23:48 - 00000000 ____D C:\Users\mr\AppData\Roaming\Awesomium
2013-07-03 14:22 - 2013-07-03 14:22 - 00098819 ____A C:\Users\mr\Documents\rohlik opera bookmarks.adr
2013-07-03 13:23 - 2013-07-03 13:23 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-03 12:49 - 2013-07-03 12:49 - 00000000 ____A C:\Windows\setuperr.log
2013-07-03 12:48 - 2013-07-03 12:48 - 00000410 ____A C:\Windows\PFRO.log
2013-07-03 12:48 - 2012-05-08 23:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 12:47 - 2012-03-12 22:11 - 00000000 ____D C:\Users\mr\AppData\Roaming\Winamp
2013-07-02 21:45 - 2013-07-02 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 14:23 - 2013-06-27 23:48 - 00000000 ____D C:\Users\mr\Documents\My Games
2013-06-30 18:25 - 2013-06-30 18:25 - 00000000 ____D C:\Users\mr\Documents\My Weblog Posts
2013-06-30 18:25 - 2013-06-30 18:25 - 00000000 ____D C:\Users\mr\AppData\Local\{53C633EF-AC12-453D-B198-D0BFC5AB28A2}
2013-06-30 18:25 - 2012-08-06 00:55 - 00000000 ____D C:\Users\mr\AppData\Local\Windows Live Writer
2013-06-26 21:39 - 2011-11-23 09:21 - 00001464 ____A C:\Windows\System32\ServiceFilter.ini
2013-06-26 12:39 - 2013-06-26 12:39 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-06-26 12:39 - 2011-11-23 09:07 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-06-26 12:20 - 2013-06-26 12:20 - 00000895 ____A C:\Users\mr\Downloads\default.bitraid
2013-06-26 12:20 - 2013-06-26 12:19 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-06-26 12:13 - 2013-06-26 12:11 - 04691232 ____A (BitRaider, LLC) C:\Users\mr\Downloads\marvelheroesclientinstaller.exe
2013-06-23 13:19 - 2013-02-03 17:24 - 00000000 ____D C:\Users\mr\AppData\Roaming\DAEMON Tools Lite
2013-06-23 09:59 - 2013-01-24 13:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-23 09:59 - 2012-03-09 18:40 - 00000000 ____D C:\ProgramData\Skype
2013-06-22 14:24 - 2013-06-22 14:23 - 10455548 ____A C:\Users\mr\Downloads\projekt.rar
2013-06-22 13:33 - 2012-04-02 14:31 - 00000600 ____A C:\Users\mr\AppData\Roaming\winscp.rnd
2013-06-22 11:06 - 2012-03-19 16:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-22 00:14 - 2013-06-21 20:28 - 00000000 ____D C:\Users\mr\Documents\Visual Studio 2008
2013-06-21 21:30 - 2013-06-21 21:30 - 00000000 ____D C:\Users\mr\AppData\Local\{C4FC24AC-5246-4ABC-85C8-83AAEB359222}
2013-06-21 21:07 - 2012-03-19 16:37 - 00000000 ____D C:\Users\mr\AppData\Local\Microsoft Help
2013-06-21 20:28 - 2013-06-21 20:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-06-21 20:16 - 2013-06-21 20:16 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2013-06-21 20:16 - 2013-06-21 20:16 - 00000000 ____D C:\Program Files\Microsoft SDKs
2013-06-21 19:25 - 2013-06-21 15:31 - 00000000 ____D C:\Users\mr\Documents\Visual Studio 2005
2013-06-21 15:29 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-21 15:22 - 2013-06-21 15:22 - 00000000 ____D C:\Users\mr\Downloads\Visual C++ 2005 Express Edition (English)
2013-06-21 12:32 - 2013-06-21 12:32 - 00000000 ____D C:\Users\mr\AppData\Roaming\e-academy Inc
2013-06-21 12:32 - 2013-06-21 12:32 - 00000000 ____D C:\Users\mr\AppData\Local\e-academy Inc
2013-06-21 10:24 - 2013-04-23 21:15 - 00000349 ____A C:\Users\mr\Desktop\mfsongtitles.txt
2013-06-20 11:26 - 2013-06-20 11:26 - 00004601 ____A C:\Users\mr\AppData\Local\recently-used.xbel
2013-06-20 11:26 - 2013-06-02 12:09 - 00000000 ____D C:\Users\mr\Desktop\GOLF WANG
2013-06-20 11:26 - 2012-10-04 20:34 - 00000000 ____D C:\Users\mr\.gimp-2.8
2013-06-19 11:07 - 2013-06-19 11:01 - 00000000 ____D C:\Users\mr\AppData\Local\Google
2013-06-19 11:06 - 2011-04-01 10:58 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-19 00:32 - 2012-12-08 14:22 - 00000000 ____D C:\Users\mr\AppData\Roaming\Mp3tag
2013-06-18 19:01 - 2013-02-26 00:02 - 00000000 ____D C:\Users\mr\AppData\Roaming\SQL Developer
2013-06-18 17:47 - 2013-06-18 17:47 - 00000000 ____D C:\Users\mr\AppData\Local\{EFFE30BF-F9C2-46C0-8661-235E1019A884}
2013-06-18 17:46 - 2012-03-12 15:12 - 00000000 ____D C:\Users\mr\AppData\Local\Windows Live
2013-06-17 15:44 - 2012-10-10 23:48 - 00000000 ____D C:\Users\mr\AppData\Roaming\codeblocks
2013-06-16 23:00 - 2013-06-16 22:57 - 94028491 ____A C:\Users\mr\Downloads\MRAKODRAP.ZIP
2013-06-16 10:45 - 2013-06-16 10:45 - 00000000 ____D C:\Users\mr\AppData\Roaming\Malwarebytes
2013-06-16 10:45 - 2013-06-16 10:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-16 10:45 - 2013-06-16 10:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-16 10:32 - 2013-06-16 10:32 - 00007458 ____A C:\Users\mr\Documents\cc_20130616_103235.reg
2013-06-16 10:32 - 2013-06-16 10:32 - 00000376 ____A C:\Users\mr\Documents\cc_20130616_103251.reg
2013-06-16 10:32 - 2013-06-16 10:31 - 00442680 ____A C:\Users\mr\Documents\cc_20130616_103145.reg
2013-06-16 09:35 - 2013-06-15 10:42 - 95023320 ___AT C:\ProgramData\4finiw.pad
2013-06-16 09:32 - 2013-06-15 10:42 - 00000000 ____A C:\ProgramData\as98213.txt
2013-06-16 01:33 - 2012-03-19 16:34 - 00780598 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-15 15:49 - 2009-07-29 08:03 - 00000000 ____D C:\Windows\Panther
2013-06-15 10:42 - 2013-06-15 10:42 - 95023320 ___AT C:\ProgramData\blg7.pad
2013-06-15 10:42 - 2013-06-15 10:42 - 00000152 ____A C:\ProgramData\4finiw.reg

