Как да премахна потенциално нежелана програма

Matt_Ragan · Август 17, 2014

Fixlog.txt zoek-results(17.08.2014).txt

icotonev · Август 17, 2014

Наблюдавате ли първоначалните проблеми...или каквито и да с а други..? Как работи системата ви..?

Matt_Ragan · Август 17, 2014

Основният проблем остава.MBAM отново открива babylon.

icotonev · Август 17, 2014

А дневника може ли да видя..?

Освен това :

Стартирайте Chrome и въвдете:

chrome://settings/searchEngines

Изтрийте babylon ( ако все още се вижда) като маркирате х и излезте от граузера..!

Matt_Ragan · Август 17, 2014

MBAM-17.08.2014.txt

Доколкото си спомням babylon не беше в търсещите машини които изтрих във връзка с инструкции указани по-нагоре в темата.Сега е само google.

icotonev · Август 17, 2014

Ок..:

1.Изтеглете Hitman Pro.

За 32-битова система - http://i.imgur.com/dEMD6.gif.
За 64-битова система - http://wiki.splatterladder.com/images/Download-button3.gif

2.Стартирайте програмата.
3.След като сте стартирали програмата като кликнете върху иконата http://i.imgur.com/5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).
4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.

Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:

http://forums.majorgeeks.com/chaslang/images/Hitman/6-scanfin-choose.jpg

Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:\Programdata\HitmanPro\Logs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

http://www.techsupportforum.com/images/smilies/i_arrow-r.gif Изтеглете програмата: ESET Online Scanner

Стартирайте esetsmartinstaller_enu.exe http://store.picbg.net/pubpic/EF/3D/7c9e83b53227ef3d.jpg
Сложете отметка на YES, I accept the Terms of Use и изберете Start:

http://store.picbg.net/pubpic/E8/43/04ed1c15c0abe843.jpg

Скенерът ще започне да изтегля компонентите, които са му необходими:

http://store.picbg.net/pubpic/D7/13/3b734079c5ccd713.jpg

Уверете се, че е премахната отметката от:

Remove found threats

Уверете се че са маркирани следните позиции:

Scan Archives

Кликнете върху Advanced Settings и маркирайте следните опции:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Накрая изберете Start
Скенерът ще започне да изтегля последните дефиниции и ще започне сканиране на вашия компютър.
Моля, бъдете търпеливи, тъй като това може да отнеме известно време.

След, като сканирането завърши кликнете на List of found threats.
Щракнете върху Export, и запишете файла на вашия работен плот с име ESETScan. Копирайте съдържанието на този доклад, в следващия си отговор.
Изберете бутона Back.
Изберете бутона Finish.

Matt_Ragan · Август 18, 2014



HitmanPro 3.7.9.221

www.hitmanpro.com

 

   Computer name . . . . : SCHANGEME1

   Windows . . . . . . . : 6.1.1.7601.X86/2

   User name . . . . . . : SCHANGEME1\ZDRAVE

   UAC . . . . . . . . . : Enabled

   License . . . . . . . : Free

 

   Scan date . . . . . . : 2014-08-17 22:22:06

   Scan mode . . . . . . : Normal

   Scan duration . . . . : 13m 6s

   Disk access mode  . . : Direct disk access (SRB)

   Cloud . . . . . . . . : Internet

   Reboot  . . . . . . . : No

 

   Threats . . . . . . . : 0

   Traces  . . . . . . . : 3

 

   Objects scanned . . . : 937 075

   Files scanned . . . . : 13 591

   Remnants scanned  . . : 242 226 files / 681 258 keys

 

Suspicious files ____________________________________________________________

 

   C:\Users\ZDRAVE\Desktop\FRST-OlderVersion\FRST-OlderVersion\FRST.exe

      Size . . . . . . . : 1 084 928 bytes

      Age  . . . . . . . : 10.6 days (2014-08-07 07:21:51)

      Entropy  . . . . . : 8.0

      SHA-256  . . . . . : 4220A21B5FE02D61B0EAF1D875399E1E49AD193897FBAF50977EC4638D03DAE3

      Needs elevation  . : Yes

      Fuzzy  . . . . . . : 23.0

         Program has no publisher information but prompts the user for permission elevation.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Time indicates that the file appeared recently on this computer.

 

   C:\Users\ZDRAVE\Desktop\FRST-OlderVersion\FRST.exe

      Size . . . . . . . : 1 093 632 bytes

      Age  . . . . . . . : 0.1 days (2014-08-17 18:51:04)

      Entropy  . . . . . : 8.0

      SHA-256  . . . . . : 2D3661A3C6B7BFCF4BD25F864D2A120AF4F49AD0706BA87B09824D8AA45A33F1

      Needs elevation  . : Yes

      Fuzzy  . . . . . . : 24.0

         Program has no publisher information but prompts the user for permission elevation.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Time indicates that the file appeared recently on this computer.

