Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

win32/sever.exe file infected by MSIL/injector.PH trojan [Solved]


  • This topic is locked This topic is locked

#1
jones24

jones24

    Member

  • Member
  • PipPip
  • 25 posts
Firstly My anti virus software is ESET smart security 4 which has ESET AV, anti-malware and firewall all in 1.

The problem started when i downloaded a file online which is a crack file to play the pc game battlefield3. The name of the file is bif3.exe. When i unzipped it eset AV would be activated and tell me that the file was infected by the MSIL/injector.PH trojan virus. Against my better judgement i disabled the real time system file protection as AV wrongly detects these cracked files as viruses on a number of times. Anyway i executed the file and nothing happened. Anyway it took like 1 day before my AV started showing that my c:\windows\win32\sever.exe file was infected and it had quaratined the file, the problem is the warning message keeps on coming up and up and up again and again and again non stop. I am currently running a full system scan on my pc as i write this and a number of theats have been detected. I googled a bit on this virus and found out that it infects a number of files on the pc and it lists which files are infected but i have not taken to manually remove any of them as i am no expert and don't know if it will damage my pc instead hence i started a thread here. Here is my OTL log that i have obtained. Hope that it can be fixed quickly. Thanks to anyone that will help me.


OTL logfile created on: 25/1/2012 7:07:51 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = D:\idm downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

8.00 Gb Total Physical Memory | 5.20 Gb Available Physical Memory | 65.01% Memory free
8.00 Gb Paging File | 4.80 Gb Available in Paging File | 59.99% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 47.33 Gb Total Space | 18.86 Gb Free Space | 39.85% Space Free | Partition Type: NTFS
Drive D: | 64.45 Gb Total Space | 15.27 Gb Free Space | 23.69% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 72.56 Gb Free Space | 24.34% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 45.16 Gb Free Space | 19.39% Space Free | Partition Type: NTFS

Computer Name: VIRGILEVEGA-PC | User Name: Virgile Vega | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/25 18:54:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\idm downloads\OTL.exe
PRC - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/29 12:15:01 | 003,462,552 | ---- | M] (Tonec Inc.) -- D:\Extra program files x86\Internet Download Manager\IDMan.exe
PRC - [2011/12/27 16:55:10 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
PRC - [2011/12/27 16:55:10 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2011/12/21 15:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Extra program files x86\Mozilla Firefox\firefox.exe
PRC - [2011/11/09 17:55:26 | 001,014,784 | ---- | M] (IVT Corporation) -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2011/11/07 15:37:50 | 000,327,766 | ---- | M] (IVT Corporation) -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2011/11/07 15:34:14 | 000,147,563 | ---- | M] (IVT Corporation) -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2011/02/02 21:40:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- D:\Extra program files x86\Java\bin\javaw.exe
PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- D:\Extra program files x86\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010/05/25 22:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- D:\Extra program files x86\Internet Download Manager\IEMonitor.exe
PRC - [2010/05/05 16:56:06 | 000,251,392 | ---- | M] () -- D:\Extra program files x86\Razer\DeathAdder\razerhid.exe
PRC - [2010/04/27 14:41:26 | 000,218,112 | ---- | M] () -- D:\Extra program files x86\Razer\DeathAdder\razertra.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- D:\Extra program files x86\Razer\DeathAdder\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/27 16:55:10 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
MOD - [2011/12/21 15:24:51 | 002,124,760 | ---- | M] () -- D:\Extra program files x86\Mozilla Firefox\mozjs.dll
MOD - [2011/11/29 00:15:03 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/12 11:48:50 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
MOD - [2011/11/12 11:48:50 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyovpnc.pyd
MOD - [2011/11/12 11:48:48 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
MOD - [2011/11/12 11:48:48 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
MOD - [2011/11/12 11:48:32 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
MOD - [2011/11/12 11:48:10 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
MOD - [2011/11/07 15:34:16 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\BsMobileCSps.dll
MOD - [2011/08/19 00:44:10 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.dll
MOD - [2011/05/01 01:32:08 | 000,054,000 | ---- | M] () -- C:\Windows\SysWOW64\PrxerNsp.dll
MOD - [2011/03/28 11:04:52 | 000,237,568 | ---- | M] () -- D:\Extra program files x86\IVT Corporation\BlueSoleil\Mobile\BaseLib.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/27 09:12:56 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll
MOD - [2011/02/26 10:33:20 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32gui.pyd
MOD - [2011/02/26 10:33:14 | 000,096,768 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
MOD - [2011/02/26 10:32:28 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
MOD - [2011/02/26 10:31:48 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
MOD - [2010/08/24 17:48:54 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd
MOD - [2010/08/24 17:48:52 | 000,286,208 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
MOD - [2010/08/24 17:48:48 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
MOD - [2010/08/24 17:48:16 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
MOD - [2010/08/24 17:48:02 | 000,720,896 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
MOD - [2010/08/24 17:47:50 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
MOD - [2010/05/05 16:56:06 | 000,251,392 | ---- | M] () -- D:\Extra program files x86\Razer\DeathAdder\razerhid.exe
MOD - [2010/04/27 14:41:26 | 000,218,112 | ---- | M] () -- D:\Extra program files x86\Razer\DeathAdder\razertra.exe
MOD - [2010/03/31 21:59:20 | 000,122,880 | ---- | M] () -- D:\Extra program files x86\IVT Corporation\BlueSoleil\Mobile\s40pack.dll
MOD - [2003/05/01 17:23:28 | 000,041,472 | ---- | M] () -- D:\Extra program files x86\IVT Corporation\BlueSoleil\Mobile\CsCvt.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/03 11:21:42 | 000,235,520 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/27 16:55:10 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2011/12/09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/11/09 17:55:26 | 001,014,784 | ---- | M] (IVT Corporation) [Auto | Running] -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2011/11/07 15:39:42 | 000,199,680 | ---- | M] (IVT Corporation) [On_Demand | Running] -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2011/11/07 15:34:14 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Extra program files x86\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/08/12 14:18:40 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\Extra program files x86\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- D:\Extra program files x86\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2010/07/28 23:37:16 | 000,009,936 | ---- | M] () [On_Demand | Stopped] -- D:\Extra program files x86\Prio\prio_svc.exe -- (prio_svc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/19 12:11:50 | 000,828,936 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/09/28 09:27:56 | 000,057,096 | ---- | M] (Greatis Software, LLC) [Disabled | Stopped] -- C:\Program Files (x86)\BootRacer\BootRacerServ.exe -- (BootRacerServ)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/09/08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/03 12:08:44 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/01/03 10:26:02 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/12/16 01:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/10/18 01:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/08/19 01:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011/07/27 10:30:40 | 000,024,456 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2011/07/27 10:29:08 | 000,025,352 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcombus.sys -- (BTCOMBUS)
DRV:64bit: - [2011/07/27 10:28:58 | 000,029,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcomport.sys -- (BTCOM)
DRV:64bit: - [2011/07/27 10:28:28 | 000,042,888 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2011/07/06 23:14:42 | 000,145,008 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011/06/01 20:17:18 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)
DRV:64bit: - [2011/06/01 20:17:18 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliand)
DRV:64bit: - [2011/05/23 14:33:04 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV:64bit: - [2011/05/23 14:33:04 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV:64bit: - [2011/05/23 14:33:04 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV:64bit: - [2011/05/23 14:33:04 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV:64bit: - [2011/05/23 14:33:04 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/24 18:13:39 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/12/24 17:47:23 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010/12/24 17:47:23 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/12/18 09:40:30 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs64.sys -- (CbFs)
DRV:64bit: - [2010/12/15 19:03:09 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2010/12/15 00:10:37 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/18 22:19:46 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2010/07/29 13:31:26 | 000,171,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/07/29 13:31:26 | 000,168,544 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/07/29 13:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/07/29 13:31:26 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/07/29 13:31:26 | 000,033,632 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/07/15 08:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010/07/15 08:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010/04/27 22:01:44 | 000,062,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2010/04/19 17:04:44 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2010/04/06 18:33:10 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2010/04/06 18:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/21 21:50:00 | 000,007,552 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini)
DRV:64bit: - [2009/12/16 08:19:56 | 000,044,800 | ---- | M] (Advanced Card Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acr122.sys -- (ACR122U)
DRV:64bit: - [2009/10/21 17:16:54 | 000,243,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/10/12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/09/10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 14:02:20 | 000,036,872 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV:64bit: - [2009/06/17 14:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/10/28 20:22:32 | 000,340,480 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111x.sys -- (MRV6X64U) Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x)
DRV:64bit: - [2007/04/20 21:29:52 | 001,037,312 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/17 14:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/09/11 03:23:46 | 000,018,944 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrv64drv.sys -- (Mrvleap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetProfile = 528064716
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 528064658
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xin.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-GB.start3....en-GB:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.1rc1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.1.400
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:7.3.1
FF - prefs.js..network.proxy.backup.ftp: "212.117.166.26"
FF - prefs.js..network.proxy.backup.ftp_port: 18231
FF - prefs.js..network.proxy.backup.gopher: "212.117.166.26"
FF - prefs.js..network.proxy.backup.gopher_port: 18231
FF - prefs.js..network.proxy.backup.socks: "212.117.166.26"
FF - prefs.js..network.proxy.backup.socks_port: 18231
FF - prefs.js..network.proxy.backup.ssl: "212.117.166.26"
FF - prefs.js..network.proxy.backup.ssl_port: 18231
FF - prefs.js..network.proxy.ftp: "201.75.14.179"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "201.75.14.179"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "201.75.14.179"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "201.75.14.179"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "201.75.14.179"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Extra program files x86\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Extra program files x86\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\EXTRAP~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\EXTRAP~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: D:\Extra program files x86\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Extra program files x86\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: D:\EXTRA PROGRAM FILES X86\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2010/12/23 20:59:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: D:\Extra program files x86\Mozilla Firefox\components [2012/01/14 06:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: D:\Extra program files x86\Mozilla Firefox\plugins [2012/01/12 18:20:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: D:\Extra program files x86\ESET\ESET Smart Security\Mozilla Thunderbird [2010/12/23 20:59:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Virgile Vega\AppData\Roaming\IDM\idmmzcc5 [2012/01/12 13:52:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Virgile Vega\AppData\Roaming\IDM\idmmzcc5 [2012/01/12 13:52:33 | 000,000,000 | ---D | M]

