WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Firefox AVG SafeSearch Malware [Closed]

Started by mercenary , Feb 02 2014 04:22 PM

This topic is locked

22 replies to this topic

#16 Jo*

SuperMember

Malware Team
1,208 posts

Posted 06 February 2014 - 10:58 AM

Hi mercenary,

the CKScanner log shows more cracks.
And we had already discussed your cracked MSOffice.

A statement about cracks was posted by me with post #9.

We do not approve of nor support illegal software. Cracked software is not only unethical, it's a good way to get your machine infected. Malware and virus authors love to spread their infections via cracks. I recommend you cease this activity and get rid of any cracked software
...

Sorry, but my help stops until you have:

Uninstalled all cracked software, plugins and programs...

cracked MS Office
flstudio_10.0_crack + plugins
convertxtodvd v5.0.0.31 + crack
rosetta stone 3.4.5 crack
virtual dj v7.0 pro + crack
mirc.v7.32.cracked
and more...

Deletet all folders with cracked downloads...

If all of this is done and confirmed by you, we could run more tools to check this.
If we think it is OK, then I had to write a script to remove the rest of the garbage.

Graduate of the WTT Classroom
Cheers,
Jo

Advertisements

Register to Remove

#17 mercenary

New Member

Authentic Member
12 posts

Posted 06 February 2014 - 11:22 AM

My bad with the SystemLook not working correctly deleting that one really passed my mind about deleting the crack. I went ahead and looked for all the cracks that the previous scan had pulled up on the log and deleted them. Do you need me to run that scan again or how can I confirm?

#18 Jo*

SuperMember

Malware Team
1,208 posts

Posted 06 February 2014 - 11:46 AM

Hi mercenary,

it's hard for me to believe that you could uninstall all cracked software / programs in a few minutes only. Perhaps you deleted only the downloads?

Run SystemLook again:

Double-click SystemLook.exe to run it.
Copy the content of the following code box into the main textfield:

:filefind
AutoKMS*
*crack*

:regfind
AutoKMS
crack

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

***

Right-click and Run as Administrator CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

***

Please download Farbar Recovery Scan Tool and save it to your USB.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Then plug the USB / Flash Drive into the Ransomed / Infected computer.

Use "Computer" to find the USB / Flash drive.
Double-click to run FSRT. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***

Graduate of the WTT Classroom
Cheers,
Jo

#19 mercenary

New Member

Authentic Member
12 posts

Posted 06 February 2014 - 12:27 PM

What I was doing was looking over the CK scan log and copy and pasting all the lines that said crack on them to the small search bar in the bottom that appears when you push on "Start" and the files would show up and I would delete them. I honestly have no idea where the files themselves might be in my computer as I never had a specific folder for downloads.

SystemLook 30.07.11 by jpshortstuff
Log created at 12:20 on 06/02/2014 by Z
Administrator - Elevation successful

========== filefind ==========

Searching for "AutoKMS*"
C:\Windows\System32\Tasks\AutoKMS   --a---- 2426 bytes   [17:46 31/01/2013]   [13:55 14/01/2014] B2BC231CDE08697786871C0846C08FB5
C:\_OTL\MovedFiles\02052014_140032\C_Windows\AutoKMS.ini   --a---- 135 bytes   [17:46 31/01/2013]   [17:46 31/01/2013] 48A77273E8C545DCB70EEE3866CD2123
C:\_OTL\MovedFiles\02052014_140032\C_Windows\Tasks\AutoKMS.job   --a---- 192 bytes   [17:46 31/01/2013]   [09:21 15/01/2014] 2C6E1DBBE76805DE040F2E1A3EF1BB35

Searching for "*crack*"
C:\Users\Z\AppData\Roaming\Microsoft\Windows\Recent\mIRC v7.22 + Crack-Serials [ChattChitto RG].lnk   --a---- 1155 bytes   [18:19 06/02/2014]   [18:19 06/02/2014] 4F70A18E8BAD5BBEFF72CBFD397D5987

========== regfind ==========

Searching for "AutoKMS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A99D13A-16E4-46A5-8EBE-F27CFA950FD7}]
"Path"="\AutoKMS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS]

Searching for "crack"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1ae1b8d2_0]
@="{0.0.0.00000000}.{c8ee149c-82f5-465b-9a1f-c8d172aee503}|\Device\HarddiskVolume2\Users\Z\Downloads\flstudio_10.0_crack.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"="c:\program files (x86)\image-line\fl studio 10\plugins\fruity\effects\hardcore\presets\i cracked my tube!.hdprg\1"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"b"="c:\users\z\mirc v7.27 cracked-eat\mirc727.exe\1"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"c"="C:\Users\Z\MIRC v7.27 Cracked-EAT\Crack\1"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"d"="C:\Users\Z\AppData\Roaming\Microsoft\Windows\Recent\Crack.lnk\1"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"e"="C:\Users\Z\AppData\Roaming\uTorrent\mIRC v7.22 + Crack-Serials [ChattChitto RG].torrent\1"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\best-cracks.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crack-land.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crack-serial-keygen-online.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crackloader.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cracks-keygens.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cracks-keygens.net]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cracks.me.uk]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cracks4u.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crackszilla.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crackundeground.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crackweb.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crackz.ws]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-crack.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gotocrack.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newcracks.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newcracks.net]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.5\CRACK]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1ae1b8d2_0]
@="{0.0.0.00000000}.{c8ee149c-82f5-465b-9a1f-c8d172aee503}|\Device\HarddiskVolume2\Users\Z\Downloads\flstudio_10.0_crack.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"="c:\program files (x86)\image-line\fl studio 10\plugins\fruity\effects\hardcore\presets\i cracked my tube!.hdprg\1"
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"b"="c:\users\z\mirc v7.27 cracked-eat\mirc727.exe\1"
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"c"="C:\Users\Z\MIRC v7.27 Cracked-EAT\Crack\1"
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"d"="C:\Users\Z\AppData\Roaming\Microsoft\Windows\Recent\Crack.lnk\1"
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"e"="C:\Users\Z\AppData\Roaming\uTorrent\mIRC v7.22 + Crack-Serials [ChattChitto RG].torrent\1"
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\best-cracks.com]
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crack-land.com]
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crack-serial-keygen-online.com]
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crackloader.com]
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cracks-keygens.com]
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cracks-keygens.net]
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cracks.me.uk]
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cracks4u.com]
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crackszilla.com]
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crackundeground.com]
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crackweb.com]
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crackz.ws]
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-crack.com]
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gotocrack.com]
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newcracks.com]
[HKEY_USERS\S-1-5-21-893635891-571939354-3906648824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newcracks.net]