      Forensic Cluster

         -90.9s C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession1.sqm

         -61.0s C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession2.sqm

         -31.0s C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession3.sqm

         -1.0s C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession4.sqm

         -1.0s C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession4.sqm

          0.0s C:\Users\ZDRAVE\Desktop\FRST-OlderVersion\FRST.exe

          0.0s C:\Users\ZDRAVE\Desktop\FRST-OlderVersion\FRST.exe

          0.0s C:\Users\ZDRAVE\Desktop\FRST-OlderVersion\FRST.exe

          0.0s C:\Users\ZDRAVE\Desktop\FRST-OlderVersion\FRST.exe

          0.0s C:\Users\ZDRAVE\Desktop\FRST-OlderVersion\FRST.exe

          0.0s C:\Users\ZDRAVE\Desktop\FRST-OlderVersion\FRST.exe

          0.0s C:\Users\ZDRAVE\Desktop\FRST-OlderVersion\FRST.exe

          0.0s C:\Users\ZDRAVE\Desktop\FRST-OlderVersion\FRST.exe

          0.0s C:\Users\ZDRAVE\Desktop\FRST-OlderVersion\FRST.exe

          0.0s C:\Users\ZDRAVE\Desktop\FRST-OlderVersion\FRST.exe

 

   C:\Users\ZDRAVE\Desktop\FRST.exe

      Size . . . . . . . : 1 093 632 bytes

      Age  . . . . . . . : 0.3 days (2014-08-17 14:53:16)

      Entropy  . . . . . : 8.0

      SHA-256  . . . . . : 2D3661A3C6B7BFCF4BD25F864D2A120AF4F49AD0706BA87B09824D8AA45A33F1

      Needs elevation  . : Yes

      Fuzzy  . . . . . . : 24.0

         Program has no publisher information but prompts the user for permission elevation.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Time indicates that the file appeared recently on this computer.

      Forensic Cluster

          0.0s C:\Users\ZDRAVE\Desktop\FRST.exe

          0.0s C:\Users\ZDRAVE\Desktop\FRST.exe

          0.0s C:\Users\ZDRAVE\Desktop\FRST.exe

          2.2s C:\Users\ZDRAVE\Desktop\FRST-OlderVersion\

          2.2s C:\Users\ZDRAVE\Desktop\FRST-OlderVersion\

ESETScan.txt

icotonev · Август 18, 2014

Отворете Notepad и с copy/paste копирайте цялата информация от карето по-долу:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Windows.old\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{9A67FB86-07D3-4B43-BFFB-D690C58CC01D}"
"C:\Windows.old\Documents and Settings\All Users\Comodo\Cis\Quarantine\data\{9A67FB86-07D3-4B43-BFFB-D690C58CC01D}"
"C:\Windows.old\ProgramData\Comodo\Cis\Quarantine\data\{9A67FB86-07D3-4B43-BFFB-D690C58CC01D}"
"C:\Windows.old\Users\All Users\Application Data\Comodo\Cis\Quarantine\data\{9A67FB86-07D3-4B43-BFFB-D690C58CC01D}"
"C:\Windows.old\Users\All Users\Comodo\Cis\Quarantine\data\{9A67FB86-07D3-4B43-BFFB-D690C58CC01D}"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0

Запазвате файла Notepad като fix.bat като изберете Save as type: - All Files
Файла трябва да изглежда така: http://i28.photobucket.com/albums/c227/tetonbob/vista_bat_icon.png
Кликнете два пъти върху fix.bat за да го стартирате.
Публикувайте това, което пише в следващия си отговор. Натиснете произволен клавиш, за да продължите.

За финал,контролно сканиране с FRST като изтриете вашето копие и изтеглите ново следвайки инструкцията..:

http://briteccomputers.co.uk/wp-content/uploads/2012/10/qrazy508-240x140.jpg

Моля изтеглете Farbar Recovery Scan Tool и го запазете на десктопа.
Стартирайте файла FRST.exe.
Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
Сложете всички отметки.
Натиснете бутона SCAN.
Ще се създадат два лог файл с името - FRST.txt и Addition.txt на десктопа.
Файлът FRST.txt копирайте в следващия си пост. Addition.txt прикачете в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

Matt_Ragan · Август 19, 2014

Addition.txtПише Deleted Successfully!!Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01

Ran by ZDRAVE (administrator) on SCHANGEME1 on 19-08-2014 21:32:36

Running from C:\Users\ZDRAVE\Desktop

Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Български (България)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

() C:\Program Files\ATK Hotkey\ASLDRSrv.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe

(ATK) C:\Program Files\P4G\BatteryLife.exe

() C:\Program Files\ATKOSD2\ATKOSD2.exe

() C:\Program Files\Wireless Console 2\wcourier.exe

() C:\Program Files\ATK Hotkey\ATKOSD.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

() C:\Program Files\Unlocker\UnlockerAssistant.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(BitTorrent Inc.) C:\Users\ZDRAVE\AppData\Roaming\uTorrent\uTorrent.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Dropbox, Inc.) C:\Users\ZDRAVE\AppData\Roaming\Dropbox\bin\Dropbox.exe

() C:\Program Files\SpywareBlaster\spywareblaster.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-3786351732-3326273418-3990330768-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21647976 2014-07-24] (Skype Technologies S.A.)

HKU\S-1-5-21-3786351732-3326273418-3990330768-1000\...\Run: [uTorrent] => C:\Users\ZDRAVE\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-03] (BitTorrent Inc.)

