Problém s načítáním stránek
Napsal: 04 čer 2015 08:59
Zdravím, mám problém nejspíše s nějakou havětí. Při prvním přístupu na cca 50% webů prohlížet načítá stránku 20 sec + neodpovídá, pří refreshi stránka načte okamžitě. Dělá to v chrome i opeře (otestováno). Změna DNS serverů nepomáhá, podle providera je vše ok. Na jiném PC v síti vše také funguje. ADWcleaner + TDSSKiller už proběhl, Combofix se seknul ve fázi 49 (48 hotovo, po hodině). Takže žádné změny se neprovedly. Díky za případnou pomoc 
Logfile of random's system information tool 1.10 (written by random/random)
Run by Mystery at 2015-06-04 09:33:29
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 10 GB (9%) free of 114 GB
Total RAM: 8137 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:33:45, on 4.6.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Mystery\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\QIP 2012\qip.exe
C:\Users\Mystery\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera_crashreporter.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files\trend micro\Mystery.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: ArcPluginIEBHO - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - D:\Arc\Arc\Plugins\ArcPluginIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O3 - Toolbar: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [f.lux] "C:\Users\Mystery\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
O4 - Startup: Dropbox.lnk = Mystery\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10324 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe" /service
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe"
"C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe"
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe" /service
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\CyberGhost 5\Service.exe"
"taskhost.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
"C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe"
"C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
"C:\Users\Mystery\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
"C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
"C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
"C:\Users\Mystery\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Trillian\trillian.exe"
taskeng.exe {C83C3AC8-BFC3-4789-90E9-8E21C9C83E47}
"C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe"
taskeng.exe {18861D54-0A93-4F6D-9570-017930DC6C1D}
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe" -open
"C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe"
"C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe"
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe" -Init
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe" -hide
"C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe" -hide
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera_crashreporter.exe" --ran-launcher --crash-reporter-parent-id=7068
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=gpu-process --channel="7068.0.132444608\1066927839" --crash-reporter-pid=5636 --enable-mse-h264-support --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,21,44 --gpu-vendor-id=0x1002 --gpu-device-id=0x6798 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=14.502.1014.1001 --crash-reporter-pid=5636 --enable-mse-h264-support --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.2.1490713131\147033056" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.3.749052549\2047772478" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.4.368437675\1297529135" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.5.1629630757\728509807" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.6.2098021514\1960379442" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.7.1620048779\644731811" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.8.1379231044\603273973" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.9.1243879354\1352358321" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.10.1983614093\1336521783" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.11.1719899483\168629386" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.12.1532111232\767413310" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.13.1746340575\921464190" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.14.1022175041\1922552779" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.15.1574037104\1129629191" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.16.169112976\746885653" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.17.1836204157\1017332074" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.19.32634327\679023126" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=ppapi --channel="7068.24.63419585\1802986788" --ppapi-flash-args --lang=cs --crash-reporter-pid=5636 --enable-mse-h264-support --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.31.459304635\1320263960" /prefetch:673131151
C:\Windows\system32\sppsvc.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 548 552 560 65536 556
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.38.1619281627\1006129905" /prefetch:673131151
"C:\Users\Mystery\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24 551848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24 212904]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84BFE29A-8139-402a-B2A4-C23AE9E1A75F}]
ArcPluginIEBHO Class - D:\Arc\Arc\Plugins\ArcPluginIE.dll [2013-10-10 108904]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24 172968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-10 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-10 394800]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-10 1873256]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-05-15 6470760]
"Launch LCore"=C:\Program Files\Logitech Gaming Software\LCore.exe [2014-10-14 12697368]
"Bdagent"=C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [2015-03-17 1691112]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21 472992]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"f.lux"=C:\Users\Mystery\AppData\Local\FluxSoftware\Flux\flux.exe [2013-10-24 1017224]
"Bitdefender Wallet Agent"=C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [2015-02-10 790880]
"Infium"=C:\Program Files (x86)\QIP 2012\qip.exe [2014-03-04 8503280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21 472992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cm108Sound]
C:\Windows\syswow64\RunDll32.exe [2009-07-14 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberGhost]
C:\Program Files\CyberGhost 5\CyberGhost.EXE [2014-11-03 410216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2015-02-17 3978600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\Mystery\AppData\Roaming\QipGuard\QipGuard.exe /p []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
C:\Program Files (x86)\Raptr\raptrstub.exe [2015-03-25 55568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftEther VPN Client UI Helper]
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [2014-04-29 4322872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2015-04-14 2889408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk]
C:\PROGRA~1\SOFTET~1\VPNCMG~1.EXE [2014-04-29 4513336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mystery^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Mystery\AppData\Roaming\Dropbox\bin\Dropbox.exe [2015-05-05 43374104]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2010-09-07 43608]
"ASUS AiChargerPlus Execute"=C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [2010-11-08 465536]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-05-26 767176]
C:\Users\Mystery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Mystery\AppData\Roaming\Dropbox\bin\Dropbox.exe
Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93144200.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\93144200.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
======File associations======
.inf - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1
.ini - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "%SystemRoot%\System32\WScript.exe" "%1" %*
.txt - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1
======List of files/folders created in the last 2 months======
2015-06-04 09:33:30 ----D---- C:\Program Files\trend micro
2015-06-04 09:33:29 ----D---- C:\rsit
2015-06-04 00:31:42 ----D---- C:\FRST
2015-06-04 00:26:10 ----A---- C:\TDSSKiller.3.0.0.44_04.06.2015_00.26.10_log.txt
2015-06-04 00:24:03 ----A---- C:\TDSSKiller.3.0.0.44_04.06.2015_00.24.03_log.txt
2015-06-04 00:17:06 ----SHD---- C:\$RECYCLE.BIN
2015-06-03 23:14:02 ----SD---- C:\ComboFix
2015-06-03 23:12:49 ----D---- C:\Qoobox
2015-05-31 10:08:26 ----D---- C:\Users\Mystery\AppData\Roaming\Trillian
2015-05-31 10:08:22 ----D---- C:\Program Files (x86)\Trillian
2015-05-31 10:00:11 ----D---- C:\Users\Mystery\AppData\Roaming\.purple
2015-05-31 09:57:58 ----D---- C:\Program Files (x86)\Pidgin