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
C:\ProgramData\4finiw.pad
C:\ProgramData\4finiw.reg
C:\ProgramData\blg7.pad

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 00:49

==================== End Of Log ============================

Zdravim

Kolega je jeste na dovolenke, tak zaskocim

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-12-09] (Nullsoft, Inc.)
  HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3674320 2013-01-08] (DT Soft Ltd)
  S0 qiohk; system32\drivers\altbdl.sys [x]
  S0 thefw; system32\drivers\oeyjpzb.sys [x]
  2013-07-15 14:12 - 2013-07-15 14:12 - 00061440 ____A C:\Windows\SysWOW64\Drivers\oeyjpzb.sys
  2013-07-15 14:12 - 2013-07-15 14:12 - 00000256 ____A C:\Windows\SysWOW64\jqgrtnsr.txt
  2013-06-15 10:42 - 2013-06-16 09:35 - 95023320 ___AT C:\ProgramData\4finiw.pad
  2013-06-15 10:42 - 2013-06-16 09:32 - 00000000 ____A C:\ProgramData\as98213.txt
  2013-06-15 10:42 - 2013-06-15 10:42 - 95023320 ___AT C:\ProgramData\blg7.pad
  2013-06-15 10:42 - 2013-06-15 10:42 - 00000152 ____A C:\ProgramData\4finiw.reg
  C:\ProgramData\FullRemove.exe

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST.exe na tom poskozenem PC

• Kliknete na Fix
• Probehne oprava a na flash disku se vytvori log Fixlog.txt

Pokuste se nastartovat do bezneho rezimu

ahoj,

po naslednom restarte mi v povodnom uzivatelskom konte uz Explorer nepada (tam predtym padal stale dokola od prihlasenia).
v tom novom konte mi Explorer padol zatial iba raz, chvilu po prihlaseni a otvoreni explorera.
zatial to teda vyzera dobre, keby sa nieco objavi, tak zase napisem

zatial teda velmi pekne dakujem!

dakujem kolegovi za zaskok
mal by si to mat ciste, ale preventivne prescanuj PC s MBAM - kompletna kontrola
ak nic nenajde mame hotovo

tak este mi to naslo dve veci..

Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Database version: v2013.07.16.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
mr :: mr-PC [administrator]

16. 7. 2013 13:21:59
MBAM-log-2013-07-16 (15-13-54).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 638833
Time elapsed: 1 hour(s), 51 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\mr\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4420bc55-45807eca (Trojan.FakeMS) -> No action taken.
C:\Users\mr\Desktop\SKOLA\3. SEMESTER\Algoritmy a datove struktury\ads3 - vseobecny strom (od peta)\Project1.exe (Trojan.Agent.DF) -> No action taken.

(end)

po vecernom znovu prihlaseni sa do konta mi Explorer par krat za sebou crashol a nasledne sa restartoval, potom zase nic.. uz fakt neviem kde je chyba

to prve najdene nechaj zmazat v MBAM - to druhe necham na Tebe
+
stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim


akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

tak tu je log:

ComboFix 13-07-15.01 - mr . 07. 2013 9:27.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.6049.3914 [GMT 2:00]
Running from: c:\users\mr\Downloads\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\AsPatch10430001.exe
c:\windows\msvcr71.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\office.exe
c:\windows\SysWow64\tempdir
c:\windows\SysWow64\tempdir\tinypdf.dll
c:\windows\SysWow64\tempdir\tinypdf.chm
c:\windows\SysWow64\tempdir\tinypdf1.dll
c:\windows\SysWow64\tempdir\tinypdf2.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-06-17 to 2013-07-17 )))))))))))))))))))))))))))))))
.
.
2013-07-17 07:32 . 2013-07-17 07:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-17 07:32 . 2013-07-17 07:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-17 07:26 . 2013-07-17 07:26 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A325887A-4C43-48B1-AC40-CA48929BCE2B}\offreg.dll
2013-07-17 07:07 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A325887A-4C43-48B1-AC40-CA48929BCE2B}\mpengine.dll
2013-07-16 07:13 . 2013-07-16 07:13 -------- d-----w- c:\windows\CheckSur
2013-07-15 12:19 . 2013-07-15 12:19 61440 ----a-w- c:\windows\SysWow64\drivers\altbdl.sys
2013-07-15 09:24 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-15 09:24 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-15 09:24 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-15 09:24 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-15 09:24 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-15 09:24 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-15 09:24 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-14 13:16 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-14 13:16 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-14 13:08 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-14 13:07 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-14 13:07 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-04 18:22 . 2013-07-04 18:22 -------- d-----w- C:\FRST
2013-07-04 09:16 . 2013-07-15 12:30 -------- d-----w- c:\program files\trend micro
2013-07-04 09:16 . 2013-07-04 09:16 -------- d-----w- C:\rsit
2013-07-03 17:23 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\system32\explorer.exe
2013-07-03 14:49 . 2013-07-05 09:36 -------- d-----w- c:\users\repair
2013-07-03 12:52 . 2013-07-03 12:52 -------- d-----w- c:\users\mr\AppData\Roaming\Opera Software
2013-07-03 12:52 . 2013-07-03 12:52 -------- d-----w- c:\users\mr\AppData\Local\Opera Software
2013-07-03 11:23 . 2013-07-03 11:23 -------- d-----w- c:\programdata\HitmanPro
2013-07-02 12:22 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2013-06-27 21:48 . 2013-07-03 12:38 -------- d-----w- c:\users\mr\AppData\Roaming\Awesomium
2013-06-26 10:39 . 2013-06-26 10:39 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-06-26 10:26 . 2007-04-04 16:55 403304 ----a-w- c:\windows\system32\xactengine2_7.dll
2013-06-26 10:26 . 2007-04-04 16:55 261480 ----a-w- c:\windows\SysWow64\xactengine2_7.dll
2013-06-26 10:26 . 2007-03-05 10:42 15128 ----a-w- c:\windows\SysWow64\x3daudio1_1.dll
2013-06-26 10:26 . 2007-03-05 10:42 17688 ----a-w- c:\windows\system32\x3daudio1_1.dll
2013-06-26 10:26 . 2007-03-15 14:57 506728 ----a-w- c:\windows\system32\d3dx10_33.dll
2013-06-26 10:26 . 2007-03-15 14:57 443752 ----a-w- c:\windows\SysWow64\d3dx10_33.dll
2013-06-26 10:26 . 2007-03-12 14:42 1400176 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2013-06-26 10:26 . 2007-03-12 14:42 1123696 ----a-w- c:\windows\SysWow64\D3DCompiler_33.dll
2013-06-26 10:26 . 2007-03-12 14:42 4494184 ----a-w- c:\windows\system32\d3dx9_33.dll
2013-06-26 10:26 . 2007-03-12 14:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2013-06-26 10:24 . 2010-02-04 08:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2013-06-26 10:24 . 2010-02-04 08:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2013-06-26 10:24 . 2010-02-04 08:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2013-06-26 10:24 . 2010-02-04 08:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
2013-06-26 10:19 . 2013-07-03 16:28 -------- d-----w- c:\programdata\BitRaider
2013-06-21 23:26 . 2001-11-08 00:27 237568 ----a-w- c:\windows\system32\glut32.dll