HKU\S-1-5-21-3786351732-3326273418-3990330768-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4763008 2012-11-01] (SUPERAntiSpyware.com)

HKU\S-1-5-21-3786351732-3326273418-3990330768-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)

HKU\S-1-5-21-3786351732-3326273418-3990330768-1000\...\Run: [GoogleChromeAutoLaunch_6A5BA1C834FD0EDACF0C670231852A69] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)

Startup: C:\Users\ZDRAVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\ZDRAVE\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ZDRAVE\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ZDRAVE\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ZDRAVE\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x31253F8FA159CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG

SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {7DE5D836-A57B-44E0-8558-69A5203446B5} URL = https://www.google.com/search?q={searchTerms}

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 212.39.90.42 8.8.8.8

Tcpip\..\Interfaces\{E1E49A59-C068-47FB-9184-CBE64C91EB83}: [NameServer]212.39.90.42,8.8.8.8

FireFox:

========

FF ProfilePath: C:\Users\ZDRAVE\AppData\Roaming\Mozilla\Firefox\Profiles\3hd7hcqx.default

FF Homepage: hxxp://www.google.bg/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\911bg.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pe-bg.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml

FF Extension: Adblock Plus - C:\Users\ZDRAVE\AppData\Roaming\Mozilla\Firefox\Profiles\3hd7hcqx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-16]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-17]

Chrome:

=======

CHR HomePage: hxxp://search.babylon.com/?affID=119776&babsrc=HP_ss_bad2g&mntrId=48080015AFAE718F

CHR StartupUrls: "hxxp://www.google.com/"

CHR Extension: (AdBlock) - C:\Users\ZDRAVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-13]

CHR Extension: (avast! Online Security) - C:\Users\ZDRAVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-20]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-17]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com) [File not signed]

R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] () [File not signed]

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-17] (AVAST Software)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; C:\Program Files\FinalWire\AIDA64 Extreme Edition\kerneld.x32 [32592 2013-06-02] ()

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-17] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-17] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-17] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-17] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-17] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-17] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-17] (AVAST Software)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-17] ()

S3 cleanhlp; C:\Users\ZDRAVE\Desktop\EmsisoftEmergencyKit\Run\cleanhlp32.sys [50200 2014-08-03] (Emsisoft GmbH)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2014-04-18] (DT Soft Ltd)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-19] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))

U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit

C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit

C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit

C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit

C:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156

C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit

C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit

C:\Program Files\FinalWire\AIDA64 Extreme Edition\kerneld.x32 A195A1E9DC8D3AEE3536BB027E4EF217

C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC

C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2

C:\Windows\system32\drivers\appid.sys ==> MD5 is legit

C:\Windows\system32\drivers\arc.sys ==> MD5 is legit

C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit

C:\Windows\system32\drivers\aswHwid.sys 3BFBB5DAE801CB893B8B46345FED6437

C:\Windows\system32\drivers\aswMonFlt.sys C3014C735F450FE822C97FFBB0627113

C:\Windows\system32\drivers\aswRdr2.sys A4614218584E41C31C7D1CBFF0432ED5

C:\Windows\system32\Drivers\aswRvrt.sys B7750AF7EDFD95674EB7CA92BCDD3358

C:\Windows\system32\drivers\aswSnx.sys 51FDE588D860857A97E4C4B560E40C9B

C:\Windows\system32\drivers\aswSP.sys 1AEB8CDB797666AF709A291B47AE81E0

C:\Windows\system32\drivers\aswStm.sys 83378AE48209388D0F9BD16A44D19EEC

C:\Windows\system32\Drivers\aswVmm.sys 90BEE0170D70D6744CEF2355EEAF8086

C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit

C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\athr.sys 76BAB0C824E2D05B940C4DD40A9B08BF

C:\Windows\System32\DRIVERS\atikmdag.sys FE47D549367005B045580CE61FF5924D

C:\Windows\System32\DRIVERS\AtiPcie.sys A356E45E8432432C06981EA63A1E0FE8

C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit

C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit

C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit

C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit

C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit

C:\Users\ZDRAVE\Desktop\EmsisoftEmergencyKit\Run\cleanhlp32.sys DBC8CDAFC84E96E894C3BAAED9B30F47

C:\Windows\System32\CLFS.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB

C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit

C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\csc.sys ==> MD5 is legit

C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ssudbus.sys 560B0DCE52DFED6623B27C9BAFA6F236

C:\Windows\System32\drivers\discache.sys ==> MD5 is legit

C:\Windows\System32\drivers\disk.sys ==> MD5 is legit

C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E

C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\dtsoftbus01.sys 687AF6BB383885FF6A64071B189A7F3E

C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B

C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit

C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit

C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit

C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit

C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit

C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit

C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB

C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05

C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB

C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit

C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit

C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972

C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit

C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit

C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit

C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit

C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit

C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E

C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit

C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit

C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit

C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9

C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit

C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\ksecdd.sys 4120DA10AA42A9996F4575DB9E3E6E6E

C:\Windows\System32\Drivers\ksecpkg.sys D3964885F0A11ACF51DA3AAA776973B2

C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mbam.sys 8683C1B450F4B3872839308D836E0F92

C:\Windows\system32\drivers\MBAMSwissArmy.sys 12E71DA845D76665B56753AD149E32B3

C:\Windows\system32\drivers\mwac.sys BD27D97297934FD4217A37FD28A7ABC7

C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit

C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit

C:\Windows\System32\drivers\modem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit

C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit

C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit

C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F

C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25

C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC

C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E

C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit

C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit

C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit

C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ATKACPI.sys 97AFFA9D95FFE20EEE6229BC6BE166CF

C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit

C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896

C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit

C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit

C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC

C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit

C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0

C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\system32\drivers\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B