[2010/12/14 01:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Extensions
[2012/01/25 06:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15.default\extensions
[2011/06/01 23:53:11 | 000,000,000 | ---D | M] (Save Images) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15.default\extensions\[email protected]
[2010/12/14 01:07:08 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15.default\extensions\[email protected]
[2010/12/14 01:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15_original.default\extensions
[2010/12/14 01:07:08 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15_original.default\extensions\[email protected]
[2010/12/14 01:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\yuks5tp7.default\extensions
[2012/01/12 13:52:33 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\VIRGILE VEGA\APPDATA\ROAMING\IDM\IDMMZCC5
() (No name found) -- C:\USERS\VIRGILE VEGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y4UQRM15.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\VIRGILE VEGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y4UQRM15.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\VIRGILE VEGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y4UQRM15.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\VIRGILE VEGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y4UQRM15.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\VIRGILE VEGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y4UQRM15.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012/01/22 22:16:55 | 000,001,001 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.94.0.1 client.openvpn.net
O1 - Hosts: 127.94.0.2 openvpn-client.ch-zur-001.privatetunnel.com
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Extra program files x86\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Extra program files x86\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Extra program files x86\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Extra program files x86\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Extra program files x86\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Extra program files x86\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Extra program files x86\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [egui] D:\Extra program files x86\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [DeathAdder] D:\extra program files x86\Razer\DeathAdder\razerhid.exe ()
O4 - HKCU..\Run: [HKCU] C:\Windows\win32\Server.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\AutorunsDisabled: BootRacer = "C:\Program Files (x86)\BootRacer\Bootrace.exe" /2 (Greatis Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all links with IDM - D:\Extra program files x86\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - D:\Extra program files x86\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download Link Using Mega Manager... - D:\Extra program files x86\Megaupload\Mega Manager\mm_file.htm ()
O8:64bit: - Extra context menu item: Download with IDM - D:\Extra program files x86\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Extra program files x86\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Download all links with IDM - D:\Extra program files x86\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - D:\Extra program files x86\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download Link Using Mega Manager... - D:\Extra program files x86\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Download with IDM - D:\Extra program files x86\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Extra program files x86\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Extra program files x86\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Extra program files x86\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Windows\SysNative\PrxerNsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\PrxerNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FAF6DB3-83FF-4096-A658-2ABADE14B791}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B3905AC-F1CF-4BB5-B563-7191BA703F62}: DhcpNameServer = 202.65.247.32 202.65.244.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8716954F-FEF6-4598-B8E7-8C49EA50CEF8}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A827C40-4BBF-4D2D-8745-9E945FCE953D}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F3F8F07-AD08-4CA0-8B41-BE52A27C02C5}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3359B08-92F2-495B-83A8-065409DEE320}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1D97B91-BC7F-4267-89CF-C1F2F4B6C836}: DhcpNameServer = 178.32.51.4 76.73.18.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBA57DD7-11FA-4FBE-AE0E-38D93A4A273A}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Extra program files x86\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (prio.dll) - D:\Extra program files x86\Prio\prio.dll (O&K Software)
O20 - AppInit_DLLs: (prio32.dll) -D:\Extra program files x86\Prio\prio32.dll (O&K Software)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Extra program files x86\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{07e0241e-3521-11e0-88af-96f27ead2401}\Shell - "" = AutoRun
O33 - MountPoints2\{07e0241e-3521-11e0-88af-96f27ead2401}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{3b6d8227-3b2a-11e0-8d22-9ef99ef2930f}\Shell - "" = AutoRun
O33 - MountPoints2\{3b6d8227-3b2a-11e0-8d22-9ef99ef2930f}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{3b6d8233-3b2a-11e0-8d22-9ef99ef2930f}\Shell - "" = AutoRun
O33 - MountPoints2\{3b6d8233-3b2a-11e0-8d22-9ef99ef2930f}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{3b6d824d-3b2a-11e0-8d22-9ef99ef2930f}\Shell - "" = AutoRun
O33 - MountPoints2\{3b6d824d-3b2a-11e0-8d22-9ef99ef2930f}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{8a32efdc-da2c-11e0-a565-d94d18212a1d}\Shell - "" = AutoRun
O33 - MountPoints2\{8a32efdc-da2c-11e0-a565-d94d18212a1d}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{8a32efea-da2c-11e0-a565-d94d18212a1d}\Shell - "" = AutoRun
O33 - MountPoints2\{8a32efea-da2c-11e0-a565-d94d18212a1d}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{8a32eff6-da2c-11e0-a565-d94d18212a1d}\Shell - "" = AutoRun
O33 - MountPoints2\{8a32eff6-da2c-11e0-a565-d94d18212a1d}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b6cfc132-3a97-11e0-9ace-cfb145682303}\Shell - "" = AutoRun
O33 - MountPoints2\{b6cfc132-3a97-11e0-9ace-cfb145682303}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b6cfc15a-3a97-11e0-9ace-cfb145682303}\Shell - "" = AutoRun
O33 - MountPoints2\{b6cfc15a-3a97-11e0-9ace-cfb145682303}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c575a3e4-3d08-11e0-bfed-f7402b499608}\Shell - "" = AutoRun
O33 - MountPoints2\{c575a3e4-3d08-11e0-bfed-f7402b499608}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c93004b1-18b8-11e0-b0f2-c83b10d36808}\Shell - "" = AutoRun
O33 - MountPoints2\{c93004b1-18b8-11e0-b0f2-c83b10d36808}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c93004c8-18b8-11e0-b0f2-c83b10d36808}\Shell - "" = AutoRun
O33 - MountPoints2\{c93004c8-18b8-11e0-b0f2-c83b10d36808}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{f029144b-755b-11e0-ae54-daf207748e64}\Shell - "" = AutoRun
O33 - MountPoints2\{f029144b-755b-11e0-ae54-daf207748e64}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/25 07:10:28 | 000,000,000 | RHSD | C] -- C:\Windows\win32
[2012/01/25 01:56:47 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Documents\Battlefield 3
[2012/01/25 01:37:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/01/24 18:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012/01/24 14:37:28 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Roaming\SuperNZB
[2012/01/24 14:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperNZB
[2012/01/24 14:06:10 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\Newshosting
[2012/01/24 14:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2012/01/24 14:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Newshosting
[2012/01/24 14:05:36 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Roaming\Newshosting
[2012/01/23 19:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/23 19:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/23 19:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/20 18:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN Technologies
[2012/01/18 20:07:53 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warriors of Elysia
[2012/01/18 18:11:41 | 000,000,000 | R--D | C] -- C:\Users\Virgile Vega\AppData\Roaming\Brother
[2012/01/15 19:05:10 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Documents\meditation
[2012/01/15 10:15:22 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Documents\princton resumes
[2012/01/15 08:53:54 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{518D2EF8-711C-40A0-B786-8FFF36FD7C87}
[2012/01/15 08:53:42 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{C5A249C4-79AD-4EA0-8B7A-60334AB2AA44}
[2012/01/15 07:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/01/15 07:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/01/15 07:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/01/14 19:05:43 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Documents\m6mockpapers
[2012/01/12 16:45:07 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Desktop\radio stations and links
[2012/01/11 01:41:39 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{609BDCA6-9A70-40E4-8D56-42E8CF43441D}
[2012/01/11 01:41:29 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{44F008F7-DCD7-445F-8C45-1E3050C933D4}
[2012/01/09 21:20:21 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{D92FC8A2-3C42-4DD7-B854-831F0F447C6D}
[2012/01/09 21:20:10 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{26F26394-1CA6-482F-B8EA-DD313D147212}
[2012/01/08 14:57:16 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{61E7E2AC-F443-41F3-9494-4E25F0037C17}
[2012/01/08 14:57:06 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{2B498803-28A2-43AF-AD00-971E32DDAF14}
[2012/01/08 00:01:27 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{1E501461-2309-4FBC-A9DA-145384FFE2FB}
[2012/01/08 00:01:16 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{A390FB80-206F-4AF5-BCE8-A8B7A5ACD0D1}
[2012/01/07 16:25:28 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Documents\Fat loss and strength training
[2012/01/05 14:25:53 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{443A589C-5235-49CA-99EB-49F59DC1A6D5}
[2012/01/05 14:25:43 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{D3A94471-EB95-4C23-B365-7358E9118359}
[2012/01/05 02:25:20 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{387DEF66-24E1-45F9-BF86-11797BFA9763}
[2012/01/05 02:25:11 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{A326674B-368F-49EF-978A-799D78160EE3}
[2012/01/03 11:22:18 | 000,494,080 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/01/03 11:21:42 | 000,235,520 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/01/03 11:20:30 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/01/03 11:19:52 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/01/03 10:31:14 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011/12/31 13:42:05 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Roaming\redsn0w
[2011/12/30 01:13:42 | 000,145,008 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2011/08/06 13:55:28 | 000,756,180 | ---- | C] (Tukero[X]Team) -- C:\Users\Virgile Vega\AppData\Roaming\TNod-1.4.0.15-setup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/25 16:02:40 | 013,802,875 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\1.gif
[2012/01/25 16:00:17 | 000,860,880 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\Eating_poop.gif
[2012/01/25 15:49:47 | 003,625,747 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\berneydidnotread.gif
[2012/01/25 15:25:39 | 015,340,667 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\478524.gif
[2012/01/25 15:16:55 | 000,000,538 | ---- | M] () -- C:\Users\Virgile Vega\openvpn-connect.json
[2012/01/25 07:41:27 | 000,001,063 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\bf3.exe - Shortcut.lnk
[2012/01/25 07:29:42 | 000,022,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 07:29:42 | 000,022,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 07:24:39 | 000,001,218 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2012/01/25 07:24:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/25 01:10:09 | 003,365,905 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\2nulq9g.jpg
[2012/01/25 00:44:16 | 005,893,565 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\michael-jordan-lol.gif
[2012/01/25 00:27:00 | 002,096,402 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\1314976029442.gif
[2012/01/24 23:30:23 | 000,426,478 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\beer_drob_gif.gif
[2012/01/24 22:19:48 | 000,591,052 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\tumblr_ly5t1kto2J1qgmb7wo1_400.gif
[2012/01/24 22:19:08 | 000,906,296 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\76Zr9.gif
[2012/01/24 22:18:50 | 000,507,355 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\Z0ZN2.gif
[2012/01/24 22:18:34 | 000,453,273 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\disgusting.gif
[2012/01/24 22:18:24 | 001,141,361 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\1287347561085.gif
[2012/01/24 14:37:05 | 000,000,660 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\SuperNZB.lnk
[2012/01/24 14:06:07 | 000,000,758 | ---- | M] () -- C:\Users\Public\Desktop\Newshosting.lnk
[2012/01/23 19:02:24 | 000,001,580 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/22 20:54:17 | 000,155,800 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\wedding.jpg
[2012/01/22 20:16:08 | 002,681,953 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\727498213029916073735090.gif
[2012/01/22 19:54:22 | 000,058,414 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\1bU9F.jpg
[2012/01/20 18:30:52 | 000,001,366 | ---- | M] () -- C:\Users\Public\Desktop\OpenVPN Connect.lnk
[2012/01/20 17:27:27 | 000,263,340 | ---- | M] () -- C:\Users\Virgile Vega\Documents\phone number given by darunee's fren_slower.mp3
[2012/01/20 17:21:36 | 000,189,152 | ---- | M] () -- C:\Users\Virgile Vega\Documents\phone number given by darunee's fren.mp3
[2012/01/15 12:39:38 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/01/14 06:51:12 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/08 07:36:28 | 001,001,503 | ---- | M] () -- C:\Users\Virgile Vega\Documents\Annc_OIS_20120103.pdf
[2012/01/08 07:36:20 | 000,127,145 | ---- | M] () -- C:\Users\Virgile Vega\Documents\eAnnc_LaunchAndAIP_20120103.pdf
[2012/01/03 11:27:42 | 000,219,912 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/01/03 11:27:42 | 000,219,912 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/01/03 11:22:18 | 000,494,080 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/01/03 11:21:42 | 000,235,520 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/01/03 11:20:30 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/01/03 11:19:52 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/01/03 10:42:18 | 002,095,328 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/01/03 10:42:18 | 000,204,960 | ---- | M] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/01/03 10:42:18 | 000,204,960 | ---- | M] () -- C:\Windows\SysNative\ativvsvl.dat
[2012/01/03 10:42:18 | 000,157,152 | ---- | M] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/03 10:42:18 | 000,157,152 | ---- | M] () -- C:\Windows\SysNative\ativvsva.dat
[2012/01/03 10:35:30 | 002,097,056 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/01/03 10:31:14 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011/12/31 15:27:31 | 000,040,023 | ---- | M] () -- C:\Users\Virgile Vega\AppData\Roaming\UserTile.png
[2011/12/28 19:14:49 | 000,343,059 | ---- | M] () -- C:\Users\Virgile Vega\Documents\Receipt for graduation fee.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/25 16:01:58 | 013,802,875 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\1.gif
[2012/01/25 16:00:17 | 000,860,880 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\Eating_poop.gif
[2012/01/25 15:49:46 | 003,625,747 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\berneydidnotread.gif
[2012/01/25 15:23:25 | 015,340,667 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\478524.gif
[2012/01/25 07:41:27 | 000,001,063 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\bf3.exe - Shortcut.lnk
[2012/01/25 01:10:09 | 003,365,905 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\2nulq9g.jpg
[2012/01/25 00:42:51 | 005,893,565 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\michael-jordan-lol.gif
[2012/01/25 00:26:59 | 002,096,402 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\1314976029442.gif
[2012/01/24 23:30:22 | 000,426,478 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\beer_drob_gif.gif
[2012/01/24 22:19:47 | 000,591,052 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\tumblr_ly5t1kto2J1qgmb7wo1_400.gif
[2012/01/24 22:19:08 | 000,906,296 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\76Zr9.gif
[2012/01/24 22:18:50 | 000,507,355 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\Z0ZN2.gif
[2012/01/24 22:18:34 | 000,453,273 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\disgusting.gif
[2012/01/24 22:18:20 | 001,141,361 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\1287347561085.gif
[2012/01/24 14:37:05 | 000,000,660 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\SuperNZB.lnk
[2012/01/24 14:06:07 | 000,000,758 | ---- | C] () -- C:\Users\Public\Desktop\Newshosting.lnk
[2012/01/23 19:02:24 | 000,001,580 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/22 20:54:17 | 000,155,800 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\wedding.jpg
[2012/01/22 20:16:08 | 002,681,953 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\727498213029916073735090.gif
[2012/01/22 19:54:22 | 000,058,414 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\1bU9F.jpg
[2012/01/20 18:30:52 | 000,001,366 | ---- | C] () -- C:\Users\Public\Desktop\OpenVPN Connect.lnk
[2012/01/20 17:27:26 | 000,263,340 | ---- | C] () -- C:\Users\Virgile Vega\Documents\phone number given by darunee's fren_slower.mp3
[2012/01/20 17:21:35 | 000,189,152 | ---- | C] () -- C:\Users\Virgile Vega\Documents\phone number given by darunee's fren.mp3
[2012/01/14 16:39:32 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Connect.lnk
[2012/01/08 07:36:27 | 001,001,503 | ---- | C] () -- C:\Users\Virgile Vega\Documents\Annc_OIS_20120103.pdf
[2012/01/08 07:36:20 | 000,127,145 | ---- | C] () -- C:\Users\Virgile Vega\Documents\eAnnc_LaunchAndAIP_20120103.pdf
[2012/01/03 11:27:42 | 000,219,912 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/01/03 11:27:42 | 000,219,912 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/01/03 10:42:18 | 002,095,328 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/01/03 10:42:18 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/01/03 10:42:18 | 000,204,960 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
[2012/01/03 10:42:18 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/03 10:42:18 | 000,157,152 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
[2012/01/03 10:35:30 | 002,097,056 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2011/12/31 15:27:31 | 000,040,023 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Roaming\UserTile.png
[2011/12/28 19:14:47 | 000,343,059 | ---- | C] () -- C:\Users\Virgile Vega\Documents\Receipt for graduation fee.pdf
[2011/12/08 02:05:11 | 000,156,160 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2011/11/29 02:56:52 | 000,054,000 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll
[2011/11/17 10:04:24 | 000,002,384 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2011/11/17 10:03:44 | 000,000,273 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2011/11/17 10:03:23 | 000,006,497 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2011/11/17 10:02:53 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2011/11/17 10:00:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/09 17:55:30 | 000,001,218 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2011/11/07 15:34:16 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2011/09/13 07:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/28 19:51:57 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/08/28 19:51:57 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/08/06 13:57:10 | 000,000,000 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Roaming\chrtmp
[2011/06/19 23:41:36 | 000,000,600 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Roaming\winscp.rnd
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/18 12:38:19 | 002,336,384 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/03/18 12:38:19 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/03/18 12:38:19 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/03/18 12:38:19 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/03/18 12:38:18 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/03/09 07:54:05 | 000,000,036 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Local\housecall.guid.cache
[2010/12/27 18:45:41 | 000,169,392 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/12/17 15:22:40 | 000,000,201 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Roaming\prio.ini
[2010/12/14 21:21:06 | 000,000,079 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Local\CrystalDiskMark30.ini
[2010/12/14 21:01:53 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2010/12/14 17:56:51 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/14 17:56:51 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/12/14 17:56:51 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/12/14 17:56:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/12/14 17:50:28 | 000,007,609 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Local\resmon.resmoncfg
[2010/12/14 15:13:13 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/12/14 13:48:16 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/12/14 04:12:26 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/12/14 01:18:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/14 01:02:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/22 10:04:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini

========== LOP Check ==========

[2010/12/24 17:42:40 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Acronis
[2012/01/04 14:43:52 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Camfrog
[2011/11/10 19:48:22 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\DAEMON Tools Lite
[2010/12/15 00:02:21 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\DAEMON Tools Pro
[2011/06/19 21:24:18 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Day 1 Studios
[2011/06/05 23:11:24 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\DeadMage
[2012/01/25 18:40:15 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\DMCache
[2011/06/12 05:11:20 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Dropbox
[2010/12/23 20:59:25 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\ESET
[2011/05/02 03:05:20 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\FreeArc
[2011/07/06 12:06:35 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\go
[2011/01/03 22:01:39 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\HD Tune Pro
[2012/01/24 00:25:52 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\IDM
[2010/12/16 02:09:07 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\ImgBurn
[2011/05/27 09:52:03 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\IrfanView
[2011/06/19 23:52:14 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Megaupload
[2012/01/24 14:05:36 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Newshosting
[2011/11/29 02:57:34 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Proxifier
[2010/12/13 22:50:25 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Razer
[2011/12/31 13:49:00 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\redsn0w
[2011/07/19 04:16:00 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Replay Media Catcher 4
[2011/07/19 04:12:45 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Replay Media Catcher 4.bak
[2012/01/24 14:39:05 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\SuperNZB
[2010/12/14 21:54:45 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Thinstall
[2012/01/24 12:02:55 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\uTorrent
[2011/02/24 20:33:07 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\WindSolutions
[2011/07/14 22:31:10 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\WinPatrol
[2011/12/08 02:05:45 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Wondershare Video Converter Ultimate
[2011/11/09 04:47:26 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\ZumoCast
[2012/01/13 11:13:28 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\ZumoDrive
[2012/01/04 07:00:49 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Users\Virgile Vega\Documents\dead space2 +13 v1.0 by DEViATED:ntfslink.junction-tracking
@Alternate Data Stream - 64 bytes -> C:\Users\Virgile Vega\Documents\redsn0w_win_0.9.6b4:ntfslink.junction-tracking
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4FC01C57

< End of report >
  • 0

Advertisements


#2
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi jones24,

Can you please run a scan with OTL again and post the new report for my review.


WARNING: cracking tools/keygens/warez/pirated software
The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is also a serious security risk:

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

REFERENCE: Trend Micro - CRCK_KEYGEN.BB

[..] warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files [..] quick links in these sites also lead to malicious files. Ads and banners are also infection vectors [..]

REFERENCE: Crack Sites Distribute VIRUX and FakeAV | Malware Blog | Trend MicroWhen you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the Operating System.
  • 0

#3
jones24

jones24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
hi sempai here's the new OTL report:









OTL logfile created on: 1/2/2012 4:35:35 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = D:\idm downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

8.00 Gb Total Physical Memory | 5.93 Gb Available Physical Memory | 74.16% Memory free
8.00 Gb Paging File | 5.70 Gb Available in Paging File | 71.27% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 47.33 Gb Total Space | 18.41 Gb Free Space | 38.90% Space Free | Partition Type: NTFS
Drive D: | 64.45 Gb Total Space | 40.56 Gb Free Space | 62.93% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 81.27 Gb Free Space | 27.26% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 45.20 Gb Free Space | 19.41% Space Free | Partition Type: NTFS

Computer Name: VIRGILEVEGA-PC | User Name: Virgile Vega | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/25 18:54:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\idm downloads\OTL.exe
PRC - [2011/12/29 12:15:01 | 003,462,552 | ---- | M] (Tonec Inc.) -- D:\Extra program files x86\Internet Download Manager\IDMan.exe
PRC - [2011/12/27 16:55:10 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2011/12/21 15:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Extra program files x86\Mozilla Firefox\firefox.exe
PRC - [2011/11/09 17:55:26 | 001,014,784 | ---- | M] (IVT Corporation) -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2011/11/07 15:37:50 | 000,327,766 | ---- | M] (IVT Corporation) -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2011/11/07 15:34:14 | 000,147,563 | ---- | M] (IVT Corporation) -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- D:\Extra program files x86\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010/05/25 22:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- D:\Extra program files x86\Internet Download Manager\IEMonitor.exe
PRC - [2010/05/05 16:56:06 | 000,251,392 | ---- | M] () -- D:\Extra program files x86\Razer\DeathAdder\razerhid.exe
PRC - [2010/04/27 14:41:26 | 000,218,112 | ---- | M] () -- D:\Extra program files x86\Razer\DeathAdder\razertra.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- D:\Extra program files x86\Razer\DeathAdder\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/21 15:24:51 | 002,124,760 | ---- | M] () -- D:\Extra program files x86\Mozilla Firefox\mozjs.dll
MOD - [2011/11/29 00:15:03 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/07 15:34:16 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\BsMobileCSps.dll
MOD - [2011/05/01 01:32:08 | 000,054,000 | ---- | M] () -- C:\Windows\SysWOW64\PrxerNsp.dll
MOD - [2011/03/28 11:04:52 | 000,237,568 | ---- | M] () -- D:\Extra program files x86\IVT Corporation\BlueSoleil\Mobile\BaseLib.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/05/05 16:56:06 | 000,251,392 | ---- | M] () -- D:\Extra program files x86\Razer\DeathAdder\razerhid.exe
MOD - [2010/04/27 14:41:26 | 000,218,112 | ---- | M] () -- D:\Extra program files x86\Razer\DeathAdder\razertra.exe
MOD - [2010/03/31 21:59:20 | 000,122,880 | ---- | M] () -- D:\Extra program files x86\IVT Corporation\BlueSoleil\Mobile\s40pack.dll
MOD - [2003/05/01 17:23:28 | 000,041,472 | ---- | M] () -- D:\Extra program files x86\IVT Corporation\BlueSoleil\Mobile\CsCvt.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/21 11:11:26 | 000,235,520 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/27 16:55:10 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2011/12/09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/11/09 17:55:26 | 001,014,784 | ---- | M] (IVT Corporation) [Auto | Running] -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2011/11/07 15:39:42 | 000,199,680 | ---- | M] (IVT Corporation) [On_Demand | Running] -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2011/11/07 15:34:14 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- D:\Extra program files x86\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Extra program files x86\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/08/12 14:18:40 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\Extra program files x86\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- D:\Extra program files x86\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2010/07/28 23:37:16 | 000,009,936 | ---- | M] () [On_Demand | Stopped] -- D:\Extra program files x86\Prio\prio_svc.exe -- (prio_svc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/19 12:11:50 | 000,828,936 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/09/28 09:27:56 | 000,057,096 | ---- | M] (Greatis Software, LLC) [Disabled | Stopped] -- C:\Program Files (x86)\BootRacer\BootRacerServ.exe -- (BootRacerServ)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/09/08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/21 11:48:08 | 010,818,048 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/01/21 10:11:36 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/12/16 01:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/12/06 03:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/08/19 01:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011/07/27 10:30:40 | 000,024,456 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2011/07/27 10:29:08 | 000,025,352 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcombus.sys -- (BTCOMBUS)
DRV:64bit: - [2011/07/27 10:28:58 | 000,029,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcomport.sys -- (BTCOM)
DRV:64bit: - [2011/07/27 10:28:28 | 000,042,888 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2011/07/06 23:14:42 | 000,145,008 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011/06/01 20:17:18 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)
DRV:64bit: - [2011/06/01 20:17:18 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliand)
DRV:64bit: - [2011/05/23 14:33:04 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV:64bit: - [2011/05/23 14:33:04 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV:64bit: - [2011/05/23 14:33:04 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV:64bit: - [2011/05/23 14:33:04 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV:64bit: - [2011/05/23 14:33:04 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/24 18:13:39 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/12/24 17:47:23 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010/12/24 17:47:23 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/12/18 09:40:30 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs64.sys -- (CbFs)
DRV:64bit: - [2010/12/15 19:03:09 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2010/12/15 00:10:37 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/18 22:19:46 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2010/07/29 13:31:26 | 000,171,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/07/29 13:31:26 | 000,168,544 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/07/29 13:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/07/29 13:31:26 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/07/29 13:31:26 | 000,033,632 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/07/15 08:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010/07/15 08:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010/04/27 22:01:44 | 000,062,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2010/04/19 17:04:44 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2010/04/06 18:33:10 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2010/04/06 18:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/21 21:50:00 | 000,007,552 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini)
DRV:64bit: - [2009/12/16 08:19:56 | 000,044,800 | ---- | M] (Advanced Card Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acr122.sys -- (ACR122U)
DRV:64bit: - [2009/10/21 17:16:54 | 000,243,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/10/12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/09/10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 14:02:20 | 000,036,872 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV:64bit: - [2009/06/17 14:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/10/28 20:22:32 | 000,340,480 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111x.sys -- (MRV6X64U) Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x)
DRV:64bit: - [2007/04/20 21:29:52 | 001,037,312 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2012/02/01 03:15:25 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Extra program files x86\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/08/31 11:04:20 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Extra program files x86\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/17 14:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/09/11 03:23:46 | 000,018,944 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrv64drv.sys -- (Mrvleap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetProfile = 528064716
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 528064658
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xin.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-GB.start3....en-GB:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.1rc1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.1.400
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:7.3.1
FF - prefs.js..network.proxy.backup.ftp: "212.117.166.26"
FF - prefs.js..network.proxy.backup.ftp_port: 18231
FF - prefs.js..network.proxy.backup.gopher: "212.117.166.26"
FF - prefs.js..network.proxy.backup.gopher_port: 18231
FF - prefs.js..network.proxy.backup.socks: "212.117.166.26"
FF - prefs.js..network.proxy.backup.socks_port: 18231
FF - prefs.js..network.proxy.backup.ssl: "212.117.166.26"
FF - prefs.js..network.proxy.backup.ssl_port: 18231
FF - prefs.js..network.proxy.ftp: "201.75.14.179"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "201.75.14.179"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "201.75.14.179"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "201.75.14.179"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "201.75.14.179"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Extra program files x86\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Extra program files x86\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\EXTRAP~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\EXTRAP~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: D:\Extra program files x86\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Extra program files x86\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: D:\EXTRA PROGRAM FILES X86\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2010/12/23 20:59:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: D:\Extra program files x86\Mozilla Firefox\components [2012/01/14 06:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: D:\Extra program files x86\Mozilla Firefox\plugins [2012/01/12 18:20:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: D:\Extra program files x86\ESET\ESET Smart Security\Mozilla Thunderbird [2010/12/23 20:59:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Virgile Vega\AppData\Roaming\IDM\idmmzcc5 [2012/01/12 13:52:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Virgile Vega\AppData\Roaming\IDM\idmmzcc5 [2012/01/12 13:52:33 | 000,000,000 | ---D | M]