2015-05-30 11:47:56 ----D---- C:\ProgramData\ATI
2015-05-30 11:47:54 ----D---- C:\Program Files (x86)\AMD AVT
2015-05-29 21:14:55 ----D---- C:\ProgramData\SP_FT_Logs
2015-05-27 00:41:32 ----A---- C:\Windows\system32\amdave64.dll
2015-05-27 00:41:30 ----A---- C:\Windows\SYSWOW64\amdave32.dll
2015-05-27 00:41:26 ----A---- C:\Windows\system32\amdhcp64.dll
2015-05-27 00:41:22 ----A---- C:\Windows\system32\atimpc64.dll
2015-05-27 00:41:22 ----A---- C:\Windows\system32\amdpcom64.dll
2015-05-27 00:41:20 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2015-05-27 00:41:20 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll
2015-05-27 00:41:06 ----A---- C:\Windows\system32\atiu9p64.dll
2015-05-27 00:40:26 ----A---- C:\Windows\system32\atiumd6a.dll
2015-05-27 00:40:22 ----A---- C:\Windows\system32\atiumd64.dll
2015-05-27 00:38:16 ----A---- C:\Windows\system32\drivers\amdacpksd.sys
2015-05-27 00:35:56 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2015-05-27 00:28:38 ----A---- C:\Windows\system32\clinfo.exe
2015-05-27 00:28:34 ----A---- C:\Windows\system32\OpenVideo64.dll
2015-05-27 00:28:32 ----A---- C:\Windows\SYSWOW64\OpenVideo.dll
2015-05-27 00:28:30 ----A---- C:\Windows\SYSWOW64\OVDecode.dll
2015-05-27 00:28:30 ----A---- C:\Windows\system32\OVDecode64.dll
2015-05-27 00:28:28 ----A---- C:\Windows\system32\amdocl64.dll
2015-05-27 00:27:34 ----A---- C:\Windows\SYSWOW64\amdocl.dll
2015-05-27 00:26:44 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2015-05-27 00:26:44 ----A---- C:\Windows\system32\OpenCL.dll
2015-05-27 00:20:48 ----A---- C:\Windows\system32\atio6axx.dll
2015-05-27 00:15:32 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2015-05-27 00:14:48 ----A---- C:\Windows\system32\mantle64.dll
2015-05-27 00:14:44 ----A---- C:\Windows\SYSWOW64\mantle32.dll
2015-05-27 00:14:38 ----A---- C:\Windows\system32\amdmantle64.dll
2015-05-27 00:14:26 ----A---- C:\Windows\system32\amdmmcl6.dll
2015-05-27 00:14:24 ----A---- C:\Windows\SYSWOW64\amdmmcl.dll
2015-05-27 00:12:06 ----A---- C:\Windows\system32\atiapfxx.exe
2015-05-27 00:12:04 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2015-05-27 00:12:04 ----A---- C:\Windows\system32\aticalrt64.dll
2015-05-27 00:12:02 ----A---- C:\Windows\system32\aticalcl64.dll
2015-05-27 00:12:00 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2015-05-27 00:11:56 ----A---- C:\Windows\system32\aticaldd64.dll
2015-05-27 00:11:44 ----A---- C:\Windows\SYSWOW64\amdmantle32.dll
2015-05-27 00:11:06 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2015-05-27 00:09:14 ----A---- C:\Windows\system32\mantleaxl64.dll
2015-05-27 00:09:10 ----A---- C:\Windows\SYSWOW64\mantleaxl32.dll
2015-05-27 00:07:54 ----A---- C:\Windows\system32\atidemgy.dll
2015-05-27 00:07:52 ----A---- C:\Windows\system32\atimuixx.dll
2015-05-27 00:07:50 ----A---- C:\Windows\system32\atieclxx.exe
2015-05-27 00:07:42 ----A---- C:\Windows\system32\atiesrxx.exe
2015-05-27 00:07:30 ----A---- C:\Windows\system32\atitmm64.dll
2015-05-27 00:04:48 ----A---- C:\Windows\system32\atisamu64.dll
2015-05-27 00:04:44 ----A---- C:\Windows\SYSWOW64\atisamu32.dll
2015-05-27 00:04:10 ----A---- C:\Windows\system32\atiadlxx.dll
2015-05-27 00:04:06 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2015-05-27 00:04:04 ----A---- C:\Windows\system32\atig6pxx.dll
2015-05-27 00:04:02 ----A---- C:\Windows\SYSWOW64\atiglpxx.dll
2015-05-27 00:04:02 ----A---- C:\Windows\system32\atiglpxx.dll
2015-05-27 00:04:02 ----A---- C:\Windows\system32\atig6txx.dll
2015-05-27 00:03:58 ----A---- C:\Windows\SYSWOW64\atigktxx.dll
2015-05-27 00:03:56 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2015-05-27 00:03:56 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2015-05-26 18:32:00 ----A---- C:\Windows\system32\kdbsdk64.dll
2015-05-26 18:30:28 ----A---- C:\Windows\SYSWOW64\kdbsdk32.dll
2015-05-21 16:45:04 ----D---- C:\Program Files (x86)\Cok Software
2015-05-14 00:49:16 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:49:16 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:39:56 ----D---- C:\temp
2015-05-13 16:12:07 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-05-13 16:12:07 ----A---- C:\Windows\SYSWOW64\certcli.dll
2015-05-13 16:12:07 ----A---- C:\Windows\system32\schannel.dll
2015-05-13 16:12:07 ----A---- C:\Windows\system32\certcli.dll
2015-05-13 16:12:02 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-05-13 16:12:01 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-05-13 16:12:01 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-05-13 16:12:01 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-05-13 16:12:01 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-05-13 16:12:01 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-05-13 16:12:01 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-05-13 16:12:01 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-05-13 16:12:01 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-05-13 16:12:01 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 16:12:01 ----A---- C:\Windows\system32\iernonce.dll
2015-05-13 16:12:01 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-05-13 16:12:01 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-05-13 16:12:01 ----A---- C:\Windows\system32\ie4uinit.exe
2015-05-13 16:12:00 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-05-13 16:12:00 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-05-13 16:11:59 ----A---- C:\Windows\system32\urlmon.dll
2015-05-13 16:11:59 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 16:11:59 ----A---- C:\Windows\system32\msfeeds.dll
2015-05-13 16:11:59 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 16:11:59 ----A---- C:\Windows\system32\iedkcs32.dll
2015-05-13 16:11:59 ----A---- C:\Windows\system32\dxtrans.dll
2015-05-13 16:11:58 ----A---- C:\Windows\system32\iesetup.dll
2015-05-13 16:11:58 ----A---- C:\Windows\system32\iertutil.dll
2015-05-13 16:11:58 ----A---- C:\Windows\system32\ieapfltr.dll
2015-05-13 16:11:57 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-05-13 16:11:57 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-05-13 16:11:57 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-05-13 16:11:57 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-05-13 16:11:57 ----A---- C:\Windows\system32\vbscript.dll
2015-05-13 16:11:57 ----A---- C:\Windows\system32\jsproxy.dll
2015-05-13 16:11:57 ----A---- C:\Windows\system32\ieUnatt.exe
2015-05-13 16:11:57 ----A---- C:\Windows\system32\ieui.dll
2015-05-13 16:11:57 ----A---- C:\Windows\system32\ieframe.dll
2015-05-13 16:11:57 ----A---- C:\Windows\system32\dxtmsft.dll
2015-05-13 16:11:56 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-05-13 16:11:56 ----A---- C:\Windows\system32\mshtmled.dll
2015-05-13 16:11:56 ----A---- C:\Windows\system32\jscript9diag.dll
2015-05-13 16:11:56 ----A---- C:\Windows\system32\jscript9.dll
2015-05-13 16:11:56 ----A---- C:\Windows\system32\jscript.dll
2015-05-13 16:11:55 ----A---- C:\Windows\system32\wininet.dll
2015-05-13 16:11:55 ----A---- C:\Windows\system32\msrating.dll
2015-05-13 16:11:55 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-05-13 16:11:55 ----A---- C:\Windows\system32\mshtml.dll
2015-05-13 16:11:23 ----A---- C:\Windows\system32\services.exe
2015-05-13 16:11:19 ----A---- C:\Windows\system32\UtcResources.dll
2015-05-13 16:11:19 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-05-13 16:11:19 ----A---- C:\Windows\system32\ntdll.dll
2015-05-13 16:11:19 ----A---- C:\Windows\system32\diagtrack.dll
2015-05-13 16:11:18 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-05-13 16:11:18 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-05-13 16:11:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-05-13 16:11:18 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-05-13 16:11:18 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-05-13 16:11:18 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2015-05-13 16:11:18 ----A---- C:\Windows\system32\wow64.dll
2015-05-13 16:11:18 ----A---- C:\Windows\system32\tdh.dll
2015-05-13 16:11:18 ----A---- C:\Windows\system32\msv1_0.dll
2015-05-13 16:11:18 ----A---- C:\Windows\system32\lsasrv.dll
2015-05-13 16:11:18 ----A---- C:\Windows\system32\KernelBase.dll
2015-05-13 16:11:18 ----A---- C:\Windows\system32\kernel32.dll
2015-05-13 16:11:18 ----A---- C:\Windows\system32\advapi32.dll
2015-05-13 16:11:17 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-05-13 16:11:17 ----A---- C:\Windows\SYSWOW64\tracerpt.exe
2015-05-13 16:11:17 ----A---- C:\Windows\SYSWOW64\sechost.dll
2015-05-13 16:11:17 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-05-13 16:11:17 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-05-13 16:11:17 ----A---- C:\Windows\SYSWOW64\logman.exe
2015-05-13 16:11:17 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-05-13 16:11:17 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-05-13 16:11:17 ----A---- C:\Windows\system32\winsrv.dll