C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit

C:\Windows\System32\drivers\pci.sys ==> MD5 is legit

C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit

C:\Windows\system32\drivers\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit

C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit

C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit

C:\Windows\system32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61

C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rimsptsk.sys A4216C71DD4F60B26418CCFD99CD0815

C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\Rtnicxp.sys 4E20765744BFBC16F6D6E5BD5598786B

C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit

C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 39763504067962108505BFF25F024345

C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 77B9FC20084B48408AD3E87570EB4A85

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\sdbus.sys 0328BE1C7F1CBA23848179F8762E391C

C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\serial.sys ==> MD5 is legit

C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit

C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit

C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit

C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit

C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smserial.sys 19301C27F3425DC39F6C599F527E507D

C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46

C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB

C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC

C:\Windows\System32\DRIVERS\ssudmdm.sys 585FDB94DB04AC1C56298D1FD1F1389E

C:\Windows\System32\DRIVERS\ssudserd.sys E0B86430E0B26C10B355B9E590FD25E0

C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit

C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit

C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit

C:\Windows\System32\drivers\synth3dvsc.sys F2AD8960812FD111E20E84659EF19D43

C:\Windows\System32\DRIVERS\SynTP.sys 760E4F5A1E754BBE4A1BD2A0B54F6AA6

C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B

C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B

C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B

C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8

C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit

C:\Windows\system32\drivers\terminpt.sys 052306FD76793D5D5AB5D9891FD1ADBB

C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101

C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit

C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282

C:\Windows\System32\drivers\tsusbhub.sys 045ACB987C650D8186C6B4A692223860

C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit

C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit

C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit

C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit

C:\Windows\system32\drivers\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46

C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041

C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6

C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A

C:\Windows\System32\DRIVERS\usbohci.sys 9828C8D14CC2676421778F0DE638CF97

C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A

C:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB

C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys ==> MD5 is legit

C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit

C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit

C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit

C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit

C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit

C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7

C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\system32\drivers\wd.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645

C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit

C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708

C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit

C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit

C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070

C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 21:32 - 2014-08-19 21:33 - 00030495 _____ () C:\Users\ZDRAVE\Desktop\FRST.txt

2014-08-19 21:30 - 2014-08-19 21:30 - 01093632 _____ (Farbar) C:\Users\ZDRAVE\Desktop\FRST.exe

2014-08-19 20:56 - 2014-08-19 20:56 - 00043253 _____ () C:\Users\ZDRAVE\Desktop\Shortcut.txt

2014-08-18 04:29 - 2014-08-18 04:29 - 00009574 _____ () C:\Users\ZDRAVE\Desktop\HitmanPro_20140817_2238.log

2014-08-17 22:50 - 2014-08-17 22:50 - 00000000 ____D () C:\Program Files\ESET

2014-08-17 22:48 - 2014-08-17 22:49 - 02347384 _____ (ESET) C:\Users\ZDRAVE\Desktop\esetsmartinstaller_enu.exe

2014-08-17 22:18 - 2014-08-17 22:20 - 10279264 _____ (SurfRight B.V.) C:\Users\ZDRAVE\Desktop\HitmanPro36.exe

2014-08-17 21:49 - 2014-08-17 21:49 - 00001467 _____ () C:\Users\ZDRAVE\Desktop\MBAM-17.08.2014.txt

2014-08-17 20:13 - 2014-08-17 20:13 - 00006227 _____ () C:\Users\ZDRAVE\Desktop\zoek-results(17.08.2014).txt

2014-08-17 19:57 - 2014-08-17 19:38 - 00024064 _____ () C:\Windows\zoek-delete.exe

2014-08-17 19:40 - 2014-08-17 20:03 - 00006227 _____ () C:\zoek-results.log

2014-08-17 19:38 - 2014-08-17 20:01 - 00000000 ____D () C:\zoek_backup

2014-08-17 19:16 - 2014-08-17 19:17 - 01288704 _____ () C:\Users\ZDRAVE\Desktop\zoek.exe

2014-08-17 14:57 - 2014-08-17 14:57 - 00000711 _____ () C:\Users\ZDRAVE\Desktop\Search.txt

2014-08-17 14:40 - 2014-08-17 14:50 - 00001914 _____ () C:\Users\ZDRAVE\Desktop\SystemLook.txt

2014-08-17 14:38 - 2014-08-17 14:39 - 00139264 _____ () C:\Users\ZDRAVE\Desktop\SystemLook.exe

2014-08-16 22:44 - 2014-08-16 22:44 - 00001604 _____ () C:\Users\ZDRAVE\Desktop\Preferences - Пряк път.lnk

2014-08-16 00:02 - 2014-07-01 01:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-16 00:02 - 2014-03-10 00:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-16 00:01 - 2014-06-06 09:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-16 00:01 - 2014-03-10 00:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-15 07:58 - 2014-08-07 04:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-15 07:58 - 2014-08-07 04:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-15 07:58 - 2014-07-16 05:47 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-15 07:58 - 2014-07-16 04:47 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-15 07:57 - 2014-08-01 02:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-15 07:57 - 2014-07-25 16:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-15 07:57 - 2014-07-25 15:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-15 07:57 - 2014-07-25 15:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-15 07:57 - 2014-07-25 15:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-15 07:57 - 2014-07-25 15:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-15 07:57 - 2014-07-25 15:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-15 07:57 - 2014-07-25 14:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-15 07:57 - 2014-07-25 14:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-15 07:57 - 2014-07-25 14:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-15 07:57 - 2014-07-25 14:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-15 07:57 - 2014-07-25 13:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-15 07:57 - 2014-07-14 04:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-15 07:57 - 2014-06-16 04:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-15 07:57 - 2014-06-16 04:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys

2014-08-15 07:57 - 2014-06-16 04:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2014-08-15 07:56 - 2014-07-25 16:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-15 07:56 - 2014-07-25 16:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-15 07:56 - 2014-07-25 15:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-15 07:56 - 2014-07-25 15:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-15 07:56 - 2014-07-25 15:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-15 07:56 - 2014-07-25 15:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-15 07:56 - 2014-07-25 15:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-15 07:56 - 2014-07-25 15:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-15 07:56 - 2014-07-25 15:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-15 07:56 - 2014-07-25 14:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-15 07:56 - 2014-07-25 14:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-15 07:56 - 2014-07-25 14:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-15 07:56 - 2014-07-25 14:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-15 07:56 - 2014-07-25 14:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-15 07:56 - 2014-07-25 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-15 07:56 - 2014-07-25 14:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-15 07:56 - 2014-07-25 13:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-15 07:56 - 2014-07-25 13:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-15 07:54 - 2014-07-16 05:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-15 07:53 - 2014-06-03 12:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-15 07:53 - 2014-06-03 12:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-15 07:53 - 2014-06-03 12:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-15 07:53 - 2014-06-03 12:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-15 07:46 - 2014-06-25 04:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-15 07:17 - 2014-07-09 04:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-08-15 07:17 - 2014-07-09 04:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-08-15 07:17 - 2014-07-09 04:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-08-15 07:17 - 2014-07-09 04:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-08-15 07:17 - 2014-07-09 04:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-08-15 07:17 - 2014-07-09 01:30 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-08-14 18:03 - 2014-08-14 18:03 - 00001471 _____ () C:\Users\ZDRAVE\Desktop\Mbam-14.08.2014(17).txt

2014-08-14 17:20 - 2014-08-14 17:20 - 00179110 _____ () C:\Users\ZDRAVE\Desktop\MBAM-14.08.2014.txt

2014-08-13 16:59 - 2014-08-13 16:59 - 00001467 _____ () C:\Users\ZDRAVE\Desktop\MBAM-13.08.2014.txt

2014-08-13 15:36 - 2014-08-13 16:00 - 00000000 ____D () C:\W.Pustyni.I.W.Puszczy.DVDRip.XviD.Dual audio.FNRG

2014-08-13 08:07 - 2014-08-13 08:07 - 00895120 _____ (Google Inc.) C:\Users\ZDRAVE\Downloads\ChromeSetup.exe

2014-08-12 02:33 - 2014-08-12 02:33 - 00054070 _____ () C:\Users\ZDRAVE\Desktop\Extras.Txt

2014-08-12 02:32 - 2014-08-12 02:32 - 00327718 _____ () C:\Users\ZDRAVE\Desktop\OTL.Txt

2014-08-11 19:16 - 2014-08-11 19:17 - 00602112 _____ (OldTimer Tools) C:\Users\ZDRAVE\Desktop\OTL.exe

2014-08-11 10:35 - 2014-08-11 10:37 - 00000000 ____D () C:\Windows\rescache

2014-08-10 17:09 - 2014-08-11 16:37 - 178589365 _____ () C:\Windows\MEMORY.DMP

2014-08-10 13:52 - 2014-08-10 13:52 - 00017508 _____ () C:\Users\ZDRAVE\Downloads\The Big Heat 1953 720p BD Rip x264 ENG BGsubs iNvERt.torrent

2014-08-10 04:49 - 2014-08-10 04:49 - 00000000 ____D () C:\Users\ZDRAVE\AppData\Roaming\ImgBurn

2014-08-10 04:41 - 2012-03-30 12:13 - 00202614 _____ () C:\Users\ZDRAVE\bulgarian.lng

2014-08-10 04:40 - 2014-08-10 04:40 - 00032700 _____ () C:\Users\ZDRAVE\bulgarian.zip

2014-08-10 04:33 - 2014-08-10 04:33 - 00001787 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk

2014-08-10 04:33 - 2014-08-10 04:33 - 00001775 _____ () C:\Users\Public\Desktop\ImgBurn.lnk

2014-08-10 04:33 - 2014-08-10 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn

2014-08-10 04:33 - 2014-08-10 04:33 - 00000000 ____D () C:\Program Files\ImgBurn

2014-08-10 04:17 - 2014-08-10 07:36 - 00000000 ____D () C:\ProgramData\DVD Shrink

2014-08-10 04:17 - 2014-08-10 04:17 - 00000917 _____ () C:\Users\ZDRAVE\Desktop\DVD Shrink 3.2.lnk

2014-08-10 04:17 - 2014-08-10 04:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink

2014-08-10 04:17 - 2014-08-10 04:17 - 00000000 ____D () C:\Program Files\DVD Shrink

2014-08-10 04:15 - 2014-08-10 04:16 - 01117491 _____ (DVD Shrink ) C:\Users\ZDRAVE\Downloads\DVDShrink 3.2.0.15.exe