-= EOF =-

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.OFABT0
----- EOF -----

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2014
Ran by Z (administrator) on Z-PC on 06-02-2014 12:11:31
Running from C:\Users\Z\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Aqualab\namehelp\nssm.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Program Files (x86)\Aqualab\namehelp\namehelp.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLED.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
() C:\Users\Z\Downloads\SystemLook_x64.exe
() C:\Users\Z\Downloads\CKScanner.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [2598280 2010-03-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2009-09-30] ()
HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [VitaKeyTSR] - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [376176 2010-05-27] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2011-03-14] (Lenovo)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PrivitizeVPN] - C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe [196784 2013-02-08] (OOO Industry)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-893635891-571939354-3906648824-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {B2F2CD68-F538-42E9-9456-6FA113ABB119} URL = http://search.yahoo....p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IEPwdBankBHO Class - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. )
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default
FF NewTab: GOOGLE.COM
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\Extensions\staged [2014-02-05]
FF Extension: YouTube to MP3 Button - C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\Extensions\flvto@hotger.com.xpi [2012-08-03]
FF Extension: Turn Off the Lights - C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\Extensions\stefanvandamme@stefanvd.net.xpi [2013-11-18]
FF Extension: Adblock Plus - C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-22]
FF Extension: Tab Mix Plus - C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-22]
FF Extension: DownThemAll! - C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-02-13]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (Google Docs) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-02]
CHR Extension: (Google Drive) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-02]
CHR Extension: (YouTube) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-02]
CHR Extension: (Google Search) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-02]
CHR Extension: (Google Wallet) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-02]
CHR Extension: (Gmail) - C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-02]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 EgisTec Data Security Service; C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe [314736 2010-05-27] (Egis Technology Inc. )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 namehelp; C:\Program Files (x86)\Aqualab\namehelp\nssm.exe [156672 2012-10-08] ()
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-15] (Alcatel-Lucent)
R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-02-05] (Realtek Semiconductor Corp.)