2013-06-21 18:27 . 2013-06-21 18:28 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2013-06-21 18:16 . 2013-06-21 18:16 -------- d-----w- c:\program files\Microsoft SDKs
2013-06-21 18:16 . 2013-06-21 18:16 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2013-06-21 13:30 . 2013-06-22 08:58 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2013-06-21 10:32 . 2013-06-21 10:32 -------- d-----w- c:\users\mr\AppData\Roaming\e-academy Inc
2013-06-21 10:32 . 2013-06-21 10:32 -------- d-----w- c:\users\mr\AppData\Local\e-academy Inc
2013-06-19 09:01 . 2013-06-19 09:07 -------- d-----w- c:\users\mr\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-16 08:14 . 2012-03-08 14:26 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-07-15 08:10 . 2012-03-09 15:38 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 07:34 . 2012-05-16 10:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 07:34 . 2012-05-16 10:36 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 07:34 . 2013-06-12 07:34 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-16 17:02 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 12:57 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 12:57 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 12:57 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 12:57 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 12:57 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 12:57 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 12:57 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 12:57 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:57 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 12:57 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 12:57 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 12:57 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 12:57 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-07 21:27 . 2013-05-07 21:27 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-07 21:27 . 2013-05-07 21:27 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-07 21:27 . 2013-05-07 21:27 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-07 21:27 . 2013-05-07 21:27 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-07 21:27 . 2013-05-07 21:27 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-07 21:27 . 2013-05-07 21:27 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-07 21:27 . 2013-05-07 21:27 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-07 21:27 . 2013-05-07 21:27 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-07 21:27 . 2013-05-07 21:27 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-07 21:27 . 2013-05-07 21:27 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-07 21:27 . 2013-05-07 21:27 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-07 21:27 . 2013-05-07 21:27 441856 ----a-w- c:\windows\system32\html.iec
2013-05-07 21:27 . 2013-05-07 21:27 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-07 21:27 . 2013-05-07 21:27 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-07 21:27 . 2013-05-07 21:27 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-07 21:27 . 2013-05-07 21:27 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 21:27 . 2013-05-07 21:27 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-07 21:27 . 2013-05-07 21:27 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-07 21:27 . 2013-05-07 21:27 235008 ----a-w- c:\windows\system32\url.dll
2013-05-07 21:27 . 2013-05-07 21:27 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-07 21:27 . 2013-05-07 21:27 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-07 21:27 . 2013-05-07 21:27 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-07 21:27 . 2013-05-07 21:27 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-07 21:27 . 2013-05-07 21:27 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-07 21:27 . 2013-05-07 21:27 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-07 21:27 . 2013-05-07 21:27 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-07 21:27 . 2013-05-07 21:27 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-07 21:27 . 2013-05-07 21:27 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:27 . 2013-05-07 21:27 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-07 21:27 . 2013-05-07 21:27 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-07 21:27 . 2013-05-07 21:27 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-07 21:27 . 2013-05-07 21:27 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-07 21:27 . 2013-05-07 21:27 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-07 21:27 . 2013-05-07 21:27 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-07 21:27 . 2013-05-07 21:27 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-07 21:27 . 2013-05-07 21:27 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-07 21:27 . 2013-05-07 21:27 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-07 21:27 . 2013-05-07 21:27 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-07 21:27 . 2013-05-07 21:27 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-07 21:27 . 2013-05-07 21:27 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-07 21:27 . 2013-05-07 21:27 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-07 21:27 . 2013-05-07 21:27 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-07 21:27 . 