[2010/12/14 01:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Extensions
[2012/01/28 16:31:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15.default\extensions
[2011/06/01 23:53:11 | 000,000,000 | ---D | M] (Save Images) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15.default\extensions\[email protected]
[2010/12/14 01:07:08 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15.default\extensions\[email protected]
[2010/12/14 01:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15_original.default\extensions
[2010/12/14 01:07:08 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\y4uqrm15_original.default\extensions\[email protected]
[2010/12/14 01:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Virgile Vega\AppData\Roaming\Mozilla\Firefox\Profiles\yuks5tp7.default\extensions
[2012/01/12 13:52:33 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\VIRGILE VEGA\APPDATA\ROAMING\IDM\IDMMZCC5
() (No name found) -- C:\USERS\VIRGILE VEGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y4UQRM15.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\VIRGILE VEGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y4UQRM15.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\VIRGILE VEGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y4UQRM15.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\VIRGILE VEGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y4UQRM15.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI

O1 HOSTS File: ([2012/01/26 17:28:42 | 000,000,994 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.94.0.1 client.openvpn.net
O1 - Hosts: 127.94.0.3 openvpn-client.us.shieldexchange.com
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Extra program files x86\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Extra program files x86\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Extra program files x86\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Extra program files x86\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Extra program files x86\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Extra program files x86\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Extra program files x86\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [egui] D:\Extra program files x86\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [DeathAdder] D:\extra program files x86\Razer\DeathAdder\razerhid.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\AutorunsDisabled: BootRacer = "C:\Program Files (x86)\BootRacer\Bootrace.exe" /2 (Greatis Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all links with IDM - D:\Extra program files x86\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - D:\Extra program files x86\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download Link Using Mega Manager... - D:\Extra program files x86\Megaupload\Mega Manager\mm_file.htm ()
O8:64bit: - Extra context menu item: Download with IDM - D:\Extra program files x86\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Extra program files x86\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Download all links with IDM - D:\Extra program files x86\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - D:\Extra program files x86\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download Link Using Mega Manager... - D:\Extra program files x86\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Download with IDM - D:\Extra program files x86\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Extra program files x86\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Extra program files x86\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Extra program files x86\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Windows\SysNative\PrxerNsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\PrxerNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FAF6DB3-83FF-4096-A658-2ABADE14B791}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B3905AC-F1CF-4BB5-B563-7191BA703F62}: DhcpNameServer = 202.65.247.32 202.65.244.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8716954F-FEF6-4598-B8E7-8C49EA50CEF8}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A827C40-4BBF-4D2D-8745-9E945FCE953D}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F3F8F07-AD08-4CA0-8B41-BE52A27C02C5}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3359B08-92F2-495B-83A8-065409DEE320}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1D97B91-BC7F-4267-89CF-C1F2F4B6C836}: DhcpNameServer = 178.32.51.4 76.73.18.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBA57DD7-11FA-4FBE-AE0E-38D93A4A273A}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Extra program files x86\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (prio.dll) - D:\Extra program files x86\Prio\prio.dll (O&K Software)
O20 - AppInit_DLLs: (prio32.dll) -D:\Extra program files x86\Prio\prio32.dll (O&K Software)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Extra program files x86\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{07e0241e-3521-11e0-88af-96f27ead2401}\Shell - "" = AutoRun
O33 - MountPoints2\{07e0241e-3521-11e0-88af-96f27ead2401}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{3b6d8227-3b2a-11e0-8d22-9ef99ef2930f}\Shell - "" = AutoRun
O33 - MountPoints2\{3b6d8227-3b2a-11e0-8d22-9ef99ef2930f}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{3b6d8233-3b2a-11e0-8d22-9ef99ef2930f}\Shell - "" = AutoRun
O33 - MountPoints2\{3b6d8233-3b2a-11e0-8d22-9ef99ef2930f}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{3b6d824d-3b2a-11e0-8d22-9ef99ef2930f}\Shell - "" = AutoRun
O33 - MountPoints2\{3b6d824d-3b2a-11e0-8d22-9ef99ef2930f}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{8a32efdc-da2c-11e0-a565-d94d18212a1d}\Shell - "" = AutoRun
O33 - MountPoints2\{8a32efdc-da2c-11e0-a565-d94d18212a1d}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{8a32efea-da2c-11e0-a565-d94d18212a1d}\Shell - "" = AutoRun
O33 - MountPoints2\{8a32efea-da2c-11e0-a565-d94d18212a1d}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{8a32eff6-da2c-11e0-a565-d94d18212a1d}\Shell - "" = AutoRun
O33 - MountPoints2\{8a32eff6-da2c-11e0-a565-d94d18212a1d}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b6cfc132-3a97-11e0-9ace-cfb145682303}\Shell - "" = AutoRun
O33 - MountPoints2\{b6cfc132-3a97-11e0-9ace-cfb145682303}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b6cfc15a-3a97-11e0-9ace-cfb145682303}\Shell - "" = AutoRun
O33 - MountPoints2\{b6cfc15a-3a97-11e0-9ace-cfb145682303}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c575a3e4-3d08-11e0-bfed-f7402b499608}\Shell - "" = AutoRun
O33 - MountPoints2\{c575a3e4-3d08-11e0-bfed-f7402b499608}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c93004b1-18b8-11e0-b0f2-c83b10d36808}\Shell - "" = AutoRun
O33 - MountPoints2\{c93004b1-18b8-11e0-b0f2-c83b10d36808}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c93004c8-18b8-11e0-b0f2-c83b10d36808}\Shell - "" = AutoRun
O33 - MountPoints2\{c93004c8-18b8-11e0-b0f2-c83b10d36808}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{f029144b-755b-11e0-ae54-daf207748e64}\Shell - "" = AutoRun
O33 - MountPoints2\{f029144b-755b-11e0-ae54-daf207748e64}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/01 16:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder
[2012/02/01 14:11:50 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Desktop\BF# saves
[2012/02/01 03:15:13 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2012/01/30 13:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/01/30 13:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/01/30 13:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/01/26 19:36:36 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Roaming\X-NetStat
[2012/01/26 19:36:33 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X-NetStat Professional
[2012/01/26 15:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-NetStat Professional
[2012/01/26 03:32:30 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Desktop\pc info gathered by kaspersky virsu removal tool
[2012/01/26 03:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/25 07:10:28 | 000,000,000 | RHSD | C] -- C:\Windows\win32
[2012/01/25 01:56:47 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Documents\Battlefield 3
[2012/01/25 01:37:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/01/24 18:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012/01/24 14:37:28 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Roaming\SuperNZB
[2012/01/24 14:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperNZB
[2012/01/24 14:06:10 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\Newshosting
[2012/01/24 14:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2012/01/24 14:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Newshosting
[2012/01/24 14:05:36 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Roaming\Newshosting
[2012/01/23 19:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/23 19:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/23 19:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/21 11:12:04 | 000,494,592 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/01/21 11:11:26 | 000,235,520 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/01/21 11:10:08 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/01/21 11:09:24 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/01/21 10:17:26 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2012/01/20 18:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN Technologies
[2012/01/18 20:07:53 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warriors of Elysia
[2012/01/18 18:11:41 | 000,000,000 | R--D | C] -- C:\Users\Virgile Vega\AppData\Roaming\Brother
[2012/01/15 19:05:10 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Documents\meditation
[2012/01/15 10:15:22 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Documents\princton resumes
[2012/01/15 08:53:54 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{518D2EF8-711C-40A0-B786-8FFF36FD7C87}
[2012/01/15 08:53:42 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{C5A249C4-79AD-4EA0-8B7A-60334AB2AA44}
[2012/01/14 19:05:43 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Documents\m6mockpapers
[2012/01/12 16:45:07 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Desktop\radio stations and links
[2012/01/11 01:41:39 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{609BDCA6-9A70-40E4-8D56-42E8CF43441D}
[2012/01/11 01:41:29 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{44F008F7-DCD7-445F-8C45-1E3050C933D4}
[2012/01/09 21:20:21 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{D92FC8A2-3C42-4DD7-B854-831F0F447C6D}
[2012/01/09 21:20:10 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{26F26394-1CA6-482F-B8EA-DD313D147212}
[2012/01/08 14:57:16 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{61E7E2AC-F443-41F3-9494-4E25F0037C17}
[2012/01/08 14:57:06 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{2B498803-28A2-43AF-AD00-971E32DDAF14}
[2012/01/08 00:01:27 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{1E501461-2309-4FBC-A9DA-145384FFE2FB}
[2012/01/08 00:01:16 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{A390FB80-206F-4AF5-BCE8-A8B7A5ACD0D1}
[2012/01/07 16:25:28 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\Documents\Fat loss and strength training
[2012/01/05 14:25:53 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{443A589C-5235-49CA-99EB-49F59DC1A6D5}
[2012/01/05 14:25:43 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{D3A94471-EB95-4C23-B365-7358E9118359}
[2012/01/05 02:25:20 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{387DEF66-24E1-45F9-BF86-11797BFA9763}
[2012/01/05 02:25:11 | 000,000,000 | ---D | C] -- C:\Users\Virgile Vega\AppData\Local\{A326674B-368F-49EF-978A-799D78160EE3}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/01 16:26:03 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\Update NOD32 license.lnk
[2012/02/01 15:39:03 | 000,000,531 | ---- | M] () -- C:\Users\Virgile Vega\openvpn-connect.json
[2012/02/01 15:20:23 | 000,022,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 15:20:23 | 000,022,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 15:15:20 | 000,001,218 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2012/02/01 15:15:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/01 14:59:25 | 000,001,005 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\bf3 - Shortcut.lnk
[2012/01/31 23:34:58 | 000,000,273 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2012/01/31 23:34:26 | 000,006,497 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2012/01/31 23:34:26 | 000,000,106 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2012/01/31 22:01:47 | 000,195,526 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\9rUEb.jpg
[2012/01/31 21:54:38 | 004,204,288 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\129157564634293928.gif
[2012/01/31 21:46:04 | 000,014,589 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\I have no tits.jpg
[2012/01/31 19:13:22 | 000,778,472 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\ffq64.gif
[2012/01/31 06:41:47 | 003,940,067 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\2dgtijm.gif
[2012/01/30 17:08:17 | 000,038,213 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\CLx1U.jpg
[2012/01/30 16:55:54 | 000,085,681 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\bE5Ot.jpg
[2012/01/30 16:55:48 | 000,100,947 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\YiXuT.jpg
[2012/01/28 03:09:44 | 000,082,555 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\34047-ddd412-465-620-1.jpg
[2012/01/26 19:36:33 | 000,000,786 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\X-NetStat Professional.lnk
[2012/01/24 23:22:29 | 000,038,318 | ---- | M] () -- C:\Users\Virgile Vega\Documents\ext_of_last_bus_on_lny_eve_220112.pdf
[2012/01/24 23:21:14 | 000,023,174 | ---- | M] () -- C:\Users\Virgile Vega\Documents\new_stops_svc_133_133M_140112.pdf
[2012/01/24 23:19:12 | 000,237,555 | ---- | M] () -- C:\Users\Virgile Vega\Documents\201212017273694542.pdf
[2012/01/24 23:18:10 | 000,176,774 | ---- | M] () -- C:\Users\Virgile Vega\Documents\Nightrider_Svc_Info_Jan2012.pdf
[2012/01/24 14:37:05 | 000,000,660 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\SuperNZB.lnk
[2012/01/24 14:06:07 | 000,000,758 | ---- | M] () -- C:\Users\Public\Desktop\Newshosting.lnk
[2012/01/23 19:02:24 | 000,001,580 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/22 20:54:17 | 000,155,800 | ---- | M] () -- C:\Users\Virgile Vega\Desktop\wedding.jpg
[2012/01/21 11:17:58 | 000,226,448 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/01/21 11:17:58 | 000,226,448 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/01/21 11:12:04 | 000,494,592 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/01/21 11:11:26 | 000,235,520 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/01/21 11:10:08 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/01/21 11:09:24 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/01/21 10:36:52 | 002,383,904 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/01/21 10:36:52 | 000,204,960 | ---- | M] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/01/21 10:36:52 | 000,204,960 | ---- | M] () -- C:\Windows\SysNative\ativvsvl.dat
[2012/01/21 10:36:52 | 000,157,152 | ---- | M] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/21 10:36:52 | 000,157,152 | ---- | M] () -- C:\Windows\SysNative\ativvsva.dat
[2012/01/21 10:28:50 | 002,385,632 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/01/21 10:17:26 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2012/01/20 18:30:52 | 000,001,366 | ---- | M] () -- C:\Users\Public\Desktop\OpenVPN Connect.lnk
[2012/01/20 17:27:27 | 000,263,340 | ---- | M] () -- C:\Users\Virgile Vega\Documents\phone number given by darunee's fren_slower.mp3
[2012/01/20 17:21:36 | 000,189,152 | ---- | M] () -- C:\Users\Virgile Vega\Documents\phone number given by darunee's fren.mp3
[2012/01/15 12:39:38 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/01/14 06:51:12 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/08 07:36:28 | 001,001,503 | ---- | M] () -- C:\Users\Virgile Vega\Documents\Annc_OIS_20120103.pdf
[2012/01/08 07:36:20 | 000,127,145 | ---- | M] () -- C:\Users\Virgile Vega\Documents\eAnnc_LaunchAndAIP_20120103.pdf
[2012/01/06 10:16:02 | 000,037,141 | ---- | M] () -- C:\Windows\atiogl.xml
[2012/01/05 05:28:28 | 000,600,880 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/01 16:26:03 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\Update NOD32 license.lnk
[2012/02/01 14:59:25 | 000,001,005 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\bf3 - Shortcut.lnk
[2012/01/31 22:01:47 | 000,195,526 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\9rUEb.jpg
[2012/01/31 21:54:38 | 004,204,288 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\129157564634293928.gif
[2012/01/31 21:45:58 | 000,014,589 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\I have no tits.jpg
[2012/01/31 19:13:21 | 000,778,472 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\ffq64.gif
[2012/01/31 06:41:46 | 003,940,067 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\2dgtijm.gif
[2012/01/30 17:08:16 | 000,038,213 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\CLx1U.jpg
[2012/01/30 16:55:54 | 000,085,681 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\bE5Ot.jpg
[2012/01/30 16:55:48 | 000,100,947 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\YiXuT.jpg
[2012/01/28 03:09:43 | 000,082,555 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\34047-ddd412-465-620-1.jpg
[2012/01/26 19:36:33 | 000,000,786 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\X-NetStat Professional.lnk
[2012/01/24 23:22:28 | 000,038,318 | ---- | C] () -- C:\Users\Virgile Vega\Documents\ext_of_last_bus_on_lny_eve_220112.pdf
[2012/01/24 23:21:14 | 000,023,174 | ---- | C] () -- C:\Users\Virgile Vega\Documents\new_stops_svc_133_133M_140112.pdf
[2012/01/24 23:19:10 | 000,237,555 | ---- | C] () -- C:\Users\Virgile Vega\Documents\201212017273694542.pdf
[2012/01/24 23:18:09 | 000,176,774 | ---- | C] () -- C:\Users\Virgile Vega\Documents\Nightrider_Svc_Info_Jan2012.pdf
[2012/01/24 14:37:05 | 000,000,660 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\SuperNZB.lnk
[2012/01/24 14:06:07 | 000,000,758 | ---- | C] () -- C:\Users\Public\Desktop\Newshosting.lnk
[2012/01/23 19:02:24 | 000,001,580 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/22 20:54:17 | 000,155,800 | ---- | C] () -- C:\Users\Virgile Vega\Desktop\wedding.jpg
[2012/01/21 11:17:58 | 000,226,448 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/01/21 11:17:58 | 000,226,448 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/01/21 10:36:52 | 002,383,904 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/01/21 10:36:52 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/01/21 10:36:52 | 000,204,960 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
[2012/01/21 10:36:52 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/21 10:36:52 | 000,157,152 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
[2012/01/21 10:28:50 | 002,385,632 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/01/20 18:30:52 | 000,001,366 | ---- | C] () -- C:\Users\Public\Desktop\OpenVPN Connect.lnk
[2012/01/20 17:27:26 | 000,263,340 | ---- | C] () -- C:\Users\Virgile Vega\Documents\phone number given by darunee's fren_slower.mp3
[2012/01/20 17:21:35 | 000,189,152 | ---- | C] () -- C:\Users\Virgile Vega\Documents\phone number given by darunee's fren.mp3
[2012/01/14 16:39:32 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Connect.lnk
[2012/01/08 07:36:27 | 001,001,503 | ---- | C] () -- C:\Users\Virgile Vega\Documents\Annc_OIS_20120103.pdf
[2012/01/08 07:36:20 | 000,127,145 | ---- | C] () -- C:\Users\Virgile Vega\Documents\eAnnc_LaunchAndAIP_20120103.pdf
[2012/01/06 10:16:02 | 000,037,141 | ---- | C] () -- C:\Windows\atiogl.xml
[2012/01/05 05:28:28 | 000,600,880 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2011/12/31 15:27:31 | 000,040,023 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Roaming\UserTile.png
[2011/12/08 02:05:11 | 000,156,160 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2011/11/29 02:56:52 | 000,054,000 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll
[2011/11/17 10:04:24 | 000,002,384 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2011/11/17 10:03:44 | 000,000,273 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2011/11/17 10:03:23 | 000,006,497 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2011/11/17 10:02:53 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2011/11/17 10:00:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/09 17:55:30 | 000,001,218 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2011/11/07 15:34:16 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2011/09/13 07:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/28 19:51:57 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/08/28 19:51:57 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/08/06 13:57:10 | 000,000,000 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Roaming\chrtmp
[2011/06/19 23:41:36 | 000,000,600 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Roaming\winscp.rnd
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/18 12:38:19 | 002,336,384 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/03/18 12:38:19 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/03/18 12:38:19 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/03/18 12:38:19 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/03/18 12:38:18 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/03/09 07:54:05 | 000,000,036 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Local\housecall.guid.cache
[2010/12/27 18:45:41 | 000,169,392 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/12/17 15:22:40 | 000,000,201 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Roaming\prio.ini
[2010/12/14 21:21:06 | 000,000,079 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Local\CrystalDiskMark30.ini
[2010/12/14 21:01:53 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2010/12/14 17:56:51 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/14 17:56:51 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/12/14 17:56:51 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/12/14 17:56:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/12/14 17:50:28 | 000,007,609 | ---- | C] () -- C:\Users\Virgile Vega\AppData\Local\resmon.resmoncfg
[2010/12/14 15:13:13 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/12/14 13:48:16 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/12/14 04:12:26 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/12/14 01:18:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/14 01:02:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/22 10:04:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini

========== LOP Check ==========

[2010/12/24 17:42:40 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Acronis
[2012/01/04 14:43:52 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Camfrog
[2011/11/10 19:48:22 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\DAEMON Tools Lite
[2010/12/15 00:02:21 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\DAEMON Tools Pro
[2011/06/19 21:24:18 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Day 1 Studios
[2011/06/05 23:11:24 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\DeadMage
[2012/02/01 03:50:44 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\DMCache
[2011/06/12 05:11:20 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Dropbox
[2010/12/23 20:59:25 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\ESET
[2011/05/02 03:05:20 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\FreeArc
[2011/07/06 12:06:35 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\go
[2011/01/03 22:01:39 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\HD Tune Pro
[2012/01/24 00:25:52 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\IDM
[2010/12/16 02:09:07 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\ImgBurn
[2011/05/27 09:52:03 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\IrfanView
[2011/06/19 23:52:14 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Megaupload
[2012/01/24 14:05:36 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Newshosting
[2011/11/29 02:57:34 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Proxifier
[2010/12/13 22:50:25 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Razer
[2011/12/31 13:49:00 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\redsn0w
[2011/07/19 04:16:00 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Replay Media Catcher 4
[2011/07/19 04:12:45 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Replay Media Catcher 4.bak
[2012/01/26 15:02:56 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\SuperNZB
[2010/12/14 21:54:45 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Thinstall
[2012/01/25 22:19:56 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\uTorrent
[2011/02/24 20:33:07 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\WindSolutions
[2011/07/14 22:31:10 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\WinPatrol
[2011/12/08 02:05:45 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/01/30 14:01:14 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\X-NetStat
[2011/11/09 04:47:26 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\ZumoCast
[2012/01/13 11:13:28 | 000,000,000 | ---D | M] -- C:\Users\Virgile Vega\AppData\Roaming\ZumoDrive
[2012/01/04 07:00:49 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Users\Virgile Vega\Documents\dead space2 +13 v1.0 by DEViATED:ntfslink.junction-tracking
@Alternate Data Stream - 64 bytes -> C:\Users\Virgile Vega\Documents\redsn0w_win_0.9.6b4:ntfslink.junction-tracking
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4FC01C57

< End of report >
  • 0

#4
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi jones24,


1. Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.


2. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    FF - prefs.js..network.proxy.backup.ftp: "212.117.166.26"
    FF - prefs.js..network.proxy.backup.ftp_port: 18231
    FF - prefs.js..network.proxy.backup.gopher: "212.117.166.26"
    FF - prefs.js..network.proxy.backup.gopher_port: 18231
    FF - prefs.js..network.proxy.backup.socks: "212.117.166.26"
    FF - prefs.js..network.proxy.backup.socks_port: 18231
    FF - prefs.js..network.proxy.backup.ssl: "212.117.166.26"
    FF - prefs.js..network.proxy.backup.ssl_port: 18231
    FF - prefs.js..network.proxy.ftp: "201.75.14.179"
    FF - prefs.js..network.proxy.ftp_port: 3128
    FF - prefs.js..network.proxy.gopher: "201.75.14.179"
    FF - prefs.js..network.proxy.gopher_port: 3128
    FF - prefs.js..network.proxy.http: "201.75.14.179"
    FF - prefs.js..network.proxy.http_port: 3128
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "201.75.14.179"
    FF - prefs.js..network.proxy.socks_port: 3128
    FF - prefs.js..network.proxy.ssl: "201.75.14.179"
    FF - prefs.js..network.proxy.ssl_port: 3128
    
    :Commands
    [CREATERESTOREPOINT] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

  • 0

#5
jones24

jones24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
hi sempai here's the results from the Listparts64 scan and also the OTL after i have input the commands you told me to copy and paste into OTL:



ListParts by Farbar
Ran by Virgile Vega on 02-02-2012 at 03:48:40
Windows 7 (X64)
Running From: D:\idm downloads
************************************************************

========================= Memory info ======================

Percentage of memory in use: 23%
Total physical RAM: 8190.18 MB
Available physical RAM: 6236.28 MB
Total Pagefile: 8188.37 MB
Available Pagefile: 5956.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:47.33 GB) (Free:18.38 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: () (Fixed) (Total:64.45 GB) (Free:39.01 GB) NTFS
3 Drive e: () (Fixed) (Total:298.09 GB) (Free:81.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Fixed) (Total:232.88 GB) (Free:45.2 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 1024 KB
Disk 1 Online 298 GB 0 B
Disk 2 Online 232 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 64 GB 1024 KB
Partition 2 Primary 47 GB 64 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 64 GB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C Windows NTFS Partition 47 GB Healthy System (partition with boot components)

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E NTFS Partition 298 GB Healthy

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 232 GB 32 KB

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F NTFS Partition 232 GB Healthy



****** End Of Log ******












========== OTL ==========
Prefs.js: "212.117.166.26" removed from network.proxy.backup.ftp
Prefs.js: 18231 removed from network.proxy.backup.ftp_port
Prefs.js: "212.117.166.26" removed from network.proxy.backup.gopher
Prefs.js: 18231 removed from network.proxy.backup.gopher_port
Prefs.js: "212.117.166.26" removed from network.proxy.backup.socks
Prefs.js: 18231 removed from network.proxy.backup.socks_port
Prefs.js: "212.117.166.26" removed from network.proxy.backup.ssl
Prefs.js: 18231 removed from network.proxy.backup.ssl_port
Prefs.js: "201.75.14.179" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "201.75.14.179" removed from network.proxy.gopher
Prefs.js: 3128 removed from network.proxy.gopher_port
Prefs.js: "201.75.14.179" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "201.75.14.179" removed from network.proxy.socks
Prefs.js: 3128 removed from network.proxy.socks_port
Prefs.js: "201.75.14.179" removed from network.proxy.ssl
Prefs.js: 3128 removed from network.proxy.ssl_port
========== COMMANDS ==========
Error creating restore point.

OTL by OldTimer - Version 3.2.31.0 log created on 02022012_035206

Edited by jones24, 01 February 2012 - 01:54 PM.

  • 0

#6
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Please download Malwarebytes' Anti-Malware from here:

MalwareBytes' AntiMalware download link

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


  • 0

#7
jones24

jones24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
hi installed and update malwarebytes and here's the report:








Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Virgile Vega :: VIRGILEVEGA-PC [administrator]

Protection: Enabled

2/2/2012 3:38:29 PM
mbam-log-2012-02-02 (15-38-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190749
Time elapsed: 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCU\SOFTWARE\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\KOQMLYTPE7 (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\Software\--((Mutex))-- (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\XTREMERAT (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\XtremeRAT|Mutex (Malware.Trace) -> Data: --((Mutex))-- -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Virgile Vega\AppData\Roaming\Microsoft\Windows\--((Mutex))--.dat (Malware.Trace) -> Quarantined and deleted successfully.

(end)
  • 0

#8
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
How is the computer running?


Please use Internet Explorer to perform a BitDefender Quickscan
  • Click on START SCANNER.
  • Click on FREE SCAN NOW. Please wait as it might take some time to load.
  • It will then ask you to install the add-on "qsax.cab" (Just above the page under the Internet Explorer toolbar). Please allow it to be installed.
  • Click the FREE SCAN NOW button once again to start the add-on installation.
  • Click "Install" and accept the "End User Software License Agreement" when prompted and then click OK.
  • it will now begin scanning, please let it run uninterrupted.
  • Click on View report once completed.
  • A notepad will pop-up containing the report.
  • Please post the entire contents of that report when you reply.
Note: For Windows Vista/7 users, you will need to to right-click on Internet Explorer icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • 0

#9
jones24

jones24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
HI my pc has been running ok and my AV has not detected any type of infections but based on the OTL report that you told me to run a 2nd time and the commands you told me to input into OTL and run again and the malware scan there might have been malware or viruses hiding that my AV could not detect. Here is the bitdefender report:







QuickScan 32-bit v0.9.9.105
---------------------------
Scan date: Thu Feb 02 23:08:19 2012
Machine ID: AABDFD0F



No infection found.
-------------------



Processes
---------
capiws.exe 2156 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
ESET Smart Security 2064 D:\Extra program files x86\ESET\ESET Smart Security\x86\ekrn.exe
Firefox 5104 D:\Extra program files x86\Mozilla Firefox\firefox.exe
IEMonitor Application 1536 D:\Extra program files x86\Internet Download Manager\IEMonitor.exe
Malwarebytes Anti-Malware 3120 D:\Extra program files x86\Malwarebytes' Anti-Malware\mbamgui.exe
Malwarebytes Anti-Malware 2756 D:\Extra program files x86\Malwarebytes' Anti-Malware\mbamservice.exe
Razer OFA 1748 D:\Extra program files x86\Razer\DeathAdder\razerofa.exe
razerhid Application 3012 D:\Extra program files x86\Razer\DeathAdder\razerhid.exe
razertra Application 2820 D:\Extra program files x86\Razer\DeathAdder\razertra.exe
Windows® Internet Explorer 3096 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 3276 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 3696 C:\Program Files (x86)\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (3696) connected on port 443 (HTTP over SSL) --> 209.85.175.95
Process iexplore.exe (3696) connected on port 443 (HTTP over SSL) --> 209.85.175.95
Process iexplore.exe (3696) connected on port 80 (HTTP) --> 58.27.86.105
Process iexplore.exe (3696) connected on port 80 (HTTP) --> 58.27.86.105
Process iexplore.exe (3696) connected on port 80 (HTTP) --> 58.27.86.210
Process iexplore.exe (3696) connected on port 80 (HTTP) --> 58.27.86.210
Process iexplore.exe (3696) connected on port 80 (HTTP) --> 74.125.235.3
Process iexplore.exe (3696) connected on port 80 (HTTP) --> 74.125.235.3
Process iexplore.exe (3696) connected on port 80 (HTTP) --> 91.199.104.31
Process iexplore.exe (3696) connected on port 80 (HTTP) --> 91.199.104.31
Process iexplore.exe (3696) connected on port 80 (HTTP) --> 69.63.181.11
Process iexplore.exe (3696) connected on port 80 (HTTP) --> 69.63.181.11
Process iexplore.exe (3696) connected on port 80 (HTTP) --> 80.86.110.21

Process capiws.exe (2156) listens on ports: 946


Autoruns and critical files
---------------------------
ESET Smart Security D:\Extra program files x86\ESET\ESET Smart Security\egui.exe
Malwarebytes Anti-Malware D:\Extra program files x86\Malwarebytes' Anti-Malware\mbamgui.exe
Microsoft Office 2010 D:\Extra program files x86\Microsoft Office\Office14\GROOVEEX.DLL
Microsoft® Windows® Operating System C:\Windows\system32\Bubbles.scr
Microsoft® Windows® Operating System C:\Windows\system32\userinit.exe
Prio D:\Extra program files x86\Prio\prio32.dll
razerhid Application D:\Extra program files x86\Razer\DeathAdder\razerhid.exe
Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe


Browser plugins
---------------
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat D:\Extra program files x86\Mozilla Firefox\plugins\nppdf32.dll
BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Internet Download Manager Module D:\Extra program files x86\Internet Download Manager\IDMIECC.dll
Java Deployment Toolkit 6.0.240.7 D:\Extra program files x86\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U24 d:\extra program files x86\java\bin\jp2ssv.dll
Java™ Platform SE 6 U24 D:\Extra program files x86\Java\bin\new_plugin\npjp2.dll
Mega Manager IE Click Catcher d:\extra program files x86\megaupload\mega manager\megaiemn.dll
Microsoft Office 2010 D:\Extra program files x86\Microsoft Office\Office14\GROOVEEX.DLL
Microsoft Office 2010 D:\Extra program files x86\Microsoft Office\Office14\NPAUTHZ.DLL
Microsoft Office 2010 D:\Extra program files x86\Microsoft Office\Office14\NPSPWRAP.DLL
Microsoft Office 2010 D:\Extra program files x86\Microsoft Office\Office14\URLREDIR.DLL
Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
npitunes.dll D:\Extra program files x86\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
Proxifier Standard Edition C:\Windows\system32\PrxerDrv.dll
Proxifier Standard Edition C:\Windows\system32\PrxerNsp.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.7.1 D:\Extra program files x86\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.7.1 D:\Extra program files x86\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7.1 D:\Extra program files x86\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7.1 D:\Extra program files x86\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7.1 D:\Extra program files x86\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7.1 D:\Extra program files x86\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7.1 D:\Extra program files x86\Mozilla Firefox\plugins\npqtplugin7.dll
RealJukebox NS Plugin D:\Extra program files x86\Mozilla Firefox\plugins\nprjplug.dll
RealPlayer Version Plugin D:\Extra program files x86\Mozilla Firefox\plugins\nprpjplug.dll
RealPlayer™ G2 LiveConnect-Enabled P D:\Extra program files x86\Mozilla Firefox\plugins\nppl3260.dll
Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
Skype Toolbars D:\Extra program files x86\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Veetle TV Core D:\Extra program files x86\Veetle\plugins\npVeetle.dll
Veetle TV Player D:\Extra program files x86\Veetle\Player\npvlc.dll
Winamp Application Detector D:\Extra program files x86\Mozilla Firefox\plugins\npwachk.dll
Windows Activation Technologies C:\Windows\system32\Wat\npWatWeb.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(verified) bdoscandel.exe C:\Windows\bdoscandel.exe
(verified) bdscanonline C:\Windows\Downloaded Program Files\oscan82.ocx
(verified) ipsupd.dll C:\Windows\Downloaded Program Files\ipsupd.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Scan
----
MD5: 8082f66dc9c8167ff1aa548736f58457 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: dd0e91a0ed8bc129b899e732998bbdeb C:\Program Files (x86)\BootRacer\BootRacerServ.exe
MD5: 5d2b821d6dd394c0af4a680e7113d64a C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
MD5: 8a3ba48b5be893e1d81bfac17a3c1b1f c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: 62b7936f9036dd6ed36e6a7efa805dc0 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 0d015d3584704ec814a58276232f143b C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
MD5: e9901a7e569c4156fda69f5c9356b8ed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MD5: cf39a105cd553eed31e2255aff4c6742 c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
MD5: 12b79422a23814429cda9e734c58f78f C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 52e8a3cc8269adb27d25182284c5e650 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: 4d0bad6e0b9a5e650fe37a05f33bf288 C:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: 53fe2d34b143efdb80685281e751b91c C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
MD5: 46d748ab26eba869c6953863afd0617d C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\agcore.dll
MD5: ce6db25ffa35fd051c503f11db745862 C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
MD5: 8f439cbd7c0ad762401dccc15d5a7c58 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
MD5: 67bbc0195a2a51abf61abf0d58edf1b4 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
MD5: 02952b5efcc3db8f3b4ebf111b16af53 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
MD5: 8ce285747f25a064cdca4ea69243c509 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
MD5: 8c02b0cc65bee71124a565062ba77b39 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
MD5: 42a3d6fc889b190d23a72e29d6cb9fbc C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\LIBEAY32.dll
MD5: 6c77293bfb14364c53c102163c077cce C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
MD5: 50220fd9d615c75b8a495f1ec041bb5b C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
MD5: 579c3d276411c9721f289241883b77dd C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
MD5: 117c8bb85003998bd2a37de8baa885e8 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
MD5: 3c3e4baaf55ea863b68d235efc076ea4 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyovpnc.pyd
MD5: f90086abe611b61ba6e47b6073404bab C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\PYTHON26.DLL
MD5: d420e5ea16a21840f05c6a226e2a413e C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pythoncom26.dll
MD5: f03337e6b62bf89cb787c105a48938d3 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll
MD5: 67cad4a373015f795bf7d3e6c83688c1 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd
MD5: f61f641349286ec3eb005549a1713947 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
MD5: fca1621fb3b84a9784f3d283660410a1 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\SSLEAY32.dll
MD5: e037a69c83924267a7bc2a3f3b048610 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
MD5: be7a784675092d760f2b724c2bcce358 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\unicodedata.pyd
MD5: 1a9e6eb5dcee36bcc3a4e6cbf5f8c08a C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
MD5: bb75299146ec755f0ba4ce28ebd875b0 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32com.shell.shell.pyd
MD5: c1a389c4dfd244fe4cd3a057a0930063 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
MD5: ff8568497ec3ebf58a3629a73fa57723 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
MD5: ed81a107072ace7232c3deb77b643b09 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
MD5: 99fa8b252400b9a3b6cc83f05f32e9d6 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
MD5: 9e23038e3a4dadb93a83236b7ea449cc C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
MD5: 9ad2896f22e87ada53399f9caef88b98 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
MD5: faec428a0d4da2893adb72795a3a1712 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32ts.pyd
MD5: 0dd5f5143c48a9f7efd8c07ef4245f30 C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
MD5: 3334de016fdcde5c98e30a405a72dd8d C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: afb5b500ad69e24ed1bc15d1161641ef C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 2bacd71123f42cea603f4e205e1ae337 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: ee4c2a137c7088911a8919effc9812e7 C:\Program Files\iPod\bin\iPodService.exe
MD5: ff01bf4d9c1d6ab832e0a788e75cc330 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 6d74290856347cf8682277a54b433d4b C:\Users\Virgile Vega\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
MD5: 9ebb2e95501396554e7eb414fff02a90 C:\Users\Virgile Vega\AppData\Roaming\IDM\idmmzcc5\components6\idmmzcc.dll
MD5: bb7fcdcd4de287340b5c1bb1949ad3c6 C:\Windows\Downloaded Program Files\qsax.dll
MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe
MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe
MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll
MD5: 71ef000fd3c33b22b118ba355cfa0f8e C:\Windows\system32\aticfx32.dll
MD5: ae903261b0aa3ad6e15c4a16efffc521 C:\Windows\system32\atidxx32.dll
MD5: c4b3793f993134973544ca70905dfe54 C:\Windows\system32\atiu9pag.dll
MD5: 5587b32f702363b59ac36fa4e39feca0 C:\Windows\system32\atiumdag.dll
MD5: d36507526e1d8faa11e51cf7c64b3b65 C:\Windows\system32\atiumdva.dll
MD5: 2d01e8519d9bbc170085ba524110579a C:\Windows\system32\atiuxpag.dll
MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\system32\AUDIOSES.DLL
MD5: 775c41c2f2ef3dd150a7444b95e631d0 C:\Windows\system32\Bubbles.scr
MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll
MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe
MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll
MD5: a585bebf7d054bd9618eda0922d5484a C:\Windows\system32\cryptsvc.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\cscapi.dll
MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll
MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll
MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll
MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\system32\d3d9.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\dbghelp.dll
MD5: 162d247e995eaebf3ef4289069e1111c C:\Windows\system32\DEVRTL.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\DNSAPI.dll
MD5: 8bc053cd1f5f11f79c80be85bc289258 C:\Windows\system32\DRIVERS\blueletaudio.sys
MD5: 05e8c11e4791029bd209ef177d5548d8 C:\Windows\system32\DRIVERS\mrv64drv.sys
MD5: 0a5c7253183a6f956d10a3a4bbc96288 C:\Windows\system32\DWrite.dll
MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll
MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\system32\explorer.exe
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll
MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll
MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C:\Windows\system32\IEADVPACK.DLL
MD5: 691e93028b8723e05b4a637be77380dd C:\Windows\system32\IEFRAME.dll
MD5: 274e38af453fa9e079b1d5a85f5f0921 C:\Windows\system32\IEUI.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\IpHlpApi.dll
MD5: 8ea53101ff2b15bdff934b62a8fb326d C:\Windows\system32\LOGONCLI.DLL
MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\System32\MMDevApi.dll
MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll
MD5: 66c0aee61d1c5c35bf1b4642a153b114 C:\Windows\system32\MSHTML.dll
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll
MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:\Windows\System32\msxml3.dll
MD5: 269d867585cda04d3972a39f3694e7df C:\Windows\System32\msxml6.dll
MD5: 8b57a1ad493653bb57f281fe75dd175b C:\Windows\System32\NaturalLanguage6.dll
MD5: 8ce1a6d16b9077e91e192499eb611c5f C:\Windows\system32\netapi32.dll
MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll
MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\system32\NLAapi.dll
MD5: eb77db354791a5932ca559b6f6374e95 C:\Windows\system32\ntshrui.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll
MD5: 703ffd301ab900b047337c5d40fd6f96 C:\Windows\system32\OLEPRO32.DLL
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\propsys.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\system32\provsvc.dll
MD5: a05709b2453f4aa97abe34ae9a36b656 C:\Windows\system32\PrxerDrv.dll
MD5: 44bda189bfa0aec82879213d8a319d39 C:\Windows\system32\PrxerNsp.dll
MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll
MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\SAMCLI.DLL