2014-08-10 04:15 - 2014-08-10 04:15 - 00001882 _____ () C:\Users\ZDRAVE\Desktop\DVD Decrypter.lnk

2014-08-10 04:15 - 2014-08-10 04:15 - 00000000 ____D () C:\Users\ZDRAVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD Decrypter

2014-08-10 04:15 - 2014-08-10 04:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter

2014-08-10 04:14 - 2014-08-10 04:15 - 00000000 ____D () C:\Program Files\DVD Decrypter

2014-08-10 04:13 - 2014-08-10 04:13 - 00899414 _____ () C:\Users\ZDRAVE\Downloads\DVD Decrypter 3.5.4.0.exe

2014-08-09 13:17 - 2014-08-09 13:20 - 00000000 ____D () C:\Program Files\DVDlabPro2

2014-08-09 13:17 - 2014-08-09 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD-lab PRO 2

2014-08-09 05:23 - 2014-08-19 21:34 - 00000000 ____D () C:\ProgramData\TEMP

2014-08-09 05:22 - 2014-08-09 05:22 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-08-08 17:06 - 2014-08-08 17:06 - 00001780 _____ () C:\Users\ZDRAVE\Desktop\a2scan_140808-170238.txt

2014-08-08 16:51 - 2014-08-07 19:02 - 00000000 ____D () C:\Users\ZDRAVE\Desktop\EmsisoftEmergencyKit

2014-08-08 16:41 - 2014-08-08 16:50 - 227361047 _____ () C:\Users\ZDRAVE\Desktop\EmsisoftEmergencyKit.zip

2014-08-08 15:13 - 2014-08-08 15:13 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-08-08 15:13 - 2014-08-08 15:12 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-08-08 15:12 - 2014-08-08 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-08 15:12 - 2014-08-08 15:12 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-08-08 15:12 - 2014-08-08 15:12 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-08-08 15:12 - 2014-08-08 15:12 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-08-08 15:12 - 2014-08-08 15:12 - 00000000 ____D () C:\Program Files\Java

2014-08-07 15:11 - 2014-08-07 15:11 - 00001020 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk

2014-08-07 15:11 - 2014-08-07 15:11 - 00001008 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk

2014-08-07 07:23 - 2014-08-19 20:56 - 00024879 _____ () C:\Users\ZDRAVE\Desktop\Addition.txt

2014-08-07 07:22 - 2014-08-19 21:32 - 00000000 ____D () C:\FRST

2014-08-07 07:18 - 2014-08-07 07:18 - 00000897 _____ () C:\Users\ZDRAVE\Desktop\JRT.txt

2014-08-07 07:13 - 2014-08-07 07:13 - 00000000 ____D () C:\Windows\ERUNT

2014-08-07 07:10 - 2014-08-07 07:10 - 01016261 _____ (Thisisu) C:\Users\ZDRAVE\Desktop\JRT.exe

2014-08-05 07:49 - 2014-08-05 07:49 - 00001506 _____ () C:\Users\ZDRAVE\Desktop\AdwCleaner - Пряк път.lnk

2014-08-05 07:48 - 2014-08-05 07:49 - 01361309 _____ () C:\Users\ZDRAVE\Downloads\AdwCleaner.exe

2014-08-03 08:00 - 2014-05-14 19:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-03 08:00 - 2014-05-14 19:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-08-03 08:00 - 2014-05-14 19:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-03 08:00 - 2014-05-14 19:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-03 08:00 - 2014-05-14 19:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-08-03 08:00 - 2014-05-14 19:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-03 08:00 - 2014-05-14 19:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-08-03 08:00 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-03 08:00 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-08-01 12:32 - 2014-08-01 12:57 - 00000000 ____D () C:\Storm Of The Century

2014-07-30 07:11 - 2014-07-30 07:11 - 00000000 ____D () C:\Users\ZDRAVE\AppData\Roaming\SUPERAntiSpyware.com

2014-07-30 07:10 - 2014-07-30 07:10 - 00001925 _____ () C:\Users\ZDRAVE\Desktop\SUPERAntiSpyware Professional.lnk

2014-07-30 07:10 - 2014-07-30 07:10 - 00000000 ____D () C:\Users\ZDRAVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2014-07-30 07:10 - 2014-07-30 07:10 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

2014-07-27 21:15 - 2014-07-27 21:15 - 00000937 _____ () C:\Users\ZDRAVE\Desktop\Hard Disk Sentinel.lnk

2014-07-27 21:15 - 2014-07-27 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel

2014-07-26 10:16 - 2014-07-26 15:47 - 00000000 ____D () C:\Users\ZDRAVE\Desktop\AVIAddXSub

2014-07-26 10:15 - 2014-07-26 10:15 - 00907946 _____ () C:\Users\ZDRAVE\Desktop\AVIAddXSub.zip

2014-07-24 16:35 - 2014-07-24 16:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-07-23 22:00 - 2014-07-23 22:02 - 13160000 _____ () C:\Users\ZDRAVE\Desktop\Celine Dion - Because you loved me(1).mp4

2014-07-23 22:00 - 2014-07-23 22:00 - 13631262 _____ () C:\Users\ZDRAVE\Desktop\Celine Dion - Because you loved me.mp4

2014-07-23 21:21 - 2014-07-23 21:41 - 44367126 _____ () C:\Users\ZDRAVE\Desktop\Mary Ann Van Der Horst Halo - Auditions - The X Factor Australia 2014 - uGet(1).mp4