==================== Drivers (Whitelisted) ====================

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-06 12:06 - 2014-02-06 12:09 - 00026330 _____ () C:\Users\Z\Downloads\Addition.txt
2014-02-06 12:04 - 2014-02-06 12:11 - 00014720 _____ () C:\Users\Z\Downloads\FRST.txt
2014-02-06 12:00 - 2014-02-06 12:11 - 00000000 ____D () C:\FRST
2014-02-06 11:59 - 2014-02-06 11:59 - 02082304 _____ (Farbar) C:\Users\Z\Downloads\FRST64.exe
2014-02-06 09:12 - 2014-02-06 12:09 - 00000127 _____ () C:\Users\Z\Downloads\ckfiles.txt
2014-02-06 09:07 - 2014-02-06 12:11 - 00000356 _____ () C:\Users\Z\Downloads\SystemLook.txt
2014-02-06 08:10 - 2014-02-06 08:10 - 00468480 _____ () C:\Users\Z\Downloads\CKScanner.exe
2014-02-05 16:51 - 2014-02-05 16:51 - 00023701 _____ () C:\ComboFix.txt
2014-02-05 15:44 - 2014-02-05 16:51 - 00000000 ____D () C:\Qoobox
2014-02-05 15:44 - 2011-06-26 00:45 - 00256000 _____ () C:\windows\PEV.exe
2014-02-05 15:44 - 2010-11-07 11:20 - 00208896 _____ () C:\windows\MBR.exe
2014-02-05 15:44 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-02-05 15:44 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-02-05 15:44 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-02-05 15:44 - 2000-08-30 18:00 - 00098816 _____ () C:\windows\sed.exe
2014-02-05 15:44 - 2000-08-30 18:00 - 00080412 _____ () C:\windows\grep.exe
2014-02-05 15:44 - 2000-08-30 18:00 - 00068096 _____ () C:\windows\zip.exe
2014-02-05 15:43 - 2014-02-05 16:48 - 00000000 ____D () C:\windows\erdnt
2014-02-05 15:40 - 2014-02-05 15:40 - 05180173 ____R (Swearware) C:\Users\Z\Downloads\ComboFix.exe
2014-02-05 14:19 - 2014-02-05 15:06 - 42248830 _____ () C:\Users\Z\Desktop\SystemLook.txt
2014-02-05 14:17 - 2014-02-05 14:17 - 00165376 _____ () C:\Users\Z\Downloads\SystemLook_x64.exe
2014-02-05 14:00 - 2014-02-05 14:00 - 00000000 ____D () C:\_OTL
2014-02-04 22:32 - 2014-02-04 22:32 - 00001295 _____ () C:\Users\Z\Desktop\JRT.txt
2014-02-04 22:21 - 2014-02-04 22:21 - 00000000 ____D () C:\windows\ERUNT
2014-02-04 22:20 - 2014-02-04 22:20 - 01037530 _____ (Thisisu) C:\Users\Z\Downloads\JRT.exe
2014-02-04 15:48 - 2014-02-04 16:12 - 00000000 ____D () C:\AdwCleaner
2014-02-04 15:47 - 2014-02-04 15:47 - 01166132 _____ () C:\Users\Z\Downloads\AdwCleaner.exe
2014-02-04 14:22 - 2014-02-04 14:22 - 00061482 _____ () C:\Users\Z\Downloads\Extras.Txt
2014-02-04 14:20 - 2014-02-05 14:44 - 00074838 _____ () C:\Users\Z\Downloads\OTL.Txt
2014-02-04 13:26 - 2014-02-04 13:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-04 13:26 - 2014-02-04 13:26 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-04 13:24 - 2014-02-04 13:53 - 00000000 ____D () C:\Users\Z\Desktop\mbar
2014-02-04 13:24 - 2014-02-04 13:24 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-02-04 13:23 - 2014-02-04 13:23 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Z\Downloads\mbar-1.07.0.1009.exe
2014-02-04 13:23 - 2014-02-04 13:23 - 00602112 _____ (OldTimer Tools) C:\Users\Z\Downloads\OTL.exe
2014-02-04 13:21 - 2014-02-04 13:22 - 00987425 _____ () C:\Users\Z\Downloads\SecurityCheck.exe
2014-02-02 16:11 - 2014-02-02 16:11 - 00625664 _____ () C:\Users\Z\Downloads\dds(1).scr
2014-02-02 16:10 - 2014-02-02 16:10 - 00625664 _____ () C:\Users\Z\Downloads\dds.scr
2014-02-02 15:23 - 2014-02-03 17:50 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-02 15:20 - 2014-02-06 11:41 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-02 15:20 - 2014-02-06 07:45 - 00000502 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 87e12a3c-de15-40b6-a694-38fb9f0dbc8a.job
2014-02-02 15:20 - 2014-02-06 07:45 - 00000502 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 43c95507-6eb6-4e1f-bdfe-ee76624bd54c.job
2014-02-02 15:20 - 2014-02-05 16:46 - 00000884 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-02 15:20 - 2014-02-02 15:36 - 00003884 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-02 15:20 - 2014-02-02 15:36 - 00003632 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-02 15:20 - 2014-02-02 15:24 - 00000000 ____D () C:\Users\Z\AppData\Local\Google
2014-02-02 15:20 - 2014-02-02 15:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-02 15:20 - 2014-02-02 15:20 - 00003560 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 43c95507-6eb6-4e1f-bdfe-ee76624bd54c
2014-02-02 15:20 - 2014-02-02 15:20 - 00003486 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 87e12a3c-de15-40b6-a694-38fb9f0dbc8a
2014-02-02 15:20 - 2014-02-02 15:20 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-02-02 15:20 - 2014-02-02 15:20 - 00000000 ____D () C:\Users\Z\AppData\Roaming\SUPERAntiSpyware.com
2014-02-02 15:20 - 2014-02-02 15:20 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-02 15:20 - 2014-02-02 15:20 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-02 15:17 - 2014-02-02 15:19 - 17939320 _____ (SUPERAntiSpyware) C:\Users\Z\Downloads\SUPERAntiSpywarePro.exe
2014-02-01 16:09 - 2014-02-01 16:09 - 00002571 _____ () C:\Users\Z\Desktop\Rosetta Stone Version 3.lnk
2014-02-01 16:08 - 2014-02-03 20:07 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-02-01 16:08 - 2014-02-01 16:08 - 00000000 ____D () C:\Program Files (x86)\Rosetta Stone
2014-02-01 16:05 - 2014-02-01 16:05 - 00000000 ____D () C:\Users\Z\AppData\Roaming\PowerISO
2014-02-01 16:01 - 2014-02-01 16:01 - 00001007 _____ () C:\Users\Public\Desktop\PowerISO.lnk
2014-02-01 16:00 - 2014-02-01 16:01 - 00000000 ____D () C:\Program Files (x86)\PowerISO
2014-02-01 16:00 - 2013-10-23 08:11 - 00129944 _____ (Power Software Ltd) C:\windows\system32\Drivers\scdemu.sys
2014-01-26 20:44 - 2014-01-26 20:46 - 00000000 ____D () C:\Users\Z\Downloads\Megadeth
2014-01-26 20:41 - 2014-01-26 20:42 - 00000000 ____D () C:\Users\Z\Downloads\Metallica
2014-01-26 20:39 - 2014-01-26 20:39 - 00000000 ____D () C:\Users\Z\Downloads\Iron Maiden-Greatest Hits[www.lokotorrents.com][mp3]
2014-01-21 22:26 - 2014-01-21 22:27 - 00279016 _____ () C:\windows\Minidump\012114-25053-01.dmp
2014-01-21 22:26 - 2014-01-21 22:26 - 266548433 _____ () C:\windows\MEMORY.DMP
2014-01-21 22:26 - 2014-01-21 22:26 - 00000000 ____D () C:\windows\Minidump
2014-01-17 12:57 - 2014-02-01 16:50 - 00000000 ____D () C:\Users\Z\Downloads\Rosetta Stone V3 - English (American)
2014-01-15 17:41 - 2014-01-15 17:41 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-15 17:40 - 2014-01-15 17:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-15 17:40 - 2014-01-15 17:41 - 00000000 ____D () C:\Program Files\iTunes
2014-01-15 17:40 - 2014-01-15 17:41 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-15 17:40 - 2014-01-15 17:40 - 00000000 ____D () C:\Program Files\iPod
2014-01-15 17:05 - 2014-01-15 17:05 - 00000000 ____D () C:\windows\System32\Tasks\Apple
2014-01-15 17:05 - 2014-01-15 17:05 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-01-15 17:04 - 2014-01-15 17:04 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-01-15 17:04 - 2014-01-15 17:04 - 00000000 ____D () C:\Program Files\Bonjour
2014-01-15 17:04 - 2014-01-15 17:04 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-01-15 17:00 - 2014-01-15 17:00 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Malwarebytes
2014-01-15 16:59 - 2014-01-15 17:01 - 79225752 _____ (Apple Inc.) C:\Users\Aris 2\Downloads\iTunes64Setup.exe
2014-01-15 03:21 - 2014-02-05 16:02 - 00404990 _____ () C:\windows\PFRO.log
2014-01-15 03:21 - 2014-02-05 16:02 - 00001624 _____ () C:\windows\setupact.log
2014-01-15 03:21 - 2014-01-15 03:21 - 00000000 _____ () C:\windows\setuperr.log
2014-01-15 03:01 - 2014-02-06 07:48 - 00089517 _____ () C:\windows\IE11_main.log
2014-01-15 02:19 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 02:19 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 02:19 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 02:19 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 02:19 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 02:19 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 02:19 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 02:19 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 02:19 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-14 17:24 - 2014-01-14 17:24 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\Best Buy pc app
2014-01-14 15:07 - 2014-01-14 15:07 - 00001354 _____ () C:\Users\Z\Desktop\CopyTrans Control Center.lnk
2014-01-14 15:07 - 2014-01-14 15:07 - 00000000 ____D () C:\Users\Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
2014-01-14 15:05 - 2014-01-14 15:15 - 00000000 ____D () C:\Users\Z\AppData\Roaming\WindSolutions
2014-01-14 15:05 - 2014-01-14 15:10 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-01-14 15:05 - 2014-01-14 15:05 - 04473792 _____ (WindSolutions) C:\Users\Z\Downloads\Install_CopyTrans_Suite.exe
2014-01-14 14:08 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2014-01-14 09:15 - 2014-01-14 09:17 - 100400976 _____ (Apple Inc.) C:\Users\Z\Downloads\iTunes64Setup(1).exe
2014-01-14 08:07 - 2014-01-14 08:07 - 00000000 ____D () C:\Users\Z\Documents\Freemake
2014-01-14 07:54 - 2014-01-14 07:55 - 00000000 ____D () C:\windows\pss
2014-01-13 20:38 - 2014-01-13 20:38 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Macromedia
2014-01-13 20:38 - 2014-01-13 20:38 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\Macromedia
2014-01-13 20:27 - 2012-07-25 12:03 - 00016896 _____ () C:\windows\system32\sasnative64.exe
2014-01-13 20:25 - 2014-01-13 20:25 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-01-13 20:14 - 2014-01-13 20:14 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Mozilla
2014-01-13 20:14 - 2014-01-13 20:14 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\Mozilla
2014-01-13 20:05 - 2014-01-13 20:05 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\Apple
2014-01-13 19:52 - 2014-01-15 17:42 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Apple Computer
2014-01-13 19:52 - 2014-01-13 19:52 - 00112872 _____ () C:\Users\Aris 2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-13 19:52 - 2014-01-13 19:52 - 00000398 _____ () C:\Users\Aris 2\Desktop\pc app.appref-ms
2014-01-13 19:52 - 2014-01-13 19:52 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
2014-01-13 19:52 - 2014-01-13 19:52 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Intel Corporation
2014-01-13 19:52 - 2014-01-13 19:52 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\Apple Computer
2014-01-13 19:51 - 2014-01-20 18:57 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\Deployment
2014-01-13 19:51 - 2014-01-13 19:51 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\DAEMON Tools Pro
2014-01-13 19:51 - 2014-01-13 19:51 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\EgisTec IPS
2014-01-13 19:51 - 2014-01-13 19:51 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\BioExcess
2014-01-13 19:51 - 2014-01-13 19:51 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\Apps\2.0
2014-01-13 19:49 - 2014-01-13 19:49 - 00001413 _____ () C:\Users\Aris 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-13 19:49 - 2014-01-13 19:49 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Adobe
2014-01-13 19:48 - 2014-01-13 19:50 - 00000000 ___RD () C:\Users\Aris 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-13 19:47 - 2014-01-13 19:47 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\VirtualStore
2014-01-13 19:46 - 2014-02-04 16:12 - 00000000 ___RD () C:\Users\Aris 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-13 19:46 - 2014-01-13 19:51 - 00002425 _____ () C:\Users\Aris 2\Desktop\CyberLink YouCam.lnk
2014-01-13 19:46 - 2014-01-13 19:51 - 00002086 _____ () C:\Users\Aris 2\Desktop\OneKey Recovery.lnk
2014-01-13 19:46 - 2014-01-13 19:51 - 00001118 _____ () C:\Users\Aris 2\Desktop\Cyberlink Power2Go.lnk
2014-01-13 19:46 - 2014-01-13 19:51 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-01-13 19:46 - 2014-01-13 19:48 - 00000000 ____D () C:\Users\Aris 2
2014-01-13 19:46 - 2014-01-13 19:46 - 00000020 ___SH () C:\Users\Aris 2\ntuser.ini
2014-01-13 19:46 - 2013-03-19 07:03 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\TuneUp Software
2014-01-13 19:46 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\Aris 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-13 19:46 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\Aris 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-12 22:14 - 2014-01-12 22:14 - 00000000 ____D () C:\Users\Z\Downloads\The Very Best Of Rammstein - krazykc
2014-01-12 19:24 - 2014-01-12 19:25 - 00000000 ____D () C:\Users\Z\Desktop\965TOGQJ
2014-01-10 10:20 - 2014-01-14 08:00 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-01-10 10:20 - 2014-01-10 10:20 - 16600426 _____ () C:\Users\Z\Downloads\Instagram_(7labsOfficial.com).apk
2014-01-10 10:19 - 2014-01-10 10:25 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-01-10 10:19 - 2014-01-10 10:20 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-01-10 10:15 - 2014-01-10 10:15 - 10245808 _____ (BlueStack Systems Inc.) C:\Users\Z\Downloads\BlueStacks-SplitInstaller_native.exe
2014-01-07 09:22 - 2014-01-07 09:22 - 00000000 ____D () C:\Users\Z\Downloads\Legend of Zelda, The - Ocarina of Time (USA)
2014-01-07 09:21 - 2014-01-07 09:21 - 26999427 _____ () C:\Users\Z\Downloads\Legend of Zelda, The - Ocarina of Time (USA).zip
2014-01-07 09:19 - 2014-01-07 09:19 - 00001067 _____ () C:\Users\Z\Desktop\Project 64.lnk