MD5: a42e7748be906434c5fd17161d168c20 C:\Windows\system32\SCHEDCLI.DLL
MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\system32\SearchIndexer.exe
MD5: 69678722290c78d5d7198c60b5a4e3e8 C:\Windows\system32\Secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll
MD5: be247ae996a9fde007a27b51413a6c79 C:\Windows\system32\shdocvw.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll
MD5: 4b9e4ce667df26ada061aa81e9aa841d C:\Windows\system32\SPFILEQ.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll
MD5: 6a1e8deb746912df47cf651e138401d7 C:\Windows\System32\StructuredQuery.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL
MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll
MD5: 465dbf63a5049e4db4bc5c12ffe781cb C:\Windows\system32\tquery.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 C:\Windows\system32\userinit.exe
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll
MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv
MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll
MD5: fb19fc5951a88f3c523e35c2c98d23c0 C:\Windows\system32\webio.dll
MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\WindowsCodecs.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\Winhttp.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV
MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll
MD5: 1957d49a9613faad1c73b508cce02aa5 C:\Windows\system32\wmp.dll
MD5: 0fbc74aa20fe0ae6884279f893169c60 C:\Windows\system32\wmploc.dll
MD5: a8cdf3768604ff95b54669e20053d569 C:\Windows\system32\WSCAPI.dll
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll
MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\system32\xmllite.dll
MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.dll
MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll
MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\comdlg32.dll
MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\syswow64\CRYPT32.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll
MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll
MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll
MD5: 691e93028b8723e05b4a637be77380dd c:\windows\syswow64\ieframe.dll
MD5: 1416ab557be700fa117323b6b8f32882 C:\Windows\syswow64\iertutil.dll
MD5: b2fd31e20b423335fe3273b4bf95813c C:\Windows\syswow64\imagehlp.dll
MD5: 82586704868e3abb382cae303b41e8b7 C:\Windows\SysWOW64\jscript9.dll
MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\Windows\syswow64\kernel32.dll
MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\Windows\syswow64\KERNELBASE.dll
MD5: e9f427ef46965d33e878a507a2f5ccb6 C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx
MD5: de3745a51b7ac7fedc356a83f76c8023 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll
MD5: 4c1e16b9a53102c8d6fba587cbcb95de C:\Windows\SysWOW64\msv1_0.DLL
MD5: e73b0f1819602cb6ef176fb78d76a47b C:\Windows\SysWOW64\ntdll.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\ole32.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.dll
MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll
MD5: 1affb765af1fdcc0c185c38e9ddddaee C:\Windows\SysWOW64\schannel.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\SETUPAPI.dll
MD5: 16ab4bd2acc52109f43739bf0e89e18f C:\Windows\syswow64\SHELL32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll
MD5: 44b2693080979a0e05085b3faaa43a09 C:\Windows\syswow64\SspiCli.dll
MD5: 814638f572f497d96b17bf254113d9a4 C:\Windows\syswow64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll
MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\syswow64\USP10.dll
MD5: 02f98b5c0e397ad06124d84428cf8f1a C:\Windows\syswow64\WININET.dll
MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\syswow64\WINTRUST.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 58a14c45a5cd2528f10a889e7b0c3fc2 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll
MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
MD5: bc93944709fb33ad31157bddaf731d03 D:\Extra program files x86\ESET\ESET Smart Security\egui.exe
MD5: 11c3ad68dcf80201c9f74edee6da3804 D:\Extra program files x86\ESET\ESET Smart Security\EHttpSrv.exe
MD5: efa198f8983d064a81052851f7bb80c2 D:\Extra program files x86\ESET\ESET Smart Security\x86\ekrn.exe
MD5: 06a55658b781ee045c2bde16b73e9f4d D:\Extra program files x86\ESET\ESET Smart Security\x86\ekrnAmon.dll
MD5: d38dee988862af60716a0ec7bbd1875c D:\Extra program files x86\ESET\ESET Smart Security\x86\ekrnDmon.dll
MD5: 34cefefebd8ae513f4927b0e43f8f5ca D:\Extra program files x86\ESET\ESET Smart Security\x86\ekrnEmon.dll
MD5: 56b4a4d1c4a530c342b360beb943239e D:\Extra program files x86\ESET\ESET Smart Security\x86\ekrnEpfw.dll
MD5: 3888af0d0aeb7bee34058957ab723aff D:\Extra program files x86\ESET\ESET Smart Security\x86\ekrnMailPlugins.dll
MD5: a14d9e43ba94d78bba68ee9a9891cb44 D:\Extra program files x86\ESET\ESET Smart Security\x86\ekrnScan.dll
MD5: 51b3328eb674c5e8484ba72ade9c1d71 D:\Extra program files x86\ESET\ESET Smart Security\x86\ekrnSmon.dll
MD5: 2cf4290bb2aad96e6ab621322a1bd393 D:\Extra program files x86\ESET\ESET Smart Security\x86\ekrnUpdate.dll
MD5: ca70572b19d6964d4c1e5d7c8b9f61b8 D:\Extra program files x86\ESET\ESET Smart Security\x86\updater.dll
MD5: 55ff73825468622e1234dd6d2f9f231e D:\Extra program files x86\Internet Download Manager\idmcchandler.dll
MD5: ea1a320b897268bd6accfeddb31b9cab D:\Extra program files x86\Internet Download Manager\idmftype.dll
MD5: 46ec6d0d65fd03d36f9b750d11c22639 D:\Extra program files x86\Internet Download Manager\IDMIECC.dll
MD5: 706dd70fe7ea8b4362e7a4817ff6baf8 D:\Extra program files x86\Internet Download Manager\idmmkb.dll
MD5: 64151c0799431e0304ae1bd6202131a7 D:\Extra program files x86\iTunes\Mozilla Plugins\npitunes.dll
MD5: 9ad47aae6809174f7c3e05df93c53bd4 D:\Extra program files x86\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
MD5: 4e6854b6399fbbcfc34cd9b45a3a8d7a D:\Extra program files x86\IVT Corporation\BlueSoleil\BsHelpCS.exe
MD5: 5d456261e0e2bf28d843785739ae6199 D:\Extra program files x86\IVT Corporation\BlueSoleil\BsMobileCS.exe
MD5: 88e49c2b7e75b1d9695d6a063f28a8bb d:\extra program files x86\java\bin\jp2ssv.dll
MD5: 4ebb5b4dcabec18b29d01f9f607b0114 D:\Extra program files x86\Java\bin\new_plugin\npjp2.dll
MD5: 82f9764ebe2ef590cd2b3beb234e5671 D:\Extra program files x86\Malwarebytes' Anti-Malware\mbam.dll
MD5: d3b6d02f0d95a62dfbae7d7ea404db59 D:\Extra program files x86\Malwarebytes' Anti-Malware\mbamcore.dll
MD5: 60d0647a2dc2d397b84d0afb0808f85d D:\Extra program files x86\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: a2c2ec01306a666c4372bb7a06659b5d D:\Extra program files x86\Malwarebytes' Anti-Malware\mbamnet.dll
MD5: 056b19651bd7b7ce5f89a3ac46dbdc08 D:\Extra program files x86\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: 37b6a2d134c725e1f8acbc77f39f0ef4 d:\extra program files x86\megaupload\mega manager\megaiemn.dll
MD5: 26fef9aac9f9f265dee995547d84c055 D:\Extra program files x86\Microsoft Office\Office14\GROOVE.EXE
MD5: fb8c6a46eaf7585d2ca8583c4c9a8edf D:\Extra program files x86\Microsoft Office\Office14\GROOVEEX.DLL
MD5: 47fc5a4a45e883a36aff884b3e6073b1 D:\Extra program files x86\Microsoft Office\Office14\MSOHEV.DLL
MD5: a5d08b86e8a437aa6deaf7a187bf6ca5 D:\Extra program files x86\Microsoft Office\Office14\URLREDIR.DLL
MD5: 76438ae6cfa727f17537701bdd7f82ee D:\Extra program files x86\Mozilla Firefox\components\browsercomps.dll
MD5: 2de2b92c4efef841ceaa9752fc8fa91f D:\Extra program files x86\Mozilla Firefox\firefox.exe
MD5: 0b60002305ce72ee8ebe6a00fffc95b6 D:\Extra program files x86\Mozilla Firefox\freebl3.dll
MD5: 0fa7d2e9361df35847b8c5a1238d9520 D:\Extra program files x86\Mozilla Firefox\mozalloc.dll
MD5: e009442495abe05d0aff81bd48022931 D:\Extra program files x86\Mozilla Firefox\mozjs.dll
MD5: d7f681f78e0b36c0d748492113a8e5ae D:\Extra program files x86\Mozilla Firefox\mozsqlite3.dll
MD5: 1d9a80a0b2f28a04aa4ab43ef9f8d740 D:\Extra program files x86\Mozilla Firefox\mozutils.dll
MD5: 37cfb217c378e9acfb8adc2a13703ac9 D:\Extra program files x86\Mozilla Firefox\nspr4.dll
MD5: fcbf87f705c8cef0ab40204dc21c564d D:\Extra program files x86\Mozilla Firefox\nss3.dll
MD5: d898c6243de3043b57cd22570c1e0274 D:\Extra program files x86\Mozilla Firefox\nssckbi.dll
MD5: 1d9f1ead9e3683db472f5e147a44e9b5 D:\Extra program files x86\Mozilla Firefox\nssdbm3.dll
MD5: b78465a326ea3efb0e637913c6409b6d D:\Extra program files x86\Mozilla Firefox\nssutil3.dll
MD5: e0e6326986618e479ee8ec0d6d087ca6 D:\Extra program files x86\Mozilla Firefox\plc4.dll
MD5: a58eba57ca5409522a220dce93ee3c45 D:\Extra program files x86\Mozilla Firefox\plds4.dll
MD5: 9d35e12b661581b83dd74eb910ea9e6d D:\Extra program files x86\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 53fe2d34b143efdb80685281e751b91c D:\Extra program files x86\Mozilla Firefox\plugins\nppdf32.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 D:\Extra program files x86\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 D:\Extra program files x86\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 D:\Extra program files x86\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 D:\Extra program files x86\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 D:\Extra program files x86\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 D:\Extra program files x86\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 D:\Extra program files x86\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: ae6e41e603ec3bec8afa2c7fec7f6a62 D:\Extra program files x86\Mozilla Firefox\plugins\nprjplug.dll
MD5: bf7fddf686d4d8f5ca9409222309632f D:\Extra program files x86\Mozilla Firefox\plugins\nprpjplug.dll
MD5: f9ae1ad5cc7f73827b64a05a44902b07 D:\Extra program files x86\Mozilla Firefox\plugins\npwachk.dll
MD5: a2310b0e1aa771a9415b3fa901d85501 D:\Extra program files x86\Mozilla Firefox\smime3.dll
MD5: 1ae11a396d1e3d4ff20c4ffba01e5566 D:\Extra program files x86\Mozilla Firefox\softokn3.dll
MD5: b99b7fea99bcc3f7b3dbbcf66ec24e54 D:\Extra program files x86\Mozilla Firefox\ssl3.dll
MD5: 050495ad42dcdeb3f0d5d18c13b75351 D:\Extra program files x86\Mozilla Firefox\xpcom.dll
MD5: 7647ce6050bef747908a319c0817c38f D:\Extra program files x86\Mozilla Firefox\xul.dll
MD5: 3ecd3ca61ffc54b0d93f8b19161b83da D:\Extra program files x86\MSI Afterburner\RTCore64.sys
MD5: fc514b95f75a2c1bf52a14d39eecfd1d D:\Extra program files x86\Prio\prio32.dll
MD5: e2d3191ec4e8664dfc08ca2d2e852249 D:\Extra program files x86\Prio\prio_svc.exe
MD5: 88c638bcf3a22438ee7ddf1d98f0a21c D:\Extra program files x86\Razer\DeathAdder\razerhid.exe
MD5: f694d53c6bf3ee02d128d5a42dbecc9e D:\Extra program files x86\Razer\DeathAdder\razerlan.dll
MD5: 2a032efae93d6c5de769796fb355185f D:\Extra program files x86\Razer\DeathAdder\razerofa.exe
MD5: a7e62c93b62c072c3e59cbfdd53c43a6 D:\Extra program files x86\Razer\DeathAdder\razertra.exe
MD5: a10b40cf9eb57d24e44717a2d38a00f4 D:\Extra program files x86\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
MD5: d3d76ea75470d658e30b323911d669a7 D:\Extra program files x86\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
MD5: 962a989047862f8e21391d39d6083b1c D:\Extra program files x86\Skype\Toolbars\Shared\SkypePnr.dll
MD5: 866b027053f3a40bc36126d265c78e96 D:\Extra program files x86\Veetle\Player\npvlc.dll
MD5: 576c325a4edcf05787ab692a2be1ba68 D:\Extra program files x86\Veetle\plugins\npVeetle.dll