2015-05-13 16:11:17 ----A---- C:\Windows\system32\wdigest.dll
2015-05-13 16:11:17 ----A---- C:\Windows\system32\typeperf.exe
2015-05-13 16:11:17 ----A---- C:\Windows\system32\tracerpt.exe
2015-05-13 16:11:17 ----A---- C:\Windows\system32\srcore.dll
2015-05-13 16:11:17 ----A---- C:\Windows\system32\smss.exe
2015-05-13 16:11:17 ----A---- C:\Windows\system32\sechost.dll
2015-05-13 16:11:17 ----A---- C:\Windows\system32\rstrui.exe
2015-05-13 16:11:17 ----A---- C:\Windows\system32\logman.exe
2015-05-13 16:11:17 ----A---- C:\Windows\system32\kerberos.dll
2015-05-13 16:11:17 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-05-13 16:11:17 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-05-13 16:11:17 ----A---- C:\Windows\system32\conhost.exe
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\typeperf.exe
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\relog.exe
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\diskperf.exe
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-05-13 16:11:16 ----A---- C:\Windows\system32\wow64win.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\wow64cpu.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\TSpkg.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\sspisrv.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\sspicli.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\srclient.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\secur32.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\relog.exe
2015-05-13 16:11:16 ----A---- C:\Windows\system32\ntvdm64.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\ncrypt.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\lsass.exe
2015-05-13 16:11:16 ----A---- C:\Windows\system32\diskperf.exe
2015-05-13 16:11:16 ----A---- C:\Windows\system32\csrsrv.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\credssp.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\auditpol.exe
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 16:11:15 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-05-13 16:11:15 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-05-13 16:11:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 16:11:14 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 16:11:14 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 16:11:14 ----A---- C:\Windows\SYSWOW64\user.exe
2015-05-13 16:11:14 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-05-13 16:11:14 ----A---- C:\Windows\system32\apisetschema.dll
2015-05-13 16:11:13 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-05-13 16:11:13 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-05-13 16:11:13 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-05-13 16:11:13 ----A---- C:\Windows\system32\msobjs.dll
2015-05-13 16:11:13 ----A---- C:\Windows\system32\msaudite.dll
2015-05-13 16:11:13 ----A---- C:\Windows\system32\adtschema.dll
2015-05-13 16:11:07 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-05-13 16:11:07 ----A---- C:\Windows\system32\win32k.sys
2015-05-13 16:11:07 ----A---- C:\Windows\system32\FntCache.dll
2015-05-13 16:11:07 ----A---- C:\Windows\system32\DWrite.dll
2015-05-13 16:11:05 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-05-13 16:11:05 ----A---- C:\Windows\system32\InkEd.dll
2015-05-13 16:11:04 ----A---- C:\Windows\SYSWOW64\wpdshext.dll
2015-05-13 16:11:04 ----A---- C:\Windows\system32\wpdshext.dll
2015-05-13 16:11:04 ----A---- C:\Windows\system32\jnwmon.dll
2015-05-13 16:11:02 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-05-13 16:11:02 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-05-13 16:11:02 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2015-05-13 16:11:02 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-05-13 16:11:02 ----A---- C:\Windows\system32\shimeng.dll
2015-05-13 16:11:02 ----A---- C:\Windows\system32\sdbinst.exe
2015-05-13 16:11:02 ----A---- C:\Windows\system32\poqexec.exe
2015-05-13 16:11:02 ----A---- C:\Windows\system32\apphelp.dll
2015-05-13 16:11:02 ----A---- C:\Windows\system32\aelupsvc.dll
2015-05-07 19:03:16 ----D---- C:\Users\Mystery\AppData\Roaming\Ulozto File Manager
2015-05-07 19:03:14 ----D---- C:\Program Files (x86)\Ulozto File Manager
2015-05-04 17:37:42 ----D---- C:\Users\Mystery\AppData\Roaming\Arduino15
2015-05-04 17:35:58 ----D---- C:\Program Files (x86)\Arduino
2015-04-16 18:23:53 ----D---- C:\Program Files (x86)\Rockstar Games
2015-04-16 18:23:50 ----D---- C:\Program Files\Rockstar Games
2015-04-16 17:25:58 ----D---- C:\AMD
2015-04-15 11:35:36 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-04-15 11:35:36 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-04-15 11:35:36 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-04-15 11:35:36 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-04-15 11:35:36 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wuwebv.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wups2.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wups.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wudriver.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wucltux.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wuaueng.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wuauclt.exe
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wuapp.exe
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wuapi.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-04-15 11:35:30 ----A---- C:\Windows\system32\generaltel.dll
2015-04-15 11:35:30 ----A---- C:\Windows\system32\appraiser.dll
2015-04-15 11:35:30 ----A---- C:\Windows\system32\aepic.dll
2015-04-15 11:35:30 ----A---- C:\Windows\system32\aeinv.dll
2015-04-15 11:35:30 ----A---- C:\Windows\system32\acmigration.dll
2015-04-15 11:35:29 ----A---- C:\Windows\system32\invagent.dll
2015-04-15 11:35:29 ----A---- C:\Windows\system32\devinv.dll
2015-04-15 11:35:29 ----A---- C:\Windows\system32\aepdu.dll
2015-04-15 11:35:28 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-04-15 11:35:28 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-04-15 11:35:28 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-04-15 11:35:28 ----A---- C:\Windows\system32\msxml3r.dll
2015-04-15 11:35:28 ----A---- C:\Windows\system32\msxml3.dll
2015-04-15 11:35:28 ----A---- C:\Windows\system32\gdi32.dll
2015-04-15 11:35:16 ----A---- C:\Windows\system32\drivers\http.sys
2015-04-15 11:32:58 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-04-15 11:32:58 ----A---- C:\Windows\system32\clfsw32.dll
2015-04-15 11:32:58 ----A---- C:\Windows\system32\clfs.sys
======List of files/folders modified in the last 2 months======
2015-06-04 09:33:36 ----D---- C:\Windows\temp
2015-06-04 09:33:30 ----RD---- C:\Program Files
2015-06-04 09:27:29 ----D---- C:\Windows\System32
2015-06-04 09:27:29 ----D---- C:\Windows\inf
2015-06-04 09:27:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-06-04 09:26:59 ----D---- C:\Windows\system32\drivers\etc
2015-06-04 09:24:59 ----D---- C:\Windows\system32\config
2015-06-04 09:24:21 ----D---- C:\Users\Mystery\AppData\Roaming\Skype
2015-06-04 09:23:04 ----D---- C:\Users\Mystery\AppData\Roaming\Dropbox
2015-06-04 09:22:49 ----D---- C:\Program Files (x86)\QIP 2012
2015-06-04 00:42:35 ----A---- C:\bdlog.txt
2015-06-04 00:41:26 ----D---- C:\AdwCleaner
2015-06-04 00:32:37 ----D---- C:\Windows
2015-06-04 00:25:17 ----D---- C:\Windows\system32\drivers
2015-06-03 23:24:09 ----D---- C:\Windows\SysWOW64
2015-06-03 23:24:08 ----D---- C:\Windows\SYSWOW64\drivers
2015-06-03 23:24:08 ----D---- C:\Windows\AppPatch
2015-06-03 23:24:07 ----D---- C:\Program Files (x86)\Common Files
2015-06-03 21:31:44 ----SHD---- C:\Windows\Installer
2015-06-03 21:31:44 ----D---- C:\ProgramData\Skype
2015-06-03 15:51:39 ----D---- C:\Users\Mystery\AppData\Roaming\vlc
2015-06-03 12:55:53 ----SHD---- C:\System Volume Information
2015-06-02 12:10:56 ----D---- C:\Program Files (x86)\Battle.net
2015-06-02 11:58:13 ----D---- C:\Windows\system32\Tasks
2015-06-02 11:58:13 ----D---- C:\Program Files (x86)\Opera Next
2015-05-31 10:08:22 ----RD---- C:\Program Files (x86)
2015-05-30 12:54:59 ----D---- C:\Windows\system32\catroot
2015-05-30 12:20:51 ----D---- C:\Windows\Microsoft.NET
2015-05-30 11:47:56 ----D---- C:\ProgramData
2015-05-30 11:47:55 ----D---- C:\ProgramData\AMD
2015-05-30 11:47:21 ----D---- C:\Program Files\AMD
2015-05-30 11:45:51 ----D---- C:\Windows\system32\DriverStore
2015-05-27 00:41:24 ----A---- C:\Windows\SYSWOW64\amdhcp32.dll
2015-05-27 00:41:10 ----A---- C:\Windows\system32\atiuxp64.dll
2015-05-27 00:41:08 ----A---- C:\Windows\SYSWOW64\atiuxpag.dll
2015-05-27 00:41:04 ----A---- C:\Windows\SYSWOW64\atiu9pag.dll
2015-05-27 00:41:00 ----A---- C:\Windows\system32\aticfx64.dll
2015-05-27 00:40:58 ----A---- C:\Windows\SYSWOW64\aticfx32.dll
2015-05-27 00:40:52 ----A---- C:\Windows\system32\atidxx64.dll
2015-05-27 00:40:48 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2015-05-27 00:40:40 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2015-05-27 00:40:32 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2015-05-27 00:05:10 ----A---- C:\Windows\system32\coinst_14.50.dll