2013-05-07 21:27 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-07 21:27 . 2013-05-07 21:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-07 21:27 . 2013-05-07 21:27 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-07 21:27 . 2013-05-07 21:27 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-07 21:27 . 2013-05-07 21:27 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-07 21:27 . 2013-05-07 21:27 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-07 21:27 . 2013-05-07 21:27 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-07 21:25 . 2013-05-07 21:25 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-07 21:25 . 2013-05-07 21:25 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-07 21:25 . 2013-05-07 21:25 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-07 21:25 . 2013-05-07 21:25 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-07 21:25 . 2013-05-07 21:25 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-07 21:25 . 2013-05-07 21:25 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-07 21:25 . 2013-05-07 21:25 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-07 21:25 . 2013-05-07 21:25 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-07 21:25 . 2013-05-07 21:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-07 21:25 . 2013-05-07 21:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-07 21:25 . 2013-05-07 21:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-07 21:25 . 2013-05-07 21:25 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-07 21:25 . 2013-05-07 21:25 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-07 21:25 . 2013-05-07 21:25 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-07 21:25 . 2013-05-07 21:25 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-07 21:25 . 2013-05-07 21:25 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-05-07 21:25 . 2013-05-07 21:25 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-07 21:25 . 2013-05-07 21:25 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-07 21:25 . 2013-05-07 21:25 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-05-07 21:25 . 2013-05-07 21:25 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-05-07 21:25 . 2013-05-07 21:25 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-07 21:25 . 2013-05-07 21:25 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-05-07 21:25 . 2013-05-07 21:25 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-07 21:25 . 2013-05-07 21:25 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-05-07 21:25 . 2013-05-07 21:25 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-07 21:25 . 2013-05-07 21:25 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-05-07 21:25 . 2013-05-07 21:25 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-05-07 21:25 . 2013-05-07 21:25 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-07 21:25 . 2013-05-07 21:25 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-05-07 21:25 . 2013-05-07 21:25 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-07 21:25 . 2013-05-07 21:25 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-05-07 21:25 . 2013-05-07 21:25 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-01 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2012-10-05 393656]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-02-25 40448]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
.
c:\users\repair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\users\mr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-1 548528]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1083680]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe -d [2011-11-23 12862]
Last.fm Scrobbler.lnk - c:\program files (x86)\Last.fm\Last.fm Scrobbler.exe [2013-1-17 1752576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi5"=KORGUM64.DRV
"midi6"=KORGUM64.DRV
"midi7"=KORGUM64.DRV
"midi8"=KORGUM64.DRV
"midi9"=KORGUM64.DRV
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IBG_gds_db;InterBase XE3 64 Guardian gds_db;c:\program files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe;c:\program files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe;c:\expressgateutil\VAWinService.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 IBS_gds_db;InterBase XE3 64 Server gds_db;c:\program files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe;c:\program files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS;c:\windows\SYSNATIVE\Drivers\KORGUM64.SYS [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-14 13:43 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 07:34]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 09:01]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 09:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2010-01-21 909824]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi5"=KORGUM64.DRV
"midi6"=KORGUM64.DRV
"midi7"=KORGUM64.DRV
"midi8"=KORGUM64.DRV
"midi9"=KORGUM64.DRV
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\mr\AppData\Roaming\Mozilla\Firefox\Profiles\xk78vjsb.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-17 09:34:33
ComboFix-quarantined-files.txt 2013-07-17 07:34
.
Pre-Run: 5 320 032 256 bytes free
Post-Run: 5 368 102 912 bytes free
.
- - End Of File - - 688934CE227A6D2421D11101857AAB3A
D41D8CD98F00B204E9800998ECF8427E