==================== One Month Modified Files and Folders =======

2014-02-06 12:12 - 2014-02-06 12:04 - 00014720 _____ () C:\Users\Z\Downloads\FRST.txt
2014-02-06 12:11 - 2014-02-06 12:00 - 00000000 ____D () C:\FRST
2014-02-06 12:11 - 2014-02-06 09:07 - 00000356 _____ () C:\Users\Z\Downloads\SystemLook.txt
2014-02-06 12:09 - 2014-02-06 12:06 - 00026330 _____ () C:\Users\Z\Downloads\Addition.txt
2014-02-06 12:09 - 2014-02-06 09:12 - 00000127 _____ () C:\Users\Z\Downloads\ckfiles.txt
2014-02-06 12:08 - 2011-03-14 12:26 - 01871315 _____ () C:\windows\WindowsUpdate.log
2014-02-06 12:05 - 2009-07-13 22:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 12:05 - 2009-07-13 22:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-06 11:59 - 2014-02-06 11:59 - 02082304 _____ (Farbar) C:\Users\Z\Downloads\FRST64.exe
2014-02-06 11:41 - 2014-02-02 15:20 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-06 11:21 - 2012-07-22 20:34 - 00000000 ____D () C:\Users\Z\AppData\Local\Apps\2.0
2014-02-06 11:19 - 2012-07-22 20:33 - 00000000 ____D () C:\Users\Z
2014-02-06 10:41 - 2011-03-14 13:24 - 04130720 _____ () C:\FaceProv.log
2014-02-06 09:58 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\tracing
2014-02-06 08:10 - 2014-02-06 08:10 - 00468480 _____ () C:\Users\Z\Downloads\CKScanner.exe
2014-02-06 07:48 - 2014-01-15 03:01 - 00089517 _____ () C:\windows\IE11_main.log
2014-02-06 07:45 - 2014-02-02 15:20 - 00000502 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 87e12a3c-de15-40b6-a694-38fb9f0dbc8a.job
2014-02-06 07:45 - 2014-02-02 15:20 - 00000502 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 43c95507-6eb6-4e1f-bdfe-ee76624bd54c.job
2014-02-05 16:51 - 2014-02-05 16:51 - 00023701 _____ () C:\ComboFix.txt
2014-02-05 16:51 - 2014-02-05 15:44 - 00000000 ____D () C:\Qoobox
2014-02-05 16:51 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
2014-02-05 16:48 - 2014-02-05 15:43 - 00000000 ____D () C:\windows\erdnt
2014-02-05 16:46 - 2014-02-02 15:20 - 00000884 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-05 16:46 - 2009-07-13 20:34 - 00000215 _____ () C:\windows\system.ini
2014-02-05 16:02 - 2014-01-15 03:21 - 00404990 _____ () C:\windows\PFRO.log
2014-02-05 16:02 - 2014-01-15 03:21 - 00001624 _____ () C:\windows\setupact.log
2014-02-05 16:02 - 2012-12-17 16:08 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2014-02-05 16:02 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-05 16:01 - 2009-07-13 20:34 - 74973184 _____ () C:\windows\system32\config\SOFTWARE.bak
2014-02-05 16:01 - 2009-07-13 20:34 - 16515072 _____ () C:\windows\system32\config\SYSTEM.bak
2014-02-05 16:01 - 2009-07-13 20:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2014-02-05 16:01 - 2009-07-13 20:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2014-02-05 16:01 - 2009-07-13 20:34 - 00262144 _____ () C:\windows\system32\config\DEFAULT.bak
2014-02-05 15:40 - 2014-02-05 15:40 - 05180173 ____R (Swearware) C:\Users\Z\Downloads\ComboFix.exe
2014-02-05 15:06 - 2014-02-05 14:19 - 42248830 _____ () C:\Users\Z\Desktop\SystemLook.txt
2014-02-05 14:44 - 2014-02-04 14:20 - 00074838 _____ () C:\Users\Z\Downloads\OTL.Txt
2014-02-05 14:17 - 2014-02-05 14:17 - 00165376 _____ () C:\Users\Z\Downloads\SystemLook_x64.exe
2014-02-05 14:13 - 2011-03-14 13:14 - 00000000 ____D () C:\ProgramData\VeriFace
2014-02-05 14:08 - 2013-12-19 22:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 14:00 - 2014-02-05 14:00 - 00000000 ____D () C:\_OTL
2014-02-04 22:32 - 2014-02-04 22:32 - 00001295 _____ () C:\Users\Z\Desktop\JRT.txt
2014-02-04 22:24 - 2011-03-14 13:15 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-04 22:24 - 2011-03-14 13:15 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-04 22:21 - 2014-02-04 22:21 - 00000000 ____D () C:\windows\ERUNT
2014-02-04 22:20 - 2014-02-04 22:20 - 01037530 _____ (Thisisu) C:\Users\Z\Downloads\JRT.exe
2014-02-04 16:12 - 2014-02-04 15:48 - 00000000 ____D () C:\AdwCleaner
2014-02-04 16:12 - 2014-01-13 19:46 - 00000000 ___RD () C:\Users\Aris 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-04 15:47 - 2014-02-04 15:47 - 01166132 _____ () C:\Users\Z\Downloads\AdwCleaner.exe
2014-02-04 14:22 - 2014-02-04 14:22 - 00061482 _____ () C:\Users\Z\Downloads\Extras.Txt
2014-02-04 14:02 - 2012-09-17 15:01 - 00000000 ____D () C:\Users\Z\AppData\Roaming\foobar2000
2014-02-04 13:53 - 2014-02-04 13:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-04 13:53 - 2014-02-04 13:24 - 00000000 ____D () C:\Users\Z\Desktop\mbar
2014-02-04 13:26 - 2014-02-04 13:26 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-04 13:24 - 2014-02-04 13:24 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-02-04 13:23 - 2014-02-04 13:23 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Z\Downloads\mbar-1.07.0.1009.exe
2014-02-04 13:23 - 2014-02-04 13:23 - 00602112 _____ (OldTimer Tools) C:\Users\Z\Downloads\OTL.exe
2014-02-04 13:22 - 2014-02-04 13:21 - 00987425 _____ () C:\Users\Z\Downloads\SecurityCheck.exe
2014-02-03 22:13 - 2012-07-22 22:37 - 00000000 ____D () C:\Users\Z\AppData\Roaming\mIRC
2014-02-03 20:07 - 2014-02-01 16:08 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-02-03 17:50 - 2014-02-02 15:23 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-02 16:11 - 2014-02-02 16:11 - 00625664 _____ () C:\Users\Z\Downloads\dds(1).scr
2014-02-02 16:10 - 2014-02-02 16:10 - 00625664 _____ () C:\Users\Z\Downloads\dds.scr
2014-02-02 15:36 - 2014-02-02 15:20 - 00003884 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-02 15:36 - 2014-02-02 15:20 - 00003632 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-02 15:24 - 2014-02-02 15:20 - 00000000 ____D () C:\Users\Z\AppData\Local\Google
2014-02-02 15:24 - 2014-02-02 15:20 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-02 15:20 - 2014-02-02 15:20 - 00003560 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 43c95507-6eb6-4e1f-bdfe-ee76624bd54c
2014-02-02 15:20 - 2014-02-02 15:20 - 00003486 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 87e12a3c-de15-40b6-a694-38fb9f0dbc8a
2014-02-02 15:20 - 2014-02-02 15:20 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-02-02 15:20 - 2014-02-02 15:20 - 00000000 ____D () C:\Users\Z\AppData\Roaming\SUPERAntiSpyware.com
2014-02-02 15:20 - 2014-02-02 15:20 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-02 15:20 - 2014-02-02 15:20 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-02 15:19 - 2014-02-02 15:17 - 17939320 _____ (SUPERAntiSpyware) C:\Users\Z\Downloads\SUPERAntiSpywarePro.exe
2014-02-01 16:50 - 2014-01-17 12:57 - 00000000 ____D () C:\Users\Z\Downloads\Rosetta Stone V3 - English (American)
2014-02-01 16:26 - 2012-07-27 20:07 - 00000000 ____D () C:\Users\Z\AppData\Roaming\uTorrent
2014-02-01 16:09 - 2014-02-01 16:09 - 00002571 _____ () C:\Users\Z\Desktop\Rosetta Stone Version 3.lnk
2014-02-01 16:08 - 2014-02-01 16:08 - 00000000 ____D () C:\Program Files (x86)\Rosetta Stone
2014-02-01 16:05 - 2014-02-01 16:05 - 00000000 ____D () C:\Users\Z\AppData\Roaming\PowerISO
2014-02-01 16:01 - 2014-02-01 16:01 - 00001007 _____ () C:\Users\Public\Desktop\PowerISO.lnk
2014-02-01 16:01 - 2014-02-01 16:00 - 00000000 ____D () C:\Program Files (x86)\PowerISO
2014-01-28 18:14 - 2009-07-13 23:13 - 00726444 _____ () C:\windows\system32\PerfStringBackup.INI
2014-01-26 20:46 - 2014-01-26 20:44 - 00000000 ____D () C:\Users\Z\Downloads\Megadeth
2014-01-26 20:42 - 2014-01-26 20:41 - 00000000 ____D () C:\Users\Z\Downloads\Metallica
2014-01-26 20:39 - 2014-01-26 20:39 - 00000000 ____D () C:\Users\Z\Downloads\Iron Maiden-Greatest Hits[www.lokotorrents.com][mp3]
2014-01-21 22:27 - 2014-01-21 22:26 - 00279016 _____ () C:\windows\Minidump\012114-25053-01.dmp
2014-01-21 22:26 - 2014-01-21 22:26 - 266548433 _____ () C:\windows\MEMORY.DMP
2014-01-21 22:26 - 2014-01-21 22:26 - 00000000 ____D () C:\windows\Minidump
2014-01-20 18:57 - 2014-01-13 19:51 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\Deployment
2014-01-15 17:42 - 2014-01-13 19:52 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Apple Computer
2014-01-15 17:41 - 2014-01-15 17:41 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-15 17:41 - 2014-01-15 17:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-15 17:41 - 2014-01-15 17:40 - 00000000 ____D () C:\Program Files\iTunes
2014-01-15 17:41 - 2014-01-15 17:40 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-15 17:40 - 2014-01-15 17:40 - 00000000 ____D () C:\Program Files\iPod
2014-01-15 17:05 - 2014-01-15 17:05 - 00000000 ____D () C:\windows\System32\Tasks\Apple
2014-01-15 17:05 - 2014-01-15 17:05 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-01-15 17:04 - 2014-01-15 17:04 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-01-15 17:04 - 2014-01-15 17:04 - 00000000 ____D () C:\Program Files\Bonjour
2014-01-15 17:04 - 2014-01-15 17:04 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-01-15 17:01 - 2014-01-15 16:59 - 79225752 _____ (Apple Inc.) C:\Users\Aris 2\Downloads\iTunes64Setup.exe
2014-01-15 17:00 - 2014-01-15 17:00 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Malwarebytes
2014-01-15 03:21 - 2014-01-15 03:21 - 00000000 _____ () C:\windows\setuperr.log
2014-01-15 03:21 - 2012-07-22 22:40 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-15 03:21 - 2009-07-13 22:45 - 00430560 _____ () C:\windows\system32\FNTCACHE.DAT
2014-01-14 17:24 - 2014-01-14 17:24 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\Best Buy pc app
2014-01-14 15:15 - 2014-01-14 15:05 - 00000000 ____D () C:\Users\Z\AppData\Roaming\WindSolutions
2014-01-14 15:10 - 2014-01-14 15:05 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-01-14 15:07 - 2014-01-14 15:07 - 00001354 _____ () C:\Users\Z\Desktop\CopyTrans Control Center.lnk
2014-01-14 15:07 - 2014-01-14 15:07 - 00000000 ____D () C:\Users\Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
2014-01-14 15:05 - 2014-01-14 15:05 - 04473792 _____ (WindSolutions) C:\Users\Z\Downloads\Install_CopyTrans_Suite.exe
2014-01-14 09:17 - 2014-01-14 09:15 - 100400976 _____ (Apple Inc.) C:\Users\Z\Downloads\iTunes64Setup(1).exe
2014-01-14 08:18 - 2009-07-29 01:00 - 00000000 ____D () C:\windows\Panther
2014-01-14 08:15 - 2012-08-26 21:24 - 00000000 ____D () C:\Users\Z\AppData\Roaming\Skype
2014-01-14 08:15 - 2012-08-26 21:05 - 00000000 ____D () C:\ProgramData\Skype
2014-01-14 08:09 - 2012-10-07 18:53 - 00000000 ____D () C:\Users\Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-01-14 08:09 - 2012-10-07 18:50 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-01-14 08:08 - 2012-07-27 20:31 - 00000000 ____D () C:\ProgramData\ImTOO
2014-01-14 08:07 - 2014-01-14 08:07 - 00000000 ____D () C:\Users\Z\Documents\Freemake
2014-01-14 08:07 - 2013-03-18 19:33 - 00000000 ____D () C:\ProgramData\Freemake
2014-01-14 08:07 - 2013-03-18 19:32 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-01-14 08:01 - 2013-01-31 08:47 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Pro
2014-01-14 08:00 - 2014-01-10 10:20 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-01-14 07:58 - 2011-03-14 13:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-14 07:55 - 2014-01-14 07:54 - 00000000 ____D () C:\windows\pss
2014-01-14 07:55 - 2013-05-22 14:19 - 00002766 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-01-14 07:55 - 2013-01-31 11:46 - 00002426 _____ () C:\windows\System32\Tasks\AutoKMS
2014-01-14 07:55 - 2012-08-26 21:16 - 00003158 _____ () C:\windows\System32\Tasks\{E3E2BE91-13D0-4651-9B98-CD47424E0C5C}
2014-01-14 07:55 - 2012-08-26 21:08 - 00003158 _____ () C:\windows\System32\Tasks\{70DA2957-F89B-4D22-AD67-FE0213EB0683}
2014-01-14 07:55 - 2012-07-22 22:40 - 00003770 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-13 20:38 - 2014-01-13 20:38 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Macromedia
2014-01-13 20:38 - 2014-01-13 20:38 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\Macromedia
2014-01-13 20:25 - 2014-01-13 20:25 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-01-13 20:14 - 2014-01-13 20:14 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Mozilla
2014-01-13 20:14 - 2014-01-13 20:14 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\Mozilla
2014-01-13 20:05 - 2014-01-13 20:05 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\Apple
2014-01-13 19:52 - 2014-01-13 19:52 - 00112872 _____ () C:\Users\Aris 2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-13 19:52 - 2014-01-13 19:52 - 00000398 _____ () C:\Users\Aris 2\Desktop\pc app.appref-ms
2014-01-13 19:52 - 2014-01-13 19:52 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
2014-01-13 19:52 - 2014-01-13 19:52 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Intel Corporation
2014-01-13 19:52 - 2014-01-13 19:52 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\Apple Computer
2014-01-13 19:51 - 2014-01-13 19:51 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\DAEMON Tools Pro
2014-01-13 19:51 - 2014-01-13 19:51 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\EgisTec IPS
2014-01-13 19:51 - 2014-01-13 19:51 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\BioExcess
2014-01-13 19:51 - 2014-01-13 19:51 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\Apps\2.0
2014-01-13 19:51 - 2014-01-13 19:46 - 00002425 _____ () C:\Users\Aris 2\Desktop\CyberLink YouCam.lnk
2014-01-13 19:51 - 2014-01-13 19:46 - 00002086 _____ () C:\Users\Aris 2\Desktop\OneKey Recovery.lnk
2014-01-13 19:51 - 2014-01-13 19:46 - 00001118 _____ () C:\Users\Aris 2\Desktop\Cyberlink Power2Go.lnk
2014-01-13 19:51 - 2014-01-13 19:46 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-01-13 19:50 - 2014-01-13 19:48 - 00000000 ___RD () C:\Users\Aris 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-13 19:49 - 2014-01-13 19:49 - 00001413 _____ () C:\Users\Aris 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-13 19:49 - 2014-01-13 19:49 - 00000000 ____D () C:\Users\Aris 2\AppData\Roaming\Adobe
2014-01-13 19:48 - 2014-01-13 19:46 - 00000000 ____D () C:\Users\Aris 2
2014-01-13 19:47 - 2014-01-13 19:47 - 00000000 ____D () C:\Users\Aris 2\AppData\Local\VirtualStore
2014-01-13 19:46 - 2014-01-13 19:46 - 00000020 ___SH () C:\Users\Aris 2\ntuser.ini
2014-01-12 22:14 - 2014-01-12 22:14 - 00000000 ____D () C:\Users\Z\Downloads\The Very Best Of Rammstein - krazykc
2014-01-12 19:25 - 2014-01-12 19:24 - 00000000 ____D () C:\Users\Z\Desktop\965TOGQJ
2014-01-12 19:17 - 2012-07-25 08:57 - 00000000 ____D () C:\Users\Z\AppData\Local\Apple Computer
2014-01-10 10:25 - 2014-01-10 10:19 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-01-10 10:20 - 2014-01-10 10:20 - 16600426 _____ () C:\Users\Z\Downloads\Instagram_(7labsOfficial.com).apk
2014-01-10 10:20 - 2014-01-10 10:19 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-01-10 10:20 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-01-10 10:15 - 2014-01-10 10:15 - 10245808 _____ (BlueStack Systems Inc.) C:\Users\Z\Downloads\BlueStacks-SplitInstaller_native.exe
2014-01-07 09:23 - 2014-01-01 14:48 - 00000000 ____D () C:\Users\Z\Downloads\Legend of Zelda, The - Majora's Mask (USA)
2014-01-07 09:22 - 2014-01-07 09:22 - 00000000 ____D () C:\Users\Z\Downloads\Legend of Zelda, The - Ocarina of Time (USA)
2014-01-07 09:21 - 2014-01-07 09:21 - 26999427 _____ () C:\Users\Z\Downloads\Legend of Zelda, The - Ocarina of Time (USA).zip
2014-01-07 09:19 - 2014-01-07 09:19 - 00001067 _____ () C:\Users\Z\Desktop\Project 64.lnk
2014-01-07 09:19 - 2012-07-27 20:43 - 00000000 ____D () C:\Users\Z\Desktop\dad

Files to move or delete:
====================
C:\Users\Z\Setup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-29 00:38

==================== End Of Log ============================

#20 Jo*

SuperMember

Malware Team
1,208 posts

Posted 06 February 2014 - 01:06 PM

Hi mercenary,

to uninstall a program:
Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
Select a program you want to uninstall, and then click Uninstall.

If you download a cracked setup file for a program, install it on your pc, and then delete the cracked download, then you still have the installed software program on your pc.

***

Pease post the Addition.txt from the scan with the Farbar Recovery Scan Tool you did before.

***

Download the diagnostic tool MGADiag and save it to your desktop.

Double-click on MGADiag.exe.
Click Run.
Click Continue, then Copy.
Paste the report in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo

#21 mercenary

New Member

Authentic Member
12 posts

Posted 06 February 2014 - 02:33 PM

So I do this for every single program that has a crack right? Just to let you know, most of the cracks I downloaded never even worked (figures..) but I never really bothered to get them out of my system.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2014
Ran by Z at 2014-02-06 12:08:48
Running from C:\Users\Z\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30303 - BitTorrent Inc.)
7-Zip 9.20 (x32 Version: - )
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (x32 Version: 11.0.02 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (x32 Version: 2.10 - Michael Tippach)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.26 - Atheros Communications Inc.)
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.1.0 - Best Buy) Hidden
BioExcess (x32 Version: 6.0.48.175 - Egis Technology Inc.)
BioExcess (x32 Version: 6.0.48.175 - Egis Technology Inc.) Hidden
BitLord 2.3 (x32 Version: 2.3.1-198 - House of Life)
BlueStacks Notification Center (x32 Version: 0.8.4.3036 - BlueStack Systems, Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless Driver (x32 Version: 1.0.0.0 - )
CCleaner (Version: 4.01 - Piriform)
CopyTrans Suite Remove Only (HKCU Version: 2.37 - WindSolutions)
CyberLink YouCam (x32 Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2626 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Energy Management (x32 Version: 5.4.1.9 - Lenovo)
ETDWare PS/2-x64 7.0.4.17_WHQL (Version: 7.0.4.17 - ELAN Microelectronics Corp.)
f.lux (HKCU Version: - )
FL Studio 10 (x32 Version: - Image-Line)
foobar2000 v1.1.15 (x32 Version: 1.1.15 - Peter Pawlowski)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
iFunbox (v2.1.2228.731), iFunbox DevTeam (x32 Version: v2.1.2228.731 - )
ImTOO iPod Computer Transfer (x32 Version: 2.1.43.0409 - ImTOO)
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 21 (x32 Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (x32 Version: 1.10.0510.01 - Lenovo EasyCamera)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (x32 Version: 7.0.1628 - CyberLink Corp.)
Lenovo Security Suite (x32 Version: 2.0.10.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.10.0 - Lenovo) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
mIRC (x32 Version: 7.32 - mIRC Co. Ltd.)
MotioninJoy Gamepad tool 0.7.0000 (Version: 0.7.0000 - www.motioninjoy.com)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
namehelp (x32 Version: 1.0.0 - Aqualab)
Notepad++ (x32 Version: 6.1.6 - )
Pokemon Online 1.0.60 (x32 Version: - Dreambelievers)
Power2Go (x32 Version: 5.6.0.4809d4 - CyberLink Corp.)
PowerISO (x32 Version: 5.8 - Power Software Ltd)
PrivitizeVPN (x32 Version: 1.0.0 - OOO Industry) <==== ATTENTION
Project 64 version 2.0.0.14 (x32 Version: 2.0.0.14 - )
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6128 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30117 - Realtek Semiconductor Corp.)
Rosetta Stone Version 3 (x32 Version: 3.4.5.0 - Rosetta Stone Ltd.)
RtLED (Version: 1.0.2 - Realtek Semiconductor Corp.)
Shopop (x32 Version: 10.203.68.14274 - My Pop Shop Ltd.) <==== ATTENTION
Spotify (HKCU Version: 0.9.6.81.gd359a796 - Spotify AB)
SpywareBlaster 4.6 (x32 Version: 4.6.0 - Javacool Software LLC)
SUPERAntiSpyware (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
VeriFace (x32 Version: 3.6.1.0226 - Lenovo)
Virtual DJ Pro Full - Atomix Productions (x32 Version: - )
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.3 (x32 Version: 2.0.3 - VideoLAN)
VSO ConvertXToDVD (x32 Version: 5.0.0.31 - VSO-Software SARL)
Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001 - CACE Technologies)
YTD Video Downloader 3.9 (x32 Version: - GreenTree Applications SRL)

==================== Restore Points =========================

27-01-2014 09:00:14 Windows Update
28-01-2014 09:42:20 Windows Update
29-01-2014 09:41:26 Windows Update
30-01-2014 09:41:25 Windows Update
31-01-2014 19:42:21 Windows Update
01-02-2014 12:45:42 Windows Update
01-02-2014 22:07:42 Installed Rosetta Stone Version 3
02-02-2014 14:36:30 Windows Update
03-02-2014 13:24:35 Windows Update
04-02-2014 09:00:22 Windows Update
05-02-2014 10:47:09 Windows Update
06-02-2014 13:46:08 Windows Update

==================== Hosts content: ==========================

2009-07-13 20:34 - 2014-02-05 16:46 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {035ACB55-0DA5-4C14-801B-135269F5954F} - \Advanced System Protector No Task File
Task: {227E2CFE-FAF0-4D24-BA37-9F7E5B4318DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02] (Google Inc.)
Task: {2534252B-5B07-4C4B-9443-5B63F3DF5D6C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {270D02E3-F9D0-4F66-A144-F7F1186BA03C} - \RegClean Pro No Task File
Task: {291E0423-B249-46D3-A333-13742EC70C28} - System32\Tasks\{E3E2BE91-13D0-4651-9B98-CD47424E0C5C} => Firefox.exe http://ui.skype.com/...;LastError=1618
Task: {377C3C3E-DB1F-450A-A17A-48ACC4876A2E} - System32\Tasks\{70DA2957-F89B-4D22-AD67-FE0213EB0683} => Firefox.exe http://ui.skype.com/...;LastError=1618
Task: {4333F3CD-71E1-4FDD-A406-91491213BF30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6428FCCF-8881-4F46-BCE0-14FE464DAACB} - \Advanced System Protector_startup No Task File
Task: {7DEE0670-9607-43C7-A520-AFC55BF56F09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02] (Google Inc.)
Task: {8A99D13A-16E4-46A5-8EBE-F27CFA950FD7} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
Task: {982F0A44-9B19-4ACC-9DF0-1B90E7DAE24F} - System32\Tasks\SUPERAntiSpyware Scheduled Task 87e12a3c-de15-40b6-a694-38fb9f0dbc8a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {9CE45662-0CBB-40D6-BDCD-FBD3E565AF8C} - System32\Tasks\SUPERAntiSpyware Scheduled Task 43c95507-6eb6-4e1f-bdfe-ee76624bd54c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {F1428764-B87B-4BB1-9DD5-E0DBD082C1D2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 43c95507-6eb6-4e1f-bdfe-ee76624bd54c.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 87e12a3c-de15-40b6-a694-38fb9f0dbc8a.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-03-14 13:14 - 2011-03-14 13:14 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2013-12-19 22:20 - 2013-12-19 22:20 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-11 04:44 - 2013-12-11 04:44 - 16242056 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2014 09:58:14 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984

Error: (02/06/2014 09:58:14 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984

Error: (02/06/2014 09:58:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/06/2014 07:45:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 27668820

Error: (02/06/2014 07:45:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 27668820

Error: (02/06/2014 07:45:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/06/2014 00:04:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9453

Error: (02/06/2014 00:04:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9453

Error: (02/06/2014 00:04:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2014 11:04:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9594

System errors:
=============
Error: (02/06/2014 07:51:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.

Error: (02/05/2014 05:05:45 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/05/2014 04:02:36 PM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (02/05/2014 04:00:51 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/05/2014 04:00:40 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/05/2014 03:59:51 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/05/2014 03:56:16 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/05/2014 03:49:29 PM) (Source: Service Control Manager) (User: )
Description: The namehelp service terminated unexpectedly. It has done this 1 time(s).

Error: (02/05/2014 02:12:37 PM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (02/05/2014 02:00:33 PM) (Source: Service Control Manager) (User: )
Description: The EgisTec Service service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (02/06/2014 09:58:14 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984

Error: (02/06/2014 09:58:14 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984

Error: (02/06/2014 09:58:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/06/2014 07:45:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 27668820

Error: (02/06/2014 07:45:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 27668820

Error: (02/06/2014 07:45:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/06/2014 00:04:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9453

Error: (02/06/2014 00:04:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9453

Error: (02/06/2014 00:04:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2014 11:04:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9594

CodeIntegrity Errors:
===================================
Date: 2014-02-05 15:59:51.001
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-05 15:59:50.814
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-15 17:24:57.445
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-15 17:24:56.357
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-15 17:23:40.433
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-15 17:23:40.278
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-15 17:23:39.984
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-15 17:23:39.690
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 96%
Total physical RAM: 1844.51 MB
Available physical RAM: 55.82 MB
Total Pagefile: 3689.02 MB
Available Pagefile: 1089.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:167.94 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 4B00E580)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

==================== End Of Log ============================

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-JKHXW-D9W83-FJQKD
Windows Product Key Hash: AYaBykmfTHUVW5whGaYMeVJn0/U=
Windows Product ID: 00359-OEM-8992687-00249
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {BB1181CB-31AA-442A-B7BB-B195449899F0}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{BB1181CB-31AA-442A-B7BB-B195449899F0}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-FJQKD</PKey><PID>00359-OEM-8992687-00249</PID><PIDType>2</PIDType><SID>S-1-5-21-893635891-571939354-3906648824</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>433028U</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>39CN16WW       </Version><SMBIOSVersion major="2" minor="6"/><Date>20100729000000.000000+000</Date></BIOS><HWID>C3A73B07018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>CB-01   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, HomePremium edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800249-02-1033-7600.0000-0732011
Installation ID: 017794297995481081289801826934269666041345806230094216
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: FJQKD
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 2/6/2014 2:31:18 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: LAAAAAEAAQABAAEAAAABAAAAAgABAAEAJJSyk2yXmEEanawiek7we2oCXF0=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name   OEMID Value   OEMTableID Value
APIC           PTLTD            APIC
FACP           INTEL        CALPELLA
HPET           INTEL        CALPELLA
BOOT           PTLTD        $SBFTBL$
MCFG           INTEL        CALPELLA
SLIC           LENOVO       CB-01
SPCR           PTLTD        $UCRTBL$
ASF!              CETP            CETP
SSDT           PmRef       CpuPm

#22 Jo*

SuperMember

Malware Team
1,208 posts

Posted 06 February 2014 - 05:12 PM

Hi mercenary,

So I do this for every single program that has a crack right? Just to let you know, most of the cracks I downloaded never even worked (figures..) but I never really bothered to get them out of my system.

Yes, please uninstall them.

And uninstall µTorrent too.

Graduate of the WTT Classroom
Cheers,
Jo

#23 Jo*

SuperMember

Malware Team
1,208 posts

Posted 10 February 2014 - 05:00 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

Graduate of the WTT Classroom
Cheers,
Jo

Body Background

skin color theme