2015-05-25 12:33:06 ----HD---- C:\Windows\system32\GroupPolicy
2015-05-25 11:45:35 ----D---- C:\Program Files (x86)\TeamViewer
2015-05-21 01:08:45 ----D---- C:\Windows\winsxs
2015-05-21 01:08:42 ----SD---- C:\Windows\SYSWOW64\GWX
2015-05-21 01:08:42 ----SD---- C:\Windows\system32\GWX
2015-05-20 10:42:07 ----D---- C:\Program Files (x86)\Opera
2015-05-17 20:33:11 ----D---- C:\Users\Mystery\AppData\Roaming\TS3Client
2015-05-16 10:44:45 ----D---- C:\Windows\Tasks
2015-05-14 20:09:18 ----D---- C:\Program Files (x86)\Hearthstone
2015-05-14 18:46:58 ----D---- C:\Windows\rescache
2015-05-14 14:49:44 ----RSD---- C:\Windows\assembly
2015-05-14 11:05:42 ----D---- C:\Windows\SYSWOW64\en-US
2015-05-14 11:05:42 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-05-14 11:05:42 ----D---- C:\Windows\system32\en-US
2015-05-14 11:05:42 ----D---- C:\Windows\system32\cs-CZ
2015-05-14 11:05:42 ----D---- C:\Program Files\Internet Explorer
2015-05-14 11:05:42 ----D---- C:\Program Files (x86)\Internet Explorer
2015-05-14 11:05:40 ----D---- C:\Windows\system32\AdvancedInstallers
2015-05-14 11:05:40 ----D---- C:\Program Files\Windows Journal
2015-05-14 11:05:38 ----D---- C:\Windows\system32\drivers\UMDF
2015-05-14 00:57:21 ----D---- C:\ProgramData\Microsoft Help
2015-05-14 00:56:52 ----D---- C:\Windows\system32\MRT
2015-05-14 00:51:41 ----A---- C:\Windows\system32\MRT.exe
2015-05-13 16:10:54 ----D---- C:\Windows\system32\catroot2
2015-05-10 11:47:47 ----RD---- C:\Program Files (x86)\Skype
2015-05-09 16:42:28 ----SD---- C:\Users\Mystery\AppData\Roaming\Microsoft
2015-05-08 20:49:50 ----D---- C:\Program Files (x86)\Steam
2015-04-24 21:21:22 ----D---- C:\Program Files\SoftEther VPN Client
2015-04-19 11:00:31 ----D---- C:\Program Files (x86)\PokerStars
2015-04-17 18:14:11 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-16 17:50:57 ----D---- C:\Windows\AppCompat
2015-04-15 21:07:37 ----SD---- C:\Windows\system32\CompatTel
2015-04-15 21:07:37 ----D---- C:\Windows\system32\appraiser
2015-04-15 19:18:45 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-04-15 15:44:18 ----D---- C:\Program Files (x86)\Zotero Standalone
2015-04-05 21:25:08 ----D---- C:\ProgramData\Package Cache
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AiChargerPlus;ASUS Charger Plus Driver; C:\Windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464]
R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2013-11-06 83176]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2013-11-06 43240]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\Windows\system32\DRIVERS\amdkmpfd.sys [2014-10-28 62152]
R0 avc3;avc3; C:\Windows\system32\DRIVERS\avc3.sys [2015-02-10 1306464]
R0 gzflt;gzflt; C:\Windows\system32\DRIVERS\gzflt.sys [2015-03-17 160544]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2010-11-25 120408]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-04-28 386680]
R0 trufos;trufos; C:\Windows\system32\DRIVERS\trufos.sys [2014-11-12 452040]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2010-08-24 13440]
R1 AsUpIO;AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [2010-08-03 14464]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2015-02-10 93600]
R1 bdfwfpf;bdfwfpf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-10-29 107080]
R1 BDVEDISK;BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2013-06-08 231376]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2013-04-12 237840]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2013-04-12 120080]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2012-11-20 52376]
R2 mbamchameleon;mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [2015-04-14 107736]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-05-27 19339264]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-05-27 591872]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
R3 ASUSFILTER;ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [2011-09-20 46152]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2014-12-21 94720]
R3 avckf;avckf; C:\Windows\system32\DRIVERS\avckf.sys [2015-02-10 677104]
R3 avchv;avchv Function Driver; C:\Windows\system32\DRIVERS\avchv.sys [2015-02-10 262544]
R3 CH341SER_A64;CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [2011-11-04 58368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-05-22 4052496]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [2013-05-30 64280]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-04-14 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-06-04 136408]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-04-14 63704]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2014-02-16 60640]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2013-04-12 146704]
S2 AODDriver4.2.0;AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys []
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-10-18 38424]
S3 atillk64;atillk64; \??\C:\Users\Mystery\Desktop\R9 280X Biosy\ati_winflash_2.6.7\atillk64.sys [2006-07-19 14608]
S3 bdfwfpf_pc;bdfwfpf_pc; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2013-07-02 121928]
S3 BDSandBox;BDSandBox; \??\C:\Windows\system32\drivers\bdsandbox.sys [2015-02-10 82824]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz136;cpuz136; \??\C:\Users\Mystery\AppData\Local\Temp\cpuz136\cpuz136_x64.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 GPUZ;GPUZ; \??\C:\Windows\TEMP\GPUZ.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 IOMap;IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [2013-07-02 24824]
S3 Neo_VPN;VPN Client Device Driver - VPN; C:\Windows\system32\DRIVERS\Neo_0069.sys [2014-04-29 28768]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 Rockusb;Driver for Rockusb Device; C:\Windows\system32\DRIVERS\rockusb.sys [2013-03-12 67024]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 SEE;SoftEther Ethernet Layer Driver; C:\Windows\system32\drivers\see.sys [2014-04-29 38240]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 uisp;Logitech USB ICP driver; C:\Windows\System32\Drivers\mtdfu.sys [2013-09-10 17936]
S3 USBPNPA;USB PnP Sound Device Interface; C:\Windows\system32\drivers\CM10864.sys [2014-02-25 1308160]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Serial emulation modem driver; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2013-04-12 131856]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2012-11-20 37680]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-05-27 246272]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-05-26 344064]
R2 asComSvc;ASUS Com Service; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
R2 asHmComSvc;ASUS HM Com Service; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
R2 CGVPNCliService;CyberGhost 5 Client Service; C:\Program Files\CyberGhost 5\Service.exe [2014-11-03 64616]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-04-14 1871160]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-06-18 76152]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-03-30 5448464]
R2 UPDATESRV;Bitdefender Desktop Update Service; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [2014-11-12 67320]
R2 VSSERV;Bitdefender Virus Shield; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [2015-03-17 1547936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-07 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2015-04-01 967040]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-07 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-04-21 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-04 267440]
S4 ArcService;Arc Service; D:\Arc\Arc\ArcService.exe [2013-10-10 88424]
S4 BdDesktopParental;Bitdefender Desktop Parental Control; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [2014-12-17 78144]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
S4 EasyAntiCheat;EasyAntiCheat; C:\Windows\syswow64\EasyAntiCheat.exe [2014-06-21 107552]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2013-10-15 520416]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2015-02-17 2490216]
S4 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2015-02-16 417552]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-02-07 1910128]
S4 RadeonPro Support Service;RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2011-02-10 12800]
S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S4 SafeBox;SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2013-07-08 94624]
S4 SEVPNCLIENT;SoftEther VPN Client; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [2014-04-29 4322872]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S4 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-11-20 919192]
S4 vmware-view-usbd;VMware View USB; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2012-12-03 2436096]
-----------------EOF-----------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by Mystery at 2015-06-04 09:33:29
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 10 GB (9%) free of 114 GB
Total RAM: 8137 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:33:45, on 4.6.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Mystery\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\QIP 2012\qip.exe
C:\Users\Mystery\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera_crashreporter.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe
C:\Program Files\trend micro\Mystery.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: ArcPluginIEBHO - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - D:\Arc\Arc\Plugins\ArcPluginIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O3 - Toolbar: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [f.lux] "C:\Users\Mystery\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
O4 - Startup: Dropbox.lnk = Mystery\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10324 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe" /service
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe"
"C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe"
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe" /service
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\CyberGhost 5\Service.exe"
"taskhost.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
"C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe"
"C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
"C:\Users\Mystery\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
"C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
"C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
"C:\Users\Mystery\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Trillian\trillian.exe"
taskeng.exe {C83C3AC8-BFC3-4789-90E9-8E21C9C83E47}
"C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe"
taskeng.exe {18861D54-0A93-4F6D-9570-017930DC6C1D}
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe" -open
"C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe"
"C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe"
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe" -Init
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe" -hide
"C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe" -hide
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera_crashreporter.exe" --ran-launcher --crash-reporter-parent-id=7068
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=gpu-process --channel="7068.0.132444608\1066927839" --crash-reporter-pid=5636 --enable-mse-h264-support --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,21,44 --gpu-vendor-id=0x1002 --gpu-device-id=0x6798 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=14.502.1014.1001 --crash-reporter-pid=5636 --enable-mse-h264-support --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.2.1490713131\147033056" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.3.749052549\2047772478" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.4.368437675\1297529135" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.5.1629630757\728509807" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.6.2098021514\1960379442" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.7.1620048779\644731811" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.8.1379231044\603273973" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.9.1243879354\1352358321" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.10.1983614093\1336521783" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.11.1719899483\168629386" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.12.1532111232\767413310" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.13.1746340575\921464190" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.14.1022175041\1922552779" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.15.1574037104\1129629191" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.16.169112976\746885653" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.17.1836204157\1017332074" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.19.32634327\679023126" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=ppapi --channel="7068.24.63419585\1802986788" --ppapi-flash-args --lang=cs --crash-reporter-pid=5636 --enable-mse-h264-support --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.31.459304635\1320263960" /prefetch:673131151
C:\Windows\system32\sppsvc.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 548 552 560 65536 556
"C:\Program Files (x86)\Opera Next\30.0.1835.49\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --enable-deferred-image-decoding --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_16_0_0_305.dll" --ppapi-flash-version=16.0.0.305 --crash-reporter-pid=5636 --enable-mse-h264-support --device-scale-factor=1 --font-cache-shared-mem-suffix=7068 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="7068.38.1619281627\1006129905" /prefetch:673131151
"C:\Users\Mystery\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24 551848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24 212904]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84BFE29A-8139-402a-B2A4-C23AE9E1A75F}]
ArcPluginIEBHO Class - D:\Arc\Arc\Plugins\ArcPluginIE.dll [2013-10-10 108904]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24 172968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-10 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-10 394800]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-10 1873256]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-05-15 6470760]
"Launch LCore"=C:\Program Files\Logitech Gaming Software\LCore.exe [2014-10-14 12697368]
"Bdagent"=C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [2015-03-17 1691112]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21 472992]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"f.lux"=C:\Users\Mystery\AppData\Local\FluxSoftware\Flux\flux.exe [2013-10-24 1017224]
"Bitdefender Wallet Agent"=C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [2015-02-10 790880]
"Infium"=C:\Program Files (x86)\QIP 2012\qip.exe [2014-03-04 8503280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21 472992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cm108Sound]
C:\Windows\syswow64\RunDll32.exe [2009-07-14 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberGhost]
C:\Program Files\CyberGhost 5\CyberGhost.EXE [2014-11-03 410216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2015-02-17 3978600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\Mystery\AppData\Roaming\QipGuard\QipGuard.exe /p []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
C:\Program Files (x86)\Raptr\raptrstub.exe [2015-03-25 55568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftEther VPN Client UI Helper]
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [2014-04-29 4322872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2015-04-14 2889408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk]
C:\PROGRA~1\SOFTET~1\VPNCMG~1.EXE [2014-04-29 4513336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mystery^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Mystery\AppData\Roaming\Dropbox\bin\Dropbox.exe [2015-05-05 43374104]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2010-09-07 43608]
"ASUS AiChargerPlus Execute"=C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [2010-11-08 465536]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-05-26 767176]
C:\Users\Mystery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Mystery\AppData\Roaming\Dropbox\bin\Dropbox.exe
Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93144200.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\93144200.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
======File associations======
.inf - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1
.ini - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "%SystemRoot%\System32\WScript.exe" "%1" %*
.txt - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1
======List of files/folders created in the last 2 months======
2015-06-04 09:33:30 ----D---- C:\Program Files\trend micro
2015-06-04 09:33:29 ----D---- C:\rsit
2015-06-04 00:31:42 ----D---- C:\FRST
2015-06-04 00:26:10 ----A---- C:\TDSSKiller.3.0.0.44_04.06.2015_00.26.10_log.txt
2015-06-04 00:24:03 ----A---- C:\TDSSKiller.3.0.0.44_04.06.2015_00.24.03_log.txt
2015-06-04 00:17:06 ----SHD---- C:\$RECYCLE.BIN
2015-06-03 23:14:02 ----SD---- C:\ComboFix
2015-06-03 23:12:49 ----D---- C:\Qoobox
2015-05-31 10:08:26 ----D---- C:\Users\Mystery\AppData\Roaming\Trillian
2015-05-31 10:08:22 ----D---- C:\Program Files (x86)\Trillian
2015-05-31 10:00:11 ----D---- C:\Users\Mystery\AppData\Roaming\.purple
2015-05-31 09:57:58 ----D---- C:\Program Files (x86)\Pidgin
2015-05-30 11:47:56 ----D---- C:\ProgramData\ATI
2015-05-30 11:47:54 ----D---- C:\Program Files (x86)\AMD AVT
2015-05-29 21:14:55 ----D---- C:\ProgramData\SP_FT_Logs
2015-05-27 00:41:32 ----A---- C:\Windows\system32\amdave64.dll
2015-05-27 00:41:30 ----A---- C:\Windows\SYSWOW64\amdave32.dll
2015-05-27 00:41:26 ----A---- C:\Windows\system32\amdhcp64.dll
2015-05-27 00:41:22 ----A---- C:\Windows\system32\atimpc64.dll
2015-05-27 00:41:22 ----A---- C:\Windows\system32\amdpcom64.dll
2015-05-27 00:41:20 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2015-05-27 00:41:20 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll
2015-05-27 00:41:06 ----A---- C:\Windows\system32\atiu9p64.dll
2015-05-27 00:40:26 ----A---- C:\Windows\system32\atiumd6a.dll
2015-05-27 00:40:22 ----A---- C:\Windows\system32\atiumd64.dll
2015-05-27 00:38:16 ----A---- C:\Windows\system32\drivers\amdacpksd.sys
2015-05-27 00:35:56 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2015-05-27 00:28:38 ----A---- C:\Windows\system32\clinfo.exe
2015-05-27 00:28:34 ----A---- C:\Windows\system32\OpenVideo64.dll
2015-05-27 00:28:32 ----A---- C:\Windows\SYSWOW64\OpenVideo.dll
2015-05-27 00:28:30 ----A---- C:\Windows\SYSWOW64\OVDecode.dll
2015-05-27 00:28:30 ----A---- C:\Windows\system32\OVDecode64.dll
2015-05-27 00:28:28 ----A---- C:\Windows\system32\amdocl64.dll
2015-05-27 00:27:34 ----A---- C:\Windows\SYSWOW64\amdocl.dll
2015-05-27 00:26:44 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2015-05-27 00:26:44 ----A---- C:\Windows\system32\OpenCL.dll
2015-05-27 00:20:48 ----A---- C:\Windows\system32\atio6axx.dll
2015-05-27 00:15:32 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2015-05-27 00:14:48 ----A---- C:\Windows\system32\mantle64.dll
2015-05-27 00:14:44 ----A---- C:\Windows\SYSWOW64\mantle32.dll
2015-05-27 00:14:38 ----A---- C:\Windows\system32\amdmantle64.dll
2015-05-27 00:14:26 ----A---- C:\Windows\system32\amdmmcl6.dll
2015-05-27 00:14:24 ----A---- C:\Windows\SYSWOW64\amdmmcl.dll
2015-05-27 00:12:06 ----A---- C:\Windows\system32\atiapfxx.exe
2015-05-27 00:12:04 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2015-05-27 00:12:04 ----A---- C:\Windows\system32\aticalrt64.dll
2015-05-27 00:12:02 ----A---- C:\Windows\system32\aticalcl64.dll
2015-05-27 00:12:00 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2015-05-27 00:11:56 ----A---- C:\Windows\system32\aticaldd64.dll
2015-05-27 00:11:44 ----A---- C:\Windows\SYSWOW64\amdmantle32.dll
2015-05-27 00:11:06 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2015-05-27 00:09:14 ----A---- C:\Windows\system32\mantleaxl64.dll
2015-05-27 00:09:10 ----A---- C:\Windows\SYSWOW64\mantleaxl32.dll
2015-05-27 00:07:54 ----A---- C:\Windows\system32\atidemgy.dll
2015-05-27 00:07:52 ----A---- C:\Windows\system32\atimuixx.dll
2015-05-27 00:07:50 ----A---- C:\Windows\system32\atieclxx.exe
2015-05-27 00:07:42 ----A---- C:\Windows\system32\atiesrxx.exe
2015-05-27 00:07:30 ----A---- C:\Windows\system32\atitmm64.dll
2015-05-27 00:04:48 ----A---- C:\Windows\system32\atisamu64.dll
2015-05-27 00:04:44 ----A---- C:\Windows\SYSWOW64\atisamu32.dll
2015-05-27 00:04:10 ----A---- C:\Windows\system32\atiadlxx.dll
2015-05-27 00:04:06 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2015-05-27 00:04:04 ----A---- C:\Windows\system32\atig6pxx.dll
2015-05-27 00:04:02 ----A---- C:\Windows\SYSWOW64\atiglpxx.dll
2015-05-27 00:04:02 ----A---- C:\Windows\system32\atiglpxx.dll
2015-05-27 00:04:02 ----A---- C:\Windows\system32\atig6txx.dll
2015-05-27 00:03:58 ----A---- C:\Windows\SYSWOW64\atigktxx.dll
2015-05-27 00:03:56 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2015-05-27 00:03:56 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2015-05-26 18:32:00 ----A---- C:\Windows\system32\kdbsdk64.dll
2015-05-26 18:30:28 ----A---- C:\Windows\SYSWOW64\kdbsdk32.dll
2015-05-21 16:45:04 ----D---- C:\Program Files (x86)\Cok Software
2015-05-14 00:49:16 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:49:16 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:39:56 ----D---- C:\temp
2015-05-13 16:12:07 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-05-13 16:12:07 ----A---- C:\Windows\SYSWOW64\certcli.dll
2015-05-13 16:12:07 ----A---- C:\Windows\system32\schannel.dll
2015-05-13 16:12:07 ----A---- C:\Windows\system32\certcli.dll
2015-05-13 16:12:02 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-05-13 16:12:01 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-05-13 16:12:01 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-05-13 16:12:01 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-05-13 16:12:01 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-05-13 16:12:01 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-05-13 16:12:01 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-05-13 16:12:01 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-05-13 16:12:01 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-05-13 16:12:01 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 16:12:01 ----A---- C:\Windows\system32\iernonce.dll
2015-05-13 16:12:01 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-05-13 16:12:01 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-05-13 16:12:01 ----A---- C:\Windows\system32\ie4uinit.exe
2015-05-13 16:12:00 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-05-13 16:12:00 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-05-13 16:11:59 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-05-13 16:11:59 ----A---- C:\Windows\system32\urlmon.dll
2015-05-13 16:11:59 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 16:11:59 ----A---- C:\Windows\system32\msfeeds.dll
2015-05-13 16:11:59 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 16:11:59 ----A---- C:\Windows\system32\iedkcs32.dll
2015-05-13 16:11:59 ----A---- C:\Windows\system32\dxtrans.dll
2015-05-13 16:11:58 ----A---- C:\Windows\system32\iesetup.dll
2015-05-13 16:11:58 ----A---- C:\Windows\system32\iertutil.dll
2015-05-13 16:11:58 ----A---- C:\Windows\system32\ieapfltr.dll
2015-05-13 16:11:57 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-05-13 16:11:57 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-05-13 16:11:57 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-05-13 16:11:57 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-05-13 16:11:57 ----A---- C:\Windows\system32\vbscript.dll
2015-05-13 16:11:57 ----A---- C:\Windows\system32\jsproxy.dll
2015-05-13 16:11:57 ----A---- C:\Windows\system32\ieUnatt.exe
2015-05-13 16:11:57 ----A---- C:\Windows\system32\ieui.dll
2015-05-13 16:11:57 ----A---- C:\Windows\system32\ieframe.dll
2015-05-13 16:11:57 ----A---- C:\Windows\system32\dxtmsft.dll
2015-05-13 16:11:56 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-05-13 16:11:56 ----A---- C:\Windows\system32\mshtmled.dll
2015-05-13 16:11:56 ----A---- C:\Windows\system32\jscript9diag.dll
2015-05-13 16:11:56 ----A---- C:\Windows\system32\jscript9.dll
2015-05-13 16:11:56 ----A---- C:\Windows\system32\jscript.dll
2015-05-13 16:11:55 ----A---- C:\Windows\system32\wininet.dll
2015-05-13 16:11:55 ----A---- C:\Windows\system32\msrating.dll
2015-05-13 16:11:55 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-05-13 16:11:55 ----A---- C:\Windows\system32\mshtml.dll
2015-05-13 16:11:23 ----A---- C:\Windows\system32\services.exe
2015-05-13 16:11:19 ----A---- C:\Windows\system32\UtcResources.dll
2015-05-13 16:11:19 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-05-13 16:11:19 ----A---- C:\Windows\system32\ntdll.dll
2015-05-13 16:11:19 ----A---- C:\Windows\system32\diagtrack.dll
2015-05-13 16:11:18 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-05-13 16:11:18 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-05-13 16:11:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-05-13 16:11:18 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-05-13 16:11:18 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-05-13 16:11:18 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2015-05-13 16:11:18 ----A---- C:\Windows\system32\wow64.dll
2015-05-13 16:11:18 ----A---- C:\Windows\system32\tdh.dll
2015-05-13 16:11:18 ----A---- C:\Windows\system32\msv1_0.dll
2015-05-13 16:11:18 ----A---- C:\Windows\system32\lsasrv.dll
2015-05-13 16:11:18 ----A---- C:\Windows\system32\KernelBase.dll
2015-05-13 16:11:18 ----A---- C:\Windows\system32\kernel32.dll
2015-05-13 16:11:18 ----A---- C:\Windows\system32\advapi32.dll
2015-05-13 16:11:17 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-05-13 16:11:17 ----A---- C:\Windows\SYSWOW64\tracerpt.exe
2015-05-13 16:11:17 ----A---- C:\Windows\SYSWOW64\sechost.dll
2015-05-13 16:11:17 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-05-13 16:11:17 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-05-13 16:11:17 ----A---- C:\Windows\SYSWOW64\logman.exe
2015-05-13 16:11:17 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-05-13 16:11:17 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-05-13 16:11:17 ----A---- C:\Windows\system32\winsrv.dll
2015-05-13 16:11:17 ----A---- C:\Windows\system32\wdigest.dll
2015-05-13 16:11:17 ----A---- C:\Windows\system32\typeperf.exe
2015-05-13 16:11:17 ----A---- C:\Windows\system32\tracerpt.exe
2015-05-13 16:11:17 ----A---- C:\Windows\system32\srcore.dll
2015-05-13 16:11:17 ----A---- C:\Windows\system32\smss.exe
2015-05-13 16:11:17 ----A---- C:\Windows\system32\sechost.dll
2015-05-13 16:11:17 ----A---- C:\Windows\system32\rstrui.exe
2015-05-13 16:11:17 ----A---- C:\Windows\system32\logman.exe
2015-05-13 16:11:17 ----A---- C:\Windows\system32\kerberos.dll
2015-05-13 16:11:17 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-05-13 16:11:17 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-05-13 16:11:17 ----A---- C:\Windows\system32\conhost.exe
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\typeperf.exe
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\relog.exe
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\diskperf.exe
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-05-13 16:11:16 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-05-13 16:11:16 ----A---- C:\Windows\system32\wow64win.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\wow64cpu.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\TSpkg.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\sspisrv.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\sspicli.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\srclient.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\secur32.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\relog.exe
2015-05-13 16:11:16 ----A---- C:\Windows\system32\ntvdm64.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\ncrypt.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\lsass.exe
2015-05-13 16:11:16 ----A---- C:\Windows\system32\diskperf.exe
2015-05-13 16:11:16 ----A---- C:\Windows\system32\csrsrv.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\credssp.dll
2015-05-13 16:11:16 ----A---- C:\Windows\system32\auditpol.exe
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 16:11:15 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 16:11:15 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-05-13 16:11:15 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-05-13 16:11:14 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 16:11:14 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 16:11:14 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 16:11:14 ----A---- C:\Windows\SYSWOW64\user.exe
2015-05-13 16:11:14 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-05-13 16:11:14 ----A---- C:\Windows\system32\apisetschema.dll
2015-05-13 16:11:13 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-05-13 16:11:13 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-05-13 16:11:13 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-05-13 16:11:13 ----A---- C:\Windows\system32\msobjs.dll
2015-05-13 16:11:13 ----A---- C:\Windows\system32\msaudite.dll
2015-05-13 16:11:13 ----A---- C:\Windows\system32\adtschema.dll
2015-05-13 16:11:07 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-05-13 16:11:07 ----A---- C:\Windows\system32\win32k.sys
2015-05-13 16:11:07 ----A---- C:\Windows\system32\FntCache.dll
2015-05-13 16:11:07 ----A---- C:\Windows\system32\DWrite.dll
2015-05-13 16:11:05 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-05-13 16:11:05 ----A---- C:\Windows\system32\InkEd.dll
2015-05-13 16:11:04 ----A---- C:\Windows\SYSWOW64\wpdshext.dll
2015-05-13 16:11:04 ----A---- C:\Windows\system32\wpdshext.dll
2015-05-13 16:11:04 ----A---- C:\Windows\system32\jnwmon.dll
2015-05-13 16:11:02 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-05-13 16:11:02 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-05-13 16:11:02 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2015-05-13 16:11:02 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-05-13 16:11:02 ----A---- C:\Windows\system32\shimeng.dll
2015-05-13 16:11:02 ----A---- C:\Windows\system32\sdbinst.exe
2015-05-13 16:11:02 ----A---- C:\Windows\system32\poqexec.exe
2015-05-13 16:11:02 ----A---- C:\Windows\system32\apphelp.dll
2015-05-13 16:11:02 ----A---- C:\Windows\system32\aelupsvc.dll
2015-05-07 19:03:16 ----D---- C:\Users\Mystery\AppData\Roaming\Ulozto File Manager
2015-05-07 19:03:14 ----D---- C:\Program Files (x86)\Ulozto File Manager
2015-05-04 17:37:42 ----D---- C:\Users\Mystery\AppData\Roaming\Arduino15
2015-05-04 17:35:58 ----D---- C:\Program Files (x86)\Arduino
2015-04-16 18:23:53 ----D---- C:\Program Files (x86)\Rockstar Games
2015-04-16 18:23:50 ----D---- C:\Program Files\Rockstar Games
2015-04-16 17:25:58 ----D---- C:\AMD
2015-04-15 11:35:36 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-04-15 11:35:36 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-04-15 11:35:36 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-04-15 11:35:36 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-04-15 11:35:36 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wuwebv.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wups2.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wups.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wudriver.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wucltux.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wuaueng.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wuauclt.exe
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wuapp.exe
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wuapi.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 11:35:36 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-04-15 11:35:30 ----A---- C:\Windows\system32\generaltel.dll
2015-04-15 11:35:30 ----A---- C:\Windows\system32\appraiser.dll
2015-04-15 11:35:30 ----A---- C:\Windows\system32\aepic.dll
2015-04-15 11:35:30 ----A---- C:\Windows\system32\aeinv.dll
2015-04-15 11:35:30 ----A---- C:\Windows\system32\acmigration.dll
2015-04-15 11:35:29 ----A---- C:\Windows\system32\invagent.dll
2015-04-15 11:35:29 ----A---- C:\Windows\system32\devinv.dll
2015-04-15 11:35:29 ----A---- C:\Windows\system32\aepdu.dll
2015-04-15 11:35:28 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-04-15 11:35:28 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-04-15 11:35:28 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-04-15 11:35:28 ----A---- C:\Windows\system32\msxml3r.dll
2015-04-15 11:35:28 ----A---- C:\Windows\system32\msxml3.dll
2015-04-15 11:35:28 ----A---- C:\Windows\system32\gdi32.dll
2015-04-15 11:35:16 ----A---- C:\Windows\system32\drivers\http.sys
2015-04-15 11:32:58 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-04-15 11:32:58 ----A---- C:\Windows\system32\clfsw32.dll
2015-04-15 11:32:58 ----A---- C:\Windows\system32\clfs.sys
======List of files/folders modified in the last 2 months======
2015-06-04 09:33:36 ----D---- C:\Windows\temp
2015-06-04 09:33:30 ----RD---- C:\Program Files
2015-06-04 09:27:29 ----D---- C:\Windows\System32
2015-06-04 09:27:29 ----D---- C:\Windows\inf
2015-06-04 09:27:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-06-04 09:26:59 ----D---- C:\Windows\system32\drivers\etc
2015-06-04 09:24:59 ----D---- C:\Windows\system32\config
2015-06-04 09:24:21 ----D---- C:\Users\Mystery\AppData\Roaming\Skype
2015-06-04 09:23:04 ----D---- C:\Users\Mystery\AppData\Roaming\Dropbox
2015-06-04 09:22:49 ----D---- C:\Program Files (x86)\QIP 2012
2015-06-04 00:42:35 ----A---- C:\bdlog.txt
2015-06-04 00:41:26 ----D---- C:\AdwCleaner
2015-06-04 00:32:37 ----D---- C:\Windows
2015-06-04 00:25:17 ----D---- C:\Windows\system32\drivers
2015-06-03 23:24:09 ----D---- C:\Windows\SysWOW64
2015-06-03 23:24:08 ----D---- C:\Windows\SYSWOW64\drivers
2015-06-03 23:24:08 ----D---- C:\Windows\AppPatch
2015-06-03 23:24:07 ----D---- C:\Program Files (x86)\Common Files
2015-06-03 21:31:44 ----SHD---- C:\Windows\Installer
2015-06-03 21:31:44 ----D---- C:\ProgramData\Skype
2015-06-03 15:51:39 ----D---- C:\Users\Mystery\AppData\Roaming\vlc
2015-06-03 12:55:53 ----SHD---- C:\System Volume Information
2015-06-02 12:10:56 ----D---- C:\Program Files (x86)\Battle.net
2015-06-02 11:58:13 ----D---- C:\Windows\system32\Tasks
2015-06-02 11:58:13 ----D---- C:\Program Files (x86)\Opera Next
2015-05-31 10:08:22 ----RD---- C:\Program Files (x86)
2015-05-30 12:54:59 ----D---- C:\Windows\system32\catroot
2015-05-30 12:20:51 ----D---- C:\Windows\Microsoft.NET
2015-05-30 11:47:56 ----D---- C:\ProgramData
2015-05-30 11:47:55 ----D---- C:\ProgramData\AMD
2015-05-30 11:47:21 ----D---- C:\Program Files\AMD
2015-05-30 11:45:51 ----D---- C:\Windows\system32\DriverStore
2015-05-27 00:41:24 ----A---- C:\Windows\SYSWOW64\amdhcp32.dll
2015-05-27 00:41:10 ----A---- C:\Windows\system32\atiuxp64.dll
2015-05-27 00:41:08 ----A---- C:\Windows\SYSWOW64\atiuxpag.dll
2015-05-27 00:41:04 ----A---- C:\Windows\SYSWOW64\atiu9pag.dll
2015-05-27 00:41:00 ----A---- C:\Windows\system32\aticfx64.dll
2015-05-27 00:40:58 ----A---- C:\Windows\SYSWOW64\aticfx32.dll
2015-05-27 00:40:52 ----A---- C:\Windows\system32\atidxx64.dll
2015-05-27 00:40:48 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2015-05-27 00:40:40 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2015-05-27 00:40:32 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2015-05-27 00:05:10 ----A---- C:\Windows\system32\coinst_14.50.dll
2015-05-25 12:33:06 ----HD---- C:\Windows\system32\GroupPolicy
2015-05-25 11:45:35 ----D---- C:\Program Files (x86)\TeamViewer
2015-05-21 01:08:45 ----D---- C:\Windows\winsxs
2015-05-21 01:08:42 ----SD---- C:\Windows\SYSWOW64\GWX
2015-05-21 01:08:42 ----SD---- C:\Windows\system32\GWX
2015-05-20 10:42:07 ----D---- C:\Program Files (x86)\Opera
2015-05-17 20:33:11 ----D---- C:\Users\Mystery\AppData\Roaming\TS3Client
2015-05-16 10:44:45 ----D---- C:\Windows\Tasks
2015-05-14 20:09:18 ----D---- C:\Program Files (x86)\Hearthstone
2015-05-14 18:46:58 ----D---- C:\Windows\rescache
2015-05-14 14:49:44 ----RSD---- C:\Windows\assembly
2015-05-14 11:05:42 ----D---- C:\Windows\SYSWOW64\en-US
2015-05-14 11:05:42 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-05-14 11:05:42 ----D---- C:\Windows\system32\en-US
2015-05-14 11:05:42 ----D---- C:\Windows\system32\cs-CZ
2015-05-14 11:05:42 ----D---- C:\Program Files\Internet Explorer
2015-05-14 11:05:42 ----D---- C:\Program Files (x86)\Internet Explorer
2015-05-14 11:05:40 ----D---- C:\Windows\system32\AdvancedInstallers
2015-05-14 11:05:40 ----D---- C:\Program Files\Windows Journal
2015-05-14 11:05:38 ----D---- C:\Windows\system32\drivers\UMDF
2015-05-14 00:57:21 ----D---- C:\ProgramData\Microsoft Help
2015-05-14 00:56:52 ----D---- C:\Windows\system32\MRT
2015-05-14 00:51:41 ----A---- C:\Windows\system32\MRT.exe
2015-05-13 16:10:54 ----D---- C:\Windows\system32\catroot2
2015-05-10 11:47:47 ----RD---- C:\Program Files (x86)\Skype
2015-05-09 16:42:28 ----SD---- C:\Users\Mystery\AppData\Roaming\Microsoft
2015-05-08 20:49:50 ----D---- C:\Program Files (x86)\Steam
2015-04-24 21:21:22 ----D---- C:\Program Files\SoftEther VPN Client
2015-04-19 11:00:31 ----D---- C:\Program Files (x86)\PokerStars
2015-04-17 18:14:11 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-16 17:50:57 ----D---- C:\Windows\AppCompat
2015-04-15 21:07:37 ----SD---- C:\Windows\system32\CompatTel
2015-04-15 21:07:37 ----D---- C:\Windows\system32\appraiser
2015-04-15 19:18:45 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-04-15 15:44:18 ----D---- C:\Program Files (x86)\Zotero Standalone
2015-04-05 21:25:08 ----D---- C:\ProgramData\Package Cache
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AiChargerPlus;ASUS Charger Plus Driver; C:\Windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464]
R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2013-11-06 83176]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2013-11-06 43240]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\Windows\system32\DRIVERS\amdkmpfd.sys [2014-10-28 62152]
R0 avc3;avc3; C:\Windows\system32\DRIVERS\avc3.sys [2015-02-10 1306464]
R0 gzflt;gzflt; C:\Windows\system32\DRIVERS\gzflt.sys [2015-03-17 160544]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2010-11-25 120408]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-04-28 386680]
R0 trufos;trufos; C:\Windows\system32\DRIVERS\trufos.sys [2014-11-12 452040]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2010-08-24 13440]
R1 AsUpIO;AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [2010-08-03 14464]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2015-02-10 93600]
R1 bdfwfpf;bdfwfpf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-10-29 107080]
R1 BDVEDISK;BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2013-06-08 231376]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2013-04-12 237840]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2013-04-12 120080]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2012-11-20 52376]
R2 mbamchameleon;mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [2015-04-14 107736]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-05-27 19339264]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-05-27 591872]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
R3 ASUSFILTER;ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [2011-09-20 46152]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2014-12-21 94720]
R3 avckf;avckf; C:\Windows\system32\DRIVERS\avckf.sys [2015-02-10 677104]
R3 avchv;avchv Function Driver; C:\Windows\system32\DRIVERS\avchv.sys [2015-02-10 262544]
R3 CH341SER_A64;CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [2011-11-04 58368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-05-22 4052496]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [2013-05-30 64280]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-04-14 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-06-04 136408]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-04-14 63704]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2014-02-16 60640]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2013-04-12 146704]
S2 AODDriver4.2.0;AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys []
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-10-18 38424]
S3 atillk64;atillk64; \??\C:\Users\Mystery\Desktop\R9 280X Biosy\ati_winflash_2.6.7\atillk64.sys [2006-07-19 14608]
S3 bdfwfpf_pc;bdfwfpf_pc; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2013-07-02 121928]
S3 BDSandBox;BDSandBox; \??\C:\Windows\system32\drivers\bdsandbox.sys [2015-02-10 82824]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz136;cpuz136; \??\C:\Users\Mystery\AppData\Local\Temp\cpuz136\cpuz136_x64.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 GPUZ;GPUZ; \??\C:\Windows\TEMP\GPUZ.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 IOMap;IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [2013-07-02 24824]
S3 Neo_VPN;VPN Client Device Driver - VPN; C:\Windows\system32\DRIVERS\Neo_0069.sys [2014-04-29 28768]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 Rockusb;Driver for Rockusb Device; C:\Windows\system32\DRIVERS\rockusb.sys [2013-03-12 67024]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 SEE;SoftEther Ethernet Layer Driver; C:\Windows\system32\drivers\see.sys [2014-04-29 38240]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 uisp;Logitech USB ICP driver; C:\Windows\System32\Drivers\mtdfu.sys [2013-09-10 17936]
S3 USBPNPA;USB PnP Sound Device Interface; C:\Windows\system32\drivers\CM10864.sys [2014-02-25 1308160]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Serial emulation modem driver; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2013-04-12 131856]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2012-11-20 37680]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-05-27 246272]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-05-26 344064]
R2 asComSvc;ASUS Com Service; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
R2 asHmComSvc;ASUS HM Com Service; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
R2 CGVPNCliService;CyberGhost 5 Client Service; C:\Program Files\CyberGhost 5\Service.exe [2014-11-03 64616]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-04-14 1871160]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-06-18 76152]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-03-30 5448464]
R2 UPDATESRV;Bitdefender Desktop Update Service; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [2014-11-12 67320]
R2 VSSERV;Bitdefender Virus Shield; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [2015-03-17 1547936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-07 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2015-04-01 967040]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-07 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-04-21 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-04 267440]
S4 ArcService;Arc Service; D:\Arc\Arc\ArcService.exe [2013-10-10 88424]
S4 BdDesktopParental;Bitdefender Desktop Parental Control; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [2014-12-17 78144]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
S4 EasyAntiCheat;EasyAntiCheat; C:\Windows\syswow64\EasyAntiCheat.exe [2014-06-21 107552]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2013-10-15 520416]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2015-02-17 2490216]
S4 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2015-02-16 417552]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-02-07 1910128]
S4 RadeonPro Support Service;RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2011-02-10 12800]
S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S4 SafeBox;SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2013-07-08 94624]
S4 SEVPNCLIENT;SoftEther VPN Client; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [2014-04-29 4322872]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S4 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-11-20 919192]
S4 vmware-view-usbd;VMware View USB; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2012-12-03 2436096]
-----------------EOF-----------------