2014-07-23 21:20 - 2014-07-23 21:21 - 37533656 _____ () C:\Users\ZDRAVE\Desktop\Mary Ann Van Der Horst Halo - Auditions - The X Factor Australia 2014 - uGet.mp4

2014-07-23 20:55 - 2014-07-23 21:07 - 61981243 _____ () C:\Users\ZDRAVE\Desktop\Mary Ann Van Der Horst - The X Factor Australia 2014 - AUDITION [FULL] - uGet(1).mp4

2014-07-23 20:54 - 2014-07-23 20:55 - 40369551 _____ () C:\Users\ZDRAVE\Desktop\Mary Ann Van Der Horst - The X Factor Australia 2014 - AUDITION [FULL] - uGet.mp4

2014-07-22 23:18 - 2014-07-22 23:27 - 29335279 _____ () C:\Users\ZDRAVE\Desktop\Leona Lewis - Run - uGet(1).mp4

2014-07-22 23:18 - 2014-07-22 23:18 - 23464762 _____ () C:\Users\ZDRAVE\Desktop\Leona Lewis - Run - uGet.mp4

2014-07-22 23:16 - 2014-07-22 23:16 - 00000905 _____ () C:\Users\Public\Desktop\uGet.lnk

2014-07-22 23:16 - 2014-07-22 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uGet VGI

2014-07-22 23:16 - 2014-07-22 23:16 - 00000000 ____D () C:\Program Files\uGet VGI

2014-07-22 23:16 - 2008-04-02 16:54 - 01101824 _____ (Woodbury Associates Limited) C:\Windows\system32\UniBox210.ocx

2014-07-22 23:16 - 2008-04-02 16:53 - 00880640 _____ (Woodbury Associates Limited) C:\Windows\system32\UniBox10.ocx

2014-07-22 23:16 - 2008-04-02 16:53 - 00212992 _____ (Woodbury Associates Limited) C:\Windows\system32\UniBoxVB12.ocx

2014-07-22 23:16 - 1998-06-24 10:00 - 00108336 _____ (Microsoft Corporation) C:\Windows\system32\MSWINSCK.OCX

2014-07-22 22:39 - 2014-07-22 22:39 - 00000000 ____D () C:\Users\ZDRAVE\AppData\Roaming\ProgSense

2014-07-22 22:37 - 2014-07-22 23:07 - 00000000 ____D () C:\Users\ZDRAVE\AppData\Roaming\Orbit

2014-07-20 20:39 - 2014-07-20 20:39 - 00048988 _____ () C:\Users\ZDRAVE\Downloads\Transformers.Dark.Of.The.Moon.720p.Bluray.x264_MHD.(subs.sab.bz).rar

2014-07-20 09:52 - 2014-07-20 10:19 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-07-20 09:51 - 2014-07-20 09:51 - 10279264 _____ (SurfRight B.V.) C:\Users\ZDRAVE\Downloads\HitmanPro.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 21:34 - 2014-08-09 05:23 - 00000000 ____D () C:\ProgramData\TEMP

2014-08-19 21:33 - 2014-08-19 21:32 - 00030495 _____ () C:\Users\ZDRAVE\Desktop\FRST.txt

2014-08-19 21:33 - 2014-04-16 19:18 - 01878041 _____ () C:\Windows\WindowsUpdate.log

2014-08-19 21:32 - 2014-08-07 07:22 - 00000000 ____D () C:\FRST

2014-08-19 21:32 - 2014-04-18 06:17 - 00000000 ____D () C:\Users\ZDRAVE\AppData\Roaming\uTorrent

2014-08-19 21:31 - 2014-04-18 06:45 - 00000000 ____D () C:\Users\ZDRAVE\AppData\Roaming\Skype

2014-08-19 21:30 - 2014-08-19 21:30 - 01093632 _____ (Farbar) C:\Users\ZDRAVE\Desktop\FRST.exe

2014-08-19 21:30 - 2014-05-03 15:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-19 21:10 - 2014-04-16 22:03 - 00000986 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-19 20:56 - 2014-08-19 20:56 - 00043253 _____ () C:\Users\ZDRAVE\Desktop\Shortcut.txt

2014-08-19 20:56 - 2014-08-07 07:23 - 00024879 _____ () C:\Users\ZDRAVE\Desktop\Addition.txt

2014-08-19 18:34 - 2014-05-16 09:55 - 00000000 ____D () C:\Program Files\SpywareBlaster

2014-08-19 18:10 - 2014-05-18 08:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-19 17:25 - 2009-07-14 07:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-19 17:25 - 2009-07-14 07:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-19 17:20 - 2014-05-04 06:09 - 00000000 ___RD () C:\Users\ZDRAVE\Dropbox

2014-08-19 17:20 - 2014-05-04 06:05 - 00000000 ____D () C:\Users\ZDRAVE\AppData\Roaming\Dropbox

2014-08-19 17:18 - 2014-04-16 22:03 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-19 17:17 - 2014-07-11 11:10 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2014-08-19 17:17 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-19 17:16 - 2014-05-20 20:05 - 00008374 _____ () C:\Windows\setupact.log

2014-08-18 14:34 - 2009-07-14 07:33 - 00411160 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-18 04:29 - 2014-08-18 04:29 - 00009574 _____ () C:\Users\ZDRAVE\Desktop\HitmanPro_20140817_2238.log

2014-08-17 22:50 - 2014-08-17 22:50 - 00000000 ____D () C:\Program Files\ESET

2014-08-17 22:49 - 2014-08-17 22:48 - 02347384 _____ (ESET) C:\Users\ZDRAVE\Desktop\esetsmartinstaller_enu.exe

2014-08-17 22:20 - 2014-08-17 22:18 - 10279264 _____ (SurfRight B.V.) C:\Users\ZDRAVE\Desktop\HitmanPro36.exe

2014-08-17 21:49 - 2014-08-17 21:49 - 00001467 _____ () C:\Users\ZDRAVE\Desktop\MBAM-17.08.2014.txt

2014-08-17 20:13 - 2014-08-17 20:13 - 00006227 _____ () C:\Users\ZDRAVE\Desktop\zoek-results(17.08.2014).txt

2014-08-17 20:11 - 2014-04-16 19:46 - 00000000 ____D () C:\Users\ZDRAVE

2014-08-17 20:03 - 2014-08-17 19:40 - 00006227 _____ () C:\zoek-results.log

2014-08-17 20:01 - 2014-08-17 19:38 - 00000000 ____D () C:\zoek_backup

2014-08-17 20:01 - 2014-05-20 20:05 - 00049594 _____ () C:\Windows\PFRO.log

2014-08-17 19:38 - 2014-08-17 19:57 - 00024064 _____ () C:\Windows\zoek-delete.exe

2014-08-17 19:17 - 2014-08-17 19:16 - 01288704 _____ () C:\Users\ZDRAVE\Desktop\zoek.exe

2014-08-17 18:52 - 2013-12-25 15:05 - 00000000 ____D () C:\Temp

2014-08-17 14:57 - 2014-08-17 14:57 - 00000711 _____ () C:\Users\ZDRAVE\Desktop\Search.txt

2014-08-17 14:50 - 2014-08-17 14:40 - 00001914 _____ () C:\Users\ZDRAVE\Desktop\SystemLook.txt

2014-08-17 14:39 - 2014-08-17 14:38 - 00139264 _____ () C:\Users\ZDRAVE\Desktop\SystemLook.exe

2014-08-16 22:44 - 2014-08-16 22:44 - 00001604 _____ () C:\Users\ZDRAVE\Desktop\Preferences - Пряк път.lnk

2014-08-16 08:01 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-08-16 07:30 - 2014-05-06 22:03 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-08-16 07:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\bg-BG

2014-08-16 00:06 - 2014-04-18 08:29 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-15 07:07 - 2010-11-21 00:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-15 00:26 - 2014-04-17 18:34 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-15 00:22 - 2014-04-16 19:45 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-14 18:03 - 2014-08-14 18:03 - 00001471 _____ () C:\Users\ZDRAVE\Desktop\Mbam-14.08.2014(17).txt

2014-08-14 17:20 - 2014-08-14 17:20 - 00179110 _____ () C:\Users\ZDRAVE\Desktop\MBAM-14.08.2014.txt

2014-08-14 06:54 - 2014-05-04 06:09 - 00001022 _____ () C:\Users\ZDRAVE\Desktop\Dropbox.lnk

2014-08-14 06:54 - 2014-05-04 06:07 - 00000000 ____D () C:\Users\ZDRAVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-08-14 06:20 - 2014-05-03 14:59 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-08-14 06:20 - 2014-05-03 14:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-08-13 16:59 - 2014-08-13 16:59 - 00001467 _____ () C:\Users\ZDRAVE\Desktop\MBAM-13.08.2014.txt

2014-08-13 16:00 - 2014-08-13 15:36 - 00000000 ____D () C:\W.Pustyni.I.W.Puszczy.DVDRip.XviD.Dual audio.FNRG

2014-08-13 08:10 - 2014-04-16 22:03 - 00002163 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-08-13 08:07 - 2014-08-13 08:07 - 00895120 _____ (Google Inc.) C:\Users\ZDRAVE\Downloads\ChromeSetup.exe

2014-08-12 02:33 - 2014-08-12 02:33 - 00054070 _____ () C:\Users\ZDRAVE\Desktop\Extras.Txt

2014-08-12 02:32 - 2014-08-12 02:32 - 00327718 _____ () C:\Users\ZDRAVE\Desktop\OTL.Txt

2014-08-11 19:17 - 2014-08-11 19:16 - 00602112 _____ (OldTimer Tools) C:\Users\ZDRAVE\Desktop\OTL.exe

2014-08-11 16:38 - 2014-05-23 07:52 - 00000000 ____D () C:\Windows\Minidump

2014-08-11 16:37 - 2014-08-10 17:09 - 178589365 _____ () C:\Windows\MEMORY.DMP

2014-08-11 10:37 - 2014-08-11 10:35 - 00000000 ____D () C:\Windows\rescache

2014-08-10 13:52 - 2014-08-10 13:52 - 00017508 _____ () C:\Users\ZDRAVE\Downloads\The Big Heat 1953 720p BD Rip x264 ENG BGsubs iNvERt.torrent

2014-08-10 07:36 - 2014-08-10 04:17 - 00000000 ____D () C:\ProgramData\DVD Shrink

2014-08-10 05:48 - 2014-04-18 07:20 - 00000000 ____D () C:\Users\ZDRAVE\AppData\Roaming\DAEMON Tools Lite