No file uploaded.

Scan finished - communication took 5 sec
Total traffic - 0.01 MB sent, 1.09 KB recvd
Scanned 440 files and modules - 28 seconds

==============================================================================

Edited by jones24, 02 February 2012 - 09:14 AM.

  • 0

#10
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

We just removed the remnants of the infection, mostly registry leftovers. Logs are clean and you're good to go. :)


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 7.
  • Look for "Java SE 7u2".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".

    • Select "Windows x64" and click on jre-7u2-windows-x64.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.



=============================================


Uninstall:

1. ComboFix

  • Click Start > Run > copy-paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall


2. Malwarebytes' Anti-Malware <-- Optional, you can keep it to use for on demand malware scan.
  • Go to Control Panel > Programs > Programs and Features > locate and remove Malwarebytes' Anti-Malware.

3. Bitdefender Online Scanner
  • Go to C:\ > Windows > Downloaded Program Files
  • Right click on Bitdefender QuickScan Control and choose Remove.
  • Click Yes.


Delete:

1. Listparts




Clean-up with OTL:
  • Run OTL
  • Click on the CleanUp! button.
  • Reboot when ask.



Your log is clean, take the time to read below to secure your machine and take the necessary steps to keep it Clean :)

How to prevent malware

How to increase PC speed


Practice Safe Internet
One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.


  • 0

#11
jones24

jones24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
HI thanks a lot i'll do all that you have told me to do but before i do it let me thank you for helping me fix it and the prompt replies that you have given me. Regards.


EDIT: I encountered some problems on removing programs.

1st: There's no combofix installed at all when i enetered the command i cannot recall if i installed combofix.

2nd: bitdefender online scanner isn't found in the windows folder. The most recent file dated this year is a dll file named qsax.dll while the other files are dated in 2009.

3rd: i don't think listparts was ever installed so i just want to keep it just in case.

4th: The OTL program is gone after i reboot the pc after running clean up is it automatically deleted?

Lastly: you gave me a link on how to speed up my pc. Is my pc slow? I'm running it on an SSD and i have optimized everything and have prevented certain programs from starting up. Is some program making my pc run slow?

Edited by jones24, 02 February 2012 - 05:39 PM.

  • 0

#12
jones24

jones24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
HI is there a problem since there's no reply?
  • 0

#13
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

No there's no problem.

It's just a day so I don't think we can consider that as a delay considering the fact that we do all have life outside this forum, this is not my job and also busy with personal matters. We are all volunteer and do this on our free time.


Sorry about the instructions about combofix, It's a general instruction that I use and forgot to edit it when I posted it in here. And no need to worry about the Bitdefender because it will not make any harm.

OTL clean-up will also remove OTL and it's part of the process.
  • 0

#14
jones24

jones24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Ic ok i think my pc should be fixed. Thanks for helping.
  • 0

#15
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP